.. or if we do then depend on a specific commit.

Drupal core currently depends on various `-dev` versions in its composer.json.

We run into a problem when we run field UI tests which caused by a recent change in behat/mink.

Storytime:
This seems to be a core issue. The `FieldUITestTrait::fieldUIAddNewField()` function calls an `assertRaw()`, and passes a `TranslatableMarkup` to it. `assertRaw()` is a legacy wrapper for `assertSession()->responseContains()`. `responseContains()` calls `stripos()` which encountering an object (which has `__toString()` defined), tries to convert it to `int` for some reason (just php things), and because that's not possible, the test fails.

http://php.net/manual/en/function.stripos.php

If needle is not a string, it is converted to an integer and applied as the ordinal value of a character.

My colleague created a pull request to fix this problem in Mink: https://github.com/minkphp/Mink/pull/760

Comments

mxr576 created an issue. See original summary.

mxr576’s picture

mxr576
Primary language Hungarian
Location Hungary
CreditAttribution: mxr576 at Pronovix commented
Parent issue: #2947893: Highest-lowest testing on Drupal core »
Related issues: +#2947893: Highest-lowest testing on Drupal core
cilefen’s picture

cilefen CreditAttribution: cilefen at Institute for Advanced Study commented

Some sites use https://packagist.org/packages/webflo/drupal-core-strict because of inaccurate constraints.

mxr576’s picture

mxr576
Primary language Hungarian
Location Hungary
CreditAttribution: mxr576 at Pronovix commented

Thanks for the tip @cilefen it seems a good workaround but definitely there is problem with should be solved.
If I spin up a new instance by using the drupal/drupal project for running a test site by default I still get the latest commit from master branch of Mink because it does not leverage webflo/drupal-core-strict.

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Related issues: +#2948700: Casting $text value to string in responseContains/responseNotContains methods

Perhaps duplicate of #2948700: Casting $text value to string in responseContains/responseNotContains methods.

mxr576’s picture

mxr576
Primary language Hungarian
Location Hungary
CreditAttribution: mxr576 at Pronovix commented
Title: Do not use dev-master as a dependency for composer packages » [Policy] Do not use dev-master as a dependency for composer packages
Issue tags: +policy

It is not a duplicate, that you added as related is caused by this issue. Maybe I should add a [policy] prefix to this issue's title, because this issue is about do not add dev dependencies to Drupal core carelessly, at least depend on a specific commit.

Mile23’s picture

Mile23
Primary language English
Location Seattle, WA
CreditAttribution: Mile23 as a volunteer commented

Doing a bunch of work wrt this on #2976407: Use drupalci.yml for composer dependency min/max testing - DO NOT COMMIT

We use behat/mink 1.7.x-dev because of #2808085: Pipe char in locators break Mink and Symfony element search

And behat/mink-selenium2-driver 1.3.x-dev because of: #2944291: Upgrade behat/mink-selenium2-driver to 1.3.x-dev with a follow-up to #2947517: Selenium driver: API to get remote file paths

Chi’s picture

Chi CreditAttribution: Chi commented
Category: Bug report » Plan
Priority: Major » Normal

Drupal core currently depends on various `-dev` versions in its composer.json.

I counted only two dev dependencies there. Both under require-dev section.

There is a solid case for using dev dependencies in composer.json. The upstream package may have a critical bug that has been fixed but not released yet. Once the package gets new release we can move back to stable version.
I think we need to figure out how to track changes in upstream (TODOs, followup issues, etc).

Mile23’s picture

Mile23
Primary language English
Location Seattle, WA
CreditAttribution: Mile23 as a volunteer commented

Well there are a two different problems here:

1) Too specific: We generally don't want -dev version constraints, especially in Drupal component dependencies. So if we make a -dev commit to a composer.json file, we should have a follow-up to move it to the next stable release at some point in the future.

2) Not specific enough: We have two -dev version requirements, but at least one of them requires a specific commit that doesn't have a release (as far as I can tell). So if a user says composer update then they'll lose the specific commit from the lock file and tests won't pass. In this instance it's not such a big deal because it's require-dev, but for policy it could be a problem. So the solution would be to add a commit hash where appropriate, with a follow-up issue to make sure we can eventually bump the minimum to the next release.

Basically I propose that the policy should be: Commit whatever requirement fits the need, but if it's -dev, also add a follow-up to evaluate and move to stable at a later date.

Chi’s picture

Chi CreditAttribution: Chi commented

Commit whatever requirement fits the need, but if it's -dev, also add a follow-up to evaluate and move to stable at a later date.

This sounds good to me.

mxr576’s picture

mxr576
Primary language Hungarian
Location Hungary
CreditAttribution: mxr576 at Pronovix commented

There is a solid case for using dev dependencies in composer.json. The upstream package may have a critical bug that has been fixed but not released yet.

I do agree with this, but in that cause instead of adding "foo/bar: dev-master" to the composer.json we should rather add "foo/bar: dev-master#c0mm1tS4a". The first requirement basically equivalent of "hey grab the latest - bleeding edge code - from the dev branch _always_", however we do know for sure that which specific commit we actually need to fix a problem so we should not install the latest code version always.

In case of minkphp/behat the root of this problem is that they are working on the upcoming 2.0.x version in the master branch and they have already introduced BC breaking changes. Using master branch for "next" releases is also common pattern.

Version: 8.5.x-dev » 8.6.x-dev

Drupal 8.5.6 was released on August 1, 2018 and is the final bugfix release for the Drupal 8.5.x series. Drupal 8.5.x will not receive any further development aside from security fixes. Sites should prepare to update to 8.6.0 on September 5, 2018. (Drupal 8.6.0-rc1 is available for testing.)

Bug reports should be targeted against the 8.6.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.7.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

greg.1.anderson’s picture

greg.1.anderson CreditAttribution: greg.1.anderson at Pantheon commented

The two components in question still have not made stable releases, despite requests dating back years. Regrettably, dev-master#sha only works in top-level composer.json files, and is treated like dev-master anywhere else.

Version: 8.6.x-dev » 8.8.x-dev

Drupal 8.6.x will not receive any further development aside from security fixes. Bug reports should be targeted against the 8.8.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.9.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 8.8.x-dev » 8.9.x-dev

Drupal 8.8.7 was released on June 3, 2020 and is the final full bugfix release for the Drupal 8.8.x series. Drupal 8.8.x will not receive any further development aside from security fixes. Sites should prepare to update to Drupal 8.9.0 or Drupal 9.0.0 for ongoing support.

Bug reports should be targeted against the 8.9.x-dev branch from now on, and new development or disruptive changes should be targeted against the 9.1.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 8.9.x-dev » 9.2.x-dev

Drupal 8 is end-of-life as of November 17, 2021. There will not be further changes made to Drupal 8. Bugfixes are now made to the 9.3.x and higher branches only. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.2.x-dev » 9.3.x-dev

Version: 9.3.x-dev » 9.4.x-dev

Drupal 9.3.15 was released on June 1st, 2022 and is the final full bugfix release for the Drupal 9.3.x series. Drupal 9.3.x will not receive any further development aside from security fixes. Drupal 9 bug reports should be targeted for the 9.4.x-dev branch from now on, and new development or disruptive changes should be targeted for the 9.5.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.4.x-dev » 9.5.x-dev

Drupal 9.4.9 was released on December 7, 2022 and is the final full bugfix release for the Drupal 9.4.x series. Drupal 9.4.x will not receive any further development aside from security fixes. Drupal 9 bug reports should be targeted for the 9.5.x-dev branch from now on, and new development or disruptive changes should be targeted for the 10.1.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.5.x-dev » 11.x-dev

Drupal core is moving towards using a “main” branch. As an interim step, a new 11.x branch has been opened, as Drupal.org infrastructure cannot currently fully support a branch named main. New developments and disruptive changes should now be targeted for the 11.x branch. For more information, see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.