Remove psr/http-message from drupal/core-recommended

Created on 22 May 2023, about 1 year ago
Updated 25 May 2023, about 1 year ago

Problem/Motivation

  • Drupal 10.0 used psr/http-message 1.x. Drupal 10.1 supports either 1.x or 2.x and composer.lock uses 2.x, which means drupal/core-recommended pins to 2.x. Therefore, if sites have other dependencies that haven't yet been made compatible with psr/http-message 2.x, they can't upgrade from 10.0 to 10.1 without switching off of drupal/core-recommended.
  • psr/http-messages does not contain any code other than interfaces, so I don't think there's much safety value created by drupal/core-recommended pinning to a major/minor version.
  • 10.1's drupal/core-recommended also increases the major version of doctrine/lexer and egulias/email-validator, so those might also present upgrade problems from 10.0 to 10.1, but those packages have implementation code in them so their presence in drupal/core-recommended has value. Therefore, this issue is scoped to only psr/http-message.

Steps to reproduce

Proposed resolution

Remove psr/http-message from drupal/core-recommended. This means sites using drupal/core-recommended will potentially get new minor versions of psr/http-message, including versions not tested on DrupalCI, when they come out, but this seems low risk considering that package only defines interfaces and does not have any implementation code.

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

πŸ“Œ Task
Status

Fixed

Version

10.1 ✨

Component
ComposerΒ  β†’

Last updated about 19 hours ago

No maintainer
Created by

πŸ‡ΊπŸ‡ΈUnited States effulgentsia

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.69.0 2024