- Issue created by @andypost
- Status changed to Needs review
over 1 year ago 7:11pm 28 May 2023 - last update
over 1 year ago 29,399 pass - last update
over 1 year ago 29,401 pass - Status changed to RTBC
over 1 year ago 4:11am 29 May 2023 - last update
over 1 year ago 29,400 pass - Status changed to Needs review
over 1 year ago 9:33pm 30 May 2023 - last update
over 1 year ago 29,400 pass - last update
over 1 year ago 29,402 pass - Status changed to RTBC
over 1 year ago 10:35pm 30 May 2023 - last update
over 1 year ago 29,400 pass - last update
over 1 year ago 29,392 pass, 2 fail - last update
over 1 year ago 29,400 pass - last update
over 1 year ago 29,400 pass - last update
over 1 year ago 29,400 pass - last update
over 1 year ago 29,404 pass, 4 fail - Status changed to Fixed
over 1 year ago 6:19pm 3 June 2023 - 🇮🇳India ankitv18
Are these changes also gonna pushed into Drupal 10.0.x branch?
- 🇬🇧United Kingdom catch
@ankitv18 no that will stay on Symfony 6.2, and then 10.0.x goes out of support the end of this year.
- 🇩🇪Germany lmoeni
Is there a reason why 10.0.0 is supposed to stay on Symfony 6.2?
The current requirement in 10.0.x also allows 6.3 to install.
Shouldn't we backport or lock the version to 6.2 then? - Status changed to Needs work
over 1 year ago 5:21am 8 June 2023 - 🇷🇺Russia Chi
Shouldn't we backport or lock the version to 6.2 then?
Yes, we should.
core-recommendedpackage should not be used to obscure wrong dependency ranges.
Not sure which way is better. Drupal 10.0 is not compatible with Symfony 6.3 and Drupal 10.1.0 is not released yet. So right now we have no stable Drupal release compatible with Symfony 6.3. - 🇷🇺Russia Chi
no that will stay on Symfony 6.2, and then 10.0.x goes out of support the end of this year
And Symfony 6.2 will go out of suport next month which means for Drupal 10.0 will use unsupported Symfony version for a few month.
- 🇬🇧United Kingdom catch
@Chi we have an arrangement with the Symfony project that two Drupal core committers are on their security team. If any components in a Symfony minor release that Drupal core still depends on have a security advisory issued, then we will work with them to get the fix backported to the branch we're using and they'll issue a 'bonus' release for it. This doesn't apply to components we don't use.
It is a bit obscure, but it is what we settled on - they didn't want to support their own minor releases for 13 months, we didn't want to update to their minor releases in our patch releases, we didn't want to be out of security support for six months on a permanent basis.
- 🇷🇺Russia Chi
Re #16. Makes sense.
We still need to lock Drupal 10.0 on Symfony 6.2 in composer.json. - 🇳🇱Netherlands spokje
We still need to lock Drupal 10.0 on Symfony 6.2 in composer.json.
📌 Lock Drupal 10.0 on symfony/serializer and symfony/validator 6.2 Fixed , putting this one back to status Fixed, since there's nothing more to do here.
- Status changed to Fixed
over 1 year ago 10:01am 8 June 2023 Automatically closed - issue fixed for 2 weeks with no activity.
