Update the following dependencies:
sdboyer/gliph (0.1.4 to 0.1.8)
twig/twig (v1.15.0 to v1.15.1)
doctrine/annotations (v1.2.0 to v1.2.1)
guzzlehttp/guzzle (4.1.7 to 4.1.8)
kriswallsmith/assetic (v1.1.1 to v1.1.2)
sebastian/diff (1.1.0 to 1.2.0)
doctrine/instantiator (1.0.2)
phpunit/php-token-stream (1.2.2 to 1.3.0)
phpunit/php-code-coverage (2.0.8 to 2.0.11)
phpunit/phpunit (4.1.3 to 4.1.4)
zendframework/zend-stdlib (2.2.1 to 2.2.6)
zendframework/zend-escaper (2.2.1 to 2.2.6)
zendframework/zend-feed (2.2.1 to 2.2.6)
mikey179/vfsstream (v1.3.0 to v1.4.0)
doctrine/cache (v1.0 to v1.3.1)
doctrine/collections (v1.1 to v1.2)
Comment | File | Size | Author |
---|---|---|---|
#51 | 2234277.51.patch | 1.77 MB | alexpott |
#51 | 50-51-patch-diff.txt | 161.76 KB | alexpott |
#50 | composer_update-2234277-50.patch | 1.71 MB | hussainweb |
#47 | composer_update-2234277-47.patch | 1.65 MB | cilefen |
#5 | drupal_2234277_5.patch | 2.23 MB | martin107 |
Comments
Comment #1
XanoComment #2
Xano1: drupal_2234277_1.patch queued for re-testing.
Comment #4
ZenDoodles CreditAttribution: ZenDoodles commentedPatch is out-of-date. At this point it's probably better to re-run composer update instead of attempting a reroll.
Comment #5
martin107 CreditAttribution: martin107 commentedoutput of comoposer update
composer update
Loading composer repositories with package information
Updating dependencies (including require-dev)
- Removing sdboyer/gliph (0.1.4)
- Installing sdboyer/gliph (0.1.6)
Loading from cache
- Removing symfony/class-loader (v2.4.1)
- Installing symfony/class-loader (v2.4.6)
Loading from cache
- Removing symfony/css-selector (v2.4.4)
- Installing symfony/css-selector (v2.4.6)
Downloading: 100%
- Removing symfony/dependency-injection (v2.4.1)
- Installing symfony/dependency-injection (v2.4.6)
Loading from cache
- Removing symfony/debug (v2.3.4)
- Installing symfony/debug (v2.5.0)
Downloading: 100%
- Removing symfony/http-foundation (v2.4.1)
- Installing symfony/http-foundation (v2.4.6)
Loading from cache
- Removing symfony/event-dispatcher (v2.4.1)
- Installing symfony/event-dispatcher (v2.4.6)
Loading from cache
- Removing symfony/http-kernel (v2.4.1)
- Installing symfony/http-kernel (v2.4.6)
Downloading: 100%
- Removing symfony/routing (v2.4.1)
- Installing symfony/routing (v2.4.6)
Loading from cache
- Removing symfony/serializer (v2.4.1)
- Installing symfony/serializer (v2.4.6)
Loading from cache
- Removing symfony/property-access (v2.4.1)
- Installing symfony/property-access (v2.5.0)
Downloading: 100%
- Removing symfony/translation (v2.3.4)
- Installing symfony/translation (v2.5.0)
Downloading: 100%
- Removing symfony/validator (v2.4.1)
- Installing symfony/validator (v2.4.6)
Downloading: 100%
- Removing twig/twig (v1.15.0)
- Installing twig/twig (v1.15.1)
Loading from cache
- Removing symfony/process (v2.3.4)
- Installing symfony/process (v2.5.0)
Downloading: 100%
- Removing kriswallsmith/assetic (v1.1.1)
- Installing kriswallsmith/assetic (v1.1.2)
Loading from cache
- Removing phpunit/php-text-template (1.1.4)
- Installing phpunit/php-text-template (1.2.0)
Loading from cache
- Removing phpunit/php-timer (1.0.4)
- Installing phpunit/php-timer (1.0.5)
Loading from cache
- Removing phpunit/php-token-stream (1.1.5)
- Installing phpunit/php-token-stream (1.2.2)
Loading from cache
- Removing phpunit/php-code-coverage (1.2.11)
- Installing phpunit/php-code-coverage (1.2.17)
Loading from cache
- Removing phpunit/phpunit (3.7.21)
- Installing phpunit/phpunit (3.7.37)
Loading from cache
- Removing zendframework/zend-stdlib (2.2.1)
- Installing zendframework/zend-stdlib (2.2.6)
Loading from cache
- Removing zendframework/zend-escaper (2.2.1)
- Installing zendframework/zend-escaper (2.2.6)
Loading from cache
- Removing zendframework/zend-feed (2.2.1)
- Installing zendframework/zend-feed (2.2.6)
Loading from cache
- Removing doctrine/cache (v1.0)
- Installing doctrine/cache (v1.3.0)
Loading from cache
- Removing doctrine/collections (v1.1)
- Installing doctrine/collections (v1.2)
Loading from cache
- Removing guzzlehttp/streams (1.0.0)
- Installing guzzlehttp/streams (1.1.0)
Loading from cache
Comment #7
Xano5: drupal_2234277_5.patch queued for re-testing.
Comment #8
cilefen CreditAttribution: cilefen commentedThis needs to have
composer update
run again because today Symfony released several security updates, including http://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious..., which addresses the same host header vulnerability in https://www.drupal.org/SA-CORE-2014-003.Marking critical because this is a security issue now.
Comment #9
cilefen CreditAttribution: cilefen commentedComment #10
xjmComment #11
neclimdulI see big bumps in symfony/debug, symfony/translation and the doctrine libs. The doctrine libs don't look semver so not sure about them.
I don't think we use these directly so passing tests should be enough but it would be good to have confirmation from someone who knows. The rest looks like normal minor version bumps so big +1.
Comment #12
xjmWe'll need to do this again before release if we don't change how we're using composer.
Comment #13
catchWould like to get this in sooner than later so we have a smaller jump closer to RC (or whenever the next time is).
Comment #14
dawehner@catch
Do you think we can add "beta target" to the symfony 2.5 update issue as well? #2278353: Update to Symfony 2.5
Comment #15
neclimdulCrell agreed in IRC with my guess that the components I mentioned where not used and where dependencies. I don't know what the committer requirements here are but I'd just as well move quickly on this as well and let the dust settle if there is any asap.
Comment #16
cilefen CreditAttribution: cilefen commentedComment #17
netlooker CreditAttribution: netlooker commentedI've tried to apply the patch from #9 and it doesn't work. I will try to do the rerolling of that patch. Currently I'm in Antwerp in the Wuderkraut headquarters and we are doing a crazy sprint stuff here. My colleague Pieter has invited my here and it's really nice place. I strongly recommend to all of the guys from the neighbourhood to attend to next Sprint (free beers and food is waiting for you also).
Comment #18
netlooker CreditAttribution: netlooker commentedI've done the reroll of the patch from #9 and now it is working correctly.
Comment #19
cilefen CreditAttribution: cilefen commented@netlooker: See also #2278353: Update to Symfony 2.5
Comment #20
xjmPostponing on #2278353: Update to Symfony 2.5 per discussion with @cilefen. Then we'll roll a smaller patch with the rest of the library updates. Thanks!
Comment #21
catchTagging with beta upgrade path, per issue summary of #2341575: [meta] Provide a beta to beta/rc upgrade path.
Comment #22
ParisLiakos CreditAttribution: ParisLiakos commentedComment #23
XanoComment #24
dawehnerIt would be nice to include the updates in some simple issue summary.
Comment #25
dawehnerIt would be nice to include the updates in some simple issue summary.
Comment #26
Xanosdboyer/gliph (0.1.4 to 0.1.8)
twig/twig (v1.15.0 to v1.15.1)
doctrine/annotations (v1.2.0 to v1.2.1)
guzzlehttp/guzzle (4.1.7 to 4.1.8)
kriswallsmith/assetic (v1.1.1 to v1.1.2)
sebastian/diff (1.1.0 to 1.2.0)
doctrine/instantiator (1.0.2)
phpunit/php-token-stream (1.2.2 to 1.3.0)
phpunit/php-code-coverage (2.0.8 to 2.0.11)
phpunit/phpunit (4.1.3 to 4.1.4)
zendframework/zend-stdlib (2.2.1 to 2.2.6)
zendframework/zend-escaper (2.2.1 to 2.2.6)
zendframework/zend-feed (2.2.1 to 2.2.6)
mikey179/vfsstream (v1.3.0 to v1.4.0)
doctrine/cache (v1.0 to v1.3.1)
doctrine/collections (v1.1 to v1.2)
Comment #27
anavarreMaybe I missed a discussion somewhere else (or is it because we're in beta now?) but it seems we could upgrade to more recent versions for most dependencies. Namely:
phpunit/phpunit has much recent versions available too but I think I recall this was discussed already not to upgrade to the latest, so not suggesting a newer package here.
Comment #28
XanoThat's more than just a Composer update; those are upgrades to newer minor versions of our dependencies and that would require a composer.json change.
Comment #31
catchWe should do the additonal update but happy for that to be a separate, critical issue if this is close.
Comment #32
cilefen CreditAttribution: cilefen commentedThere is a problem with symfony/yaml trying to update itself but not finding the revision.
By locking symfony/yaml to release tags — and I don't see why we wouldn't do that — the update can proceed. This puts symfony/yaml onto 2.5.5 like the rest of the symfony components.
Comment #36
cilefen CreditAttribution: cilefen commentedThe patch applies to HEAD but the testbots do not like it.
Comment #37
hussainwebI am giving it a shot. Like @cilefen mentioned in #32, I changed Yaml version to
2.5.*
.Comment #38
BerdirThat is not correct, we need that specific symfony/yaml version.
Comment #39
hussainweb@Berdir, can you give a link to point to that commit? I tried on Github but it gave a 404. This is the link I deduced: https://github.com/symfony/Yaml/commit/089129be9f9828f41f0f345e09ff322ecf92cfb2
Comment #40
hussainweb@Berdir, I did some more digging and I think that the version specified for
symfony/yaml
is not correct. I see the lock file specifies499f7d7aa96747ad97940089bd7a1fb24ad8182a
. Should we fix that in this or create a new issue?Comment #41
alexpottPlease don't move the Symfony Yaml library off that commit. 2.5.5 does not have the necessary changes to support. Yep https://github.com/symfony/Yaml/commit/499f7d7aa96747ad97940089bd7a1fb24... is the correct commit - I messed up. alexpott--
Let's fix this here.
Comment #42
hussainweb@alexpott, do you think "2.6.*@dev" is a better choice? From Packagist, I see that points to the commit we need.
Comment #43
hussainwebI fixed the commit reference in composer.json for symfony/yaml. I changed it to
"2.6.*@dev"
. This actually resulted in no code updates (not even composer.lock since that points to the latest commit). Is this good for now or should we refer to the exact commit?Comment #46
hussainwebIn the log, it complains that there is only garbage in line 16148. But there is nothing of that sort there. I guess it is a random failure.
Comment #47
cilefen CreditAttribution: cilefen commentedThis patch addresses #41.
Comment #48
hussainwebPlease disregard patch in #43. It missed out several files, I don't know why. I think the patch in #47 looks good. The only difference is that it uses the commit hash instead of the version (2.6.*@dev). We should decide what makes more sense to us and use that.
Comment #49
dawehnerThis is a good question but 2.6.*@dev feels a bit better as it has a bit more semantic meaning in the first place, but yeah I guess we can't really use that as long we don't allow minimum-stability: dev in the main composer.json file which I consider though as a good idea so let's get this in.
Comment #50
hussainwebThere is a small update to
doctrine/instantiator
to1.0.4
. Attaching the patch.Comment #51
alexpott#50 is missing the change to composer.json to fix the symfony yaml commit hash. Also I don't it has a clean update of php-token-stream - I had to reclone drupal to get a clean update - something very strange going on - after running composer update on my regular drupal 8 clone I could not get it to commit all the changes to the working tree no matter how many times I did
git add -A
.Comment #52
webchickHeh, so I tried to commit this but I get:
Stupid Macs and their non-case-sensitive filesystems grumble grumble. :P
So either catch will need to commit this one, or I'll see about a USB stick or something with a case sensitive FS.
Comment #53
hussainweb@alexpott: Do you mean setting the version for symfony/yaml in composer.json? If so, it was present in the patch in #50.
I think the problem with php-token-stream was the same that @webchick faced while committing. Maybe there was something about this that caused git add -A to not work as well. I think this is definitely why we need to work on #1475510: Remove external dependencies from the core repo and let Composer manage the dependencies instead.
Comment #54
alexpottCommitted 90863ae and pushed to 8.0.x. Thanks!
The case sensitive changes to phpunit are super tricky for some reason even on my case sensitve file system.
Comment #57
Mile23Just a heads-up: #2375997: Avoid tying Drupal 8's composer.json to specific package commits.
Comment #58
BerdirThis was tagged with "revisit before release candidate" in #12 to repeat this before release. We have a critical issue to track this (#2400407: [meta] Ensure vendor (PHP) libraries are on latest stable release) and related issues like #1475510: Remove external dependencies from the core repo and let Composer manage the dependencies instead have the same tag, so I think it is safe to remove it.