[
https://issues.apache.org/jira/browse/THRIFT-5988?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jens Geyer resolved THRIFT-5988.
--------------------------------
Fix Version/s: 0.24.0
Assignee: Jens Geyer
Resolution: Fixed
> PHP 8.1 upgrade follow-up: float constants, README version, and
> TSSLServerSocket API compatibility
> --------------------------------------------------------------------------------------------------
>
> Key: THRIFT-5988
> URL: https://issues.apache.org/jira/browse/THRIFT-5988
> Project: Thrift
> Issue Type: Improvement
> Components: PHP - Library
> Reporter: Jens Geyer
> Assignee: Jens Geyer
> Priority: Major
> Fix For: 0.24.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Three housekeeping items left unaddressed when the PHP minimum version was
> raised to 8.1, plus a CI fix.
> h3. BoundaryValuesTest — replace magic float literals with named constants
> The test file contained a stale comment:
> {quote}
> // TODO: replace literals with PHP_FLOAT_MAX/MIN/EPSILON when PHP 7.1 support
> is dropped (available since PHP 7.2)
> {quote}
> The magic literals {{1.7976931348623158e+308}}, {{2.2250738585072014e-308}},
> and {{2.2204460492503131e-16}} should be replaced with {{PHP_FLOAT_MAX}},
> {{PHP_FLOAT_MIN}}, and {{PHP_FLOAT_EPSILON}} respectively, and the TODO
> comment removed.
> h3. lib/php/README.md — minimum PHP version still states 7.1
> The opening paragraph reads "Thrift requires PHP 7.1". This is rendered on
> the public Apache Thrift website. It should be updated to 8.1 to match the
> actual minimum.
> h3. TSSLServerSocket — public getSSLHost() removed without a deprecation
> period
> {{getSSLHost(string $host): string}} was a public method callable by
> subclasses and external code. It was silently replaced by {{private
> ensureSslHostPrefix()}} with no deprecation notice, breaking any existing
> caller. A {{@deprecated}} public shim should be restored that delegates to
> the private method.
> h3. build.yml CI fix — new JWT-based GITHUB_TOKEN format breaks Composer
> GitHub is rolling out a new GITHUB_TOKEN format ({{ghs_<id>_<jwt>}}) that
> contains dots. {{shivammathur/setup-php}} passes this token verbatim to
> {{composer config --global github-oauth.github.com}}. Composer's token
> validator ({{BaseIO.php:143}}) rejects tokens containing non-alphanumeric
> characters, causing {{composer install}} to fail with:
> {quote}
> Your github oauth token for github.com contains invalid characters
> {quote}
> The fix sets {{COMPOSER_AUTH={}}} as an environment variable on both
> {{composer install}} steps ({{lib-php}} and {{cross-test}}). This env var
> takes precedence over the global Composer config that {{setup-php}} wrote,
> suppressing the invalid token without changing the action pin.
> Note: the leaked token is the ephemeral GITHUB_TOKEN (sub: integration/15368,
> iss: github, 1-hour TTL, already expired). It is not a personal token. The
> leak mechanism — Composer re-printing it in its error message after GitHub
> masked it in the workflow {{with:}} block — should be reported to
> shivammathur/setup-php and GitHub Security.
> See also: https://github.com/apache/thrift/pull/3468
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
