Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Beta phase evaluation
Issue category | Bug because composer update --prefer-lowest --prefer-stable fails. |
---|---|
Issue priority | Major because it could cause issues with composer dependencies. |
Problem/Motivation
When Symfony tests their code they run composer update --prefer-lowest --prefer-stable
to try the lowest stable version of each dependency. Doing this in D8 fails.
The dependency that fails is "mikey179/vfsStream". We currently require version 1.* in core/composer.json. I'm looking at what is the minimum version that we need and specifying that in composer.json. For example, we currently lock to version 1.5, so could specify "~1.5" (or lower) in core/composer.json instead of "1.*".
Proposed resolution
1.2 is the minimum needed to pass the tests, therefore "~1.2" is the proposed setting.
Remaining tasks
none
User interface changes
none
API changes
none
Data model changes
none
Comment | File | Size | Author |
---|---|---|---|
#1 | set_better_version_for-2529082-1.patch | 903 bytes | timmillwood |
Comments
Comment #1
timmillwoodWe should be good with "~1.2"
Comment #2
amateescu CreditAttribution: amateescu for Pfizer, Inc. commentedIs there any reason not to require the latest stable version?
Comment #3
timmillwoodcomposer update
will take the latest stable version, and as we ship with composer.lockcomposer install
will currently take version 1.5 described in there (which is the latest stable version). However this version is not needed for Drupal 8, so there's no reason to require it."~1.2"
will allow 1.2 or higher, but less than 2.0.0.Comment #4
dawehnerWe should certainly not pin down our exact used version, but well, if we are already on 1.5, by not go with that?
Comment #5
timmillwood1.2 works, so I feel no reason to enforce a higher version, however we are not pinning down the version as you said, so the highest available version should be installed.
Comment #6
davidwbarratt CreditAttribution: davidwbarratt as a volunteer and at Golf Channel commented#4,
Also, the version is pinned down in
composer.lock
so for any non-Composer user, they wont see a difference. Allowing a bigger range of dependencies allows composer users to install libraries that need different versions.Let's say someone needs to use a dependency that needs
<1.5
by pinning it to>=1.5
we are preventing someone from installing the library because the dependencies cannot be resolved. :(Comment #7
davidwbarratt CreditAttribution: davidwbarratt as a volunteer and at Golf Channel commentedPatch looks good to me.
Comment #8
davidwbarratt CreditAttribution: davidwbarratt as a volunteer and at Golf Channel commentedComment #9
timmillwoodComment #10
Mile23Unfortunately, since #1475510: Remove external dependencies from the core repo and let Composer manage the dependencies instead hasn't happened, the patch will need to include the changes to
core/vendor/
.Comment #11
timmillwood@Mile23 - Why?
Comment #12
Mile23Er, yah, if the files are unchanged then no biggie, my mistake. But if they are, then we need them.
Comment #13
davidwbarratt CreditAttribution: davidwbarratt as a volunteer and at Golf Channel commentedThe files will be unchanged because Composer by default installs the latest version.
Comment #14
timmillwoodThink I have passed the github rate limit throttling so here's the tests for those interested.
https://travis-ci.org/timmillwood/drupal/builds/70065984
Comment #15
alexpottThanks @timmillwood nice patch - I like the idea of being compatible with a wider variety of libraries. Committed 31da514 and pushed to 8.0.x. Thanks!
Comment #18
davidwbarratt CreditAttribution: davidwbarratt at Golf Channel commentedtimmillwood,
Is there an issue to update the testbot to run
composer update --prefer-lowest --prefer-stable
on one of the runs?Comment #19
timmillwoodNo, only for composer install.
Should be quite simple to add.