guzzle / oauth-subscriber

Signs Guzzle requests using OAuth 1.0 (Guzzle 6+)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Please tag a recent 0.2.1 release

merk opened this issue · comments

The move to Guzzle 6 is not going to be simple for some applications and there are fixes that are not included in 0.2.0.

It seems to me like 55c001f5cbcfab5f44792426538cba5bd53168f2 was the last commit before the BC break was made?

commented

The update for the package to work with Guzzle 6 should probably be a new major version or a separate package altogether due to the breaking changes?

I don't see a reason for this. A guzzle 5 compatible version will not be maintained, so you should just lock your dependency to a specific SHA if you'd like.

The update for the package to work with Guzzle 6 should probably be a new major version or a separate package altogether due to the breaking changes?

This package is unstable and never had a major release (i.e., it's still 0.x.x), so major for this package is a minor version bump.

Because locking at a specific SHA commit will not work - the composer.json file dependencies cause a failure if you do so.

Lack of maintenance is fine, but supporting backwards compatibility is important especially after such major changes to Guzzle - what happens when you go to 7 and make the same decision?

{
    "require": {
        "guzzlehttp/guzzle": "5.*",
        "guzzlehttp/oauth-subscriber": "dev-master#55c001f5cbcfab5f44792426538cba5bd53168f2"
    }
}
➜  guzzle-oauth-test  composer install
Loading composer repositories with package information
Installing dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Installation request for guzzlehttp/oauth-subscriber dev-master#55c001f5cbcfab5f44792426538cba5bd53168f2 -> satisfiable by guzzlehttp/oauth-subscriber[dev-master].
    - guzzlehttp/oauth-subscriber dev-master requires guzzlehttp/guzzle ~6.0 -> no matching package found.

Potential causes:
 - A typo in the package name
 - The package is not available in a stable-enough version according to your minimum-stability setting
   see <https://groups.google.com/d/topic/composer-dev/_g3ASeIFlrc/discussion> for more details.

Read <https://getcomposer.org/doc/articles/troubleshooting.md> for further common problems.

A trivial branch-adjust dependencies-tag action removes the problem entirely, and would be appreciated. Workarounds like defining an additional repository like below would then be unnecessary.

{
    "repositories": [
        {
            "type": "package",
            "package": {
                "name": "guzzlehttp/oauth-subscriber",
                "version": "0.2.99",
                "dist": {
                    "url": "https://github.com/guzzle/oauth-subscriber/archive/55c001f5cbcfab5f44792426538cba5bd53168f2.zip",
                    "type": "zip"
                }
            }
        }
    ]
}