Problem/Motivation

composer outdated -D on PHP 7.0.8 shows various php libraries are outdated.

Remaining tasks

Create a patch.
Review.
Commit.
Rejoice

User interface changes

None

API changes

None

Data model changes

None

Release notes snippet

The following Drupal core Composer dependencies have been updated:

  • Symfony packages (from 3.4.26 to 3.4.32).
  • Twig (from 1.38.4 to 1.42.3).
  • Guzzle (from 1.4.2 to 1.6.1).
  • Email validator (from 2.1.7 to 2.1.11).
  • PSR Logging Library (from 1.0.2 to 1.1.0).
  • PHP Codesniffer (from 3.4.2 to 3.5.0).
  • Doctrine packages (to the latest minor versions).
  • Pear packages (to the latest minor versions).
  • Zend Escaper, Zend Feed, and Zend stdlib (to 2.6.1, 2.12.0, and 3.2.1, respectively).
  • Composer packages (to the latest minor versions).

The following PHP5 polyfills have been removed: ircmaxell/password-compat, brumann/polyfill-unserialize, and paragonie/random_compat (technically updated to an empty version which will remain in place until Drupal 9).

Finally, ralouphie/getallheaders has been added because the latest version of Guzzle requires this dependency.

symfony/* components have been updated from 3.4.26 to 3.4.32

symfony/polyfill* polyfills have been updated from 1.11.0 to 1.12.0.

Other updates are listed below:

+------------------------------+---------+----------+
| Production Changes           | From    | To       |
+------------------------------+---------+----------+
| brumann/polyfill-unserialize | v1.0.3  | REMOVED  |
| composer/installers          | v1.6.0  | v1.7.0   |
| doctrine/annotations         | v1.2.7  | v1.4.0   |
| doctrine/collections         | v1.3.0  | v1.4.0   |
| doctrine/common              | v2.6.2  | v2.7.3   |
| doctrine/inflector           | v1.1.0  | v1.2.0   |
| doctrine/lexer               | v1.0.1  | 1.0.2    |
| egulias/email-validator      | 2.1.7   | 2.1.11   |
| guzzlehttp/psr7              | 1.4.2   | 1.6.1    |
| paragonie/random_compat      | v2.0.18 | v9.99.99 |
| pear/archive_tar             | 1.4.6   | 1.4.7    |
| pear/console_getopt          | v1.4.1  | v1.4.2   |
| pear/pear-core-minimal       | v1.10.7 | v1.10.9  |
| psr/log                      | 1.0.2   | 1.1.0    |
| twig/twig                    | v1.38.4 | v1.42.3  |
| typo3/phar-stream-wrapper    | 2.1.2   | 3.1.2    |
| zendframework/zend-diactoros | 1.4.1   | 1.7.2    |
| zendframework/zend-escaper   | 2.5.2   | 2.6.1    |
| zendframework/zend-feed      | 2.7.0   | 2.12.0   |
| zendframework/zend-stdlib    | 3.0.1   | 3.2.1    |
| ralouphie/getallheaders      | NEW     | 3.0.3    |
+------------------------------+---------+----------+
+-----------------------------------+---------+---------+
| Dev Changes                       | From    | To      |
+-----------------------------------+---------+---------+
| composer/ca-bundle                | 1.1.4   | 1.2.4   |
| composer/composer                 | 1.8.5   | 1.9.0   |
| composer/spdx-licenses            | 1.5.1   | 1.5.2   |
| instaclick/php-webdriver          | 1.4.5   | 1.4.6   |
| ircmaxell/password-compat         | v1.0.4  | REMOVED |
| mikey179/vfsstream                | v1.6.5  | v1.6.7  |
| phpdocumentor/reflection-docblock | 2.0.4   | 4.3.2   |
| phpspec/prophecy                  | v1.7.0  | 1.9.0   |
| sebastian/exporter                | 3.1.0   | 3.1.2   |
| squizlabs/php_codesniffer         | 3.4.2   | 3.5.0   |
| symfony/css-selector              | v3.4.26 | v3.4.32 |
| symfony/dom-crawler               | v3.4.26 | v3.4.32 |
| symfony/filesystem                | v3.4.31 | v3.4.32 |
| symfony/finder                    | v3.4.31 | v3.4.32 |
| symfony/lock                      | v3.4.31 | v3.4.32 |
| symfony/phpunit-bridge            | v3.4.26 | v3.4.32 |
| theseer/tokenizer                 | 1.1.2   | 1.1.3   |
| phpdocumentor/reflection-common   | NEW     | 1.0.1   |
| phpdocumentor/type-resolver       | NEW     | 0.5.1   |
| webmozart/assert                  | NEW     | 1.5.0   |
+-----------------------------------+---------+---------+
CommentFileSizeAuthor
#52 3039611-3-52.patch105.69 KBalexpott
#52 48-52-interdiff.txt4.87 KBalexpott
#48 3039611-48.patch110.25 KBalexpott
#47 drupal-3039611-47.patch49.16 KBkostyashupenko
#45 drupal-3039611-45.patch49.25 KBjibran
#41 3039611-41.patch50.92 KBjibran
#40 3039611-40.patch50.29 KBjibran
#36 3039611-36.patch54.5 KBjibran
#36 interdiff-281def.txt39.89 KBjibran
#29 interdiff-9f10e4.txt14.69 KBjibran
#28 3039611-28.patch41.98 KBjibran
#28 interdiff-0d01c1.txt41.98 KBjibran
#24 3039611-23.patch42.61 KBjibran
#16 3039611-16.patch70.41 KBjibran
#16 interdiff-8c1406.txt2.3 KBjibran
#14 3039611-14.patch72.01 KBjibran
#14 interdiff-023014.txt652 bytesjibran
#11 3039611-11.patch71.37 KBjibran
#7 3039408-7.patch50.94 KBjibran
#3 3039611-3.patch53.69 KBjibran
#2 3039611-2.patch54.24 KBjibran
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

jibran’s picture

jibran created an issue. See original summary.

jibran’s picture

Updated everything other than masterminds/html5.

jibran’s picture

Status: Active » Needs review
FileSize
53.69 KB

Status: Needs review » Needs work

The last submitted patch, 3: 3039611-3.patch, failed testing. View results

alexpott’s picture

I think we should have an issue to update 8.7.x first. A number of these updates should be in 8.7.0

alexpott’s picture

jibran’s picture

Status: Needs work » Needs review
FileSize
50.94 KB

Removed twig as it is getting updated in #3039408: Updating twig/twig to v1.38.0 or v1.38.1 causes fatal error

composer update composer/installers doctrine/* egulias/email-validator pear/archive_tar symfony-cmf/routing symfony/* typo3/phar-stream-wrapper zendframework/*
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 1 install, 33 updates, 0 removals
  - Updating composer/installers (v1.5.0 => v1.6.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/class-loader (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/debug (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-mbstring (v1.9.0 => v1.10.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/console (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/dependency-injection (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-ctype (v1.9.0 => v1.10.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-php70 (v1.9.0 => v1.10.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/http-foundation (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/event-dispatcher (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/http-kernel (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/routing (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/serializer (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/translation (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/validator (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/process (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-iconv (v1.9.0 => v1.10.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/yaml (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Installing brumann/polyfill-unserialize (v1.0.3): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating typo3/phar-stream-wrapper (v2.0.1 => v2.1.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/inflector (v1.1.0 => v1.2.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/collections (v1.3.0 => v1.4.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/common (v2.6.2 => v2.7.3): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating zendframework/zend-stdlib (3.0.1 => 3.2.1): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating zendframework/zend-escaper (2.5.2 => 2.6.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating zendframework/zend-feed (2.7.0 => 2.12.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating egulias/email-validator (2.1.6 => 2.1.7): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/psr-http-message-bridge (v1.1.0 => v1.1.1): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating zendframework/zend-diactoros (1.4.1 => 1.8.6): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating pear/archive_tar (1.4.5 => 1.4.6): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/css-selector (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/phpunit-bridge (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/dom-crawler (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/browser-kit (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
Package phpunit/phpunit-mock-objects is abandoned, you should avoid using it. No replacement was suggested.
Writing lock file
Generating optimized autoload files
> Drupal\Core\Composer\Composer::preAutoloadDump
> Drupal\Core\Composer\Composer::ensureHtaccess

Status: Needs review » Needs work

The last submitted patch, 7: 3039408-7.patch, failed testing. View results

cilefen’s picture

Title: Update core dependencies for 8.8.x » Update core PHP dependencies for 8.8.x

Let's be specific.

pandaski’s picture

#7 is having an error

Already fixed in Issue #3039408

Commit:
82fed91529e39c376deb67af2a33202934dd0e6c [82fed91529]

Checking patch composer.lock...
error: while searching for:
                },
                {
                    "name": "Gert de Pagter",
                    "email": "BackEndTea@gmail.com"
                }
            ],
            "description": "Symfony polyfill for ctype functions",

error: patch failed: composer.lock:2021
error: while searching for:
                "mock",
                "xunit"
            ],
            "time": "2015-10-02T06:51:40+00:00"
        },
        {

error: patch failed: composer.lock:4166
jibran’s picture

Status: Needs work » Needs review
FileSize
71.37 KB
  - Removing symfony/polyfill-iconv (v1.9.0)
  - Updating composer/installers (v1.5.0 => v1.6.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/inflector (v1.1.0 => v1.2.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/collections (v1.3.0 => v1.4.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/annotations (v1.2.7 => v1.4.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/common (v2.6.2 => v2.7.3): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating egulias/email-validator (2.1.6 => 2.1.7): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating pear/archive_tar (1.4.5 => 1.4.6): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/class-loader (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-mbstring (v1.9.0 => v1.10.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/debug (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/console (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/dependency-injection (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-ctype (v1.9.0 => v1.10.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating paragonie/random_compat (v2.0.17 => v9.99.99): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-php70 (v1.9.0 => v1.10.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/http-foundation (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/event-dispatcher (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/http-kernel (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/process (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/psr-http-message-bridge (v1.1.0 => v1.1.1): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/routing (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/serializer (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/translation (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/validator (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/yaml (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating twig/twig (v1.38.2 => v2.7.2): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating typo3/phar-stream-wrapper (v2.0.1 => v3.1.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating zendframework/zend-diactoros (1.4.1 => 1.8.6): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating zendframework/zend-stdlib (3.0.1 => 3.2.1): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating zendframework/zend-escaper (2.5.2 => 2.6.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating zendframework/zend-feed (2.7.0 => 2.12.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/dom-crawler (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/browser-kit (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/css-selector (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/phpunit-bridge (v3.4.15 => v3.4.23): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Installing brumann/polyfill-unserialize (v1.0.3): Loading from cache

Remaining

masterminds/html5   2.3.0 2.5.0 An HTML5 parser and serializer.
symfony-cmf/routing 1.4.1 2.0.3 Extends the Symfony2 routing component for dynamic routes and chaining several routers
bojanz’s picture

Can we remove paragonie/random_compat completely? It's now a no-op.

jibran’s picture

I removed it from core/composer.json but

composer why paragonie/random_compat
symfony/polyfill-php70  v1.10.0  requires  paragonie/random_compat (~1.0|~2.0|~9.99)

and

composer why symfony/polyfill-php70
symfony/http-foundation  v3.4.23  requires  symfony/polyfill-php70 (~1.6) 
jibran’s picture

Status: Needs review » Needs work

The last submitted patch, 14: 3039611-14.patch, failed testing. View results

jibran’s picture

Status: Needs work » Needs review
FileSize
2.3 KB
70.41 KB

twig update strikes again.

jibran’s picture

Created #3040037: Update masterminds/html5 to 2.7.5 for updating masterminds/html5

jibran’s picture

Status: Needs review » Needs work

The last submitted patch, 16: 3039611-16.patch, failed testing. View results

jibran’s picture

alexpott’s picture

Status: Needs work » Postponed

Let's postpone this on #3032693: Update core PHP dependencies before 8.7.0 as we need to do that first.

jibran’s picture

Issue summary: View changes
jibran’s picture

Assigned: Unassigned » jibran
Status: Postponed » Needs work

Blocker is in so rerolling.

jibran’s picture

Assigned: jibran » Unassigned
Status: Needs work » Needs review
FileSize
42.61 KB
alexpott’s picture

The release managers have requested that php 5 testing should only be dropped from 8.8.x once 8.7.0 is out.

Status: Needs review » Needs work

The last submitted patch, 24: 3039611-23.patch, failed testing. View results

jibran’s picture

The last fail is on /router_test/test23:

The website encountered an unexpected error. Please try again later.</br></br><em class="placeholder">InvalidArgumentException</em>: Invalid header value: must be a string or array of strings; cannot be an empty array in <em class="placeholder">Zend\Diactoros\Response-&gt;filterHeaderValue()</em> (line <em class="placeholder">389</em> of <em class="placeholder">vendor/zendframework/zend-diactoros/src/MessageTrait.php</em>). <pre class="backtrace">Zend\Diactoros\Response-&gt;withHeader(&#039;Set-Cookie&#039;, Array) (Line: 144)
Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory-&gt;createResponse(Object) (Line: 44)
Drupal\Core\EventSubscriber\PsrResponseSubscriber-&gt;onKernelView(Object, &#039;kernel.view&#039;, Object)
call_user_func(Array, Object, &#039;kernel.view&#039;, Object) (Line: 111)
Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher-&gt;dispatch(&#039;kernel.view&#039;, Object) (Line: 156)
Symfony\Component\HttpKernel\HttpKernel-&gt;handleRaw(Object, 1) (Line: 68)
Symfony\Component\HttpKernel\HttpKernel-&gt;handle(Object, 1, 1) (Line: 57)
Drupal\Core\StackMiddleware\Session-&gt;handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\KernelPreHandle-&gt;handle(Object, 1, 1) (Line: 191)
Drupal\page_cache\StackMiddleware\PageCache-&gt;fetch(Object, 1, 1) (Line: 128)
Drupal\page_cache\StackMiddleware\PageCache-&gt;lookup(Object, 1, 1) (Line: 82)
Drupal\page_cache\StackMiddleware\PageCache-&gt;handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware-&gt;handle(Object, 1, 1) (Line: 52)
Drupal\Core\StackMiddleware\NegotiationMiddleware-&gt;handle(Object, 1, 1) (Line: 23)
Stack\StackedHttpKernel-&gt;handle(Object, 1, 1) (Line: 693)
Drupal\Core\DrupalKernel-&gt;handle(Object) (Line: 19)
</pre>

We have two choices:

  1. Update symfony/psr-http-message-bridge to 1.2.0 which requires PHP 7.1.
  2. Or backport https://github.com/symfony/psr-http-message-bridge/pull/48/files#r268421455

Given that 1 is not a possibility at this time I'd say we should wait for 2 and meanwhile we can stick with zendframework/zend-diactoros:1.4.1 and create a followup to update zendframework/zend-diactoros:1.8.6.

jibran’s picture

Status: Needs work » Needs review
FileSize
41.98 KB
41.98 KB

We can update it to 1.7.2

jibran’s picture

FileSize
14.69 KB

Correct interdiff.

Mile23’s picture

Status: Needs review » Needs work
+++ b/core/lib/Drupal/Component/Gettext/composer.json
@@ -9,8 +9,8 @@
-    "drupal/core-utility": "^8.2"
+    "php": ">=7.0.8",
+    "drupal/core-utility": "^8.8"

+++ b/core/lib/Drupal/Component/Utility/composer.json
@@ -5,11 +5,8 @@
+    "php": ">=7.0.8",

In an ideal world, we'd know that both Gettext and Utility require PHP 7, and so therefore it's fair to require external users to update to PHP 7 to use our libraries if they want 8.8.x goodness.

Of course it seems unlikely that anyone is using these libraries other than us, because collectively we are apathetic to their actual requirements. My guess is that they do not actually require PHP 7, unless someone rewrote them in the past few weeks.

Until someone can prove to me that these component requirements are real and not a guess, I will mark patches as NW. Limit the scope here to drupal/core and this limitation is magically lifted. You can start by looking at #2876669: Fix dependency version requirement declarations in components and figuring out how to turn that into a drupalci.yml-based test.

jibran’s picture

#3045483: Incompatibility between zend-diactoros and psr-http-message-bridge versions: require symfony/psr-http-message-bridge >=1.1.2 to address #27.
RE: #30

that they do not actually require PHP 7

Yes, your observation is correct but 8.8.x will require PHP7 so if you want to use 8.8.x goodness provided by the components you should use PHP7 as well. This is as simple as that imo. I'll let the framework manager chip in here.

jibran’s picture

Actually, it is release manager thing so going to add a tag. Can you please share your opinion on #30?

Mile23’s picture

Yes, your observation is correct but 8.8.x will require PHP7 so if you want to use 8.8.x goodness provided by the components you should use PHP7 as well. This is as simple as that imo

Which specific parts of, for instance, drupal/core-utility 8.8.x goodness requires PHP 7 and not PHP 5?

Here is a repo which tests all components in isolation on travis-ci: https://github.com/paul-m/drupal_component_tester

I just updated it to use the 8.8.x branch. It uses the patch from #2876669-55: Fix dependency version requirement declarations in components

I predict the PHP 5 run for drupal/core-utilities will pass. Let's find out together: https://travis-ci.org/paul-m/drupal_component_tester

Update: It didn't get that far. drupal/core-bridge looks like it has some dependency issues to contend with first.

Update II: Now passing after accounting for a mistake in #2755401: Upgrade EmailValidator to 2.x https://travis-ci.org/paul-m/drupal_component_tester/jobs/516386787#L3079

I suggest this issue keep to the scope of drupal/core, and then follow-up with #2876669: Fix dependency version requirement declarations in components so that our components are honest about their requirements.

Mile23’s picture

+++ b/core/lib/Drupal/Component/Annotation/composer.json
@@ -5,9 +5,9 @@
-    "php": ">=5.5.9",
+    "php": ">=7.0.8",

Here's drupal/core-annotation from 8.8.x passing tests in PHP 5.6: https://travis-ci.org/paul-m/drupal_component_tester/jobs/516363606#L650

Components are different projects. They're not core.

jibran’s picture

Components are different projects. They're not core.

I'd disagree with this statement.

jibran’s picture

Status: Needs work » Needs review
FileSize
39.89 KB
54.5 KB

Reroll

jibran’s picture

+++ b/core/composer.json
@@ -42,7 +42,7 @@
-        "zendframework/zend-diactoros": "^1.7",
+        "zendframework/zend-diactoros": "<=1.7.2",

Is it the right way to pin the max version? This can be updated in #3045483: Incompatibility between zend-diactoros and psr-http-message-bridge versions: require symfony/psr-http-message-bridge >=1.1.2.

Mile23’s picture

Status: Needs review » Needs work

Still contains arbitrary changes to component constraints when those changes should be handled in #2876669: Fix dependency version requirement declarations in components

jibran’s picture

jibran’s picture

Status: Needs work » Needs review
Issue tags: -Needs release manager review
FileSize
50.29 KB

Platform requirement has been changed in #3053363: Remove support for PHP 5 in Drupal 8.8 so no need for RM review.

jibran’s picture

xjm’s picture

Issue tags: +Needs release note
+++ b/core/composer.json
@@ -29,23 +29,21 @@
-        "typo3/phar-stream-wrapper": "^2.1.1",
+        "typo3/phar-stream-wrapper": "^3.1",

This is a major version update; what's the scoop on BC breaks? Is the old major version still supported? This also might be a good time to fill out https://www.drupal.org/core/dependencies#phar if they're on their third major version within a year.

Also release note is definitely not "N/A"; we list this information for people because it might break things if they're implementing or extending a dependency directly. :)

alexpott’s picture

Status: Needs review » Needs work

Nice catch on the phar-stream-wrapper - as this is about a registered stream wrapper there isn't really an API that we're using as such. However...

+++ b/core/lib/Drupal/Core/Security/PharExtensionInterceptor.php
@@ -31,7 +31,7 @@ class PharExtensionInterceptor implements Assertable {
-  public function assert($path, $command) {
+  public function assert(string $path, string $command): bool {

we're affected by the use of scalar typehints.

In an ideal world we wouldn't be overriding PharExtensionInterceptor but we have to to not break drush when drush is run via a phar (not the recommended way anymore). The only reason phar-stream-wrapper v2 exists is to support PHP5. v3 was the original implementation that was PHP7 only.

I think the best path here is to leave phar-stream-wrapper on v2 and handle it in its own issue. The fact that we have to change code makes that the best path.

alexpott’s picture

Note I think we should commit #3058116: Remove paragonie/random_compat as a top-level dependency from 8.8.x before this one as handling removals on themselves seems a good idea too.

jibran’s picture

Issue summary: View changes
Status: Needs work » Needs review
FileSize
49.25 KB

Adressed #43 and #44.

  - Removing symfony/polyfill-iconv (v1.11.0)
  - Updating doctrine/lexer (v1.0.1 => 1.0.2)
  - Updating doctrine/inflector (v1.1.0 => v1.2.0)
  - Updating doctrine/collections (v1.3.0 => v1.4.0)
  - Updating doctrine/annotations (v1.2.7 => v1.4.0)
  - Updating doctrine/common (v2.6.2 => v2.7.3)
  - Updating egulias/email-validator (2.1.7 => 2.1.8)
  - Updating pear/archive_tar (1.4.6 => 1.4.7)
  - Updating symfony/class-loader (v3.4.26 => v3.4.28)
  - Updating symfony/debug (v3.4.26 => v3.4.28)
  - Updating symfony/console (v3.4.26 => v3.4.28)
  - Updating symfony/dependency-injection (v3.4.26 => v3.4.28)
  - Updating symfony/http-foundation (v3.4.27 => v3.4.28)
  - Updating symfony/event-dispatcher (v3.4.26 => v3.4.28)
  - Updating symfony/http-kernel (v3.4.26 => v3.4.28)
  - Updating symfony/process (v3.4.26 => v3.4.28)
  - Updating symfony/routing (v3.4.26 => v3.4.28)
  - Updating symfony/serializer (v3.4.26 => v3.4.28)
  - Updating symfony/translation (v3.4.26 => v3.4.28)
  - Updating symfony/validator (v3.4.26 => v3.4.28)
  - Updating symfony/yaml (v3.4.26 => v3.4.28)
  - Updating twig/twig (v1.38.4 => v1.42.2)
  - Updating zendframework/zend-diactoros (1.4.1 => 1.7.2)
  - Updating zendframework/zend-stdlib (3.0.1 => 3.2.1)
  - Updating zendframework/zend-escaper (2.5.2 => 2.6.0)
  - Updating zendframework/zend-feed (2.7.0 => 2.12.0)
  - Updating symfony/dom-crawler (v3.4.26 => v3.4.28)
  - Updating symfony/browser-kit (v3.4.26 => v3.4.28)
  - Updating symfony/css-selector (v3.4.26 => v3.4.28)
  - Updating symfony/phpunit-bridge (v3.4.26 => v3.4.28)
jibran’s picture

Status: Needs review » Needs work
Issue tags: -Needs release note +Needs reroll
kostyashupenko’s picture

Status: Needs work » Needs review
Issue tags: -Needs reroll
FileSize
49.16 KB
alexpott’s picture

Here's a reroll - plus I removed the removal of the iconv polyfill - it's perfectly possible something in contrib is relying on this. Somehow ircmaxell/password-compat has got back in. That's wrong it is totally not required in PHP 7.

With the patch applied...

composer install                                                                                                                        Thu 10 Oct 12:20:47 2019
> Drupal\Core\Composer\Composer::ensureComposerVersion
Loading composer repositories with package information
Installing dependencies (including require-dev) from lock file
Package operations: 4 installs, 56 updates, 1 removal
  - Removing ircmaxell/password-compat (v1.0.4)
  - Updating composer/installers (v1.6.0 => v1.7.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating brumann/polyfill-unserialize (v1.0.3 => v1.0.4): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/lexer (v1.0.1 => 1.0.2): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/inflector (v1.1.0 => v1.2.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/collections (v1.3.0 => v1.4.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/annotations (v1.2.7 => v1.4.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/common (v2.6.2 => v2.7.3): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating egulias/email-validator (2.1.7 => 2.1.11): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Installing ralouphie/getallheaders (3.0.3): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating guzzlehttp/psr7 (1.4.2 => 1.6.1): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating masterminds/html5 (2.3.0 => 2.7.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating paragonie/random_compat (v2.0.18 => v9.99.99): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating pear/console_getopt (v1.4.1 => v1.4.2): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating pear/pear-core-minimal (v1.10.7 => v1.10.9): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating pear/archive_tar (1.4.6 => 1.4.7): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/class-loader (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/dependency-injection (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-ctype (v1.11.0 => v1.12.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-php70 (v1.11.0 => v1.12.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-mbstring (v1.11.0 => v1.12.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/http-foundation (v3.4.27 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/event-dispatcher (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating psr/log (1.0.2 => 1.1.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/debug (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/http-kernel (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-iconv (v1.11.0 => v1.12.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/routing (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/serializer (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/translation (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/validator (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/yaml (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating zendframework/zend-diactoros (1.4.1 => 1.8.7): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating zendframework/zend-stdlib (3.0.1 => 3.2.1): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating zendframework/zend-escaper (2.5.2 => 2.6.1): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating zendframework/zend-feed (2.7.0 => 2.12.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/process (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/finder (v3.4.31 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/filesystem (v3.4.31 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/console (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating composer/spdx-licenses (1.5.1 => 1.5.2): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating composer/ca-bundle (1.1.4 => 1.2.4): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating composer/composer (1.8.5 => 1.9.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating instaclick/php-webdriver (1.4.5 => 1.4.6): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating twig/twig (v1.38.4 => v1.42.3): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating jcalderonzumba/gastonjs (v1.0.2 => v1.2.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/css-selector (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating jcalderonzumba/mink-phantomjs-driver (v0.3.2 => v0.3.3): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating mikey179/vfsstream (v1.6.5 => v1.6.7): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating sebastian/exporter (3.1.0 => 3.1.2): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Installing webmozart/assert (1.5.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Installing phpdocumentor/reflection-common (1.0.1): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Installing phpdocumentor/type-resolver (0.5.1): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating phpdocumentor/reflection-docblock (2.0.4 => 4.3.2): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating phpspec/prophecy (v1.7.0 => 1.9.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating squizlabs/php_codesniffer (3.4.2 => 3.5.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/dom-crawler (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/lock (v3.4.31 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/phpunit-bridge (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating theseer/tokenizer (1.1.2 => 1.1.3): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Removing drupal/core (8.8.x-dev), source is still present in core
  - Installing drupal/core (8.8.x-dev): Source already present
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup

Note this is adding a package from a new provider... guzzlehttp/psr7 1.6.1 requires ralouphie/getallheaders (^2.0.5 || ^3.0.0) hmmm....

Mind you anyone who runs composer update on their site gets this...

/me is so bored of maintaining the composer.lock file.

alexpott’s picture

The other new installs in #48 are due to phpspec/prophecy...

$ composer why webmozart/assert
phpdocumentor/reflection-docblock  4.3.2  requires  webmozart/assert (^1.0)

$ composer why phpdocumentor/reflection-docblock
phpspec/prophecy  1.9.0  requires  phpdocumentor/reflection-docblock (^2.0|^3.0.2|^4.0|^5.0)

$ composer why phpdocumentor/reflection-common
phpdocumentor/reflection-docblock  4.3.2  requires  phpdocumentor/reflection-common (^1.0.0 || ^2.0.0)
phpdocumentor/type-resolver        0.5.1  requires  phpdocumentor/reflection-common (^1.0)

$ composer why phpdocumentor/type-resolver
phpdocumentor/reflection-docblock  4.3.2  requires  phpdocumentor/type-resolver (~0.4 || ^1.0.0)
jibran’s picture

composer outdated -D shows
behat/mink-selenium2-driver dev-master 8684ee4 dev-master 3ab9f31 Selenium2 (WebDriver) driver for Mink framework can be updated.

jibran’s picture

Issue summary: View changes
Status: Needs review » Needs work

As per https://github.com/minkphp/MinkSelenium2Driver/compare/8684ee4...3ab9f31 they moved from 1.3.x-dev to 1.4.x-dev so yeah it is correctly ignored.

We need to downgrade masterminds/html5 though as per #3040037: Update masterminds/html5 to 2.7.5.

alexpott’s picture

So the attached patch results in doing the following to a site with #48 applied

Package operations: 0 installs, 3 updates, 0 removals
  - Downgrading jcalderonzumba/gastonjs (v1.2.0 => v1.0.2): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Downgrading jcalderonzumba/mink-phantomjs-driver (v0.3.3 => v0.3.2): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Downgrading masterminds/html5 (2.7.0 => 2.3.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup

I reckon we shouldn't update jcalderonzumba as well because that's all PhantomJS stuff that's deprecated a fragile. Thanks for the thorough review @jibran.

Applying this patch on 8.8.x HEAD and running composer install...

  composer install                         Thu 10 Oct 16:45:20 2019
> Drupal\Core\Composer\Composer::ensureComposerVersion
Loading composer repositories with package information
Installing dependencies (including require-dev) from lock file
Package operations: 4 installs, 53 updates, 1 removal
  - Removing ircmaxell/password-compat (v1.0.4)
  - Updating composer/installers (v1.6.0 => v1.7.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating brumann/polyfill-unserialize (v1.0.3 => v1.0.4): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/lexer (v1.0.1 => 1.0.2): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/inflector (v1.1.0 => v1.2.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/collections (v1.3.0 => v1.4.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/annotations (v1.2.7 => v1.4.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating doctrine/common (v2.6.2 => v2.7.3): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating egulias/email-validator (2.1.7 => 2.1.11): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Installing ralouphie/getallheaders (3.0.3): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating guzzlehttp/psr7 (1.4.2 => 1.6.1): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating paragonie/random_compat (v2.0.18 => v9.99.99): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating pear/console_getopt (v1.4.1 => v1.4.2): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating pear/pear-core-minimal (v1.10.7 => v1.10.9): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating pear/archive_tar (1.4.6 => 1.4.7): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/class-loader (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/dependency-injection (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-ctype (v1.11.0 => v1.12.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-php70 (v1.11.0 => v1.12.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-mbstring (v1.11.0 => v1.12.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/http-foundation (v3.4.27 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/event-dispatcher (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating psr/log (1.0.2 => 1.1.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/debug (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/http-kernel (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/polyfill-iconv (v1.11.0 => v1.12.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/routing (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/serializer (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/translation (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/validator (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/yaml (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating twig/twig (v1.38.4 => v1.42.3): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating zendframework/zend-diactoros (1.4.1 => 1.8.7): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating zendframework/zend-stdlib (3.0.1 => 3.2.1): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating zendframework/zend-escaper (2.5.2 => 2.6.1): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating zendframework/zend-feed (2.7.0 => 2.12.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/process (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/finder (v3.4.31 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/filesystem (v3.4.31 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/console (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating composer/spdx-licenses (1.5.1 => 1.5.2): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating composer/ca-bundle (1.1.4 => 1.2.4): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating composer/composer (1.8.5 => 1.9.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating instaclick/php-webdriver (1.4.5 => 1.4.6): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating mikey179/vfsstream (v1.6.5 => v1.6.7): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating sebastian/exporter (3.1.0 => 3.1.2): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Installing webmozart/assert (1.5.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Installing phpdocumentor/reflection-common (1.0.1): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Installing phpdocumentor/type-resolver (0.5.1): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating phpdocumentor/reflection-docblock (2.0.4 => 4.3.2): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating phpspec/prophecy (v1.7.0 => 1.9.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating squizlabs/php_codesniffer (3.4.2 => 3.5.0): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/css-selector (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/dom-crawler (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/lock (v3.4.31 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating symfony/phpunit-bridge (v3.4.26 => v3.4.32): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Updating theseer/tokenizer (1.1.2 => 1.1.3): Loading from cache
> Drupal\Core\Composer\Composer::vendorTestCodeCleanup
  - Removing drupal/core (8.8.x-dev), source is still present in core
  - Installing drupal/core (8.8.x-dev): Source already present
jibran’s picture

Issue summary: View changes
Status: Needs review » Reviewed & tested by the community

This looks good now. Thanks, for addressing the feedback.

+------------------------------+---------+----------+
| Production Changes           | From    | To       |
+------------------------------+---------+----------+
| brumann/polyfill-unserialize | v1.0.3  | v1.0.4   |
| composer/installers          | v1.6.0  | v1.7.0   |
| doctrine/annotations         | v1.2.7  | v1.4.0   |
| doctrine/collections         | v1.3.0  | v1.4.0   |
| doctrine/common              | v2.6.2  | v2.7.3   |
| doctrine/inflector           | v1.1.0  | v1.2.0   |
| doctrine/lexer               | v1.0.1  | 1.0.2    |
| egulias/email-validator      | 2.1.7   | 2.1.11   |
| guzzlehttp/psr7              | 1.4.2   | 1.6.1    |
| paragonie/random_compat      | v2.0.18 | v9.99.99 |
| pear/archive_tar             | 1.4.6   | 1.4.7    |
| pear/console_getopt          | v1.4.1  | v1.4.2   |
| pear/pear-core-minimal       | v1.10.7 | v1.10.9  |
| psr/log                      | 1.0.2   | 1.1.0    |
| symfony/class-loader         | v3.4.26 | v3.4.32  |
| symfony/console              | v3.4.26 | v3.4.32  |
| symfony/debug                | v3.4.26 | v3.4.32  |
| symfony/dependency-injection | v3.4.26 | v3.4.32  |
| symfony/event-dispatcher     | v3.4.26 | v3.4.32  |
| symfony/http-foundation      | v3.4.27 | v3.4.32  |
| symfony/http-kernel          | v3.4.26 | v3.4.32  |
| symfony/polyfill-ctype       | v1.11.0 | v1.12.0  |
| symfony/polyfill-iconv       | v1.11.0 | v1.12.0  |
| symfony/polyfill-mbstring    | v1.11.0 | v1.12.0  |
| symfony/polyfill-php70       | v1.11.0 | v1.12.0  |
| symfony/process              | v3.4.26 | v3.4.32  |
| symfony/routing              | v3.4.26 | v3.4.32  |
| symfony/serializer           | v3.4.26 | v3.4.32  |
| symfony/translation          | v3.4.26 | v3.4.32  |
| symfony/validator            | v3.4.26 | v3.4.32  |
| symfony/yaml                 | v3.4.26 | v3.4.32  |
| twig/twig                    | v1.38.4 | v1.42.3  |
| zendframework/zend-diactoros | 1.4.1   | 1.8.7    |
| zendframework/zend-escaper   | 2.5.2   | 2.6.1    |
| zendframework/zend-feed      | 2.7.0   | 2.12.0   |
| zendframework/zend-stdlib    | 3.0.1   | 3.2.1    |
| ralouphie/getallheaders      | NEW     | 3.0.3    |
+------------------------------+---------+----------+
+-----------------------------------+---------+---------+
| Dev Changes                       | From    | To      |
+-----------------------------------+---------+---------+
| composer/ca-bundle                | 1.1.4   | 1.2.4   |
| composer/composer                 | 1.8.5   | 1.9.0   |
| composer/spdx-licenses            | 1.5.1   | 1.5.2   |
| instaclick/php-webdriver          | 1.4.5   | 1.4.6   |
| ircmaxell/password-compat         | v1.0.4  | REMOVED |
| mikey179/vfsstream                | v1.6.5  | v1.6.7  |
| phpdocumentor/reflection-docblock | 2.0.4   | 4.3.2   |
| phpspec/prophecy                  | v1.7.0  | 1.9.0   |
| sebastian/exporter                | 3.1.0   | 3.1.2   |
| squizlabs/php_codesniffer         | 3.4.2   | 3.5.0   |
| symfony/css-selector              | v3.4.26 | v3.4.32 |
| symfony/dom-crawler               | v3.4.26 | v3.4.32 |
| symfony/filesystem                | v3.4.31 | v3.4.32 |
| symfony/finder                    | v3.4.31 | v3.4.32 |
| symfony/lock                      | v3.4.31 | v3.4.32 |
| symfony/phpunit-bridge            | v3.4.26 | v3.4.32 |
| theseer/tokenizer                 | 1.1.2   | 1.1.3   |
| phpdocumentor/reflection-common   | NEW     | 1.0.1   |
| phpdocumentor/type-resolver       | NEW     | 0.5.1   |
| webmozart/assert                  | NEW     | 1.5.0   |
+-----------------------------------+---------+---------+
alexpott’s picture

@jibran how did you generate those reports - they look great!

  • catch committed fd8dbd5 on 8.8.x
    Issue #3039611 by jibran, alexpott, kostyashupenko, Mile23: Update core...
catch’s picture

Status: Reviewed & tested by the community » Fixed

Committed fd8dbd5 and pushed to 8.8.x. Thanks!

jibran’s picture

xjm’s picture

Status: Fixed » Needs work
Issue tags: +8.8.0 release notes

Our dependency updates should always go in the release notes, so let's remember to tag such issues in the future.

The release note isn't really legible as it is -- we don't need to list every Symfony component, for example; we should just have one bullet in a bulleted list that says "Symfony updated from 3.4.26 to 3.4.32". And etc.

Also, unrelatedly, I'm not sure the Diactoros update in this issue is the one we want. Shouldn't we be using the LTS version now that we can? Which AFAIK is 1.7. 1.8 already is out of security support. See: https://framework.zend.com/long-term-support

xjm’s picture

I filed #3087531: Use Diactoros LTS version 1.7, not 1.8 which is out of security coverage for the second point. If someone could reformat the release note though that's still needed for the alpha though. :)

xjm’s picture

Also, what issue added getallheaders? That deserves a separate mention. Unless a dependency added it as a new requirement?

jibran’s picture

Issue summary: View changes
Status: Needs work » Needs review

guzzlehttp/psr7 added ralouphie/getallheaders package.

composer why ralouphie/getallheaders 
guzzlehttp/psr7  1.6.1  requires  ralouphie/getallheaders (^2.0.5 || ^3.0.0)

I updated the release note. Please have a look.

jibran’s picture

Should we just list the direct dependencies in release notes?

alexpott’s picture

catch’s picture

Issue summary: View changes
Status: Needs review » Fixed

Updated the diactoros version in the release notes snippet, and summarised the symfony updates instead of listing them all.

Moving back to fixed.

alexpott’s picture

alexpott’s picture

Issue summary: View changes
alexpott’s picture

Issue summary: View changes
xjm’s picture

Issue summary: View changes

Refining the release note.

xjm’s picture

Issue summary: View changes

"The latest minor versions" is not true for Zend libraries because of the Diactoros LTS. That has its own release note, so changing it to list the other three packages.

Also adding an "additionally" for ralouphie/getallheaders. (I didn't list the new dev dependencies because it'd be mostly noise.)

xjm credited larowlan.

xjm’s picture

Issue summary: View changes

Clarifying what's up with the Paragonie library and crediting @larowlan for helping me figure that out.

xjm’s picture

Issue summary: View changes
xjm’s picture

Issue summary: View changes
mondrake’s picture

Status: Fixed » Needs work
Issue tags: +PHP 7.4

I think this needs a follow up, to update composer.json and core/composer.json constraints for two packages:

mikey179/vfsstream: ^1.6.7
egulias/email-validator: ^2.1.11

These are the minimum PHP 7.4 supported versions, and if later we want to run MIN testing on PHP 7.4, with the current constraints composer will load an incompatible version.

alexpott’s picture

Status: Needs work » Fixed

@mondrake -let's handle that in another issue thanks!

mondrake’s picture

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.