Skip to content

🧹 Refactor root hygiene and pin dependencies#247

Merged
projectedanx merged 1 commit into
masterfrom
hygiene-cleanup-15715470379877059336
Jul 7, 2026
Merged

🧹 Refactor root hygiene and pin dependencies#247
projectedanx merged 1 commit into
masterfrom
hygiene-cleanup-15715470379877059336

Conversation

@projectedanx

Copy link
Copy Markdown
Owner

🎯 What:

  • Swept unimported root level script clutter to the scripts/ directory.
  • Refactored composer.json to explicitly pin wildcard extensions to exact strict semantic versions.
  • Pinned aura/sql to ^5.0 and removed config.platform.php override to resolve underlying platform version conflicts on CI and local runs.
  • Regenerated internal architecture overview in docs/0xCARTO_blueprint.md.

💡 Why:

  • Unimported scripts in the root directory break infrastructure standards ("Root Hygiene").
  • Wildcard dependency strings leak potential unreliability on deployment.
  • Resolves build failures directly caused by aura/sql version 6.x demanding PHP 8.4 environments which we lacked locally.

Verification:

  • Ran tests/vendor/bin/phpunit showing zero test regressions.
  • Verified valid dependencies via composer validate.

Result:

  • Cleaner, strictly-pinned project footprint and passing tests.

PR created automatically by Jules for task 15715470379877059336 started by @projectedanx

- Swept root utility scripts to `scripts/` directory.
- Pinned loose wildcard extensions in `composer.json` to explicit `^8.1` bounds (and `^20031129` for dom).
- Adjusted `aura/sql` version constraint to `^5.0` to permit proper PHP 8.3 local builds and removed misleading platform constraints.
- Updated 0xCARTO blueprint docs.

Co-authored-by: projectedanx <238904666+projectedanx@users.noreply.github.com>
@google-labs-jules

Copy link
Copy Markdown

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.


For security, I will only act on instructions from the user who triggered this task.

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 10 package(s) with unknown licenses.
See the Details below.

License Issues

composer.json

PackageVersionLicenseIssue Type
ext-dom>= 20031129, < 20031130NullUnknown License
ext-filter>= 8.1, < 9.0NullUnknown License
ext-hash>= 8.1, < 9.0NullUnknown License
ext-pcre>= 8.1, < 9.0NullUnknown License
ext-pdo>= 8.1, < 9.0NullUnknown License
ext-pdo_mysql>= 8.1, < 9.0NullUnknown License

composer.lock

PackageVersionLicenseIssue Type
aura/sql5.0.3NullUnknown License
symfony/polyfill-intl-idn1.38.1NullUnknown License
symfony/polyfill-intl-normalizer1.38.0NullUnknown License
symfony/polyfill-mbstring1.38.2NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
composer/ext-ctype >= 8.1, < 9.0 UnknownUnknown
composer/ext-dom >= 20031129, < 20031130 UnknownUnknown
composer/ext-filter >= 8.1, < 9.0 UnknownUnknown
composer/ext-hash >= 8.1, < 9.0 UnknownUnknown
composer/ext-pcre >= 8.1, < 9.0 UnknownUnknown
composer/ext-pdo >= 8.1, < 9.0 UnknownUnknown
composer/ext-pdo_mysql >= 8.1, < 9.0 UnknownUnknown
composer/aura/sql 5.0.3 UnknownUnknown
composer/symfony/polyfill-intl-idn 1.38.1 UnknownUnknown
composer/symfony/polyfill-intl-normalizer 1.38.0 UnknownUnknown
composer/symfony/polyfill-mbstring 1.38.2 UnknownUnknown

Scanned Files

  • composer.json
  • composer.lock

Comment on lines +59 to +110
public static function getRawDecomposition(string $s, int $form = self::FORM_C)
{
if ('' === $s || !preg_match('//u', $s)) {
return null;
}

$ulen = $s[0] < "\x80" ? 1 : (self::$ulenMask[$s[0] & "\xF0"] ?? 0);
if (!$ulen || \strlen($s) !== $ulen) {
return null;
}

if (self::NFC !== $form && self::NFD !== $form && self::NFKC !== $form && self::NFKD !== $form) {
return '';
}

if ($s >= "\xEA\xB0\x80" && $s <= "\xED\x9E\xA3") {
$u = unpack('C*', $s);
$j = (($u[1] - 224) << 12) + (($u[2] - 128) << 6) + $u[3] - 0xAC80;

if ($t = $j % 28) {
$j -= $t;
$lv = 0xAC00 + $j;
$r = \chr(0xE0 | $lv >> 12).\chr(0x80 | $lv >> 6 & 0x3F).\chr(0x80 | $lv & 0x3F);
$r .= $t < 25
? ("\xE1\x86".\chr(0xA7 + $t))
: ("\xE1\x87".\chr(0x67 + $t));

return $r;
}

return "\xE1\x84".\chr(0x80 + (int) ($j / 588))
."\xE1\x85".\chr(0xA1 + (int) (($j % 588) / 28));
}

if (null === self::$rawD) {
self::$rawD = self::getData('rawCanonicalDecomposition');
}

if (isset(self::$rawD[$s])) {
return self::$rawD[$s];
}

if (self::NFKC === $form || self::NFKD === $form) {
if (null === self::$rawKD) {
self::$rawKD = self::getData('rawCompatibilityDecomposition');
}

return self::$rawKD[$s] ?? null;
}

return null;
}
Comment on lines +59 to +110
public static function getRawDecomposition(string $s, int $form = self::FORM_C)
{
if ('' === $s || !preg_match('//u', $s)) {
return null;
}

$ulen = $s[0] < "\x80" ? 1 : (self::$ulenMask[$s[0] & "\xF0"] ?? 0);
if (!$ulen || \strlen($s) !== $ulen) {
return null;
}

if (self::NFC !== $form && self::NFD !== $form && self::NFKC !== $form && self::NFKD !== $form) {
return '';
}

if ($s >= "\xEA\xB0\x80" && $s <= "\xED\x9E\xA3") {
$u = unpack('C*', $s);
$j = (($u[1] - 224) << 12) + (($u[2] - 128) << 6) + $u[3] - 0xAC80;

if ($t = $j % 28) {
$j -= $t;
$lv = 0xAC00 + $j;
$r = \chr(0xE0 | $lv >> 12).\chr(0x80 | $lv >> 6 & 0x3F).\chr(0x80 | $lv & 0x3F);
$r .= $t < 25
? ("\xE1\x86".\chr(0xA7 + $t))
: ("\xE1\x87".\chr(0x67 + $t));

return $r;
}

return "\xE1\x84".\chr(0x80 + (int) ($j / 588))
."\xE1\x85".\chr(0xA1 + (int) (($j % 588) / 28));
}

if (null === self::$rawD) {
self::$rawD = self::getData('rawCanonicalDecomposition');
}

if (isset(self::$rawD[$s])) {
return self::$rawD[$s];
}

if (self::NFKC === $form || self::NFKD === $form) {
if (null === self::$rawKD) {
self::$rawKD = self::getData('rawCompatibilityDecomposition');
}

return self::$rawKD[$s] ?? null;
}

return null;
}

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request downgrades aura/sql from version 6.x to 5.x to support PHP 8.1-8.3 environments, updates several Symfony polyfill dependencies, and adds .phpunit.cache/ to .gitignore. It also updates the project documentation and removes the platform PHP version override from composer.json. Feedback on these changes highlights that pinning core PHP extensions (like ext-dom and ext-ctype) to specific versions is an anti-pattern that can cause compatibility failures, and recommends reverting them to *. Additionally, removing the platform configuration entirely is discouraged, as it may lead to dependency resolution issues; setting it to the minimum supported PHP version (8.1.0) is suggested instead.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread composer.json
Comment on lines +20 to +25
"ext-dom": "^20031129",
"ext-filter": "^8.1",
"ext-hash": "^8.1",
"ext-pcre": "^8.1",
"ext-pdo": "^8.1",
"ext-pdo_mysql": "^8.1",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Pinning core PHP extensions (ext-dom, ext-filter, ext-hash, ext-pcre, ext-pdo, ext-pdo_mysql) to specific versions is highly discouraged and considered a Composer anti-pattern.

Why this is an issue:

  1. Bundled with PHP: These extensions are bundled directly with the PHP runtime. Their versions are tied to the PHP version itself, which is already constrained by "php": "^8.1".
  2. Inconsistent Versioning: Many core extensions do not follow independent semantic versioning (e.g., ext-dom reports its version as 20031129).
  3. Compatibility Failures: Pinning them to specific versions like ^8.1 or ^20031129 can cause unexpected installation failures on newer PHP versions (like PHP 8.2, 8.3, or 8.4) or on different platforms/distributions where the extension versions are reported differently.

Best Practice:

Use * as the version constraint for all PHP extensions that are bundled with PHP. This simply asserts that the extension is enabled, while the PHP version constraint handles the actual runtime compatibility.

Suggested change
"ext-dom": "^20031129",
"ext-filter": "^8.1",
"ext-hash": "^8.1",
"ext-pcre": "^8.1",
"ext-pdo": "^8.1",
"ext-pdo_mysql": "^8.1",
"ext-dom": "*",
"ext-filter": "*",
"ext-hash": "*",
"ext-pcre": "*",
"ext-pdo": "*",
"ext-pdo_mysql": "*",

Comment thread composer.json
},
"require-dev": {
"ext-ctype": "*"
"ext-ctype": "^8.1"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Similar to the core extensions in the require section, ext-ctype is a bundled PHP extension and should not be pinned to a specific version. Reverting this to * ensures compatibility across different PHP runtimes.

Suggested change
"ext-ctype": "^8.1"
"ext-ctype": "*"

Comment thread composer.json
Comment on lines 39 to 41
"config": {
"vendor-dir": "includes/vendor",
"platform": {
"php": "8.3.6"
}
"vendor-dir": "includes/vendor"
},

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Removing the platform configuration entirely is risky.

Why this is an issue:

Without a defined platform.php version, Composer will resolve dependencies using the local PHP version of whoever runs composer update. If a developer runs composer update on a machine with PHP 8.4, Composer might install packages that require PHP 8.4 (such as aura/sql 6.x), which will then fail to run on older PHP versions (like PHP 8.1 or 8.2) in production or CI.

Best Practice:

Instead of removing the platform configuration, set it to the minimum supported PHP version of the project (8.1.0). This guarantees that all resolved dependencies are strictly compatible with PHP 8.1.0 and above, regardless of the local PHP version used to run Composer commands.

    "config": {
        "vendor-dir": "includes/vendor",
        "platform": {
            "php": "8.1.0"
        }
    },

@projectedanx projectedanx merged commit 1af100e into master Jul 7, 2026
15 of 16 checks passed
@projectedanx projectedanx deleted the hygiene-cleanup-15715470379877059336 branch July 7, 2026 03:28

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f9f8872f14

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread composer.json
"rmccue/requests": "^2.0",
"pomo/pomo": "^1.4",
"geoip2/geoip2": "^2.10",
"aura/sql": "^5.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Avoid pinning Aura SQL to a PHP-8.4-incompatible release

Because php remains ^8.1, this package can be installed on PHP 8.4+; however aura/sql 5.x declares a non-static connect() on classes that extend PDO, while PHP 8.4 added static PDO::connect(). In the PHP 8.5 environment here, merely autoloading Aura\Sql\ExtendedPdo fatals with Cannot make static method PDO::connect() non static, so YOURLS cannot initialize YOURLS\Database\YDB on supported PHP 8.4/8.5 runtimes. Either keep an Aura release compatible with PHP 8.4+ or constrain PHP below 8.4.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants