Pin to egulias/email-validator v4

Issue created by @catch
Comment about 1 year ago →
🇬🇧United Kingdom catch
Comment about 1 year ago →
🇬🇧United Kingdom longwave UK
The breaking changes in v4 appear to be:

- "php": ">=7.2", - "doctrine/lexer": "^1.2|^2", - "symfony/polyfill-intl-idn": "^1.15" + "php": ">=8.1", + "doctrine/lexer": "^2.0 || ^3.0", + "symfony/polyfill-intl-idn": "^1.26"
We already have the same minimum PHP requirement and we are already pinned to symfony/polyfill-intl-idn 1.27.

The only difficult part is dropping support for doctrine/lexer 1. However, we are already pinned to to doctrine/lexer 2.1.0 in core-recommended, and we currently cannot go to v3 unless we also upgrade doctrine/annotations - which also involves a major version bump from 1 to 2.

$ composer why doctrine/lexer doctrine/annotations 1.14.3 requires doctrine/lexer (^1 || ^2) egulias/email-validator 3.2.5 requires doctrine/lexer (^1.2|^2) symfony/validator v6.2.8 conflicts doctrine/lexer (<1.1)
To summarise I don't see a problem with this, and it may be better to start making moves to do this now, in case our hand is forced in the future by a security update of any of egulias/email-validator, doctrine/annotations or doctrine/lexer.
Comment about 1 year ago →
🇬🇧United Kingdom catch
Yep agreed with #3. If we don't update, we could be forced to either update or fork by PHP 8.3+ support or a security release. PHP 8.3 support is OK since we can add that only in a minor release, but doing so for a security update means any disruption would happen at the worst time. it's possible of course that there's no security release until after 10.x is EOL but that still leaves PHP version support.
Status changed to Needs review about 1 year ago9:08am 19 May 2023
Open in Jenkins → Open on Drupal.org →
Environment: PHP 8.1 & MySQL 5.7
last update about 1 year ago
29,388 pass
Comment about 1 year ago →
🇬🇧United Kingdom longwave UK
Comment about 1 year ago →
🇬🇧United Kingdom longwave UK
Marking as critical given #4.
Status changed to RTBC about 1 year ago3:06pm 19 May 2023
Comment about 1 year ago →
🇺🇸United States smustgrave
Marking this but should it go into 10.2 or D11?
Comment about 1 year ago →
🇬🇧United Kingdom longwave UK
In my opinion, this is still eligible for 10.1; the risk of breakage is low and the risk of future security issues is higher and will be more difficult to resolve.
Comment about 1 year ago →
🇬🇧United Kingdom catch
Yes I'm +1 to #8 too, especially since we're only pinning, not increasing the constraint.

catch → committed 6b745965 on 10.1.x

Issue #3357585 by longwave, catch: Pin to egulias/email-validator v4

(...

Comment about 1 year ago →
System Message

catch → committed 889a6c48 on 11.x
Issue #3357585 by longwave, catch: Pin to egulias/email-validator v4
Status changed to Fixed about 1 year ago8:15am 20 May 2023
Comment about 1 year ago →
🇬🇧United Kingdom catch
Let's do this. If there are any issues it's easy for modules/sites to downgrade.

Committed/pushed to 11.x and cherry-picked to 10.1.x, thanks!
Comment about 1 year ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

Pin to egulias/email-validator v4

Problem/Motivation

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

Comments & Activities