Update dependencies for Drupal 10.2

https://github.com/phpstan/phpstan-src/pull/2794 has been merged and fixes the PHPStan error pending next release

Added an is_array() check. Alternatively we could perhaps add a @var comment to force PHPStan to understand it's an array? Not sure which is better.

Or, we could just wait for the next release, and not bump PHPStan for now?

I say we wait for the PHPStan release. The array checks will be covered when PHPStan levels bump – that a non-array may be passed to array_filter. I think it's best to fix types when they arise once PHPStan begins to uncover them with increased levels.

Spokje → changed the visibility of the branch 3404694-NotBumpPHPStan to hidden.

Spokje → changed the visibility of the branch 3404694-NotBumpPHPStan to active.

Spokje → changed the visibility of the branch 3404694-NotBumpPHPStan to active.

Spokje → changed the visibility of the branch 11.x to hidden.

Sorry for the noise, did some pushes to a wrong branch.

Anyway: I forgot that with the conflict in place we can still do a composer update --with=phpunit/phpunit:^9 and be done with it. It bumps phpstan/phpstan to the latest version that has no conflict (1.10.44).

With this MR !5580 we now can either wait until the next PHPStan release, which will have the fix, or, if sooner, release 10.2-RC and remove the conflict, bump the version number of phpstan/phpstan in the root composer.json.

For MR!5580:

$ /omposer-lock-diff --no-links
+------------------------------------+------------+------------+
| Production Changes                 | From       | To         |
+------------------------------------+------------+------------+
| pear/pear-core-minimal             | v1.10.13   | v1.10.14   |
| symfony/console                    | v6.4.0-RC1 | v6.4.0-RC2 |
| symfony/deprecation-contracts      | v3.3.0     | v3.4.0     |
| symfony/event-dispatcher-contracts | v3.3.0     | v3.4.0     |
| symfony/http-foundation            | v6.4.0-RC1 | v6.4.0-RC2 |
| symfony/http-kernel                | v6.4.0-RC1 | v6.4.0-RC2 |
| symfony/process                    | v6.4.0-RC1 | v6.4.0-RC2 |
| symfony/serializer                 | v6.4.0-RC1 | v6.4.0-RC2 |
| symfony/service-contracts          | v3.3.0     | v3.4.0     |
| symfony/translation-contracts      | v3.3.0     | v3.4.0     |
| symfony/validator                  | v6.4.0-RC1 | v6.4.0-RC2 |
| twig/twig                          | v3.7.1     | v3.8.0     |
+------------------------------------+------------+------------+

+-------------------------+------------+------------+
| Dev Changes             | From       | To         |
+-------------------------+------------+------------+
| composer/spdx-licenses  | 1.5.7      | 1.5.8      |
| google/protobuf         | v3.25.0    | v3.25.1    |
| open-telemetry/sdk      | 1.0.0      | 1.0.1      |
| open-telemetry/sem-conv | 1.22.1     | 1.23.1     |
| phpstan/phpdoc-parser   | 1.24.2     | 1.24.4     |
| phpstan/phpstan         | 1.10.41    | 1.10.44    |
| react/promise           | v3.0.0     | v3.1.0     |
| symfony/dom-crawler     | v6.4.0-RC1 | v6.4.0-RC2 |
| symfony/lock            | v6.4.0-RC1 | v6.4.0-RC2 |
| theseer/tokenizer       | 1.2.1      | 1.2.2      |
+-------------------------+------------+------------+

Updated MR!5580 with freshly release SF6.4.0 https://github.com/symfony/symfony/releases/tag/v6.4.0

@Spokje wow that was fast - 10 minutes after release of 6.4.0!

Added update will help with SF7 support https://github.com/asm89/stack-cors/compare/v2.1.1...v2.2.0

Maybe the same time to bump mglaman/phpstan-drupal to 1.2.4 in require-dev as it's pinned to this version already?

@andypost we usually only bump requirements if we needed to change something and the old version would fail in some way

longwave → closed merge request !5574

https://github.com/colinodell/psr-testlogger/releases/tag/v1.3.0

For MR!5580:

$ composer-lock-diff --no-links
+------------------------------------+------------+----------+
| Production Changes                 | From       | To       |
+------------------------------------+------------+----------+
| asm89/stack-cors                   | v2.1.1     | v2.2.0   |
| pear/pear-core-minimal             | v1.10.13   | v1.10.14 |
| symfony/console                    | v6.4.0-RC1 | v6.4.0   |
| symfony/dependency-injection       | v6.4.0-RC1 | v6.4.0   |
| symfony/deprecation-contracts      | v3.3.0     | v3.4.0   |
| symfony/error-handler              | v6.4.0-RC1 | v6.4.0   |
| symfony/event-dispatcher           | v6.4.0-RC1 | v6.4.0   |
| symfony/event-dispatcher-contracts | v3.3.0     | v3.4.0   |
| symfony/filesystem                 | v6.4.0-RC1 | v6.4.0   |
| symfony/finder                     | v6.4.0-RC1 | v6.4.0   |
| symfony/http-foundation            | v6.4.0-RC1 | v6.4.0   |
| symfony/http-kernel                | v6.4.0-RC1 | v6.4.0   |
| symfony/mailer                     | v6.4.0-RC1 | v6.4.0   |
| symfony/mime                       | v6.4.0-RC1 | v6.4.0   |
| symfony/process                    | v6.4.0-RC1 | v6.4.0   |
| symfony/routing                    | v6.4.0-RC1 | v6.4.0   |
| symfony/serializer                 | v6.4.0-RC1 | v6.4.0   |
| symfony/service-contracts          | v3.3.0     | v3.4.0   |
| symfony/string                     | v6.3.8     | v6.4.0   |
| symfony/translation-contracts      | v3.3.0     | v3.4.0   |
| symfony/validator                  | v6.4.0-RC1 | v6.4.0   |
| symfony/var-dumper                 | v6.4.0-RC1 | v6.4.0   |
| symfony/var-exporter               | v6.3.6     | v6.4.0   |
| symfony/yaml                       | v6.4.0-RC1 | v6.4.0   |
| twig/twig                          | v3.7.1     | v3.8.0   |
+------------------------------------+------------+----------+

+---------------------------+------------+---------+
| Dev Changes               | From       | To      |
+---------------------------+------------+---------+
| colinodell/psr-testlogger | v1.2.0     | v1.3.0  |
| composer/spdx-licenses    | 1.5.7      | 1.5.8   |
| google/protobuf           | v3.25.0    | v3.25.1 |
| open-telemetry/sdk        | 1.0.0      | 1.0.1   |
| open-telemetry/sem-conv   | 1.22.1     | 1.23.1  |
| phpstan/phpdoc-parser     | 1.24.2     | 1.24.4  |
| phpstan/phpstan           | 1.10.41    | 1.10.44 |
| react/promise             | v3.0.0     | v3.1.0  |
| symfony/browser-kit       | v6.4.0-RC1 | v6.4.0  |
| symfony/css-selector      | v6.4.0-RC1 | v6.4.0  |
| symfony/dom-crawler       | v6.4.0-RC1 | v6.4.0  |
| symfony/lock              | v6.4.0-RC1 | v6.4.0  |
| symfony/phpunit-bridge    | v6.4.0-RC1 | v6.4.0  |
| theseer/tokenizer         | 1.2.1      | 1.2.2   |
+---------------------------+------------+---------+

Looks great, thank you. Let's land this for 10.2.0-rc1.

I don't think we should have added conflicts here. I think they are largely pointless for upstream dependencies because they are not retroactive so can result in composer solving to an odd set of dependencies for a project. But given this is only going to be the case for a short while ...

Committed this to 11.x and 10.2.x, thanks!

Spokje → closed merge request !5580

Are these deprecation ignores still 'temporary' at this point?

https://git.drupalcode.org/project/drupal/-/blob/11.x/core/.deprecation-...

Is there a followup to remove them or to make them more permanent if they have to stay?

📌 Fork Symfony's ContainerAwareTrait and ContainerAwareInterface into core Needs work is trying to figure out next steps here, whether we need to fork ContainerAware* or remove uses of it if we can.

How about linking that issue in the .deprecation-ignore.txt file?

Automatically closed - issue fixed for 2 weeks with no activity.