Follow-up to #2862254: Update non-Symfony dependencies before 8.3.0

Follow-up to #2859772: Update Symfony components to ~2.8.18

Follow-up to #2840596: Update Symfony components to ~2.8.16

Problem/Motivation

While we are updating Symfony in #2874909: Update Symfony components to 3.3.*, other dependencies still need to be updated.

Proposed resolution

  - Updating composer/installers (v1.2.0 => v1.4.0)
  - Updating wikimedia/composer-merge-plugin (v1.4.0 => v1.4.1)
  - Updating guzzlehttp/guzzle (6.2.3 => 6.3.0)
  - Updating mikey179/vfsstream (v1.6.4 => v1.6.5)
  - Updating phpunit/phpunit (4.8.35 => 4.8.36)

Remaining tasks

Fix it.

User interface changes

None

API changes

Hopefuly none.

Data model changes

None.

Members fund testing for the Drupal project. Drupal Association Learn more

Comments

jibran created an issue. See original summary.

The last submitted patch, 2: update_non_symfony-2900112-2.patch, failed testing. View results

Status: Needs review » Needs work

The last submitted patch, 3: update_non_symfony-2900112-3.patch, failed testing. View results

jibran’s picture

Status: Needs work » Needs review
FileSize
19.73 KB
jibran’s picture

Mile23’s picture

Title: Update non-Symfony dependencies before 8.4.0 » Update non-Symfony dependencies in lock file before 8.4.0
Status: Needs review » Needs work

It seems like our version requirements for those packages are fine as-is, unless there's a specific reason the lower versions are incompatible.

We really want to update the lock file, because generally we'd want newer versions available through composer install.

So for instance, like this:

$ composer update composer/installers
[ stuff happens ]
$ composer show *installers
composer/installers v1.4.0 A multi-framework Composer library installer
Mile23’s picture

Issue tags: +composer
mpdonadio’s picture

Status: Needs work » Needs review
FileSize
8.08 KB
8.08 KB

Here is just the change to the lockfile. #7 didn't apply anymore, this is really a rebase+minor merge and then reverting the changes to composer.json and core/composer.json; I didn't just edit out those hunks.

Do we want test-only patches with --prefer-lowest for these packages to double check our assumptions?

Mile23’s picture

The last submitted patch, 10: 2900112-10-84x.patch, failed testing. View results

Status: Needs review » Needs work

The last submitted patch, 10: 2900112-10-85x.patch, failed testing. View results

mpdonadio’s picture

Ok, lets just redo this with

composer update composer/installers wikimedia/composer-merge-plugin guzzlehttp/guzzle mikey179/vfsstream phpunit/phpunit

to get the hash right.

- Updating composer/installers (v1.2.0 => v1.4.0)
- Updating wikimedia/composer-merge-plugin (v1.4.0 => v1.4.1)
- Updating guzzlehttp/guzzle (6.2.3 => 6.3.0)
- Updating mikey179/vfsstream (v1.6.4 => v1.6.5)
- Updating phpunit/phpunit (4.8.35 => 4.8.36)

Updated IS to reflect what composer picked for composer/installers

Mile23’s picture

Status: Needs review » Reviewed & tested by the community

In deference to #2843328: Enforce minimum PHP version in composer dependencies I applied the patch in #14 and then did composer install

Then I added config:platform:php:5.5.9 to composer.json and did composer update to check if we exceeded our platform minimum requirements.

No difference in the packages found by Composer. Therefore: RTBC.