PHP Annotated — 2022 Spring Catch-up

Greetings everyone,

It’s been a while since the PHP Annotated Monthly was online, so hopefully we are back on track. With Brent joining the PhpStorm team we want to experiment with some new things, so stay tuned!

In this edition, we’ll catch up on the most interesting things that have happened in the PHP world over the last couple of months. As always, it includes curated news, articles, tools, and videos.

News

PHP 7.4.29, PHP 8.1.5, and PHP 8.0.18
These are security releases for Windows users, due to updates of built-in dependencies. For non-Windows users, they are just regular bug-fix updates.For PHP 7.3, updates are no longer released, even for security problems. If you are still using PHP 7.3 or PHP 5.x versions, consider updating as soon as possible.

The Symfony team has raised its minimum required PHP version to 8.1 in the upcoming Symfony 6.1 release. The same shift was made for Drupal 10 and Laravel 10.

Also, the recently released Ubuntu 22.04 LTS comes with PHP 8.1 preinstalled.

Updates from the PHP Foundation

Six sponsored developers are actively working on maintaining the core.
The thephp.foundation website is up and running.
A separate newsletter with insights about core developments will be published regularly. Here’s the first edition: PHP Roundup #1.
Interview with Core Developers by Sebastian Bergmann.

Developer Ecosystem Survey 2022
The annual survey from JetBrains is now open and, of course, there is a section about PHP. This is what the results from last year look like. Take the survey for a chance to win one of the prizes!
News from PHP-FIG

Coding Style PER (PHP Evolving Recommendation) has been officially approved by PHP-FIG and will replace PSR-12. This is the first PER document showing the “live” standard. Thanks to PERs, there will be no need to release another PSR standard every time new syntax is added to PHP. Instead, PERs will be updated according to SemVer.
A new PSR draft has been approved: PSR-22 – Application Tracing.

PhpStorm 2022.1 released
It comes with improvements for Blade, WordPress, ArrayShape annotations, and many more. Check out a short What’s New video or read the blog post for the full story.
Composer 2.3 Release
This release brings small improvements for users and a modernized internal codebase.

There was also a vulnerability discovered recently – CVE-2022-24828: Composer Command Injection. An attacker controlling a Git or Mercurial repository explicitly listed by URL in composer.json could use specially crafted branch names to execute commands on the machine running the composer update.

Make sure your Composer is up-to-date by running composer self-update.

Craft CMS 4
A major update of the popular open-source CMS was released.

PHP Core

Most of the Core news is covered in detail in the PHP Roundup series from the PHP Foundation, so we’ll only mention them briefly.

Last call for PHP 8.2 release managers!
You need to be able to commit to a 3½-year term, and have good knowledge of PHP, Git, and preferably C. There are already one veteran and six rookie candidates.
[RFC] Redacting parameters in back traces #PHP8.2
[RFC] Allow null and false as stand-alone types #PHP8.2
[RFC] Deprecate ${} string interpolation #PHP8.2
[RFC] Deprecate and Remove utf8_encode and utf8_decode
[RFC] Undefined Variable Error Promotion
🗳 [RFC] Readonly classes
[RFC] Sealed Classes
🆕 [RFC] Add true type
🆕 [RFC] Disjunctive Normal Form Types
[RFC] final class CollectionsDeque
As part of an initiative to add optimized data structures to PHP, the first proposal is ready.
Deque – This is a two-way queue, i.e. items can be added and removed both at the beginning and at the end. It can be used instead of SplQueue or SplDoublyLinkedList to get a performance gain and reduce memory consumption.
RFC Introduce a class-string type
It’s not an official RFC, but an interesting idea to make class-string a real type, as it’s already widely used in static analyzers’ annotations.

Tools

CanIPHP.com – It’s like caniuse.com, but for PHP features.
clue/stream-filter – A simple and modern approach to stream filtering in PHP. You can do some crazy stuff with stream filters in PHP, but also practical things, too.
sfx101/deck – A GUI tool for quick spin-up and configuration of local web development environments, which could be useful for PHP newcomers.
marijnvanwezel/try – A simple CLI tool to try Composer packages with a single command. Just install it and run: try %vendor%/%package%.
frodeborli/moebius – Golang-like coroutines for PHP versions 8.1 or above. The author used his own event-loop implementation, and even a custom testing framework.
Crell/AttributeUtils — Utilities to help ease the parsing and managing of attributes. You might be also interested in koriym/Koriym.Attributes, which can read both doctrine/annotations and PHP 8 attributes with a doctrine annotation interface.
spatie/visit – A CLI HTTP client that shows responses of any URL in a beautiful way.
laravel/valet – A lightweight local dev environment for Mac. No Docker or VirtualBox, just native Nginx and PHP. It can be used for any projects, not only Laravel, and since v3 you can use different PHP versions for each folder (project).
roach-php/core – The complete web scraping toolkit for PHP.
PHPStan 1.6.0 – Released with support for conditional return types and integer masks.
flow-php/etl – An ETL (Extract Transform Load) data processing library for PHP with support for async processing via ReactPHP or Amphp.
igorhrcek/wp-cli-secure-command – One CLI command to secure your WordPress installation.
williarin/wordpress-interop – A package based on Doctrine/DBAL for easier access to the WordPress database from other PHP applications.
sj-i/php-profiler – A sampling profiler for PHP implemented in pure PHP (FFI). You can generate flame diagrams, run trace output in top-like mode, and more.
mrsuh/php-var-sizeof – A function to get the memory size for any variable that promises to be more accurate compared to memory_get_usage(). Requires PHP 7.4 or higher with FFI.
davidcole1340/ext-php-rs – Bindings for the Zend API to build PHP extensions natively in Rust.
easysoft/phpmicro – A statically compiled micro PHP interpreter that can be bundled with your CLI tools to distribute them as PHP-agnostic binaries. Looking forward to Marcel Pociot automating the process!

Symfony

See what’s coming in Symfony 6.1.
📺 Harmonious Development with Symfony 6 – The 2+ hour tutorial for getting started with Symfony is now fully available for free at SymfonyCasts.
Using Symfony Form in WordPress.
“Symfony: The Fast Track” Symfony is now available for Symfony 6.
Symfony Station Communiqué – April 29, 2022.

Laravel

📺 Laravel Origins: The Documentary – This video tells the story of why Laravel came to be, how it’s grown over the last 10 years, and what the future may hold for Taylor and the wider Laravel community.
Laravel Idea 5.3 – An update to the popular paid PhpStorm plugin comes with the Extract Blade Component refactoring, translation values, and advanced event listeners search.
LaravelProTips.com – A collection of useful articles and tweets.
alexeymezenin/laravel-best-practices – More Laravel best practices.
📺 Build a Laravel app and deploy it to production in 5 hours – A speedrun by Brent.
📺 Xdebug 3: Laravel Sail with PhpStorm.

Yii

Yii news 2022, issue 1.
Interview Questions For Yii 2 – Many of them are about PHP in general and can be useful for all job-seekers.

Misc

Comprehensive posts about Docker for PHP developers by Pascal Landau: Docker from scratch for PHP 8.1 Applications in 2022, PhpStorm, Docker and Xdebug 3 on PHP 8.1, and more on his website.
Posts on naming constructors by Andreas Möller and by Stefan Priebsch.
How the Middleware Pattern works and can easily be applied in PHP.
How To Mock Functions That Have External HTTP Requests.
Writing Readable PHP – A paid course by Freek Van der Herten and Christoph Rumpel with bite size tips that make your code a joy to read for you, your coworkers, and your future self.
PHP Tricks: Multi-value match() — Did you know you can compare multiple values in a single match expression? Like this:
function mayFriend(User $u1, User $u2, Group $group): FriendPermission
{
return match ([$u1->inGroup($group), $u2->inGroup($group)]) {
[true, true] => FriendPermission::Allow,
[true, false] => FriendPermission::WithApproval,
[false, true] => FriendPermission::WithApproval,
[false, false] => FriendPermission::Deny,
};
}

Interfaces are not class templates.
Speeding up array_merge().
All the Dynamic Syntaxes in PHP – Good source for interview questions?
Solving Open Source Supply Chain Security for the PHP Ecosystem – An interesting post about the initiatives of the folks at Paragon IE. They are now working on a tool called Gossamer to securely update apps and dependencies. Previously, they introduced libsodium to the PHP core, created Paseto, a safer alternative to JWT, and developed other tools.
Service locator: an anti-pattern.
📺 Xdebug 3: Debugging Unit Tests with PhpStorm.
📺 Learn PHP The Right Way – Full PHP course in 88 videos for free.

Generics

PHP has seen a lot of generics-related activity lately, so we gave them their own section in this post.

📺 First, check out this series of videos on Generics in PHP from Brent.
If you’d like to dive deeper, you might be interested in the post about Generics implementation approaches.
Try an interesting project that implements them in PHP: mrsuh/php-generics. Interestingly, there was a discussion on Reddit about dropping the runtime type checks in PHP for performance. The tool above implements type erasure, so it could theoretically be used for such performance use cases: composer dump-generics –type=type-erasure.
One of the main applications of generics is collections. Check out Comparing PHP Collections.
And last but not least, fun art by @SerafimArts:

Community

📺 PHP isn’t dead, featuring the Laravel Origins cast.

PHP is definitely the best array-oriented programming language

— Jose Diaz (@savant) April 28, 2022

“PHP doeSNt sCaLE”

☁️ Reached 99.999% (five nines) REAL uptime for ALL my sites on a SINGLE 🤖 VPS w/ 204M reqs/mo https://t.co/s1FQtjucz2

“five nines is high availability of services, when the downtime is less than 5 minutes per year”

🥳 pic.twitter.com/VEM1Kcc5Gw

— @levelsio (@levelsio) April 30, 2022

That’s all for today – thanks for reading!

If you have any interesting or useful links to share via PHP Annotated, please leave a comment on this post or send me a tweet.

Subscribe to PHP Annotated

Your JetBrains PhpStorm team
The Drive to Develop

<!—->