Update dependencies for Drupal 10.2

Created on 28 November 2023, 7 months ago
Updated 30 November 2023, 7 months ago

Problem/Motivation

Drupal 10.2.0-rc1 is due this week, a number of dependencies have minor and patch level release bumps that we should try to incorporate in the release.

Steps to reproduce

$ composer outdated

Proposed resolution

$ composer update --with=phpunit/phpunit:^9

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

📌 Task
Status

Fixed

Version

10.2

Component
Composer 

Last updated about 21 hours ago

No maintainer
Created by

🇬🇧United Kingdom longwave UK

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Merge request !5574Bump dependencies. → (Closed) created by longwave
  • Status changed to Needs work 7 months ago
  • 🇺🇸United States mglaman WI, USA

    https://github.com/phpstan/phpstan-src/pull/2794 has been merged and fixes the PHPStan error pending next release

  • Status changed to Needs review 7 months ago
  • 🇬🇧United Kingdom longwave UK

    Added an is_array() check. Alternatively we could perhaps add a @var comment to force PHPStan to understand it's an array? Not sure which is better.

    Or, we could just wait for the next release, and not bump PHPStan for now?

  • 🇺🇸United States mglaman WI, USA

    I say we wait for the PHPStan release. The array checks will be covered when PHPStan levels bump – that a non-array may be passed to array_filter. I think it's best to fix types when they arise once PHPStan begins to uncover them with increased levels.

  • First commit to issue fork.
  • 🇳🇱Netherlands Spokje

    Spokje changed the visibility of the branch 3404694-NotBumpPHPStan to hidden.

  • 🇳🇱Netherlands Spokje

    Spokje changed the visibility of the branch 3404694-NotBumpPHPStan to active.

  • 🇳🇱Netherlands Spokje

    Spokje changed the visibility of the branch 3404694-NotBumpPHPStan to active.

  • 🇳🇱Netherlands Spokje

    Spokje changed the visibility of the branch 11.x to hidden.

  • 🇳🇱Netherlands Spokje

    Sorry for the noise, did some pushes to a wrong branch.

    Anyway: I forgot that with the conflict in place we can still do a composer update --with=phpunit/phpunit:^9 and be done with it. It bumps phpstan/phpstan to the latest version that has no conflict (1.10.44).

    With this MR !5580 we now can either wait until the next PHPStan release, which will have the fix, or, if sooner, release 10.2-RC and remove the conflict, bump the version number of phpstan/phpstan in the root composer.json.

  • 🇳🇱Netherlands Spokje

    For MR!5580:

    $ /omposer-lock-diff --no-links
    +------------------------------------+------------+------------+
    | Production Changes                 | From       | To         |
    +------------------------------------+------------+------------+
    | pear/pear-core-minimal             | v1.10.13   | v1.10.14   |
    | symfony/console                    | v6.4.0-RC1 | v6.4.0-RC2 |
    | symfony/deprecation-contracts      | v3.3.0     | v3.4.0     |
    | symfony/event-dispatcher-contracts | v3.3.0     | v3.4.0     |
    | symfony/http-foundation            | v6.4.0-RC1 | v6.4.0-RC2 |
    | symfony/http-kernel                | v6.4.0-RC1 | v6.4.0-RC2 |
    | symfony/process                    | v6.4.0-RC1 | v6.4.0-RC2 |
    | symfony/serializer                 | v6.4.0-RC1 | v6.4.0-RC2 |
    | symfony/service-contracts          | v3.3.0     | v3.4.0     |
    | symfony/translation-contracts      | v3.3.0     | v3.4.0     |
    | symfony/validator                  | v6.4.0-RC1 | v6.4.0-RC2 |
    | twig/twig                          | v3.7.1     | v3.8.0     |
    +------------------------------------+------------+------------+
    
    +-------------------------+------------+------------+
    | Dev Changes             | From       | To         |
    +-------------------------+------------+------------+
    | composer/spdx-licenses  | 1.5.7      | 1.5.8      |
    | google/protobuf         | v3.25.0    | v3.25.1    |
    | open-telemetry/sdk      | 1.0.0      | 1.0.1      |
    | open-telemetry/sem-conv | 1.22.1     | 1.23.1     |
    | phpstan/phpdoc-parser   | 1.24.2     | 1.24.4     |
    | phpstan/phpstan         | 1.10.41    | 1.10.44    |
    | react/promise           | v3.0.0     | v3.1.0     |
    | symfony/dom-crawler     | v6.4.0-RC1 | v6.4.0-RC2 |
    | symfony/lock            | v6.4.0-RC1 | v6.4.0-RC2 |
    | theseer/tokenizer       | 1.2.1      | 1.2.2      |
    +-------------------------+------------+------------+
    
  • 🇬🇧United Kingdom longwave UK

    @Spokje wow that was fast - 10 minutes after release of 6.4.0!

  • 🇫🇷France andypost

    Maybe the same time to bump mglaman/phpstan-drupal to 1.2.4 in require-dev as it's pinned to this version already?

  • 🇬🇧United Kingdom longwave UK

    @andypost we usually only bump requirements if we needed to change something and the old version would fail in some way

  • 🇳🇱Netherlands Spokje

    https://github.com/colinodell/psr-testlogger/releases/tag/v1.3.0

    For MR!5580:

    $ composer-lock-diff --no-links
    +------------------------------------+------------+----------+
    | Production Changes                 | From       | To       |
    +------------------------------------+------------+----------+
    | asm89/stack-cors                   | v2.1.1     | v2.2.0   |
    | pear/pear-core-minimal             | v1.10.13   | v1.10.14 |
    | symfony/console                    | v6.4.0-RC1 | v6.4.0   |
    | symfony/dependency-injection       | v6.4.0-RC1 | v6.4.0   |
    | symfony/deprecation-contracts      | v3.3.0     | v3.4.0   |
    | symfony/error-handler              | v6.4.0-RC1 | v6.4.0   |
    | symfony/event-dispatcher           | v6.4.0-RC1 | v6.4.0   |
    | symfony/event-dispatcher-contracts | v3.3.0     | v3.4.0   |
    | symfony/filesystem                 | v6.4.0-RC1 | v6.4.0   |
    | symfony/finder                     | v6.4.0-RC1 | v6.4.0   |
    | symfony/http-foundation            | v6.4.0-RC1 | v6.4.0   |
    | symfony/http-kernel                | v6.4.0-RC1 | v6.4.0   |
    | symfony/mailer                     | v6.4.0-RC1 | v6.4.0   |
    | symfony/mime                       | v6.4.0-RC1 | v6.4.0   |
    | symfony/process                    | v6.4.0-RC1 | v6.4.0   |
    | symfony/routing                    | v6.4.0-RC1 | v6.4.0   |
    | symfony/serializer                 | v6.4.0-RC1 | v6.4.0   |
    | symfony/service-contracts          | v3.3.0     | v3.4.0   |
    | symfony/string                     | v6.3.8     | v6.4.0   |
    | symfony/translation-contracts      | v3.3.0     | v3.4.0   |
    | symfony/validator                  | v6.4.0-RC1 | v6.4.0   |
    | symfony/var-dumper                 | v6.4.0-RC1 | v6.4.0   |
    | symfony/var-exporter               | v6.3.6     | v6.4.0   |
    | symfony/yaml                       | v6.4.0-RC1 | v6.4.0   |
    | twig/twig                          | v3.7.1     | v3.8.0   |
    +------------------------------------+------------+----------+
    
    +---------------------------+------------+---------+
    | Dev Changes               | From       | To      |
    +---------------------------+------------+---------+
    | colinodell/psr-testlogger | v1.2.0     | v1.3.0  |
    | composer/spdx-licenses    | 1.5.7      | 1.5.8   |
    | google/protobuf           | v3.25.0    | v3.25.1 |
    | open-telemetry/sdk        | 1.0.0      | 1.0.1   |
    | open-telemetry/sem-conv   | 1.22.1     | 1.23.1  |
    | phpstan/phpdoc-parser     | 1.24.2     | 1.24.4  |
    | phpstan/phpstan           | 1.10.41    | 1.10.44 |
    | react/promise             | v3.0.0     | v3.1.0  |
    | symfony/browser-kit       | v6.4.0-RC1 | v6.4.0  |
    | symfony/css-selector      | v6.4.0-RC1 | v6.4.0  |
    | symfony/dom-crawler       | v6.4.0-RC1 | v6.4.0  |
    | symfony/lock              | v6.4.0-RC1 | v6.4.0  |
    | symfony/phpunit-bridge    | v6.4.0-RC1 | v6.4.0  |
    | theseer/tokenizer         | 1.2.1      | 1.2.2   |
    +---------------------------+------------+---------+
    
  • Status changed to RTBC 7 months ago
  • 🇬🇧United Kingdom longwave UK

    Looks great, thank you. Let's land this for 10.2.0-rc1.

    • alexpott committed a6a0523e on 11.x
      Issue #3404694 by Spokje, longwave, mglaman, andypost: Update...
    • alexpott committed 6c3b0d58 on 10.2.x
      Issue #3404694 by Spokje, longwave, mglaman, andypost: Update...
  • Status changed to Fixed 7 months ago
  • 🇬🇧United Kingdom alexpott 🇪🇺🌍

    I don't think we should have added conflicts here. I think they are largely pointless for upstream dependencies because they are not retroactive so can result in composer solving to an odd set of dependencies for a project. But given this is only going to be the case for a short while ...

    Committed this to 11.x and 10.2.x, thanks!

  • 🇮🇹Italy mondrake 🇮🇹

    Are these deprecation ignores still 'temporary' at this point?

    https://git.drupalcode.org/project/drupal/-/blob/11.x/core/.deprecation-...

    Is there a followup to remove them or to make them more permanent if they have to stay?

  • 🇬🇧United Kingdom longwave UK

    📌 Fork Symfony's ContainerAwareTrait and ContainerAwareInterface into core Needs work is trying to figure out next steps here, whether we need to fork ContainerAware* or remove uses of it if we can.

  • 🇮🇹Italy mondrake 🇮🇹

    How about linking that issue in the .deprecation-ignore.txt file?

  • Automatically closed - issue fixed for 2 weeks with no activity.

Production build 0.69.0 2024