- Issue created by @andypost
- Merge request !12261Issue #3527142: Update Composer dependencies for 11.2.0 → (Open) created by andypost
- 🇫🇷France andypost
SF update
+------------------------------------+--------------+------------+ | Production Changes | From | To | +------------------------------------+--------------+------------+ | symfony/console | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/dependency-injection | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/deprecation-contracts | v3.5.1 | v3.6.0 | | symfony/error-handler | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/event-dispatcher | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/event-dispatcher-contracts | v3.5.1 | v3.6.0 | | symfony/filesystem | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/finder | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/http-foundation | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/http-kernel | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/mailer | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/mime | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/process | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/psr-http-message-bridge | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/routing | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/serializer | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/service-contracts | v3.5.1 | v3.6.0 | | symfony/string | v7.3.0-BETA1 | v7.2.6 | | symfony/translation-contracts | v3.5.1 | v3.6.0 | | symfony/validator | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/var-dumper | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/var-exporter | v7.3.0-BETA1 | v7.2.6 | | symfony/yaml | v7.3.0-BETA1 | v7.3.0-RC1 | | drupal/core-recipe-unpack | NEW | 11.x-dev | +------------------------------------+--------------+------------+ +----------------------+--------------+------------+ | Dev Changes | From | To | +----------------------+--------------+------------+ | symfony/browser-kit | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/css-selector | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/dom-crawler | v7.3.0-BETA1 | v7.3.0-RC1 | | symfony/lock | v7.3.0-BETA1 | v7.3.0-RC1 | +----------------------+--------------+------------+ - 🇫🇷France andypost
a bit more
+---------------------------+------+----------+ | Production Changes | From | To | +---------------------------+------+----------+ | drupal/core-recipe-unpack | NEW | 11.x-dev | +---------------------------+------+----------+ +------------------------------+-------+-------+ | Dev Changes | From | To | +------------------------------+-------+-------+ | composer/ca-bundle | 1.5.6 | 1.5.7 | | composer/spdx-licenses | 1.5.8 | 1.5.9 | | open-telemetry/api | 1.2.3 | 1.3.0 | | open-telemetry/exporter-otlp | 1.2.1 | 1.3.1 | | open-telemetry/sdk | 1.3.0 | 1.5.0 | +------------------------------+-------+-------+ - 🇫🇷France andypost
updated
cld --from 11.x +------------------------------------+--------------+--------+ | Production Changes | From | To | +------------------------------------+--------------+--------+ | symfony/console | v7.3.0-BETA1 | v7.3.0 | | symfony/dependency-injection | v7.3.0-BETA1 | v7.3.0 | | symfony/deprecation-contracts | v3.5.1 | v3.6.0 | | symfony/error-handler | v7.3.0-BETA1 | v7.3.0 | | symfony/event-dispatcher | v7.3.0-BETA1 | v7.3.0 | | symfony/event-dispatcher-contracts | v3.5.1 | v3.6.0 | | symfony/filesystem | v7.3.0-BETA1 | v7.3.0 | | symfony/finder | v7.3.0-BETA1 | v7.3.0 | | symfony/http-foundation | v7.3.0-BETA1 | v7.3.0 | | symfony/http-kernel | v7.3.0-BETA1 | v7.3.0 | | symfony/mailer | v7.3.0-BETA1 | v7.3.0 | | symfony/mime | v7.3.0-BETA1 | v7.3.0 | | symfony/process | v7.3.0-BETA1 | v7.3.0 | | symfony/psr-http-message-bridge | v7.3.0-BETA1 | v7.3.0 | | symfony/routing | v7.3.0-BETA1 | v7.3.0 | | symfony/serializer | v7.3.0-BETA1 | v7.3.0 | | symfony/service-contracts | v3.5.1 | v3.6.0 | | symfony/string | v7.3.0-BETA1 | v7.3.0 | | symfony/translation-contracts | v3.5.1 | v3.6.0 | | symfony/validator | v7.3.0-BETA1 | v7.3.0 | | symfony/var-dumper | v7.3.0-BETA1 | v7.3.0 | | symfony/var-exporter | v7.3.0-BETA1 | v7.3.0 | | symfony/yaml | v7.3.0-BETA1 | v7.3.0 | +------------------------------------+--------------+--------+ +------------------------------+--------------+--------+ | Dev Changes | From | To | +------------------------------+--------------+--------+ | composer/ca-bundle | 1.5.6 | 1.5.7 | | composer/spdx-licenses | 1.5.8 | 1.5.9 | | open-telemetry/api | 1.2.3 | 1.3.0 | | open-telemetry/exporter-otlp | 1.2.1 | 1.3.1 | | open-telemetry/sdk | 1.3.0 | 1.5.0 | | symfony/browser-kit | v7.3.0-BETA1 | v7.3.0 | | symfony/css-selector | v7.3.0-BETA1 | v7.3.0 | | symfony/dom-crawler | v7.3.0-BETA1 | v7.3.0 | | symfony/lock | v7.3.0-BETA1 | v7.3.0 | +------------------------------+--------------+--------+ - 🇺🇸United States smustgrave
Seems like good updates, any reason to be a draft? Don't want to premature mark
- 🇫🇷France andypost
I set it draft because there's other updates (
Color legend: - patch or minor release available - update recommended - major release available - update possible Direct dependencies required in composer.json: composer/composer 2.8.6 2.8.9 Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. drupal/coder 8.3.26 8.3.30 Coder is a library to review Drupal code. justinrainbow/json-schema 5.3.0 6.4.1 A library to validate a json schema. mglaman/phpstan-drupal 2.0.5 2.0.7 Drupal extension and rules for PHPStan phpspec/prophecy-phpunit 2.3.0 2.4.0 Integrating the Prophecy mocking library in PHPUnit test cases phpstan/phpstan 2.1.14 2.1.17 PHPStan - PHP Static Analysis Tool phpunit/phpunit 10.5.46 12.1.6 The PHP Unit Testing framework. Transitive dependencies not required in composer.json: brick/math 0.12.3 0.13.1 Arbitrary-precision arithmetic library doctrine/lexer 2.1.1 3.0.1 PHP Doctrine Lexer parser library that can be used in Top-Down, Recursive Descent Parsers. google/protobuf 4.30.2 4.31.1 proto library for PHP phpstan/phpstan-deprecation-rules 2.0.2 2.0.3 PHPStan rules for detecting usage of deprecated classes, methods, properties, constants and traits. phpunit/php-code-coverage 10.1.16 12.3.0 Library that provides collection, processing, and rendering functionality for PHP code coverage information. phpunit/php-file-iterator 4.1.0 6.0.0 FilterIterator implementation that filters files based on a list of suffixes. phpunit/php-invoker 4.0.0 6.0.0 Invoke callables with a timeout phpunit/php-text-template 3.0.1 5.0.0 Simple template engine. phpunit/php-timer 6.0.0 8.0.0 Utility class for timing sebastian/cli-parser 2.0.1 4.0.0 Library for parsing CLI options sebastian/code-unit 2.0.0 3.0.3 Collection of value objects that represent the PHP code units sebastian/code-unit-reverse-lookup 3.0.0 4.0.1 Looks up which function or method a line of code belongs to sebastian/comparator 5.0.3 7.0.1 Provides the functionality to compare PHP values for equality sebastian/complexity 3.2.0 5.0.0 Library for calculating the complexity of PHP code units sebastian/diff 5.1.1 7.0.0 Diff implementation sebastian/environment 6.1.0 8.0.2 Provides functionality to handle HHVM/PHP environments sebastian/exporter 5.1.2 7.0.0 Provides the functionality to export PHP variables for visualization sebastian/global-state 6.0.2 8.0.0 Snapshotting of global state sebastian/lines-of-code 2.0.2 4.0.0 Library for counting the lines of code in PHP source code sebastian/object-enumerator 5.0.0 7.0.0 Traverses array structures and object graphs to enumerate all referenced objects sebastian/object-reflector 3.0.0 5.0.0 Allows reflection of object attributes, including inherited and non-public ones sebastian/recursion-context 5.0.0 7.0.0 Provides functionality to recursively process PHP variables sebastian/type 4.0.0 6.0.2 Collection of value objects that represent the types of the PHP type system sebastian/version 4.0.1 6.0.0 Library that helps with managing the version number of Git-hosted PHP projects slevomat/coding-standard 8.18.0 8.18.1 Slevomat Coding Standard for PHP_CodeSniffer complements Consistence Coding Standard by providing sniffs with additional checks. squizlabs/php_codesniffer 3.12.2 3.13.0 PHP_CodeSniffer tokenizes PHP, JavaScript and CSS files and detects violations of a defined set of coding standards. - 🇫🇷France andypost
for example upgrade of
composer/composerrequire to updatejustinrainbow/json-schemato new major and adds new dependency - 🇺🇸United States smustgrave
So is this postponed in the related issues?
- 🇺🇸United States xjm
Symfony 7.3.0 is also now out, and could be given its own issue.
Symfony 7.3.0 is also now out, and could be given its own issue as it's more critical than other updates.
📌 Update to Symfony 7.3.0 Active
Since the draft MR here is green, just cherry-picked that commit to the MR there. https://git.drupalcode.org/project/drupal/-/merge_requests/12317
- 🇺🇸United States xjm
Yah, this issue could be postponed on the other.
- 🇫🇷France andypost
Update of
composer/*brings new library so it needs separate issue too - 🇫🇷France andypost
and coder has existing issue 📌 Update Coder to 8.3.28 Active
probably phpstan could stay here
- First commit to issue fork.
- 🇬🇧United Kingdom longwave UK
Coder is being handled in 📌 Update Coder to 8.3.28 Active , and we need to stay on PHPUnit 10 and Lexer 2 for now although we allow newer versions:
$ composer update --with=drupal/coder:8.3.26 --with=phpunit/phpunit:^10 --with=doctrine/lexer:^2 ... $ composer-lock-diff --no-links +-----------------------------------+---------+---------+ | Dev Changes | From | To | +-----------------------------------+---------+---------+ | brick/math | 0.12.3 | 0.13.1 | | composer/ca-bundle | 1.5.6 | 1.5.7 | | composer/composer | 2.8.6 | 2.8.9 | | composer/spdx-licenses | 1.5.8 | 1.5.9 | | google/protobuf | v4.30.2 | v4.31.1 | | justinrainbow/json-schema | 5.3.0 | 6.4.2 | | mglaman/phpstan-drupal | 2.0.5 | 2.0.7 | | nikic/php-parser | v5.4.0 | v5.5.0 | | open-telemetry/api | 1.2.3 | 1.3.0 | | open-telemetry/exporter-otlp | 1.2.1 | 1.3.1 | | open-telemetry/sdk | 1.3.0 | 1.5.0 | | phpspec/prophecy-phpunit | v2.3.0 | v2.4.0 | | phpstan/phpstan | 2.1.14 | 2.1.17 | | phpstan/phpstan-deprecation-rules | 2.0.2 | 2.0.3 | | ramsey/uuid | 4.7.6 | 4.8.1 | | slevomat/coding-standard | 8.18.0 | 8.19.1 | | squizlabs/php_codesniffer | 3.12.2 | 3.13.0 | | marc-mabe/php-enum | NEW | v4.7.1 | +-----------------------------------+---------+---------+ - 🇬🇧United Kingdom longwave UK
Let's defer PHPStan to 📌 Update PHPStan to 2.1.17 Active
- Merge request !12342Update all direct dependencies except phpstan and phpunit. → (Closed) created by catch
- 🇬🇧United Kingdom catch
Pushed a new MR that doesn't include a phpstan update https://git.drupalcode.org/project/drupal/-/merge_requests/12342
- 🇬🇧United Kingdom catch
The justinrainbow/json-schema phpstan fail was an real issue - with our previously unused forwards compatibility layer for the new version. Had to add a new dictionary entry for the new dev dependency added by justinrainbow.
Apart from that things seem OK - but tests still running.
- 🇬🇧United Kingdom longwave UK
@catch do we want to remove that FC/BC layer? We still allow
5.2 || ^6.3in composer.json. - 🇬🇧United Kingdom catch
@longwave the only way it could fail is if someone runs that specific core test with justinrainbow 5.x, which is not impossible, but if we keep it in we'd need to phpstan ignore the method call too.
- 🇬🇧United Kingdom longwave UK
Oh it's only in the test, I thought there was another compatibility layer somewhere but maybe that's in XB.
In which case let's just ship this and deal with Coder and PHPStan elsewhere.
- 🇮🇹Italy mondrake 🇮🇹
📌 Update PHPStan to 2.1.17 Active is also RTBC by the way
- 🇬🇧United Kingdom catch
If we got rid of composer.lock in core and had min/max testing I'd want to (or we'd have to more accurately) have the test deal with both versions, but the fact it was completely broken for json-schema 6, because we weren't running either phpstan or phpunit against that version, shows it would be easy to break it for json-schema 5 and not get notified. So I think we're better off without the pretence that we actually have test coverage against both versions.
- Merge request !12349Issue #3527142: Update --dev Composer dependencies for 11.2.0 → (Open) created by andypost
- 🇫🇷France andypost
new core dependency
marc-mabe/php-enum | NEW | v4.7.1needs more work if you upgrade composercreated MR without composer and phpstan (only dev deps left)
- 🇺🇸United States xjm
Build tests failed on some arcane issue, looks like a 500 error, but they passed when I re-triggered them.
I'm okay with scoping this to only the dev dependencies, although they're the least important part of it.
That said, this is going to conflict with 📌 Update PHPStan to 2.1.17 Active which I think is more important, so postponing for the moment.
Can we get a separate issue for Composer?
- 🇺🇸United States xjm
Okay, @catch (correctly) pointed out to me that since Composer is the most critical of the dependencies we need to update before RC, and since we already previously had a working merge request that updated Composer, it doesn't make sense to postpone Composer on the dev deps and PHPStan. In general, I'd actually prefer what @andypost did, scoping the dev dep updates separately from a disruptive Composer update that requires a major version update of something else, but in this particular instance we're already a week late on the RC, so we're going to go back to the previous merge request that includes Composer but not PHPStan.
NW for a release note, which can link https://github.com/jsonrainbow/json-schema/blob/master/UPGRADE-6.0.md and will supersede the release note for 📌 Allow 6.x version of justinrainbow/json-schema Active .
- 🇺🇸United States xjm
Added a release note; restoring the previous RTBC from @longwave since the RN is mostly just a revised version of the previous one about it being optional.
- 🇺🇸United States xjm
I just noticed my release note is incorrect -- we're updating the pinned version of
json-schema, but not the constraint. Correcting that now. - 🇺🇸United States xjm
Adding a note about declaring a conflict if the older version is required. Then they'll at least get an explicit error if they need to later do a security update of Composer and their JavaScript gets set on fire.
- 🇺🇸United States xjm
There's something called
brick/maththat also appears to be outdated when I update dev deps locally (and it's part of theramsey/uuidtree, not phpstan or phpunit), but as it's some pre-release something-or-other that's not important enough to block this on. - 🇺🇸United States xjm
Committed to 11.x and 11.2.x, thanks!
For all the same reasoning as above, I think we also need to backport the Composer update (with the accompanying breaking change to
justinrainbow/json-schemato the maintenance minor. So, can we get a 10.5.x version of this? Thanks! - Merge request !12352Issue #3527142: Back port composer updates to 10.5.x. → (Closed) created by godotislate
https://git.drupalcode.org/project/drupal/-/merge_requests/12352 against 10.5.x ready for review.
Automatically closed - issue fixed for 2 weeks with no activity.
