Skip to content

chore(deps): bump zircote/swagger-php from 4.11.1 to 6.0.6 in /src#8118

Open
dependabot[bot] wants to merge 2 commits intomasterfrom
dependabot/composer/src/zircote/swagger-php-6.0.6
Open

chore(deps): bump zircote/swagger-php from 4.11.1 to 6.0.6 in /src#8118
dependabot[bot] wants to merge 2 commits intomasterfrom
dependabot/composer/src/zircote/swagger-php-6.0.6

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 2, 2026

Bumps zircote/swagger-php from 4.11.1 to 6.0.6.

Release notes

Sourced from zircote/swagger-php's releases.

6.0.6

What's Changed

Full Changelog: zircote/swagger-php@6.0.5...6.0.6

6.0.5

What's Changed

Full Changelog: zircote/swagger-php@6.0.4...6.0.5

6.0.4

What's Changed

Full Changelog: zircote/swagger-php@6.0.3...6.0.4

6.0.3

What's Changed

Full Changelog: zircote/swagger-php@6.0.2...6.0.3

6.0.2

What's Changed

Full Changelog: zircote/swagger-php@6.0.1...6.0.2

6.0.1

What's Changed

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump zircote/swagger-php from 4.11.1 to 6.0.6 in /src
b35b7e6 
Bumps [zircote/swagger-php](https://github.com/zircote/swagger-php) from 4.11.1 to 6.0.6.
- [Release notes](https://github.com/zircote/swagger-php/releases)
- [Commits](zircote/swagger-php@4.11.1...6.0.6)

---
updated-dependencies:
- dependency-name: zircote/swagger-php
  dependency-version: 6.0.6
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file Package Dependencies labels Mar 2, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 2, 2026 06:32
@dependabot dependabot bot requested review from DawoudIO, grayeul and respencer and removed request for a team March 2, 2026 06:32
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 2, 2026
@DawoudIO
Copy link
Contributor

DawoudIO commented Mar 2, 2026

@copilot any updates to our software to support this major lib update

Copy link
Contributor

Copilot AI commented Mar 2, 2026

@DawoudIO I've opened a new pull request, #8132, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI mentioned this pull request Mar 2, 2026
Merged
@DawoudIO DawoudIO requested review from Copilot and removed request for DAcodedBEAT, DawoudIO, MrClever, bigtigerku, grayeul and respencer March 4, 2026 14:38
Copilot AI reviewed Mar 4, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the swagger-php dependency to v6 and adjusts ChurchCRM’s OpenAPI generation workflow to remain compatible with the removal of --legacy, then regenerates the published OpenAPI YAML specs.

Changes:

  • Bump zircote/swagger-php from ^4.x to ^6.0 (plus updated lockfile dependency graph).
  • Replace vendor/bin/openapi --legacy with a custom generator script (src/api/openapi/generate.php) wired into Composer scripts.
  • Regenerate openapi/public-api.yaml and openapi/private-api.yaml using the new generation pipeline.

Reviewed changes

Copilot reviewed 3 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
src/composer.json Updates swagger-php version constraint and switches OpenAPI scripts to the new generator entrypoint.
src/composer.lock Locks updated dependency set for swagger-php v6 and its new transitive requirements.
src/api/openapi/generate.php Adds a custom “legacy-style” docblock scanner intended to replace removed --legacy behavior.
openapi/public-api.yaml Regenerated public OpenAPI spec output.
openapi/private-api.yaml Regenerated private OpenAPI spec output.

src/api/openapi/generate.php
Comment on lines +68 to +83
$options['output'] = $argv[++$i] ?? null;
break;
case '--format':
case '-f':
$options['format'] = $argv[++$i] ?? 'yaml';
break;
case '--exclude':
case '-e':
$options['exclude'][] = $argv[++$i] ?? '';
break;
case '--debug':
case '-d':
$options['debug'] = true;
break;
case '--version':
$options['version'] = $argv[++$i] ?? null;
Copy link

Copilot AI Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

--version reads its value via $argv[++$i] without checking that a value follows. If omitted, this can emit an undefined array key warning in PHP 8.4. Consider validating required option values consistently across all flags.

Suggested change
$options['output'] = $argv[++$i] ?? null;
break;
case '--format':
case '-f':
$options['format'] = $argv[++$i] ?? 'yaml';
break;
case '--exclude':
case '-e':
$options['exclude'][] = $argv[++$i] ?? '';
break;
case '--debug':
case '-d':
$options['debug'] = true;
break;
case '--version':
$options['version'] = $argv[++$i] ?? null;
if ($i + 1 >= $argc) {
$error = "Missing value for $arg";
break 2;
}
$options['output'] = $argv[++$i];
break;
case '--format':
case '-f':
if ($i + 1 >= $argc) {
$error = "Missing value for $arg";
break 2;
}
$options['format'] = $argv[++$i];
break;
case '--exclude':
case '-e':
if ($i + 1 >= $argc) {
$error = "Missing value for $arg";
break 2;
}
$options['exclude'][] = $argv[++$i];
break;
case '--debug':
case '-d':
$options['debug'] = true;
break;
case '--version':
if ($i + 1 >= $argc) {
$error = "Missing value for $arg";
break 2;
}
$options['version'] = $argv[++$i];

Copilot uses AI. Check for mistakes.
src/api/openapi/generate.php
Comment on lines +29 to +34
$vendorAutoload = __DIR__ . '/../../vendor/autoload.php';
if (!file_exists($vendorAutoload)) {
fwrite(STDERR, "vendor/autoload.php not found. Run `composer install` first.\n");
exit(1);
}
require_once $vendorAutoload;
Copy link

Copilot AI Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use import statements must appear before any executable code. Because this file executes require_once $vendorAutoload; and only then declares use OpenApi\..., PHP will throw a parse error. Move the use statements above the autoloader require (or avoid use and reference classes by FQCN).

Copilot uses AI. Check for mistakes.
src/api/openapi/generate.php
Comment on lines +68 to +83
$options['output'] = $argv[++$i] ?? null;
break;
case '--format':
case '-f':
$options['format'] = $argv[++$i] ?? 'yaml';
break;
case '--exclude':
case '-e':
$options['exclude'][] = $argv[++$i] ?? '';
break;
case '--debug':
case '-d':
$options['debug'] = true;
break;
case '--version':
$options['version'] = $argv[++$i] ?? null;
Copy link

Copilot AI Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Option parsing uses $argv[++$i] without validating that a value actually follows the flag. If --output (or -o) is the last argument, PHP 8.4 will emit an "Undefined array key" warning and the script may mis-parse subsequent args. Add an explicit bounds check and treat a missing value as an error.

Suggested change
$options['output'] = $argv[++$i] ?? null;
break;
case '--format':
case '-f':
$options['format'] = $argv[++$i] ?? 'yaml';
break;
case '--exclude':
case '-e':
$options['exclude'][] = $argv[++$i] ?? '';
break;
case '--debug':
case '-d':
$options['debug'] = true;
break;
case '--version':
$options['version'] = $argv[++$i] ?? null;
if ($i + 1 >= $argc) {
$error = '--output requires a value';
break 2;
}
$options['output'] = $argv[++$i];
break;
case '--format':
case '-f':
if ($i + 1 >= $argc) {
$error = '--format requires a value';
break 2;
}
$options['format'] = $argv[++$i];
break;
case '--exclude':
case '-e':
if ($i + 1 >= $argc) {
$error = '--exclude requires a value';
break 2;
}
$options['exclude'][] = $argv[++$i];
break;
case '--debug':
case '-d':
$options['debug'] = true;
break;
case '--version':
if ($i + 1 >= $argc) {
$error = '--version requires a value';
break 2;
}
$options['version'] = $argv[++$i];

Copilot uses AI. Check for mistakes.
src/api/openapi/generate.php
Comment on lines +68 to +83
$options['output'] = $argv[++$i] ?? null;
break;
case '--format':
case '-f':
$options['format'] = $argv[++$i] ?? 'yaml';
break;
case '--exclude':
case '-e':
$options['exclude'][] = $argv[++$i] ?? '';
break;
case '--debug':
case '-d':
$options['debug'] = true;
break;
case '--version':
$options['version'] = $argv[++$i] ?? null;
Copy link

Copilot AI Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to --output, --format / -f reads the next argv slot via $argv[++$i] without checking it exists. If the value is missing, this triggers an undefined array key warning and silently falls back to yaml. Consider failing fast with a clear error when the value is omitted.

Suggested change
$options['output'] = $argv[++$i] ?? null;
break;
case '--format':
case '-f':
$options['format'] = $argv[++$i] ?? 'yaml';
break;
case '--exclude':
case '-e':
$options['exclude'][] = $argv[++$i] ?? '';
break;
case '--debug':
case '-d':
$options['debug'] = true;
break;
case '--version':
$options['version'] = $argv[++$i] ?? null;
if ($i + 1 >= $argc) {
fwrite(STDERR, "Missing value for $arg option.\n");
exit(1);
}
$options['output'] = $argv[++$i];
break;
case '--format':
case '-f':
if ($i + 1 >= $argc) {
fwrite(STDERR, "Missing value for $arg option.\n");
exit(1);
}
$options['format'] = $argv[++$i];
break;
case '--exclude':
case '-e':
if ($i + 1 >= $argc) {
fwrite(STDERR, "Missing value for $arg option.\n");
exit(1);
}
$options['exclude'][] = $argv[++$i];
break;
case '--debug':
case '-d':
$options['debug'] = true;
break;
case '--version':
if ($i + 1 >= $argc) {
fwrite(STDERR, "Missing value for $arg option.\n");
exit(1);
}
$options['version'] = $argv[++$i];

Copilot uses AI. Check for mistakes.
src/api/openapi/generate.php
break;
case '--exclude':
case '-e':
$options['exclude'][] = $argv[++$i] ?? '';
Copy link

Copilot AI Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

--exclude / -e also uses $argv[++$i] without validating a following value. If the user forgets to pass a path, the script will add an empty string to the exclude list and may behave unexpectedly. Please validate the option value and surface a user-facing error.

Suggested change
$options['exclude'][] = $argv[++$i] ?? '';
$nextIndex = $i + 1;
if ($nextIndex >= $argc || $argv[$nextIndex] === '') {
$error = "Missing path for $arg option.";
break;
}
$i = $nextIndex;
$options['exclude'][] = $argv[$i];

Copilot uses AI. Check for mistakes.
@DawoudIO DawoudIO added this to the 7.0.2 milestone Mar 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file Package Dependencies

Projects

None yet

Milestone

7.0.2

Development

Successfully merging this pull request may close these issues.

3 participants

@DawoudIO