Update Composer dependencies for 11.2.0

Created on 2 May 2025, 8 days ago

Problem/Motivation

We should release 11.2.0 on the latest dependencies.

Steps to reproduce

$ composer outdated

Proposed resolution

$ composer update -W

Remaining tasks

User interface changes

Introduced terminology

API changes

Data model changes

Release notes snippet

📌 Task
Status

Active

Version

11.0 🔥

Component

composer

Created by

🇳🇿New Zealand quietone

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @quietone
  • 🇬🇧United Kingdom longwave UK

    Symfony 7.3.0-beta1 is released, this should include upgrading to that.

  • Merge request !12015#3522353 Update dependencies for 11.2 → (Open) created by longwave
  • 🇬🇧United Kingdom longwave UK
    +----------------------------------+---------+--------------+
    | Production Changes               | From    | To           |
    +----------------------------------+---------+--------------+
    | doctrine/deprecations            | 1.1.3   | 1.1.5        |
    | egulias/email-validator          | 4.0.2   | 4.0.4        |
    | guzzlehttp/guzzle                | 7.9.2   | 7.9.3        |
    | guzzlehttp/promises              | 2.0.4   | 2.2.0        |
    | guzzlehttp/psr7                  | 2.7.0   | 2.7.1        |
    | mck89/peast                      | v1.16.3 | v1.17.0      |
    | revolt/event-loop                | v1.0.6  | v1.0.7       |
    | symfony/console                  | v7.2.0  | v7.3.0-BETA1 |
    | symfony/dependency-injection     | v7.2.0  | v7.3.0-BETA1 |
    | symfony/error-handler            | v7.2.0  | v7.2.5       |
    | symfony/event-dispatcher         | v7.2.0  | v7.3.0-BETA1 |
    | symfony/filesystem               | v7.2.0  | v7.3.0-BETA1 |
    | symfony/finder                   | v7.2.0  | v7.3.0-BETA1 |
    | symfony/http-foundation          | v7.2.0  | v7.3.0-BETA1 |
    | symfony/http-kernel              | v7.2.0  | v7.3.0-BETA1 |
    | symfony/mailer                   | v7.2.0  | v7.3.0-BETA1 |
    | symfony/mime                     | v7.2.0  | v7.3.0-BETA1 |
    | symfony/polyfill-iconv           | v1.31.0 | v1.32.0      |
    | symfony/polyfill-intl-grapheme   | v1.31.0 | v1.32.0      |
    | symfony/polyfill-intl-normalizer | v1.31.0 | v1.32.0      |
    | symfony/polyfill-mbstring        | v1.31.0 | v1.32.0      |
    | symfony/process                  | v7.2.0  | v7.3.0-BETA1 |
    | symfony/psr-http-message-bridge  | v7.2.0  | v7.3.0-BETA1 |
    | symfony/routing                  | v7.2.0  | v7.3.0-BETA1 |
    | symfony/serializer               | v7.2.0  | v7.3.0-BETA1 |
    | symfony/string                   | v7.2.0  | v7.2.6       |
    | symfony/validator                | v7.2.0  | v7.3.0-BETA1 |
    | symfony/var-dumper               | v7.2.0  | v7.2.6       |
    | symfony/var-exporter             | v7.2.0  | v7.2.6       |
    | symfony/yaml                     | v7.2.0  | v7.3.0-BETA1 |
    | twig/twig                        | v3.19.0 | v3.20.0      |
    +----------------------------------+---------+--------------+
    
    +------------------------------------+----------+---------+
    | Dev Changes                        | From     | To      |
    +------------------------------------+----------+---------+
    | brick/math                         | 0.12.1   | 0.12.3  |
    | composer/ca-bundle                 | 1.5.4    | 1.5.6   |
    | composer/class-map-generator       | 1.5.0    | 1.6.1   |
    | composer/composer                  | 2.8.3    | 2.8.6   |
    | drupal/coder                       | 8.3.26   | 8.3.28  |
    | google/protobuf                    | v4.29.1  | v4.30.2 |
    | mglaman/phpstan-drupal             | 2.0.4    | 2.0.5   |
    | myclabs/deep-copy                  | 1.12.1   | 1.13.1  |
    | nikic/php-parser                   | v5.3.1   | v5.4.0  |
    | open-telemetry/api                 | 1.1.1    | 1.2.3   |
    | open-telemetry/exporter-otlp       | 1.1.0    | 1.2.1   |
    | open-telemetry/gen-otlp-protobuf   | 1.2.1    | 1.5.0   |
    | open-telemetry/sdk                 | 1.1.2    | 1.2.4   |
    | open-telemetry/sem-conv            | 1.27.1   | 1.30.0  |
    | phpdocumentor/reflection-docblock  | 5.6.1    | 5.6.2   |
    | phpspec/prophecy                   | v1.20.0  | v1.22.0 |
    | phpstan/phpdoc-parser              | 1.33.0   | 2.1.0   |
    | phpstan/phpstan                    | 2.1.11   | 2.1.13  |
    | phpstan/phpstan-deprecation-rules  | 2.0.1    | 2.0.2   |
    | phpunit/phpunit                    | 10.5.38  | 10.5.46 |
    | ramsey/collection                  | 2.0.0    | 2.1.1   |
    | sirbrillig/phpcs-variable-analysis | v2.11.21 | v2.12.0 |
    | slevomat/coding-standard           | 8.15.0   | 8.18.0  |
    | squizlabs/php_codesniffer          | 3.11.1   | 3.12.2  |
    | symfony/browser-kit                | v7.2.0   | v7.2.4  |
    | symfony/dom-crawler                | v7.2.0   | v7.2.4  |
    | symfony/lock                       | v7.2.0   | v7.2.6  |
    | tbachert/spi                       | v1.0.2   | v1.0.3  |
    +------------------------------------+----------+---------+
    
  • 🇬🇧United Kingdom longwave UK

    This leaves the following behind:

    Direct dependencies required in composer.json:
    composer/composer                  2.8.6   2.8.8  Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere.
    justinrainbow/json-schema          5.3.0   6.4.1  A library to validate a json schema.
    micheh/phpcs-gitlab                1.1.0   2.0.0  Gitlab Report for PHP_CodeSniffer (display the violations in the Gitlab CI/CD Code Quality Report)
    phpunit/phpunit                    10.5.46 12.1.4 The PHP Unit Testing framework.
    
    Transitive dependencies not required in composer.json:
    brick/math                         0.12.3  0.13.1 Arbitrary-precision arithmetic library
    doctrine/lexer                     2.1.1   3.0.1  PHP Doctrine Lexer parser library that can be used in Top-Down, Recursive Descent Parsers.
    

    composer/composer requires justinrainbow/json-schema 6
    justinrainbow/json-schema will be handled in 📌 Allow 6.x version of justinrainbow/json-schema Active
    micheh/phpcs-gitlab needs its own issue but doesn't feel important
    phpunit/phpunit first step is in 🌱 [meta] Support PHPUnit 11 in Drupal 10 Postponed
    brick/math requires ramsey/uuid to upgrade first
    doctrine/lexer will be handled in 📌 [PP-1] Make doctrine/lexer:^3.0 compatible with \Drupal\Component\Annotation\Doctrine. Active

  • Pipeline finished with Failed
    8 days ago
    Total: 158s
    #487245
  • 🇬🇧United Kingdom longwave UK

    Downgraded PHPStan and Coder, they will also need their own issues.

  • Pipeline finished with Failed
    8 days ago
    Total: 333s
    #487247
  • Pipeline finished with Failed
    8 days ago
    Total: 270s
    #487270
  • 🇬🇧United Kingdom longwave UK
    Since symfony/validator 7.3: Passing an array of options to configure the "Drupal\Core\Validation\Plugin\Validation\Constraint\RangeConstraint" constraint is deprecated, use named arguments instead.
    

    This seems like it will be painful to fix, the obvious change is

    --- a/core/lib/Drupal/Core/Validation/ConstraintFactory.php
    +++ b/core/lib/Drupal/Core/Validation/ConstraintFactory.php
    @@ -28,7 +28,7 @@ public function createInstance($plugin_id, array $configuration = []) {
     
         // If the plugin is a Symfony Constraint, use the correct constructor.
         if (is_subclass_of($plugin_class, Constraint::class)) {
    -      return new $plugin_class($configuration);
    +      return new $plugin_class(...$configuration);
         }
     
         // Otherwise, create the plugin as normal.
    

    but this solves it for some constraints but causes errors in others I think because we are assuming the argument name? This will have to be spun off in a separate issue and solved before Drupal 12 and Symfony 8.

  • Pipeline finished with Failed
    8 days ago
    Total: 628s
    #487277
  • 🇳🇿New Zealand quietone

    Add issues for specific dependencies from #6 to the issue summary.

  • 🇳🇱Netherlands bbrala Netherlands

    https://github.com/micheh/phpcs-gitlab/releases/tag/2.0.0

    https://github.com/micheh/phpcs-gitlab/compare/1.1.0...2.0.0

    phpcs-gitlab is not really that big a change. Mostly changing how to hash/track issues, which prompted a 2.0.0 release.

  • Pipeline finished with Failed
    8 days ago
    Total: 708s
    #487289
  • 🇳🇱Netherlands bbrala Netherlands

    json-schema has a BC break also on addError, which seems like it will be fun.

  • 🇬🇧United Kingdom longwave UK

    OK, let's update micheh/phpcs-gitlab here. We can allow both versions for BC but I don't think it will be a problem as it's only a dev dependency in the root package anyway.

  • Pipeline finished with Success
    8 days ago
    Total: 466s
    #487509
  • 🇮🇹Italy mondrake 🇮🇹

    📌 Bump PHPStan and family to latest versions Active is ready and an intermediate step to the latest.

  • 🇬🇧United Kingdom longwave UK
  • Pipeline finished with Success
    8 days ago
    Total: 629s
    #487672
  • Pipeline finished with Failed
    7 days ago
    Total: 248s
    #488226
  • Pipeline finished with Success
    7 days ago
    Total: 478s
    #488236
  • 🇬🇧United Kingdom longwave UK
  • 🇬🇧United Kingdom longwave UK

    Needs reroll.

  • 🇬🇧United Kingdom longwave UK

    Rebased, added some more updates that have landed since, the full set is now:

    +----------------------------------+---------+--------------+
    | Production Changes               | From    | To           |
    +----------------------------------+---------+--------------+
    | doctrine/deprecations            | 1.1.3   | 1.1.5        |
    | egulias/email-validator          | 4.0.2   | 4.0.4        |
    | guzzlehttp/guzzle                | 7.9.2   | 7.9.3        |
    | guzzlehttp/promises              | 2.0.4   | 2.2.0        |
    | guzzlehttp/psr7                  | 2.7.0   | 2.7.1        |
    | mck89/peast                      | v1.16.3 | v1.17.0      |
    | revolt/event-loop                | v1.0.6  | v1.0.7       |
    | symfony/console                  | v7.2.0  | v7.3.0-BETA1 |
    | symfony/dependency-injection     | v7.2.0  | v7.3.0-BETA1 |
    | symfony/error-handler            | v7.2.0  | v7.2.5       |
    | symfony/event-dispatcher         | v7.2.0  | v7.3.0-BETA1 |
    | symfony/filesystem               | v7.2.0  | v7.3.0-BETA1 |
    | symfony/finder                   | v7.2.0  | v7.3.0-BETA1 |
    | symfony/http-foundation          | v7.2.0  | v7.3.0-BETA1 |
    | symfony/http-kernel              | v7.2.0  | v7.3.0-BETA1 |
    | symfony/mailer                   | v7.2.0  | v7.3.0-BETA1 |
    | symfony/mime                     | v7.2.0  | v7.3.0-BETA1 |
    | symfony/polyfill-ctype           | v1.31.0 | v1.32.0      |
    | symfony/polyfill-iconv           | v1.31.0 | v1.32.0      |
    | symfony/polyfill-intl-grapheme   | v1.31.0 | v1.32.0      |
    | symfony/polyfill-intl-idn        | v1.31.0 | v1.32.0      |
    | symfony/polyfill-intl-normalizer | v1.31.0 | v1.32.0      |
    | symfony/polyfill-mbstring        | v1.31.0 | v1.32.0      |
    | symfony/process                  | v7.2.0  | v7.3.0-BETA1 |
    | symfony/psr-http-message-bridge  | v7.2.0  | v7.3.0-BETA1 |
    | symfony/routing                  | v7.2.0  | v7.3.0-BETA1 |
    | symfony/serializer               | v7.2.0  | v7.3.0-BETA1 |
    | symfony/string                   | v7.2.0  | v7.2.6       |
    | symfony/validator                | v7.2.0  | v7.3.0-BETA1 |
    | symfony/var-dumper               | v7.2.0  | v7.2.6       |
    | symfony/var-exporter             | v7.2.0  | v7.2.6       |
    | symfony/yaml                     | v7.2.0  | v7.3.0-BETA1 |
    | twig/twig                        | v3.19.0 | v3.21.1      |
    +----------------------------------+---------+--------------+
    
    +------------------------------------+----------+---------+
    | Dev Changes                        | From     | To      |
    +------------------------------------+----------+---------+
    | brick/math                         | 0.12.1   | 0.12.3  |
    | composer/ca-bundle                 | 1.5.4    | 1.5.6   |
    | composer/class-map-generator       | 1.5.0    | 1.6.1   |
    | composer/composer                  | 2.8.3    | 2.8.6   |
    | google/protobuf                    | v4.29.1  | v4.30.2 |
    | micheh/phpcs-gitlab                | 1.1.0    | 2.0.0   |
    | myclabs/deep-copy                  | 1.12.1   | 1.13.1  |
    | nikic/php-parser                   | v5.3.1   | v5.4.0  |
    | open-telemetry/api                 | 1.1.1    | 1.2.3   |
    | open-telemetry/context             | 1.1.0    | 1.2.1   |
    | open-telemetry/exporter-otlp       | 1.1.0    | 1.2.1   |
    | open-telemetry/gen-otlp-protobuf   | 1.2.1    | 1.5.0   |
    | open-telemetry/sdk                 | 1.1.2    | 1.3.0   |
    | open-telemetry/sem-conv            | 1.27.1   | 1.32.0  |
    | phpdocumentor/reflection-docblock  | 5.6.1    | 5.6.2   |
    | phpspec/prophecy                   | v1.20.0  | v1.22.0 |
    | phpstan/phpdoc-parser              | 1.33.0   | 2.1.0   |
    | phpunit/phpunit                    | 10.5.38  | 10.5.46 |
    | ramsey/collection                  | 2.0.0    | 2.1.1   |
    | sirbrillig/phpcs-variable-analysis | v2.11.21 | v2.12.0 |
    | slevomat/coding-standard           | 8.15.0   | 8.18.0  |
    | squizlabs/php_codesniffer          | 3.11.1   | 3.12.2  |
    | symfony/browser-kit                | v7.2.0   | v7.2.4  |
    | symfony/dom-crawler                | v7.2.0   | v7.2.4  |
    | symfony/lock                       | v7.2.0   | v7.2.6  |
    | tbachert/spi                       | v1.0.2   | v1.0.3  |
    +------------------------------------+----------+---------+
    
  • Pipeline finished with Failed
    2 days ago
    Total: 127s
    #492183
  • Pipeline finished with Failed
    2 days ago
    Total: 200s
    #492193
  • 🇬🇧United Kingdom catch

    phpstan is failing - might need the baseline rebuilt?

  • 🇬🇧United Kingdom longwave UK

    New deprecations in Twig 3.21, fixed directly instead of ignoring them.

  • Pipeline finished with Canceled
    2 days ago
    Total: 1595s
    #492216
    • catch committed 68f5d4d8 on 11.x
      Issue #3522353 by longwave, quietone, bbrala: Update Composer...
  • 🇬🇧United Kingdom catch

    Committed/pushed to 11.x, thanks!

    Arggh that was from needs review :( Might ask in slack for a posthumous review/RTBC rather than reverting and recommitting.

  • Pipeline finished with Success
    2 days ago
    #492253
  • 🇮🇹Italy mondrake 🇮🇹

    +1 for the commit, nothing seems odd. Should some oddity show up, we can address from there IMHO.

    In fact, generally speaking, I think we're overdoing with the standard process when it comes to dependency bumping (not in this case, though, there were a few code changes that are beyond the dependency increase).

    Other projects automate this process (e.g. using Dependabot)

Production build 0.71.5 2024