symfony/validator about symfony HOT 12 CLOSED

Most of the reported issues seem to be false positives. Please stop opening issues with posting issues reported by static analysis tools without checking if they are actually valid. This produces unnecessary noise and work for us maintainers.

from symfony.

Not sure how you're diagnosing reported issues but if there's one thing clear on this repository, the accumulated quantities that are reported in here seem to quite explain it. undefined error messages are NOT false-positive, they are actually errors. As for the reflection class error messages, these aren't outputted for decoration purposes - it's there for a purpose.

If you're going to publish a vendor package, better for you to know how many people this seem to affect already.

from symfony.

If you're going to publish a vendor package

We should better stop publishing packages then. 🤷🏻

from symfony.

Let's take the DebugCommand class as an example: Yes, there are a lot of issues reported about non-existent dependencies. But they don't matter. If you want to use this class, you have to install the Console component anyway which in turns leads to all those missing symbols being available. The same applies to other optional dependencies as well.

from symfony.

If you're going to publish a vendor package

We should better stop publishing packages then. 🤷🏻

Sounds like you've given up. If it's what you envision in this repository by publishing such package, then perhaps it is best to say that you probably shouldn't. You could even set your repository as read-only so that somebody else later on takes care of a new package where only minimal affected users will be able to rely on.

Let's take the DebugCommand class as an example: Yes, there are a lot of issues reported about non-existent dependencies. But they don't matter. If you want to use this class, you have to install the Console component anyway which in turns leads to all those missing symbols being available. The same applies to other optional dependencies as well.

Line symfony\validator\Validation.php

:32 Undefined variable: $violations
:33 Undefined variable: $violations

These lines have nothing to do with dependencies. This is a Linux / Unix user error caused by undefined variables prior to use them in their projects. Now, that may work in Linux / Unix but that won't work with Windows or by using virtual libraries unless being declared prior to their use. This error message is found in a validator PHP file. Therefore, what can it validate, aside from the other errors we see in there, if it doesn't have a declared variable to validate what it needs? !

from symfony.

If you're going to publish a vendor package

We should better stop publishing packages then. 🤷🏻

Sounds like you've given up.

No, it sounds like I don't want to be lectured.

We're talking about a package with > 100k installs per day that works perfectly fine for quite a lot of people. And you waltz in, present us the output of a static analysis tool that you ran on the codebase and tell us to stop publishing the package because of errors that you either haven't reviewed or failed to understand. Seriously?

This is a Linux / Unix user error caused by undefined variables prior to use them in their projects.

If you can reproduce this error at runtime, feel free to open a dedicated bug report for that specific issue. If you like, you can also submit a PR with a test reproducing the error and a proper fix.

from symfony.

Line symfony\validator\Validation.php
:32 Undefined variable: $violations

If you look at the code below (L56 in that file), this variable is a reference, so it's defined when the call is done.

Tools like phpstan are not appropriate for Symfony-like code bases. They are at best helpers to trigger your brain and think if it spotted anything. But that list (and that issue), is not actionable and most if not all items there are false-positives.

from symfony.

If you're going to publish a vendor package

We should better stop publishing packages then. 🤷🏻

Sounds like you've given up.

No, it sounds like I don't want to be lectured.

We're talking about a package with > 100k installs per day that works perfectly fine for quite a lot of people. And you waltz in, present us the output of a static analysis tool that you ran on the codebase and tell us to stop publishing the package because of errors that you either haven't reviewed or failed to understand. Seriously?

This is a Linux / Unix user error caused by undefined variables prior to use them in their projects.

If you can reproduce this error at runtime, feel free to open a dedicated bug report for that specific issue. If you like, you can also submit a PR with a test reproducing the error and a proper fix.

If that being the case, then there should be no reason on not publishing new package updates.

from symfony.

Line symfony\validator\Validation.php
:32 Undefined variable: $violations

If you look at the code below (L56 in that file), this variable is a reference, so it's defined when the call is done.

Tools like phpstan are not appropriate for Symfony-like code bases. They are at best helpers to trigger your brain and think if it spotted anything. But that list (and that issue), is not actionable and most if not all items there are false-positives.

Except that these two lines are not false-positive. They are actual error messages, since on other platforms, lines calling: use do have the variables associated with the ones that are in parameters. In this case, there are no variables on top of these two parameters and that won't work with Windows / Virtual Servers / Windows Production.

from symfony.

I don't know where you're seeing that but the code behaves the same whether Linux or Windows. The platform doesn't matter here.
Either I'm missing something and I'd kindly ask you to provide us with a simple script that'd back your claim, or you're missing something, which is my current hypothesis.
Please open a dedicated issue if you confirm there is one.

from symfony.

I don't know where you're seeing that but the code behaves the same whether Linux or Windows. The platform doesn't matter here. Either I'm missing something and I'd kindly ask you to provide us with a simple script that'd back your claim, or you're missing something, which is my current hypothesis. Please open a dedicated issue if you confirm there is one.

It's ashamed. Looks like you guys are still gonna remain behind for only god knows how long. This error message is what actually proves it and, even there, you chose to ignore it rather than considering it. By stating that confirmation needs to be made here, while it was already provided on my first post, then it also explains all the delays on why these issues in general remains in the dust.

from symfony.

OK, I'm sorry but I'm going to lock this issue. You're wrong here. Being wrong is fine, but your attitude isn't.

from symfony.