X Tutup
Skip to content

Bump PHP dependencies 2021-06-25#38891

Merged
micbar merged 1 commit intomasterfrom
php-dependencies-20210625
Jun 28, 2021
Merged

Bump PHP dependencies 2021-06-25#38891
micbar merged 1 commit intomasterfrom
php-dependencies-20210625

Conversation

@phil-davis
Copy link
Contributor

@phil-davis phil-davis commented Jun 25, 2021
edited
Loading

Description

$ composer update
Loading composer repositories with package information
Updating dependencies
Lock file operations: 1 install, 5 updates, 0 removals
  - Upgrading league/flysystem (1.0.70 => 1.1.4)
  - Locking league/mime-type-detection (1.7.0)
  - Upgrading punic/punic (3.5.1 => 3.6.0)
  - Upgrading roave/security-advisories (dev-master a197227 => dev-master ac0d045)
  - Upgrading symfony/service-contracts (v1.1.9 => v2.4.0)
  - Upgrading symfony/translation-contracts (v1.1.10 => v2.4.0)
Writing lock file

Note: with just a PHP 7.2 requirement, composer is today reporting:

$ composer update
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - league/flysystem[1.1.0, ..., 1.1.4] require php ^7.2.5 || ^8.0 -> your php version (7.2; overridden via config.platform, actual: 7.4.18) does not satisfy that requirement.
    - league/flysystem[1.0.0, ..., 1.0.70] conflict with roave/security-advisories dev-master.
    - Root composer.json requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master].
    - Root composer.json requires league/flysystem ^1.0 -> satisfiable by league/flysystem[1.0.0, ..., 1.1.4].

That happens because roave/security-advisories has added some entries related to league/flysystem. league/flysystem 1.0.* no longer matches for version selection, but league/flysystem 1.1.* requires at least PHP 7.2.5

So I have bumped the required PHP from just 7.2 to 7.2.5. 7.2.5 is already so old that I would be surprised if anyone is still running less than 7.2.5. Production installs of PHP 7,2 should bbe keeping the patch version up-to-date in order to have PHP 7.2 security patches anyway.

How Has This Been Tested?

CI

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Database schema changes (next release will require increase of minor version instead of patch)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:
  • Changelog item, see TEMPLATE

@phil-davis phil-davis added dependencies php Pull requests that update Php code labels Jun 25, 2021
@phil-davis phil-davis requested a review from micbar June 25, 2021 03:10
@phil-davis phil-davis self-assigned this Jun 25, 2021
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jun 25, 2021

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@micbar micbar merged commit e4082eb into master Jun 28, 2021
@delete-merged-branch delete-merged-branch bot deleted the php-dependencies-20210625 branch June 28, 2021 08:00
This was referenced Jul 4, 2021
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@micbar micbar micbar approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@phil-davis phil-davis

Labels

dependencies php Pull requests that update Php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@phil-davis @micbar
X Tutup