Skip to content

feat: integrate composer-dependency-analyser for dependency analysis … #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

feat: integrate composer-dependency-analyser for dependency analysis … #65

wants to merge 1 commit into from

Conversation

@mairo744
Copy link

@mairo744 mairo744 commented Oct 13, 2025

Q A
Documentation no
Bugfix no
BC Break no
New Feature no
RFC no
QA yes

Description

This PR introduces shipmonk/composer-dependency-analyser to improve dependency management.

  • To detect dead/misplaced/shadow dependencies
  • To enforce stricter dependency hygiene in CI, preventing similar issues in the future.
  • remove obsolete zend dependencies

@gsteel
Copy link
Member

gsteel commented Oct 13, 2025

If I'm honest - I do prefer composer-require-checker to find only undeclared symbols. It's not unusual for us to have seemingly "unused" deps in our libs and these will normally be identified manually.

Also, I prefer the approach of adding deps in a /tools directory with along with a companion Makefile such as that found in https://github.com/laminas/laminas-view/tree/3.0.x - this prevents tooling from causing dependency conflicts which happens more than you might think.

gsteel
gsteel requested changes Oct 13, 2025
View reviewed changes
src/ConfigProvider.php
Comment on lines -38 to -43
// Legacy Zend Framework aliases
'aliases' => [
LegacyProblemDetailsMiddleware::class => ProblemDetailsMiddleware::class,
LegacyProblemDetailsNotFoundHandler::class => ProblemDetailsNotFoundHandler::class,
LegacyProblemDetailsResponseFactory::class => ProblemDetailsResponseFactory::class,
],
Copy link
Member

@gsteel gsteel Oct 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These aliases cannot be dropped in a minor - that's a BC break. They can be stringified to prevent issues though.

src/Psr17ResponseFactoryTrait.php
Comment on lines -71 to +70
return $deprecatedResponseFactory !== null && $deprecatedResponseFactory !== ResponseFactoryFactory::class;
return $deprecatedResponseFactory !== null;
Copy link
Member

@gsteel gsteel Oct 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is in place for BC with callable response factories - it can't be removed in a minor

@Xerkus
Copy link
Member

Xerkus commented Oct 13, 2025

mezzio/mezzio-swoole#146 (comment)

@mairo744
Copy link
Author

mairo744 commented Oct 13, 2025

Thanks for the valuable feedback. I’ll close this PR for now. It’s better to start from the default branch with the composer require checker.

@mairo744 mairo744 closed this Oct 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gsteel gsteel gsteel requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mairo744 @gsteel @Xerkus @mmalac