Patching WordPress Requests for PHP 8.1

Update Feb 9, 2022

The solution in this post is outdated. Please see this issue and a potential solution in this PR. Until it is merged you can use the same technique as mentioned below, but

composer require rmccue/requests:^2.0.1

and use this patch (the example is in there as well).

Here is the original post:

It had been announced that the version 2.0.0 for the package rmccue/requests would be included with WordPress 5.9.

Unfortunately, this is no longer the case:

The 2.0.0 release removes PHP 8.1 deprecation notices, among other things by adding #[ReturnTypeWillChange] comments to classes implementing PHP core interfaces that have received return types in 8.1:

I prefer not to prevent E_DEPRECATED in my environment completely, but I also don’t want to see these deprecated notices on every request in my logs. Here is my solution to get rid of it.

Fortunately, the class WP_Http lets us preload the Requests library and only includes the version shipped with core if Requests is not yet available:

if ( ! class_exists( 'Requests' ) ) {
    require ABSPATH . WPINC . '/class-requests.php';

    Requests::set_certificate_path( ABSPATH . WPINC . '/certificates/ca-bundle.crt' );

Therefore, we can install Requests in the latest version prior to 2.0.0

composer require rmccue/requests:^1.8.1

and use cweagans/composer-patches

composer require cweagans/composer-patches

to patch the Requests library with the patch already provided by jrfnl by adding the following to the "extra" node of composer.json

"extra": {
    "patches": {
      "rmccue/requests": {
        "Remove PHP 8.1 deprecation notices": ""

This will also work for WordPress version before WP 5.9.

Update: @jrf_nl pointed out that the Requests::set_certificate_path method still needs to be called. So make sure to call this somewhere in your code after the library is loaded and the paths are set.