[Bug 281079] www/lua-resty-session: version 4.X is incompatible with security/lua-resty-openidc

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281079

            Bug ID: 281079
           Summary: www/lua-resty-session: version 4.X is incompatible
                    with security/lua-resty-openidc
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: netchild@FreeBSD.org
          Reporter: baptiste@bapt.name
             Flags: maintainer-feedback?(netchild@FreeBSD.org)
          Assignee: netchild@FreeBSD.org

Hey,
As of today, lua-resty-openidc is not compatible with lua-resty-session 4.x.

It's an upstream problem, a version 3.x is pinned in the lua-resty-session
dependencies:
https://github.com/zmartzone/lua-resty-openidc/blob/9f3a4fcade930f6f38ee0cb43cabf50cebffbcc9/lua-resty-openidc-1.7.6-3.rockspec#L27

There is apparently currently no clear plan on when/if lua-resty-openidc will
be updated to include changes for lua-resty-session 4.X, see discussions on
https://github.com/zmartzone/lua-resty-openidc/issues/480

I had to takeover the management of a legacy application protected by nginx +
lua + lua-resty-openidc and lua-resty-session, that was created when those
packages weren't yet in the port tree.
I've been able to update to the ports for all packages, but my only way to get
this working was by building a package of lua-resty-session 3.X.

Would it be possible to downgrade the version of lua-resty-session to 3.x, or,
more likely, to add flavors like lua-resty-session@3 and lua-resty-session@4
and having then lua-resty-openidc depend on lua-resty-session@3 ?

Thanks!

Best
Baptiste

-- 
You are receiving this mail because:
You are the assignee for the bug.