Skip to content

Ugrading 3 more libraries to unblock Symfony 7 upgrade #14847

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 4, 2025
Merged

Ugrading 3 more libraries to unblock Symfony 7 upgrade #14847

merged 1 commit into from
Apr 4, 2025

Conversation

escopecz
Copy link
Member

@escopecz escopecz commented Apr 3, 2025
edited
Loading

Q A
Bug fix? (use the a.b branch) ✔️
New feature/enhancement? (use the a.x branch) ✔️
Deprecations? ✔️
BC breaks? (use the c.x branch) ✔️
Automated tests included? ❌ Only the existing test suite
Related user documentation PR URL mautic/user-documentation#...
Related developer documentation PR URL mautic/developer-documentation-new#...
Issue(s) addressed Fixes #...

Description

Another blocker when trying to update symfony packages is symfony/dependency-injection. Here is the list of dependencies that are blocking this symfony package upgrade:

$ composer why-not symfony/dependency-injection ^7.2
exercise/htmlpurifier-bundle   4.1.2     requires         symfony/dependency-injection (^4.4 || ^5.0 || ^6.0) 
friendsofsymfony/rest-bundle   3.6.0     requires         symfony/dependency-injection (^5.4|^6.0)            
klapaudius/oauth-server-bundle 4.0.5     requires         symfony/dependency-injection (~6.0)                 
mautic/core-lib                6.0.0-dev requires         symfony/dependency-injection (^6.4)                 
sensio/framework-extra-bundle  v6.2.10   requires         symfony/dependency-injection (^4.4|^5.0|^6.0)       
symfony/dependency-injection   v7.2.5    requires         symfony/var-exporter (^6.4.20|^7.2.5)               
mautic/mautic                  7.x-dev   does not require symfony/var-exporter (but v6.4.13 is installed)

Among those is the sensio/framework-extra-bundle which isn't actually a direct Mautic dependency. These are the libraries that require this package:

$ composer why sensio/framework-extra-bundle
friendsofsymfony/rest-bundle 3.6.0   conflicts sensio/framework-extra-bundle (<6.1)                
noxlogic/ratelimit-bundle    v1.19.0 requires  sensio/framework-extra-bundle (^3.0|^4.0|^5.0|^6.0)

Let's update all 3 libraries that came up from the above research:

$ composer update exercise/htmlpurifier-bundle friendsofsymfony/rest-bundle noxlogic/ratelimit-bundle

Here are the changes made my this command:

Package operations: 1 install, 35 updates, 8 removals
  - Removing webmozart/assert (1.11.0)
  - Removing sensio/framework-extra-bundle (v6.2.10)
  - Removing phpspec/prophecy (v1.18.0)
  - Removing phpdocumentor/type-resolver (1.10.0)
  - Removing phpdocumentor/reflection-docblock (5.6.1)
  - Removing phpdocumentor/reflection-common (2.2.0)
  - Removing laminas/laminas-code (4.7.1)
  - Removing friendsofphp/proxy-manager-lts (v1.0.16)
  - Upgrading behat/gherkin (v4.9.0 => v4.12.0): Extracting archive
  - Upgrading symfony/yaml (v6.4.13 => v6.4.18): Extracting archive
  - Upgrading symfony/var-dumper (v6.4.15 => v6.4.18): Extracting archive
  - Upgrading symfony/finder (v6.4.13 => v6.4.17): Extracting archive
  - Upgrading symfony/string (v6.4.15 => v7.2.0): Extracting archive
  - Upgrading symfony/console (v6.4.15 => v6.4.17): Extracting archive
  - Upgrading sebastian/exporter (4.0.5 => 4.0.6): Extracting archive
  - Upgrading nikic/php-parser (v4.19.4 => v5.4.0): Extracting archive
  - Upgrading psy/psysh (v0.11.22 => v0.12.8): Extracting archive
  - Upgrading sebastian/resource-operations (3.0.3 => 3.0.4): Extracting archive
  - Upgrading sebastian/global-state (5.0.6 => 5.0.7): Extracting archive
  - Upgrading sebastian/cli-parser (1.0.1 => 1.0.2): Extracting archive
  - Upgrading theseer/tokenizer (1.2.2 => 1.2.3): Extracting archive
  - Upgrading phpunit/php-code-coverage (9.2.15 => 9.2.32): Extracting archive
  - Upgrading phar-io/manifest (2.0.3 => 2.0.4): Extracting archive
  - Upgrading myclabs/deep-copy (1.11.1 => 1.13.0): Extracting archive
  - Upgrading doctrine/instantiator (1.5.0 => 2.0.0): Extracting archive
  - Upgrading phpunit/phpunit (9.5.20 => 9.6.22): Extracting archive
  - Upgrading codeception/stub (4.1.3 => 4.1.4): Extracting archive
  - Upgrading codeception/lib-asserts (2.1.0 => 2.2.0): Extracting archive
  - Upgrading codeception/codeception (5.1.2 => 5.2.1): Extracting archive
  - Upgrading codeception/module-db (3.1.4 => 3.2.2): Extracting archive
  - Upgrading symfony/process (v6.4.15 => v6.4.19): Extracting archive
  - Upgrading php-webdriver/webdriver (1.15.1 => 1.15.2): Extracting archive
  - Upgrading psr/http-factory (1.0.2 => 1.1.0): Extracting archive
  - Upgrading guzzlehttp/psr7 (2.6.2 => 2.7.1): Extracting archive
  - Upgrading codeception/lib-web (1.0.6 => 1.0.7): Extracting archive
  - Upgrading doctrine/migrations (3.5.5 => 3.9.0): Extracting archive
  - Upgrading symfony/dependency-injection (v6.4.16 => v6.4.19): Extracting archive
  - Installing symfony/serializer (v6.4.18): Extracting archive
  - Upgrading oneup/uploader-bundle (3.2.1 => 5.0.1): Extracting archive
  - Upgrading noxlogic/ratelimit-bundle (v1.19.0 => 2.0.0): Extracting archive
  - Upgrading friendsofsymfony/rest-bundle (3.6.0 => 3.8.0): Extracting archive
  - Upgrading exercise/htmlpurifier-bundle (4.1.2 => 5.0): Extracting archive
  - Upgrading doctrine/doctrine-migrations-bundle (3.3.0 => 3.4.1): Extracting archive
  - Upgrading mautic/core-lib (6.0.0-dev => 7.0.0-dev): Source already present

And here is the improvement that this PR comes up with. The klapaudius/oauth-server-bundle must be upgraded together with Symfony as there is no version that support Symfony 6 and 7 so that cannot be done independently.

$ composer why-not symfony/dependency-injection ^7.2
klapaudius/oauth-server-bundle 4.0.5     requires         symfony/dependency-injection (~6.0)             
mautic/core-lib                7.0.0-dev requires         symfony/dependency-injection (^6.4)             
symfony/dependency-injection   7.3.x-dev requires         symfony/var-exporter (^6.4.20|^7.2.5)           
mautic/mautic                  7.x-dev   does not require symfony/var-exporter (but v6.4.13 is installed)

📋 Steps to test this PR:

  1. Open this PR on Gitpod or pull down for testing locally (see docs on testing PRs here)
  2. exercise/htmlpurifier-bundle is used for safe rendering of user-input HTML into Mautic user interface. Test a description with some HTML formatting on any entity. For example a segment. Ideally also test that it cannot execute any JS. Like <script>alert('XSS')</script>. It shouldn't show any alert.
  3. friendsofsymfony/rest-bundle is used for REST API. This will be tested by running the API Library tests.
  4. noxlogic/ratelimit-bundle is used for rate limiting. Unsure how to test that. But I found these docs.

@escopecz escopecz added this to the 7.0.0-alpha milestone Apr 3, 2025
@escopecz escopecz added code-review-needed PR's that require a code review before merging dependencies Pull requests that update a dependency file composer Any bugs or PRs relating to composer labels Apr 3, 2025
@escopecz
Copy link
Member Author

escopecz commented Apr 3, 2025

The API Library tests have passed: https://github.com/mautic/api-library/actions/runs/14251067412

shinde-rahul
shinde-rahul approved these changes Apr 4, 2025
View reviewed changes
Copy link
Contributor

@shinde-rahul shinde-rahul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good to me!!

Thanks @escopecz!!

matbcvo
matbcvo approved these changes Apr 4, 2025
View reviewed changes
Copy link
Contributor

@matbcvo matbcvo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code changes look good to me. I tested the PR and found no issues.

@matbcvo matbcvo added code-review-passed PRs which have passed code review user-testing-passed PRs which have been successfully tested by the required number of people. ready-to-commit PR's with 2 successful tests, 1 approval, automated tests and docs and is ready to be merged and removed code-review-needed PR's that require a code review before merging labels Apr 4, 2025
@escopecz escopecz merged commit ffeacf9 into mautic:7.x Apr 4, 2025
16 checks passed
@escopecz escopecz added the enhancement Any improvement to an existing feature or functionality label Aug 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matbcvo matbcvo matbcvo approved these changes

+1 more reviewer

@shinde-rahul shinde-rahul shinde-rahul approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
code-review-passed PRs which have passed code review composer Any bugs or PRs relating to composer dependencies Pull requests that update a dependency file enhancement Any improvement to an existing feature or functionality ready-to-commit PR's with 2 successful tests, 1 approval, automated tests and docs and is ready to be merged user-testing-passed PRs which have been successfully tested by the required number of people.
Projects
None yet
Milestone
7.0.0-alpha
Development

Successfully merging this pull request may close these issues.
3 participants
@escopecz @matbcvo @shinde-rahul