Requests library upgraded to 2.0.5 in WordPress 6.2

TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. ticketticket Created for both bug reports and feature development on the bug tracker. #54504 was created to upgrade the Requests library to 2.0.0. Requests 2.0.0 was a major releasemajor release A release, identified by the first two numbers (3.6), which is the focus of a full release cycle and feature development. WordPress uses decimaling count for major release versions, so 2.8, 2.9, 3.0, and 3.1 are sequential and comparable in scope. and contains breaking changes. Additional upgrades to 2.0.5 were completed during this process. View the upgrade guide.

Namespacing introduced

Requests 2.0.0 introduces namespacing (PSR-4) for all Requests code. A full backward compatibility layer is included and old PSR-0 class names are still supported. However, using the old PSR-0 class names will generate a deprecation notice.

If your pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party or theme uses the WordPress native wp_remote_*() functions, you won’t need to do anything.

If your plugin or theme uses Requests directly, and only supports the latest version of WordPress, you should update your code to use the namespaced names. For example, to perform a request with a try-catch using the namespaced names:

// Old: Perform a request with a try-catch in Requests 1.x.
try {
	$response = Requests::request( $url, $headers, $data, $type, $options );
} catch ( Requests_Exception $e ) {
	return new WP_Error( 'http_request_failed', $e->getMessage() );
}

// New: Perform a request with a try-catch in Requests 2.x.
try {
	$response = WpOrg\Requests\Requests::request( $url, $headers, $data, $type, $options );
} catch ( WpOrg\Requests\Exception $e ) {
	return new WP_Error( 'http_request_failed', $e->getMessage() );
}

If your plugin or theme uses Requests directly and supports a wider range of WordPress versions, you may need to conditionally declare the REQUESTS_SILENCE_PSR0_DEPRECATIONS constant as true to silence deprecation notices about the old PSR-0 class names. You should upgrade your code as soon as WordPress 6.2 becomes the minimum WordPress version for your plugin or theme.

if ( ! defined( 'REQUESTS_SILENCE_PSR0_DEPRECATIONS' ) ) {
    define( 'REQUESTS_SILENCE_PSR0_DEPRECATIONS', true );
}

Directory structure changes

wp-includes/class-requests.php and wp-includes/Requests/library/Requests.php have been deprecated in WordPress 6.2.

Class and interface files/directories have been moved.

  • Old location: wp-includes/Requests/.
  • New location: wp-includes/Requests/src/.

The Requests class file is now located at wp-includes/Requests/src/Requests.php.

New minimum PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 or higher version

Requests 2.0.0 drops support for PHP 5.2 – 5.5, and the new minimum supported PHP version is now 5.6.

Support for HHVM has also been dropped formally now.

Many classes now marked final

A large number of classes have been marked as final. These changes were made after researching which classes were being extended by plugin and theme authors, and due diligence was applied before making these changes.

If this change causes a problem that wasn’t anticipated, please open an issue to report it.

Stricter input validation

All typical entry point methods in Requests will now, directly or indirectly, validate the received input parameters for being of the correct type.

When an incorrect parameter type is received, a catchable WpOrg\Requests\Exception\InvalidArgument exception will be thrown.

The input validation has been set up to be reasonably liberal, so if Requests was being used as per the documentation, this change should not affect you. If you still find the input validation to be too strict and you have a good use-case of why it should be loosened for a particular entry point, please open an issue to discuss this.

PHP 8.x compatibility

Requests 2.x is compatible with PHP 8.0, 8.1 and 8.2.

A note on bundled certificates

While the changelogs for Requests 2.0.0 – 2.0.5 mention updates for bundled certificates, WordPress uses its own bundled certificates, so these updates do not affect plugins or themes.

Full changelogs

Props to @jrf and @hellofromtonya for peer review, to @bph, @webcommsat, and @milana_cap for review.

#6-2, #dev-notes, #dev-notes-6-2