Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
#2712647: Update Symfony components to ~3.2 and #2871253: Update Symfony components to 3.2.8 updated the Symfony components to 3.2.* but with 3.3.0 due out in May 2017 we should make sure Drupal 8.4.0 can ship with this.
Proposed resolution
Update composer.json once 3.3.0 has been tagged.
Remaining tasks
User interface changes
API changes
Data model changes
Comment | File | Size | Author |
---|---|---|---|
#91 | interdiff.txt | 816 bytes | slasher13 |
#91 | update_symfony-2874909-91.patch | 61.92 KB | slasher13 |
#89 | interdiff.txt | 21.05 KB | slasher13 |
#89 | update_symfony-2874909-89.patch | 61.12 KB | slasher13 |
#77 | interdiff.txt | 3.64 KB | slasher13 |
Comments
Comment #2
mpdonadioLet's see if anything breaks with 3.3-beta1.
Comment #3
jibranNice one @mpdonadio.
Comment #4
timmillwoodThanks for adding the beta patch. Hopefully we can keep on the ball with the symfony updates and move to 4.* in November ready for 8.5.x. Although that would mean shifting Drupal to depend on php7
Comment #6
mpdonadioThis fixes the proxy fail, and updates some related deprecations in 3.3. The larger problem is Request::setTrustedHeaderName() is deprecated now in favor of the X-Forwarded-* headers or the new RFC7239 Forwarded header, instead of allowing you to specify your own header names. Not sure how we handle BC with those settings in the long run.
I don't know enough about the low level container details to know what is really happening in those fails, or why just those two tests fail and everything doesn't implode. Nothing in http://symfony.com/blog/symfony-3-3-0-beta1-released jumped out at me.
Comment #8
pritish.kumar CreditAttribution: pritish.kumar at OpenSense Labs commentedFixed the coding standard issue in ReverseProxyMiddleware.php
Comment #10
mpdonadioReroll b/c #2488860: Bring phpunit bridge into drupal and use it for unit tests and simpletest to handle Deprecation.
#2871253: Update Symfony components to 3.2.8 will also likely require a reroll when it lands.
Tagging out on this for the time being; the container fails are over my head.
Comment #11
jibranI think you forgot to rebase the local branch to 8.4.x.
Comment #12
mpdonadioSigh. That was my failed attempt to do a simple rebase and forgetting to fresh start the branch I was in.
This is the fresh start. But, upon watching composer run and closer examination of composer.lock, I noticed that specifying this way isn't pulling in the 3.3-beta1 versions of Symfony dependencies that aren't explicit in the core/composer.json (symfony/debug, symfony/dom-crawler, and symfony/browser-kit). I am not sure if that matters with these:
Attached is a B patch, where those are added to force those to beta for the time being:
Comment #13
jibranNo need to add these to composer.json just update these packages using cli and it'd update composer.lock.
Comment #15
jibranRe-roll after #2871253: Update Symfony components to 3.2.8.
Comment #17
Eric_A CreditAttribution: Eric_A commentedIf you'd be so kind to stop by at #2876669: Fix dependency version requirement declarations in components...
Comment #18
deviantintegral CreditAttribution: deviantintegral at Lullabot commentedRunning with updated dependencies is causing some functional tests to fail against 8.4.x. 8.3.x is fine. I found this with a test for the Amazon SNS module, but it happens with core tests too.
This patch does nothing but run composer update. I expect this would break for anyone trying to use 8.4.x with a composer-based workflow.
Comment #20
mpdonadio#18 seems to be missing composer.json and the changes to ReverseProxyMiddleware.
Comment #21
mpdonadioOk, back to tildes in composer.json, which results in 3.3.2 in the lockfile after `composer update 'symfony/*'`.
Interdiff is against #15. Didn't see anything odd in the lockfile.
Still expect fails because deprecations from phpunit-bridge, and other quirks.
Comment #23
jibranSome test fixes.
Comment #25
jibranWe have a @see to https://github.com/symfony/symfony/pull/12521 in
\Drupal\Tests\Component\EventDispatcher\ContainerAwareEventDispatcherTest
and[EventDispatcher] Add Drupal EventDispatcher is closed in favor of [DI][EventDispatcher] Add & wire closure-proxy argument type. Any suggestions how to fix
The Symfony\Component\EventDispatcher\ContainerAwareEventDispatcher class is deprecated since version 3.3 and will be removed in 4.0.
Comment #27
hswong3i CreditAttribution: hswong3i commentedI try to re-roll #25 patch with latest dev, anyway it fail in installation as #2886332: Autoloading issues cause Fatal error with core in separate directory to vendor mentioned...
Comment #28
hswong3i CreditAttribution: hswong3i commentedComment #29
cilefen CreditAttribution: cilefen commentedComment #30
cilefen CreditAttribution: cilefen commentedComment #31
timmillwoodLooks like if this gets in to 8.4.x we'll need to increase the minimum PHP requirement to 5.6 (currently it's 5.5.9).
Queuing some tests to be sure.
Comment #33
timmillwoodok, we can check this after reroll.
Comment #34
jofitz CreditAttribution: jofitz at ComputerMinds commentedRe-rolled.
Comment #36
Eric_A CreditAttribution: Eric_A commentedAnd #2769841: Prefer caret over tilde in composer.json is in again.
Comment #37
pk188 CreditAttribution: pk188 at OpenSense Labs commentedRe rolled.
Comment #39
timmillwoodNot sure it's worth doing anymore re-rolls until we've moved Drupal to have a minimum PHP version of 5.6
Comment #40
jibranRe-rolled form #25. The patch was not rolled correctly. None of the new updates require min 5.6 so this is not blocked on anything.
Comment #41
jibranComment #42
timmillwoodIt seems the following libraries depend on PHP 5.6:
Comment #43
jibranYup, those are all listed in #2864037: [META] Update core PHP dependencies.
Comment #45
Eric_A CreditAttribution: Eric_A commentedNow #40 needs a re-roll for #2769841: Prefer caret over tilde in composer.json.
Comment #46
jibranWell, not exactly see the patch in #2887000: composer.json does not constrain Symfony components to minor and patch versions that are compatible with Drupal.
Comment #47
Mile23Isolating the issue from #25: #2895487: [Symfony 4] ContainerAwareEventDispatcherTest depends on Symfony tests
Comment #48
slasher13- use caret over tilde in composer.json
- update symfony/* to 3.3.5
Comment #50
Mile23From the test results: https://www.drupal.org/pift-ci-job/720562
That looks quite non-trivial.
Comment #52
jibranThis is blocked on #2864031: Update twig/twig from v1.25.0 to v1.32.0 and #2887000: composer.json does not constrain Symfony components to minor and patch versions that are compatible with Drupal. Update symfony/* to 3.3.6
Comment #54
Mile23We need to be careful about symfony/phpunit-bridge as long as we're using phpunit 4.8.*: #2882826: Constrain symfony/phpunit-bridge to 3.2.*
Comment #55
dawehner@jibran asked me a have a look at it:
Comment #56
jibran> I don't think we should update twig in this issue
I agree, updating to 3.3.6 was not possible until I updated the twig. This is blocked on #2864031: Update twig/twig from v1.25.0 to v1.32.0 which is green now.
> Symfony seems to be broken, but I haven't managed to reproduce it properly as a PR in symfony
Can you please elaborate on that?
And thanks for having a look.
Comment #57
jibranYet another reroll.
Comment #59
Mile23Like I said in #54... :-)
#2882826: Constrain symfony/phpunit-bridge to 3.2.*
We could change it here if this patch goes in before that one.
Comment #60
TJacksonVA CreditAttribution: TJacksonVA commentedShouldn't this now be changed to update to Symfony 3.4, as Symfony 3.4 is currently in beta3 and will be released on a production basis at the end of November? Especially since Symfony 3.4 is a long-term support version (through November 2021).
Comment #61
Mile23@TjacksonVA That's an ongoing conversation: #2899825: Release and support cycles for PHP dependencies
Also, the concerns of #54 and #59 were addressed by #2870194: Ensure that process-isolated tests can use Symfony's PHPunit bridge to catch usages of deprecated code
Comment #62
catchWe need to get onto the Symfony 3 LTS release before doing anything with Symfony 4. It took us a long time to get from Symfony 2 to 3, and the change was disruptive to drush and at least a couple of modules once we did.
It'd be fine to open a new issue for Symfony 4 beta to see how disruptive the changes are though. From previous announcements it looked like all the big changes were around bundles which we don't even use, but there could well be smaller changes to components that affect things we rely on.
Comment #63
deviantintegral CreditAttribution: deviantintegral at Lullabot commentedWe also need to consider contrib or site-specific code that itself relies on Symfony 3 components. If I use a 3.4 LTS component in a module that isn't in core, I would still expect that module to remain compatible with all future Drupal 8 releases.
Comment #64
slasher13re-roll
Comment #65
slasher13skip deprecation messages
Comment #67
slasher13more messages
Comment #69
jibranCan we add this error message to the skipped deprecation as well?
Comment #71
slasher13Comment #72
slasher13#69 done
Comment #75
slasher13- update phpunit-bridge
- add expected deprecations
- revert #72
Comment #76
Mile23If we're adding the deprecation message to the list of skipped messages, then we shouldn't modify the test.
Comment #77
slasher13#76 done
Comment #78
Mile23I meant: Don't add
@group legacy
or expected deprecations to the tests, please. :-)We don't want the tests to expect deprecation errors. That way when it comes time to fix the deprecations we only have to remove the messages from the ignore list.
Comment #79
slasher13The deprecation listener doesn't work for some tests see e.g. #71 and #72.
Comment #80
Mile23Aha. That's a bug: #2922887: Drupal DeprecationListener only works for process-isolated tests
In that case, we can move forward here with the expected exceptions and then be sure to fix them in the other issue, or some other follow-up.
Comment #81
mpdonadio#80, it would probably be worth it to explicitly add @todo pointing to #2922887: Drupal DeprecationListener only works for process-isolated tests in those cases.
Comment #82
alexpottThis is the entire point of #2870194: Ensure that process-isolated tests can use Symfony's PHPunit bridge to catch usages of deprecated code. We should definitely not be adding to this array. We need to do the work here in the upgrade to not accrue the technical debt.
Where the deprecations are expected in a test, we should maintain the deprecation and test for it using
@group legacy
and@expectedDeprecation
.Comment #83
catchI misread #60 as talking about Symfony 4, not Symfony 3.4. I still think we should try to get this done asap then move onto Symfony 3.4. However if Symfony 3.4 has a stable release before we do that, when we can just skip 3.3. It'd be absolutely fine for someone to start a separate 3.4 issue now stacked on this issue if they want though.
On the deprecations stuff:
If we follow the current plan in #2607260: [meta] Core deprecation message introduction, contrib testing etc. we should do the following:
1. Fix deprecations in core before/as part of this issue.
2. Commit the patch with the DeprecationListener additions so that contrib doesn't start failing without a warning
3. When 8.6.x is opened (i.e. when there's a tagged Drupal 8.4.x release with the new Symfony 3.3 APIs available), commit a follow-up issue that removes those lines from the DeprecationListener so that contrib tests start to fail and they're encouraged to update.
This needs to be balanced with getting onto Symfony 3.3 before security support is dropped for Symfony 3.2, which is January 2018. So if there's something intractable we might have to live with using the deprecated stuff to avoid dropping out of security support.
I'm bumping this to critical, since two months isn't long.
Comment #84
catchGiven those two months and the schedule for 8.5.x, I think we should actually not fix the deprecations here and do them in a follow-up. Even when this patch lands in 8.5.x, we've still got January-March 7th 2018 where Symfony could theoretically do a security release and we'd have no obvious way to do a corresponding Drupal 8 release.
Comment #85
xjm@plach, @catch, @larowlan, @effulgentsia, and I discussed this issue today. We agreed it should be critical and that it's pretty urgent given that there are only six weeks until our version of Symfony loses security support, which in turn might force us to roll this potentially disruptive change out with zero warning in a security release if something gets disclosed.
Comment #86
mpdonadio#84 mentions a f/up, so tagging.
This appears in a lot of the Symfony dependencies. We need to take this into account for people who commit/deploy vendor or use the tarball.
At a minimum, we need to tweak the installer and system_requirements, however we don't really have a mechanism in place for it (both just do min version checks). Not sure if we also want to mirror in core/composer.json
For a cleaner history, do we want a side issue to do the installer and system_requirements change to use SemVer::satisfies() instead of version_compare()?
Comment #87
mpdonadioAdding some related issues, both of which could probably be adapted to semver instead of min-version.
Comment #88
slasher13Created new issue #2927746: Update Symfony components to 3.4.*
Comment #89
slasher13#86 done
update symfony
Comment #91
slasher13Comment #93
dawehnerI'm a bit confused, we need to call both?
Comment #94
effulgentsia CreditAttribution: effulgentsia at Acquia commentedFrom #83:
There is one now. There's even a 3.4.1. I'm equally ok with finishing this issue for 3.3 and then opening a new one for 3.4, or skipping 3.3 and rescoping this one to 3.4. For the people working on this issue, which approach would be easier for you?
Comment #95
Mile23I get that we might end up needing to add some messages here for 3.3, but are there not any that we can remove along with this change? See also #82.
Comment #96
alexpottIf the whole test is not legacy then we should put only the method that is testing the deprecation in the legacy group - so we just need to move the @group to the method not the class
Comment #97
cilefen CreditAttribution: cilefen commentedRe #94, #2927746: Update Symfony components to 3.4.*, exists and has patches. I don't see that we should continue chasing 3.3 when 3.4 is stable and is an LTS. Let's close this, or, close #2927746 and re-scope this issue now.
Comment #98
jibranThe idea was to give people time to adapt the BC break/API changes.
From: https://symfony.com/roadmap?version=3.3
Given above info, I think now it is ok to close this issue and fix #2927746: Update Symfony components to 3.4.*.
We should move the credits to the 3.4 issue as well.
Comment #99
mpdonadioAgreed. Going to let a @cilefen close this so he can update credits on the other issue, as needed.
Comment #100
cilefen CreditAttribution: cilefen commentedGood idea @mpdonadio. I'm taking care of that now.
Comment #101
slasher13In https://www.drupal.org/project/drupal/issues/2927746#comment-12383036 you see some of symfony 3.4 breaking changes.
I think we need a own BC layer to handle these changes.
I would prefer to start with the much less breaking version 3.3.
Comment #102
cilefen CreditAttribution: cilefen at Institute for Advanced Study commentedThe reasoning behind the comment is understandable of course. However 3.3 loses security support in July.
I respect very much the work you've done on this issue. But nobody replied directly to comment #94 one month ago, which is why I decided to close this one. At the same time I don't want to discourage anyone!
Comment #104
jibran