Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
Problem/Motivation
composer outdated shows that some of our dependencies are old. Let's updated them. Major version updates for Symfony and Twig are handled by other pre-existing issues.
Proposed resolution
Run composer update
Remaining tasks
User interface changes
API changes
Data model changes
Release notes snippet
+------------------------+--------+--------+
| Production Changes | From | To |
+------------------------+--------+--------+
| composer/semver | 3.2.6 | 3.2.7 |
| doctrine/lexer | 1.2.1 | 1.2.2 |
| guzzlehttp/guzzle | 7.4.0 | 7.4.1 |
| laminas/laminas-feed | 2.15.0 | 2.16.0 |
| laminas/laminas-stdlib | 3.6.1 | 3.7.0 |
| psr/cache | 1.0.1 | 3.0.0 |
| psr/container | 1.1.1 | 1.1.2 |
+------------------------+--------+--------+
+-----------------------------------------+--------+--------+
| Dev Changes | From | To |
+-----------------------------------------+--------+--------+
| composer/composer | 2.1.12 | 2.2.4 |
| composer/xdebug-handler | 2.0.2 | 2.0.4 |
| friends-of-behat/mink-browserkit-driver | v1.5.0 | v1.6.1 |
| phpdocumentor/type-resolver | 1.5.1 | 1.6.0 |
| phpunit/phpunit | 9.5.10 | 9.5.11 |
| seld/phar-utils | 1.1.2 | 1.2.0 |
| squizlabs/php_codesniffer | 3.6.1 | 3.6.2 |
| composer/pcre | NEW | 1.0.0 |
+-----------------------------------------+--------+--------+
Comment | File | Size | Author |
---|---|---|---|
#17 | 3255353-3-16.patch | 31.59 KB | alexpott |
| |||
#17 | 15-16-interdiff.txt | 1.24 KB | alexpott |
#16 | 3255353-3-15.patch | 32.71 KB | alexpott |
| |||
#16 | 14-15-interdiff.txt | 4.96 KB | alexpott |
#14 | 3255353-3-14.patch | 37.3 KB | alexpott |
Comments
Comment #2
alexpottComment #3
alexpottFixing the patch
Comment #5
longwaveMaybe leave
asm89/stack-cors
for #3128982: Upgrade asm89/stack-cors to ^2.0 to fix cacheability andguzzlehttp/psr7
for #3220220: Update guzzlehttp/psr7 to 2.1.0?Are there any breaking changes in
composer/installers
2?I think major version bumps of anything require release manager signoff? In which case maybe only do the minor bumps here and leave majors to individual issues?
Comment #6
longwaveWe should also consider adding
replace
lines for the PHP 7.4 and 8.0 polyfills as we no longer need them.edit: and local testing suggests we can remove
paragonie/random_compat
andsymfony/polyfill-php70
as nothing depends on those any more anyway - maybe let's spin off a separate issue for thisComment #7
alexpottWe don't use the API of composer/installers - I'm not sure we can even consider it having one. It still supports Drupal. I think the major change we the removal of support for lots of things that no longer need it. Would be interesting to see what Joomla has done... see https://github.com/composer/installers/blob/main/CHANGELOG.md
Comment #8
SpokjeComment #9
andypostUpgrade of #3128982: Upgrade asm89/stack-cors to ^2.0 to fix cacheability gonna be tricky as new 2.1.0 release supports only SF6 but previous releases fails ATM with
Comment #10
alexpottUpdating all the things now the major updates have been done...
Yes the psr/cache library is changing major version here but imo that's okay this is not a major library for us.
Comment #11
alexpottChasing the updates...
Comment #12
longwaveLooks good to me, might as well get this in now before the next round :)
Comment #13
alexpottTrying to re-roll this issue now that SF5 has landed but this happens:
Which is really odd.
This will be fixed once https://github.com/symfony/service-contracts/commit/034c73d5dd4c05c71a27... lands. So I think we should go to a dev release of the service-contracts.
Comment #14
alexpottComment #15
alexpottOh damn - the dev package will not be allowed in an alpha...
Comment #16
alexpottOh changed minimum stablity to alpha and reran... and back to dev and updated lock hash.
Comment #17
alexpottLet's remove the change to core/composer.json - it's pointless - it only fixes running composer update... but until https://github.com/symfony/service-contracts/commit/034c73d5dd4c05c71a27... is released we're going to need to be careful while doing that anyway.
Comment #18
longwaveHmm, this will block our Symfony 6 upgrade.
Otherwise this looks fine and there will surely be many more rounds of upgrades on the way to Drupal 10.
@alexpott do you want to open a companion issue for Drupal 9.4, as we should bump deps there where we can as well?
Comment #19
Gábor HojtsyMaking titlte more specific.
Comment #22
catchCommitted 80a83b4 and pushed to 10.0.x. Thanks!