Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
Output of composer outdated -D
on PHP 5.5
composer/installers v1.5.0 v1.6.0 A multi-framework Composer library installer
egulias/email-validator 2.1.6 2.1.7 A library for validating emails against several RFCs
masterminds/html5 2.3.0 2.5.0 An HTML5 parser and serializer.
paragonie/random_compat v2.0.17 v2.0.18 PHP 5.x polyfill for random_bytes() and random_int() from PHP 7
pear/archive_tar 1.4.5 1.4.6 Tar file management class with compression support (gzip, bzip2, lzma2)
symfony/class-loader v3.4.15 v3.4.23 Symfony ClassLoader Component
symfony/console v3.4.15 v3.4.23 Symfony Console Component
symfony/dependency-injection v3.4.15 v3.4.23 Symfony DependencyInjection Component
symfony/event-dispatcher v3.4.15 v3.4.23 Symfony EventDispatcher Component
symfony/http-foundation v3.4.15 v3.4.23 Symfony HttpFoundation Component
symfony/http-kernel v3.4.15 v3.4.23 Symfony HttpKernel Component
symfony/polyfill-iconv v1.9.0 v1.10.0 Symfony polyfill for the Iconv extension
symfony/polyfill-mbstring v1.9.0 v1.10.0 Symfony polyfill for the Mbstring extension
symfony/process v3.4.15 v3.4.23 Symfony Process Component
symfony/psr-http-message-bridge v1.1.0 v1.1.1 PSR HTTP message bridge
symfony/routing v3.4.15 v3.4.23 Symfony Routing Component
symfony/serializer v3.4.15 v3.4.23 Symfony Serializer Component
symfony/translation v3.4.15 v3.4.23 Symfony Translation Component
symfony/validator v3.4.15 v3.4.23 Symfony Validator Component
symfony/yaml v3.4.15 v3.4.23 Symfony Yaml Component
twig/twig v1.35.4 v1.38.2 Twig, the flexible, fast, and secure template language for PHP
typo3/phar-stream-wrapper v2.0.1 v2.1.0 Interceptors for PHP's native phar:// stream handling
Proposed resolution
Run composer update:
$ composer update composer/installers egulias/email-validator paragonie/random_compat pear/archive_tar "symfony/*" typo3/phar-stream-wrapper composer/semver
Remaining tasks
Create a patch.
Review.
Commit.
User interface changes
None.
API changes
None.
Data model changes
None.
Release notes snippet
Our PHP dependencies have been updated. This includes
- composer/installers to 1.6.0
- composer/semver to 1.5.0
- egulias/email-validator to 2.1.7
- paragonie/random_compat to v2.0.18
- pear/archive_tar to 1.4.6
- symfony/* to v3.4.23
- symfony/polyfill-* to v1.10.0
- typo3/phar-stream-wrapper to v2.1.0
Comment | File | Size | Author |
---|---|---|---|
#17 | 3032693-2-17.patch | 36.16 KB | alexpott |
#14 | 3032693-14.patch | 35.05 KB | jibran |
Comments
Comment #2
jibranHere we go. Ran
composer update composer/installers egulias/email-validator masterminds/html5 paragonie/random_compat symfony/* twig/twig
.Comment #3
chr.fritschI am not sure if we should update masterminds/html5. The reason is they did an API breakage from 2.3 -> 2.4. See https://github.com/Masterminds/html5-php/compare/2.3.1...2.4.0#diff-7fce...
For this reason, the Lullabot/amp-library pinned its dependency on masterminds/html5 to "~2.3.0". If people are using webflo/drupal-core-strict with drupal/amp, the won't be able to update to Drupal 8.7.
Comment #5
jibranHere is the patch removing
masterminds/html5
.Ran command
Comment #6
pandaski CreditAttribution: pandaski at govCMS (Australian Government Department of Finance) commentedStill having this message:
`Package phpunit/phpunit-mock-objects is abandoned, you should avoid using it. No replacement was suggested.`
Comment #8
jibranWe are not updating phpunit here so that warning is fine for now.
Comment #9
alexpottTwig has its own issue - #3039408: Updating twig/twig to v1.38.0 or v1.38.1 causes fatal error. Let's remove it here.
Comment #10
larowlanif bot agrees, this is good.
Note it add the unserialize polyfill but that is a requirement of the updated phar stream wrapper from typo3
Comment #11
cilefen CreditAttribution: cilefen as a volunteer commentedIs there an issue for core/assets/vendor?
Comment #12
pandaski CreditAttribution: pandaski at govCMS (Australian Government Department of Finance) commented#9 is having an error
hecking patch composer.lock...
error: while searching for:
},
{
"name": "Gert de Pagter",
"email": "BackEndTea@gmail.com"
}
],
"description": "Symfony polyfill for ctype functions",
error: patch failed: composer.lock:2021
Hunk #34 succeeded at 4666 (offset 1 line).
Hunk #35 succeeded at 4719 (offset 1 line).
Hunk #36 succeeded at 4772 (offset 1 line).
Hunk #37 succeeded at 4829 (offset 1 line).
Hunk #38 succeeded at 4852 (offset 1 line).
Hunk #39 succeeded at 4894 (offset 1 line).
Comment #13
pandaski CreditAttribution: pandaski at govCMS (Australian Government Department of Finance) commentedAlready fixed in Issue #3039408
Comment #14
jibranReroll.
Comment #15
jibran@chr.fritsch added #3040037: Update masterminds/html5 to 2.7.5 for #3.
Comment #16
alexpottAfter applying and running composer install doing
on PHP 5.5 output is as expected.
Comment #17
alexpottcomposer/semver has had a release... new command
composer update composer/installers egulias/email-validator paragonie/random_compat pear/archive_tar "symfony/*" typo3/phar-stream-wrapper composer/semver
Also rerolled on top of 8.8.x cause jsonapi has landed.
Comment #18
catchGood to get this in before beta to have a clean slate for any security releases.
Committed and pushed 1bfffca7ce to 8.8.x and 1c7aa73e08 to 8.7.x. Thanks!
Comment #21
xjmWe need a release note briefly summarizing the dependency update and a CR for said release note to link. Thanks!
Comment #22
alexpottComment #23
alexpottI've created https://www.drupal.org/node/3042154
Comment #24
alexpottComment #26
jibranAdded #3048569: Update PHP dependencies for 8.7.x to update symfony verison to v3.4.25