SvenRtbg

I don't really like that OWASP page, too. It is assuming that tokens are used in a browser context, so that it is possible to add a cookie that has...

The easiest way would be to add a "classmap" autoloading definition with all the paths that contain your production code. But using "PSR-4" or maybe "PSR-0" would be the preferred...

Alternatively make this library depend on `guzzlehttp/promises ^1.5` explicitly, that will prevent installing the newer library with the removed functions.

The thing I absolutely don't like is the unmotivated array mixture of the permissions. That is yelling "YAGNI" in my ears, i.e. it looks like it is waiting for future...

I don't know about the motivation, however the constant is platform dependent, and that can result in all kinds of "unreliable line endings" issues if you work cross-platform in any...

The PSR container interface definition states: https://www.php-fig.org/psr/psr-11/#112-reading-from-a-container > `has` takes one unique parameter: an entry identifier, which MUST be a string. `has` MUST return true if an entry identifier is...

Exactly. We are talking about two distinct things here. `has()` and `get()` are part of the PSR `ContainerInterface`, and they are read-only. The details about how to configure the container...

I'll try to make my suggestion more explicit: Create a class `TopAccountProvider` that basically has the same three methods: `set`, `get` and maybe `has`. `set` sets an instance of `TopAccount`...

This change obviously needs test cases. However I am not entirely convinced this change should be merged. First of all there is a documented method how nullable types should be...

I see your argument as being valid. `?type` syntax is to be used for explicit types in PHP 7.x, which this library supports, and indeed it feels a bit weird...