Update Composer dependencies for 11.2.0

Symfony 7.3.0-beta1 is released, this should include upgrading to that.

+----------------------------------+---------+--------------+
| Production Changes               | From    | To           |
+----------------------------------+---------+--------------+
| doctrine/deprecations            | 1.1.3   | 1.1.5        |
| egulias/email-validator          | 4.0.2   | 4.0.4        |
| guzzlehttp/guzzle                | 7.9.2   | 7.9.3        |
| guzzlehttp/promises              | 2.0.4   | 2.2.0        |
| guzzlehttp/psr7                  | 2.7.0   | 2.7.1        |
| mck89/peast                      | v1.16.3 | v1.17.0      |
| revolt/event-loop                | v1.0.6  | v1.0.7       |
| symfony/console                  | v7.2.0  | v7.3.0-BETA1 |
| symfony/dependency-injection     | v7.2.0  | v7.3.0-BETA1 |
| symfony/error-handler            | v7.2.0  | v7.2.5       |
| symfony/event-dispatcher         | v7.2.0  | v7.3.0-BETA1 |
| symfony/filesystem               | v7.2.0  | v7.3.0-BETA1 |
| symfony/finder                   | v7.2.0  | v7.3.0-BETA1 |
| symfony/http-foundation          | v7.2.0  | v7.3.0-BETA1 |
| symfony/http-kernel              | v7.2.0  | v7.3.0-BETA1 |
| symfony/mailer                   | v7.2.0  | v7.3.0-BETA1 |
| symfony/mime                     | v7.2.0  | v7.3.0-BETA1 |
| symfony/polyfill-iconv           | v1.31.0 | v1.32.0      |
| symfony/polyfill-intl-grapheme   | v1.31.0 | v1.32.0      |
| symfony/polyfill-intl-normalizer | v1.31.0 | v1.32.0      |
| symfony/polyfill-mbstring        | v1.31.0 | v1.32.0      |
| symfony/process                  | v7.2.0  | v7.3.0-BETA1 |
| symfony/psr-http-message-bridge  | v7.2.0  | v7.3.0-BETA1 |
| symfony/routing                  | v7.2.0  | v7.3.0-BETA1 |
| symfony/serializer               | v7.2.0  | v7.3.0-BETA1 |
| symfony/string                   | v7.2.0  | v7.2.6       |
| symfony/validator                | v7.2.0  | v7.3.0-BETA1 |
| symfony/var-dumper               | v7.2.0  | v7.2.6       |
| symfony/var-exporter             | v7.2.0  | v7.2.6       |
| symfony/yaml                     | v7.2.0  | v7.3.0-BETA1 |
| twig/twig                        | v3.19.0 | v3.20.0      |
+----------------------------------+---------+--------------+

+------------------------------------+----------+---------+
| Dev Changes                        | From     | To      |
+------------------------------------+----------+---------+
| brick/math                         | 0.12.1   | 0.12.3  |
| composer/ca-bundle                 | 1.5.4    | 1.5.6   |
| composer/class-map-generator       | 1.5.0    | 1.6.1   |
| composer/composer                  | 2.8.3    | 2.8.6   |
| drupal/coder                       | 8.3.26   | 8.3.28  |
| google/protobuf                    | v4.29.1  | v4.30.2 |
| mglaman/phpstan-drupal             | 2.0.4    | 2.0.5   |
| myclabs/deep-copy                  | 1.12.1   | 1.13.1  |
| nikic/php-parser                   | v5.3.1   | v5.4.0  |
| open-telemetry/api                 | 1.1.1    | 1.2.3   |
| open-telemetry/exporter-otlp       | 1.1.0    | 1.2.1   |
| open-telemetry/gen-otlp-protobuf   | 1.2.1    | 1.5.0   |
| open-telemetry/sdk                 | 1.1.2    | 1.2.4   |
| open-telemetry/sem-conv            | 1.27.1   | 1.30.0  |
| phpdocumentor/reflection-docblock  | 5.6.1    | 5.6.2   |
| phpspec/prophecy                   | v1.20.0  | v1.22.0 |
| phpstan/phpdoc-parser              | 1.33.0   | 2.1.0   |
| phpstan/phpstan                    | 2.1.11   | 2.1.13  |
| phpstan/phpstan-deprecation-rules  | 2.0.1    | 2.0.2   |
| phpunit/phpunit                    | 10.5.38  | 10.5.46 |
| ramsey/collection                  | 2.0.0    | 2.1.1   |
| sirbrillig/phpcs-variable-analysis | v2.11.21 | v2.12.0 |
| slevomat/coding-standard           | 8.15.0   | 8.18.0  |
| squizlabs/php_codesniffer          | 3.11.1   | 3.12.2  |
| symfony/browser-kit                | v7.2.0   | v7.2.4  |
| symfony/dom-crawler                | v7.2.0   | v7.2.4  |
| symfony/lock                       | v7.2.0   | v7.2.6  |
| tbachert/spi                       | v1.0.2   | v1.0.3  |
+------------------------------------+----------+---------+

This leaves the following behind:

Direct dependencies required in composer.json:
composer/composer                  2.8.6   2.8.8  Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere.
justinrainbow/json-schema          5.3.0   6.4.1  A library to validate a json schema.
micheh/phpcs-gitlab                1.1.0   2.0.0  Gitlab Report for PHP_CodeSniffer (display the violations in the Gitlab CI/CD Code Quality Report)
phpunit/phpunit                    10.5.46 12.1.4 The PHP Unit Testing framework.

Transitive dependencies not required in composer.json:
brick/math                         0.12.3  0.13.1 Arbitrary-precision arithmetic library
doctrine/lexer                     2.1.1   3.0.1  PHP Doctrine Lexer parser library that can be used in Top-Down, Recursive Descent Parsers.

composer/composer requires justinrainbow/json-schema 6
justinrainbow/json-schema will be handled in 📌 Allow 6.x version of justinrainbow/json-schema Active
micheh/phpcs-gitlab needs its own issue but doesn't feel important
phpunit/phpunit first step is in 🌱 [meta] Support PHPUnit 11 in Drupal 10 Postponed
brick/math requires ramsey/uuid to upgrade first
doctrine/lexer will be handled in 📌 [PP-1] Make doctrine/lexer:^3.0 compatible with \Drupal\Component\Annotation\Doctrine. Active

Downgraded PHPStan and Coder, they will also need their own issues.

Since symfony/validator 7.3: Passing an array of options to configure the "Drupal\Core\Validation\Plugin\Validation\Constraint\RangeConstraint" constraint is deprecated, use named arguments instead.

This seems like it will be painful to fix, the obvious change is

--- a/core/lib/Drupal/Core/Validation/ConstraintFactory.php
+++ b/core/lib/Drupal/Core/Validation/ConstraintFactory.php
@@ -28,7 +28,7 @@ public function createInstance($plugin_id, array $configuration = []) {
 
     // If the plugin is a Symfony Constraint, use the correct constructor.
     if (is_subclass_of($plugin_class, Constraint::class)) {
-      return new $plugin_class($configuration);
+      return new $plugin_class(...$configuration);
     }
 
     // Otherwise, create the plugin as normal.

but this solves it for some constraints but causes errors in others I think because we are assuming the argument name? This will have to be spun off in a separate issue and solved before Drupal 12 and Symfony 8.

Add issues for specific dependencies from #6 to the issue summary.

https://github.com/micheh/phpcs-gitlab/releases/tag/2.0.0

https://github.com/micheh/phpcs-gitlab/compare/1.1.0...2.0.0

phpcs-gitlab is not really that big a change. Mostly changing how to hash/track issues, which prompted a 2.0.0 release.

json-schema has a BC break also on addError, which seems like it will be fun.

OK, let's update micheh/phpcs-gitlab here. We can allow both versions for BC but I don't think it will be a problem as it's only a dev dependency in the root package anyway.

📌 Bump PHPStan and family to latest versions Active is ready and an intermediate step to the latest.

Needs reroll.

Rebased, added some more updates that have landed since, the full set is now:

+----------------------------------+---------+--------------+
| Production Changes               | From    | To           |
+----------------------------------+---------+--------------+
| doctrine/deprecations            | 1.1.3   | 1.1.5        |
| egulias/email-validator          | 4.0.2   | 4.0.4        |
| guzzlehttp/guzzle                | 7.9.2   | 7.9.3        |
| guzzlehttp/promises              | 2.0.4   | 2.2.0        |
| guzzlehttp/psr7                  | 2.7.0   | 2.7.1        |
| mck89/peast                      | v1.16.3 | v1.17.0      |
| revolt/event-loop                | v1.0.6  | v1.0.7       |
| symfony/console                  | v7.2.0  | v7.3.0-BETA1 |
| symfony/dependency-injection     | v7.2.0  | v7.3.0-BETA1 |
| symfony/error-handler            | v7.2.0  | v7.2.5       |
| symfony/event-dispatcher         | v7.2.0  | v7.3.0-BETA1 |
| symfony/filesystem               | v7.2.0  | v7.3.0-BETA1 |
| symfony/finder                   | v7.2.0  | v7.3.0-BETA1 |
| symfony/http-foundation          | v7.2.0  | v7.3.0-BETA1 |
| symfony/http-kernel              | v7.2.0  | v7.3.0-BETA1 |
| symfony/mailer                   | v7.2.0  | v7.3.0-BETA1 |
| symfony/mime                     | v7.2.0  | v7.3.0-BETA1 |
| symfony/polyfill-ctype           | v1.31.0 | v1.32.0      |
| symfony/polyfill-iconv           | v1.31.0 | v1.32.0      |
| symfony/polyfill-intl-grapheme   | v1.31.0 | v1.32.0      |
| symfony/polyfill-intl-idn        | v1.31.0 | v1.32.0      |
| symfony/polyfill-intl-normalizer | v1.31.0 | v1.32.0      |
| symfony/polyfill-mbstring        | v1.31.0 | v1.32.0      |
| symfony/process                  | v7.2.0  | v7.3.0-BETA1 |
| symfony/psr-http-message-bridge  | v7.2.0  | v7.3.0-BETA1 |
| symfony/routing                  | v7.2.0  | v7.3.0-BETA1 |
| symfony/serializer               | v7.2.0  | v7.3.0-BETA1 |
| symfony/string                   | v7.2.0  | v7.2.6       |
| symfony/validator                | v7.2.0  | v7.3.0-BETA1 |
| symfony/var-dumper               | v7.2.0  | v7.2.6       |
| symfony/var-exporter             | v7.2.0  | v7.2.6       |
| symfony/yaml                     | v7.2.0  | v7.3.0-BETA1 |
| twig/twig                        | v3.19.0 | v3.21.1      |
+----------------------------------+---------+--------------+

+------------------------------------+----------+---------+
| Dev Changes                        | From     | To      |
+------------------------------------+----------+---------+
| brick/math                         | 0.12.1   | 0.12.3  |
| composer/ca-bundle                 | 1.5.4    | 1.5.6   |
| composer/class-map-generator       | 1.5.0    | 1.6.1   |
| composer/composer                  | 2.8.3    | 2.8.6   |
| google/protobuf                    | v4.29.1  | v4.30.2 |
| micheh/phpcs-gitlab                | 1.1.0    | 2.0.0   |
| myclabs/deep-copy                  | 1.12.1   | 1.13.1  |
| nikic/php-parser                   | v5.3.1   | v5.4.0  |
| open-telemetry/api                 | 1.1.1    | 1.2.3   |
| open-telemetry/context             | 1.1.0    | 1.2.1   |
| open-telemetry/exporter-otlp       | 1.1.0    | 1.2.1   |
| open-telemetry/gen-otlp-protobuf   | 1.2.1    | 1.5.0   |
| open-telemetry/sdk                 | 1.1.2    | 1.3.0   |
| open-telemetry/sem-conv            | 1.27.1   | 1.32.0  |
| phpdocumentor/reflection-docblock  | 5.6.1    | 5.6.2   |
| phpspec/prophecy                   | v1.20.0  | v1.22.0 |
| phpstan/phpdoc-parser              | 1.33.0   | 2.1.0   |
| phpunit/phpunit                    | 10.5.38  | 10.5.46 |
| ramsey/collection                  | 2.0.0    | 2.1.1   |
| sirbrillig/phpcs-variable-analysis | v2.11.21 | v2.12.0 |
| slevomat/coding-standard           | 8.15.0   | 8.18.0  |
| squizlabs/php_codesniffer          | 3.11.1   | 3.12.2  |
| symfony/browser-kit                | v7.2.0   | v7.2.4  |
| symfony/dom-crawler                | v7.2.0   | v7.2.4  |
| symfony/lock                       | v7.2.0   | v7.2.6  |
| tbachert/spi                       | v1.0.2   | v1.0.3  |
+------------------------------------+----------+---------+

phpstan is failing - might need the baseline rebuilt?

New deprecations in Twig 3.21, fixed directly instead of ignoring them.

Committed/pushed to 11.x, thanks!

Arggh that was from needs review :( Might ask in slack for a posthumous review/RTBC rather than reverting and recommitting.

+1 for the commit, nothing seems odd. Should some oddity show up, we can address from there IMHO.

In fact, generally speaking, I think we're overdoing with the standard process when it comes to dependency bumping (not in this case, though, there were a few code changes that are beyond the dependency increase).

Other projects automate this process (e.g. using Dependabot)

Automatically closed - issue fixed for 2 weeks with no activity.

RC1 of Symfony released so I filed 📌 Update Composer dependencies for 11.2.0 Active