Problem/Motivation

Output of composer outdated -D on PHP 5.5

composer/installers             v1.5.0  v1.6.0  A multi-framework Composer library installer
egulias/email-validator         2.1.6   2.1.7   A library for validating emails against several RFCs
masterminds/html5               2.3.0   2.5.0   An HTML5 parser and serializer.
paragonie/random_compat         v2.0.17 v2.0.18 PHP 5.x polyfill for random_bytes() and random_int() from PHP 7
pear/archive_tar                1.4.5   1.4.6   Tar file management class with compression support (gzip, bzip2, lzma2)
symfony/class-loader            v3.4.15 v3.4.23 Symfony ClassLoader Component
symfony/console                 v3.4.15 v3.4.23 Symfony Console Component
symfony/dependency-injection    v3.4.15 v3.4.23 Symfony DependencyInjection Component
symfony/event-dispatcher        v3.4.15 v3.4.23 Symfony EventDispatcher Component
symfony/http-foundation         v3.4.15 v3.4.23 Symfony HttpFoundation Component
symfony/http-kernel             v3.4.15 v3.4.23 Symfony HttpKernel Component
symfony/polyfill-iconv          v1.9.0  v1.10.0 Symfony polyfill for the Iconv extension
symfony/polyfill-mbstring       v1.9.0  v1.10.0 Symfony polyfill for the Mbstring extension
symfony/process                 v3.4.15 v3.4.23 Symfony Process Component
symfony/psr-http-message-bridge v1.1.0  v1.1.1  PSR HTTP message bridge
symfony/routing                 v3.4.15 v3.4.23 Symfony Routing Component
symfony/serializer              v3.4.15 v3.4.23 Symfony Serializer Component
symfony/translation             v3.4.15 v3.4.23 Symfony Translation Component
symfony/validator               v3.4.15 v3.4.23 Symfony Validator Component
symfony/yaml                    v3.4.15 v3.4.23 Symfony Yaml Component
twig/twig                       v1.35.4 v1.38.2 Twig, the flexible, fast, and secure template language for PHP
typo3/phar-stream-wrapper       v2.0.1  v2.1.0  Interceptors for PHP's native phar:// stream handling

Proposed resolution

Run composer update:

$ composer update composer/installers egulias/email-validator paragonie/random_compat pear/archive_tar "symfony/*" typo3/phar-stream-wrapper composer/semver

Remaining tasks

Create a patch.
Review.
Commit.

User interface changes

None.

API changes

None.

Data model changes

None.

Release notes snippet

Our PHP dependencies have been updated. This includes

  • composer/installers to 1.6.0
  • composer/semver to 1.5.0
  • egulias/email-validator to 2.1.7
  • paragonie/random_compat to v2.0.18
  • pear/archive_tar to 1.4.6
  • symfony/* to v3.4.23
  • symfony/polyfill-* to v1.10.0
  • typo3/phar-stream-wrapper to v2.1.0
CommentFileSizeAuthor
#17 3032693-2-17.patch36.16 KBalexpott
#14 3032693-14.patch35.05 KBjibran
#9 3032693-9.patch35.36 KBalexpott
#5 3032693-3.patch36.98 KBjibran
#2 3032693-2.patch31.92 KBjibran
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

jibran created an issue. See original summary.

jibran’s picture

jibran
he/him
Primary language Urdu
Location Sydney, Australia
CreditAttribution: jibran as a volunteer commented
Status: Active » Needs review
FileSize
3032693-2.patch31.92 KB

Here we go. Ran composer update composer/installers egulias/email-validator masterminds/html5 paragonie/random_compat symfony/* twig/twig.

chr.fritsch’s picture

chr.fritsch
he/him
Primary language German
Location 🇩🇪🇪🇺🌍
CreditAttribution: chr.fritsch at Thunder commented

I am not sure if we should update masterminds/html5. The reason is they did an API breakage from 2.3 -> 2.4. See https://github.com/Masterminds/html5-php/compare/2.3.1...2.4.0#diff-7fce...

For this reason, the Lullabot/amp-library pinned its dependency on masterminds/html5 to "~2.3.0". If people are using webflo/drupal-core-strict with drupal/amp, the won't be able to update to Drupal 8.7.

Version: 8.7.x-dev » 8.8.x-dev

Drupal 8.7.0-alpha1 will be released the week of March 11, 2019, which means new developments and disruptive changes should now be targeted against the 8.8.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

jibran’s picture

jibran
he/him
Primary language Urdu
Location Sydney, Australia
CreditAttribution: jibran as a volunteer commented
Version: 8.8.x-dev » 8.7.x-dev
Issue summary: View changes
FileSize
3032693-3.patch36.98 KB

Here is the patch removing masterminds/html5.
Ran command 

composer update composer/installers egulias/email-validator paragonie/random_compat pear/archive_tar symfony/* twig/twig typo3/phar-stream-wrapper
pandaski’s picture

pandaski CreditAttribution: pandaski at govCMS (Australian Government Department of Finance) commented

Still having this message:

`Package phpunit/phpunit-mock-objects is abandoned, you should avoid using it. No replacement was suggested.`

Status: Needs review » Needs work

The last submitted patch, 5: 3032693-3.patch, failed testing. View results

jibran’s picture

jibran
he/him
Primary language Urdu
Location Sydney, Australia
CreditAttribution: jibran as a volunteer commented

We are not updating phpunit here so that warning is fine for now.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented
Status: Needs work » Needs review
FileSize
3032693-9.patch35.36 KB

Twig has its own issue - #3039408: Updating twig/twig to v1.38.0 or v1.38.1 causes fatal error. Let's remove it here. 

composer update composer/installers egulias/email-validator paragonie/random_compat pear/archive_tar "symfony/*" typo3/phar-stream-wrapper
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 1 install, 27 updates, 0 removals
  - Updating composer/installers (v1.5.0 => v1.6.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/class-loader (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/debug (v3.4.15 => v3.4.23): Downloading (100%)
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-mbstring (v1.9.0 => v1.10.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/console (v3.4.15 => v3.4.23): Downloading (100%)
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/dependency-injection (v3.4.15 => v3.4.23): Downloading (100%)
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-ctype (v1.9.0 => v1.10.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating paragonie/random_compat (v2.0.17 => v2.0.18): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-php70 (v1.9.0 => v1.10.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/http-foundation (v3.4.15 => v3.4.23): Downloading (100%)
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/event-dispatcher (v3.4.15 => v3.4.23): Downloading (100%)
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/http-kernel (v3.4.15 => v3.4.23): Downloading (100%)
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/routing (v3.4.15 => v3.4.23): Downloading (100%)
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/serializer (v3.4.15 => v3.4.23): Downloading (100%)
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/translation (v3.4.15 => v3.4.23): Downloading (100%)
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/validator (v3.4.15 => v3.4.23): Downloading (100%)
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/process (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-iconv (v1.9.0 => v1.10.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/yaml (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Installing brumann/polyfill-unserialize (v1.0.3): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating typo3/phar-stream-wrapper (v2.0.1 => v2.1.0): Downloading (100%)
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating egulias/email-validator (2.1.6 => 2.1.7): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/psr-http-message-bridge (v1.1.0 => v1.1.1): Downloading (100%)
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating pear/archive_tar (1.4.5 => 1.4.6): Downloading (100%)
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/css-selector (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/phpunit-bridge (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/dom-crawler (v3.4.15 => v3.4.23): Downloading (100%)
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/browser-kit (v3.4.15 => v3.4.23): Downloading (100%)
larowlan’s picture

larowlan
Location 🇦🇺🏝.au GMT+10
CreditAttribution: larowlan at PreviousNext commented
Status: Needs review » Reviewed & tested by the community

if bot agrees, this is good.

Note it add the unserialize polyfill but that is a requirement of the updated phar stream wrapper from typo3

cilefen’s picture

cilefen CreditAttribution: cilefen as a volunteer commented
Title: Update core dependencies before 8.7.0 » Update core PHP dependencies before 8.7.0

Is there an issue for core/assets/vendor?

pandaski’s picture

pandaski CreditAttribution: pandaski at govCMS (Australian Government Department of Finance) commented

#9 is having an error

hecking patch composer.lock...
error: while searching for:
},
{
"name": "Gert de Pagter",
"email": "BackEndTea@gmail.com"
}
],
"description": "Symfony polyfill for ctype functions",

error: patch failed: composer.lock:2021
Hunk #34 succeeded at 4666 (offset 1 line).
Hunk #35 succeeded at 4719 (offset 1 line).
Hunk #36 succeeded at 4772 (offset 1 line).
Hunk #37 succeeded at 4829 (offset 1 line).
Hunk #38 succeeded at 4852 (offset 1 line).
Hunk #39 succeeded at 4894 (offset 1 line).

pandaski’s picture

pandaski CreditAttribution: pandaski at govCMS (Australian Government Department of Finance) commented
Status: Reviewed & tested by the community » Needs work

Already fixed in Issue #3039408

-                    "email": "BackEndTea@gmail.com"
+                    "email": "backendtea@gmail.com"
jibran’s picture

jibran
he/him
Primary language Urdu
Location Sydney, Australia
CreditAttribution: jibran as a volunteer commented
Status: Needs work » Needs review
FileSize
3032693-14.patch35.05 KB

Reroll.

jibran’s picture

jibran
he/him
Primary language Urdu
Location Sydney, Australia
CreditAttribution: jibran as a volunteer commented
Issue summary: View changes
Related issues: +#3040037: Update masterminds/html5 to 2.7.5

@chr.fritsch added #3040037: Update masterminds/html5 to 2.7.5 for #3.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented
Status: Needs review » Reviewed & tested by the community

After applying and running composer install doing 

$ composer outdated -D
masterminds/html5 2.3.0 2.6.0 An HTML5 parser and serializer.

on PHP 5.5 output is as expected.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented
Version: 8.7.x-dev » 8.8.x-dev
Issue summary: View changes
FileSize
3032693-2-17.patch36.16 KB

composer/semver has had a release... new command composer update composer/installers egulias/email-validator paragonie/random_compat pear/archive_tar "symfony/*" typo3/phar-stream-wrapper composer/semver

Also rerolled on top of 8.8.x cause jsonapi has landed.

catch’s picture

catch
he/him
Primary language English
CreditAttribution: catch at Third and Grove commented
Version: 8.8.x-dev » 8.7.x-dev
Status: Reviewed & tested by the community » Fixed

Good to get this in before beta to have a clean slate for any security releases.

Committed and pushed 1bfffca7ce to 8.8.x and 1c7aa73e08 to 8.7.x. Thanks!

  • catch committed 1bfffca on 8.8.x 
    Issue #3032693 by jibran, alexpott, chr.fritsch: Update core PHP...

  • catch committed 1c7aa73 on 8.7.x 
    Issue #3032693 by jibran, alexpott, chr.fritsch: Update core PHP...
xjm’s picture

xjm
she/her
Primary language English
CreditAttribution: xjm at Acquia commented
Status: Fixed » Needs work
Issue tags: +Needs release note, +Needs change record, +8.7.0 release notes

We need a release note briefly summarizing the dependency update and a CR for said release note to link. Thanks!

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented
Issue summary: View changes
alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented
Status: Needs work » Needs review
Issue tags: -Needs release note, -Needs change record

I've created https://www.drupal.org/node/3042154

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Acro Commerce, Thunder commented
Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

jibran’s picture

jibran
he/him
Primary language Urdu
Location Sydney, Australia
CreditAttribution: jibran as a volunteer commented

Added #3048569: Update PHP dependencies for 8.7.x to update symfony verison to v3.4.25