VerifyEmailBundle v2.0

[jrushlow]

Preface

2.x branch is NOT production ready

Version 2.0 is looking like it will be released in 2024. Version 1.x will be transitioned to security fixes only until it reaches its EOL in late 2024 / Q1 2025. New Features should be merged into 2.x unless absolutely necessary to preserve BC in 1.x

This issue will be updated to reflect any tasks required to get 2.0 out the door. Any issues concerning 2.0 should tag this thread / issue where appropriate.

Todo's for release

• Determine base dependencies ([2.x] version bumps #160)
• Init UPGRADE.md to document path's forward to BC
• Determine / Implement CHANGELOG.md strategy for 1.x (main) && 2.x to avoid merge conflicts when merging "up" #162
• Deprecate & remove LegacyUriSigner (Helper __construct() && Factory) -Done [2.x] inject UriSigner directly in the VerifyEmailHelper #164
• Totally Typed (properties, methods, returns, constructors) - [2.x] refactor to use php 8.3 features #163
• #[SensitiveParameter] attributes for any secrets - [2.x] refactor to use php 8.3 features #163
• Eval / widendoctrine/orm dependency in require-dev. Does ORM 3 || 4 affect bundle internals outside of tests
• Eval / widen doctrine/persistence how does this affect bundle outside of tests
• Check bundle DependencyInjection, Resources/config/verify_email_services.xml, & VerifyEmailBundle::class align with latest & greatest Symfony Bundle best practices - Has PR use new bundle strategy #186
• Translation file format's aligned with Symfony Translation best practices
• Mark all classes @final, @internal where appropriate
• Eval implementation of PHPUnit 10/11, at the very least ensure test suite is compatible w/ 10/11 where possible. We'll do this when Symfony adopts native support for PHPUnit 10/11
• Update .php-cs-fixer.dist.php as required- Has PR [ci] php-cs-fixer the php-cs-fixer config #175
• Update phpunit.xml.dist as required- Has PR [ci] update phpunit config to latest schema #176
• Update psalm.xml as required. Tighten psalm enforcement where possible.
• Update MakerBundle, specifically, make:registration where applicable to prefer 2.x usage
• Triage any existing issues / pulls - set milestone for 2.x or 1.x as required.
• [ci] replace psalm with phpstan for static analysis #177

[laurentmuller]

Hi,
I have the just question about PHP version. Why do You use the version 8.3 ?
The version 8.2 is not sufficient ?
Thank

[bocharsky-bw]

It indeed may look too aggressive for today, but PHP 8.2 active support ends in 3 months, see https://www.php.net/supported-versions.php . And because this
VerifyEmailBundle v2 refactoring is a long-term process that will not happen tomorrow - I think it was made a decision to use 8.3 for a better perspective. Though I'm not sure if there's any new PHP 8.3 syntax that is used in the bundle that will not work in 8.2

[jrushlow]

@bocharsky-bw nailed it - v2 in both this bundle and in reset-password-bundle are a bit aggressive on the software versions they will support. The primary reason is so v2is able to support future versions of Symfony that are a bit more aggressive in the minimum versions that they support.

From a maintainers point of view, maintaining multiple active branches of a repo (e.g. v1 & v2) is a bit cumbersome, especially when you're maintaining multiple Symfony based repositories. Decoupling legacy code from "modern" code (which is what we're doing here) keeps the codebase cleaner and makes things slightly easier on us.

Thankfully, both the VerifyEmail and ResetPassword bundle code bases are very stable - so it's perfectly acceptable to use v1 after v2 has been released.