Skip to content

Update lm-commons/lmc-rbac and signature for HasVerifiedEmailAssertion::assert #4907

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
stweil wants to merge 1 commit into
base: dev-12.0
Choose a base branch
from
Open

Update lm-commons/lmc-rbac and signature for HasVerifiedEmailAssertion::assert #4907

stweil wants to merge 1 commit into from

Conversation

@stweil
Copy link
Contributor

@stweil stweil commented Nov 26, 2025

The signature was changed in the interface starting with lm-commons/lmc-rbac 2.2.0, see related commit.

@stweil
Update lm-commons/lmc-rbac and signature for HasVerifiedEmailAssertio…
8185bb5 
…n::assert

The signature was changed in the interface starting with
lm-commons/lmc-rbac 2.2.0.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
demiankatz
demiankatz reviewed Nov 26, 2025
View reviewed changes
Copy link
Member

@demiankatz demiankatz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @stweil. That's a somewhat surprising change to make in a minor release of a library, though I suppose it's not a backward break since the upstream code is making the type more general, so downstream code with more specific types should remain compatible. And that raises the question: should we leave the type alone in HasVerifiedEmailAssertion, since in the instance of VuFind, it should still be true? Or did you encounter a problem that required this change to be made?

@demiankatz demiankatz added this to the 11.1 milestone Nov 26, 2025
@demiankatz demiankatz added the dependencies Pull requests that update a dependency file label Nov 26, 2025
@stweil
Copy link
Contributor Author

stweil commented Nov 26, 2025
edited
Loading

I got a runtime exception (directly when loading VuFind's start page in a web browser) because of the signature mismatch after updating my local packages with composer upgrade.

This exception either requires limiting the version in composer.json or updating the signature. We could use a signature without a type for $identity which would work with old and new releases of lm-commons/lmc-rbac. Or we go forward, require the newer release of lm-commons/lmc-rbac and fix the signature.

As the VuFind code directly uses lm-commons/lmc-rbac, it should be mentioned in composer.json anyway.

@demiankatz
Copy link
Member

demiankatz commented Nov 26, 2025

Thanks, @stweil! Maybe the best solution would be to open a PR against release-11.0 that locks the library to the current working version. That way, we can ensure that users of 11.0.1 don't run into this problem. And this PR can remain open for inclusion in 11.1 or 12.0 to bring us up to compatibility with the newer version.

I don't think the lmc-rbac changelog should claim that release 2.2.0 has no backward compatibility breaks, though, since it clearly does!

@stweil
Copy link
Contributor Author

stweil commented Nov 26, 2025

... and I agree that a minor version should not contain a change like this one. But I am afraid that we have to accept it as it is.

@stweil
Copy link
Contributor Author

stweil commented Nov 26, 2025

Maybe the best solution would be to open a PR against release-11.0 that locks the library to the current working version. That way, we can ensure that users of 11.0.1 don't run into this problem.

Done, see PR #4909.

@demiankatz demiankatz modified the milestones: 11.1, 12.0 Nov 26, 2025
@demiankatz demiankatz changed the base branch from dev to dev-12.0 November 26, 2025 15:20
@demiankatz
Copy link
Member

demiankatz commented Nov 26, 2025

Thanks, @stweil, I'll move this to the 12.0 milestone so we don't introduce our own breaking change until the next major version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@demiankatz demiankatz demiankatz left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

12.0

Development

Successfully merging this pull request may close these issues.

2 participants

@stweil @demiankatz