Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
From #3044175-12: [DO NOT COMMIT] Vendor minimum testing issue:
guzzlehttp/guzzle needs to be at least at 6.3 where CookieJar::getCookieByName was introduced
Proposed resolution
require guzzlehttp/guzzle ^6.3
Remaining tasks
User interface changes
API changes
Data model changes
Release notes snippet
Drupal core now explicitly requires Guzzle 6.3 or higher for the end of PHP 7.0's official security support and for forward compatibility Drupal 9's increased PHP version requirements.
Comment | File | Size | Author |
---|---|---|---|
#2 | 3086811-2.patch | 461 bytes | mondrake |
Comments
Comment #2
mondrakeHere's the patch. The package in composer.lock is already at 6.3.3, which is the latest stable, hence no chnages to composer.lock but just to core/composer.json.
Comment #3
Mile23You can see the fails this allows in the CI results in #3044175-8: [DO NOT COMMIT] Vendor minimum testing issue, specifically within the
Drupal\Tests\system\Functional\Session\
namespace.The patch works in the context of solving that CI fail.
But it also has this side effect in PHP 7.2 (from
--prefer-lowest
against HEAD to--prefer-lowest
against patched):If I start with HEAD and say
composer update --prefer-lowest
, I end up with this error:And I think this is fixed by the guzzle/psr7 update.
So this fixes potentially two problems with our lower constraint for guzzle.
Comment #4
alexpottCommitted bd68dbe and pushed to 8.8.x. Thanks!
Comment #6
jibranThe
drupal/core
package metadata is outdated in the lock file. After runningcomposer update drupal/core
I got following changes:Comment #7
alexpottLet's leave this alone for now. It's not causing any bugs (as far as I know) and this'll be fixed in #3039611: Update core PHP dependencies for 8.8.x which will hopefully land today / tomorrow.
Comment #8
alexpottAnd if I run composer update drupal/core on HEAD atm i get
So it's not just this change.
Comment #9
xjmComment #10
xjmAdded a release note snippet.
Comment #11
swentel CreditAttribution: swentel at eps & kaas for Dropsolid commentedThis probably caused a sudden failure in my tests for IndieWeb, starting from 8.8.x and 8.9.x branch. I don't have this problem in 8.7.x
Granted, it's funky stuff. I'm using guzzle internally to upload an image, and doing this with guzzle is overly underdocumented, so getting that right was a pain to begin with anyway.
See https://git.drupalcode.org/project/indieweb/blob/8.x-1.x/tests/src/Funct...
Anyway, I'll report back if I can confirm, but it might be interesting for other people if they are using this too. So, this is not a call need to revert this commit, I'll figure it out :)
(if anyone has tips if maybe something else starting from the 8.8.x branch might trigger upload failures though, very welcome too of course)
Comment #12
swentel CreditAttribution: swentel at eps & kaas for Dropsolid commentedActually, probably not guzzle, trying to figure it out now what else changed, sorry for the noise.
Comment #13
alexpott@swentel Drupal 8.7.x ships with a composer lock file
So we've not actually bumped the version here - so I'm not sure this is the cause.
Comment #14
alexpott@swentel here's the cause #3089697: Regression due to File::setValidationRequired in _file_save_upload_single()