Problem/Motivation

composer outdated shows that some of our dependencies are old. Let's updated them. Major version updates for Symfony and Twig are handled by other pre-existing issues.

Proposed resolution

Run composer update

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

+------------------------+--------+--------+
| Production Changes     | From   | To     |
+------------------------+--------+--------+
| composer/semver        | 3.2.6  | 3.2.7  |
| doctrine/lexer         | 1.2.1  | 1.2.2  |
| guzzlehttp/guzzle      | 7.4.0  | 7.4.1  |
| laminas/laminas-feed   | 2.15.0 | 2.16.0 |
| laminas/laminas-stdlib | 3.6.1  | 3.7.0  |
| psr/cache              | 1.0.1  | 3.0.0  |
| psr/container          | 1.1.1  | 1.1.2  |
+------------------------+--------+--------+

+-----------------------------------------+--------+--------+
| Dev Changes                             | From   | To     |
+-----------------------------------------+--------+--------+
| composer/composer                       | 2.1.12 | 2.2.4  |
| composer/xdebug-handler                 | 2.0.2  | 2.0.4  |
| friends-of-behat/mink-browserkit-driver | v1.5.0 | v1.6.1 |
| phpdocumentor/type-resolver             | 1.5.1  | 1.6.0  |
| phpunit/phpunit                         | 9.5.10 | 9.5.11 |
| seld/phar-utils                         | 1.1.2  | 1.2.0  |
| squizlabs/php_codesniffer               | 3.6.1  | 3.6.2  |
| composer/pcre                           | NEW    | 1.0.0  |
+-----------------------------------------+--------+--------+
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

alexpott created an issue. See original summary.

alexpott’s picture

Title: Update dependencies for Drupal 10.0.x except symfony and twig » Update dependencies for Drupal 10.0.x
Issue summary: View changes
Status: Active » Needs review
FileSize
41.01 KB
alexpott’s picture

Fixing the patch

Status: Needs review » Needs work

The last submitted patch, 3: 3255353-3.patch, failed testing. View results

longwave’s picture

Maybe leave asm89/stack-cors for #3128982: Upgrade asm89/stack-cors to ^2.0 to fix cacheability and guzzlehttp/psr7 for #3220220: Update guzzlehttp/psr7 to 2.1.0?

Are there any breaking changes in composer/installers 2?

I think major version bumps of anything require release manager signoff? In which case maybe only do the minor bumps here and leave majors to individual issues?

longwave’s picture

    "replace": {
        "paragonie/random_compat": "9.99.99",
        "symfony/polyfill-php70": "*",
        "symfony/polyfill-php72": "*",
        "symfony/polyfill-php73": "*"
    },

We should also consider adding replace lines for the PHP 7.4 and 8.0 polyfills as we no longer need them.

edit: and local testing suggests we can remove paragonie/random_compat and symfony/polyfill-php70 as nothing depends on those any more anyway - maybe let's spin off a separate issue for this

alexpott’s picture

We don't use the API of composer/installers - I'm not sure we can even consider it having one. It still supports Drupal. I think the major change we the removal of support for lots of things that no longer need it. Would be interesting to see what Joomla has done... see https://github.com/composer/installers/blob/main/CHANGELOG.md

Spokje’s picture

andypost’s picture

Upgrade of #3128982: Upgrade asm89/stack-cors to ^2.0 to fix cacheability gonna be tricky as new 2.1.0 release supports only SF6 but previous releases fails ATM with

COMPOSER_ROOT_VERSION=10.0.x-dev composer require -W 'asm89/stack-cors ^2.0'
...
  Problem 1
    - Root composer.json requires drupal/core 10.0.x-dev -> satisfiable by drupal/core[10.0.x-dev].
    - drupal/core 10.0.x-dev requires symfony/serializer ^4.4 -> found symfony/serializer[v4.4.0-BETA1, ..., 4.4.x-dev] but these were not loaded, likely because it conflicts with another require.

alexpott’s picture

Issue summary: View changes
Status: Needs work » Needs review
FileSize
63.46 KB

Updating all the things now the major updates have been done...

Yes the psr/cache library is changing major version here but imo that's okay this is not a major library for us.

alexpott’s picture

Chasing the updates...

  - Upgrading composer/composer (2.2.3 => 2.2.4)
  - Upgrading doctrine/lexer (1.2.1 => 1.2.2)
  - Upgrading laminas/laminas-stdlib (3.6.4 => 3.7.0)
longwave’s picture

Status: Needs review » Reviewed & tested by the community

Looks good to me, might as well get this in now before the next round :)

alexpott’s picture

Status: Reviewed & tested by the community » Needs work

Trying to re-roll this issue now that SF5 has landed but this happens:

  - Upgrading symfony/deprecation-contracts (v2.5.0 => v3.0.0)
  - Downgrading symfony/service-contracts (v2.5.0 => v2.4.1)

Which is really odd.

This will be fixed once https://github.com/symfony/service-contracts/commit/034c73d5dd4c05c71a27... lands. So I think we should go to a dev release of the service-contracts.

alexpott’s picture

Issue summary: View changes
Status: Needs work » Needs review
FileSize
37.3 KB
alexpott’s picture

Oh damn - the dev package will not be allowed in an alpha...

alexpott’s picture

Oh changed minimum stablity to alpha and reran... and back to dev and updated lock hash.

alexpott’s picture

Let's remove the change to core/composer.json - it's pointless - it only fixes running composer update... but until https://github.com/symfony/service-contracts/commit/034c73d5dd4c05c71a27... is released we're going to need to be careful while doing that anyway.

longwave’s picture

Status: Needs review » Reviewed & tested by the community
+++ b/composer.lock
@@ -4764,7 +4761,7 @@
-                "symfony/console": "^2.8.52 || ^3.4.35 || ^4.4 || ^5.0 || ^6.0",
+                "symfony/console": "^2.8.52 || ^3.4.35 || ^4.4 || ^5.0",

Hmm, this will block our Symfony 6 upgrade.

Otherwise this looks fine and there will surely be many more rounds of upgrades on the way to Drupal 10.

@alexpott do you want to open a companion issue for Drupal 9.4, as we should bump deps there where we can as well?

Gábor Hojtsy’s picture

Title: Update dependencies for Drupal 10.0.x » Update dependencies for Drupal 10.0.x before alpha1

Making titlte more specific.

The last submitted patch, 14: 3255353-3-14.patch, failed testing. View results

  • catch committed 80a83b4 on 10.0.x
    Issue #3255353 by alexpott, longwave: Update dependencies for Drupal 10....
catch’s picture

Status: Reviewed & tested by the community » Fixed

Committed 80a83b4 and pushed to 10.0.x. Thanks!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.