Skip to content

Update PHP and firebase/php-jwt version requirements#229

Merged
rfeiner merged 4 commits intomessagebird:masterfrom
bobvandevijver:patch-1
Feb 19, 2026
Merged

Update PHP and firebase/php-jwt version requirements#229
rfeiner merged 4 commits intomessagebird:masterfrom
bobvandevijver:patch-1

Conversation

@bobvandevijver
Copy link
Contributor

@bobvandevijver bobvandevijver commented Feb 18, 2026
edited
Loading

Only allow firebase/php-jwt to resolve GHSA-2x45-7fc3-mxwq. Also bumps PHP to >= 8.0 (Support for PHP 7 has been discontinued since 03 Nov 2022).

Resolves #227, #228.

@bobvandevijver
Update firebase/php-jwt version requirements
8c18273 
Only allow firebase/php-jwt to resolve GHSA-2x45-7fc3-mxwq. Also drop duplicate version constraints for PHP (>=7.2 is also valid for any PHP 8 or later versions).
@frederikbosch
Copy link

frederikbosch commented Feb 18, 2026

PHP JWT uses ^8.0 fir PHP dep so composer.json of this package might/should drop PHP7 too.

@bobvandevijver
Copy link
Contributor Author

bobvandevijver commented Feb 18, 2026

PHP JWT uses ^8.0 fir PHP dep so composer.json of this package might/should drop PHP7 too.

Hmm, did not want to make that decision for this PR, but it does make sense indeed.

@bobvandevijver
Bump PHP to >=8.0 due to dependency constraint
a06fbbe 
Also, support for PHP 7 has been discontinued since 03 Nov 2022.
@bobvandevijver bobvandevijver changed the title Update firebase/php-jwt version requirements Update PHP and firebase/php-jwt version requirements Feb 18, 2026
@WoBBeLnl
Copy link

WoBBeLnl commented Feb 18, 2026

Is there any way we can expedite the release of a new version with this PR? I am not using Github often (only for private projects) so I don't know how to approve the waiting approval or is this something that can only be done by maintainers (if so, can we tag them?)

@bobvandevijver
Copy link
Contributor Author

bobvandevijver commented Feb 18, 2026

It's in the message:

This workflow requires approval from a maintainer.

I prefer to not tag maintainers so soon after PR creation.

@frederikbosch
Copy link

frederikbosch commented Feb 18, 2026

But this security advisory is having big implications: people cannot install their packages because of it.

@frederikbosch
Copy link

frederikbosch commented Feb 18, 2026

So if @rfeiner could follow this up, that would be great.

@WoBBeLnl
Copy link

WoBBeLnl commented Feb 18, 2026

I submitted a support ticket to Bird linking to the issue and this PR.

@yoeriboven
Copy link

yoeriboven commented Feb 18, 2026

@rfeiner @ErikBooijMB Could you guys take a look? This is a security concern.

concilioinvest
concilioinvest reviewed Feb 19, 2026
View reviewed changes
@rfeiner @claude
Fix CI for PHP 8.0+ minimum version
4893c92 
- Replace Docker-based Psalm action (bundles PHP 7.4) with setup-php
- Drop PHP 7.4 from test matrix
- Set phpVersion in psalm.xml for PHP 8.0+ analysis

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@rfeiner rfeiner merged commit 9e804c0 into messagebird:master Feb 19, 2026
7 checks passed
@bobvandevijver bobvandevijver deleted the patch-1 branch February 19, 2026 14:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@concilioinvest concilioinvest concilioinvest left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add firebase/php-jwt 7 to composer

6 participants

@bobvandevijver @frederikbosch @WoBBeLnl @yoeriboven @concilioinvest @rfeiner

Comments