PHP 8.1: SerializablePhpScoper needs implementation of magic methods

[jrfnl]

Bug report

Question	Answer
Box version	master
PHP version	8.1
Platform with version	any
Github Repo	-

As of PHP 8.1, the PHP native Serializable class is deprecated.

Per the RFC:

A class is “only Serializable” if it is non-abstract, implements Serializable, and does not implement __serialize() and __unserialize(). > Then:

• In PHP 8.1, declaring an “only Serializable” class will throw a deprecation warning. Other implementations of Serializable will be accepted without a deprecation warning, because libraries supporting PHP < 7.4 will generally need to implement both the old and new mechanisms.
• In PHP 9.0 the Serializable interface will be removed and unserialize() will reject payloads using the C serialization format. Code needing to support both PHP < 7.4 and PHP >= 9.0 may polyfill the Serializable interface, though it will have no effect on serialization.

If a class implements both Serializable and __serialize()/__unserialize(), the latter take precedence (on versions that support them), and the Serializable interface is only used to decode existing serialization payload using the obsolete C format. To migrate to the new mechanism, it's possible to either replace Serializable entirely (if support for PHP 7.3 and below is not needed) or to implement both (if it is needed).

The above has an impact on the KevinGH\Box\PhpScoper\SerializablePhpScoper class which implements Serializable.

I suspect this class can only be made compatible once the Opis\Closure\SerializableClosure class being (un)serialized has been made compatible with PHP 8.1 and the implementation used in that class is known.

Unfortunately, an initial attempt to make the Opis\Closure\SerializableClosure class compatible has bounced: opis/closure#103 and it is unknown when a compatible version of the class will be available.

[theofidry]

Thanks for the report @jrfnl!

Although this is not a deal breaker, since FFI is not enabled by default it is also a bit inconvenient. If that can easily be enabled via the xdebug handler then it may be ok, otherwise another option would be to migrate to https://github.com/laravel/serializable-closure

[jrfnl]

@theofidry I have no opinion on how to handle this, I just noticed the issue when running tests with Box and PHP 8.1 and figured it would be a good idea to write up the issue so the problem outline would be known.

[owenvoke]

@theofidry, related to #571 (comment), if we were to update to the Laravel Serializable Closure package (as done in owenvoke:feature/serializable-closure, it requires PHP 7.4 to unserialise closures. Would this be ok to bump to a minimum of PHP 7.4 in Box? 🤔 Or are you still wanting to maintain PHP 7.3 support? If not, I'll open that branch as a PR. 👍🏻 Only other thing that seems to use Opis Closure is amphp/parallel-functions

[theofidry]

No I was planning to remove 7.3 from the supported versions so that’s fine by me 👍

…

On Mon 17 Jan 2022 at 10:14, Owen Voke ***@***.***> wrote: @theofidry <https://github.com/theofidry>, related to #571 (comment) <#571 (comment)>, if we were to update to the Laravel Serializable Closure package (as done in owenvoke:feature/serializable-closure <master...owenvoke:feature/serializable-closure>, it requires PHP 7.4 to unserialise closures. Would this be ok to bump to a minimum of PHP 7.4 in Box? 🤔 Or are you still wanting to maintain PHP 7.3 support? If not, I'll open that branch as a PR. 👍🏻 Only other thing that seems to use Opis Closure is amphp/parallel-functions <https://github.com/amphp/parallel-functions> — Reply to this email directly, view it on GitHub <#571 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABHPVAMK7RHLT65DW5G5LRDUWPMXBANCNFSM5FXGLXKA> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[theofidry]

Closed via #587