Joomla! Issue Tracker | Joomla! CMS #9157

Closed
6 Mar 2016
Medium
Build: master
# 9157

mbabker
19 Feb 2016

The following Composer dependencies are outdated and require updates:

joomla/filter 1.1.6 installed, 1.2.0 latest
joomla/session 1.3.0 installed, 1.3.1 latest
joomla/utilities 1.3.3 installed, 1.4.0 latest
paragonie/random_compat 1.0.10 installed, 1.2.1 latest
phpunit/phpunit 4.8.11 installed, 4.8.23 latest
symfony/polyfill-php56 1.0.0 installed, 1.1.0 latest
symfony/yaml 2.7.5 installed, 2.8.3 latest

mbabker - open - 19 Feb 2016

brianteeman - change - 19 Feb 2016

Category

⇒

External Library

photodude - comment - 20 Feb 2016

Should the CMS specific versions of these Joomla Framework packages also be updated? For example joomla/filter is not used by the CMS but a modified version is used located at libraries/joomla/filter.

From what I can tell this is the list

Vendor/Framework	CMS modified/outdated
`libraries/vendor/joomla/filter`	`libraries/joomla/filter`
`libraries/vendor/joomla/session`	`libraries/joomla/session`
`libraries/vendor/joomla/utilities`	`libraries/joomla/utilities`

mbabker - comment - 20 Feb 2016

"Modified version" === "legacy code" and yes eventually all should be updated eventually to point to the newer stuff as able.

photodude - comment - 20 Feb 2016

Would that also mean the some of the CMS specific changes need to be backported to the Framework?
For example the CMS filter version includes some additional code to "Strip Unicode Supplementary Characters when requested to do so" that the framework filter package is currently missing.

mbabker - comment - 20 Feb 2016

Eventually, yes, but in that context they must be non-CMS dependent (so specifically the JFilterInput constructor portion that tries to use the database connection to decide to strip USC shouldn't be in the FW, basically it wouldn't support the -1 value for that param that the CMS does, which is perfectly acceptable; there is nothing that mandates the CMS has to use the FW classes verbatim and cannot extend them with app specific additions or changes).

photodude - comment - 23 Feb 2016

Considering Outdated Dependencies; Should SimplePie be updated from 1.2 to 1.3.1?

mbabker - comment - 23 Feb 2016

Should it? Yes. Will it actually be tested and merged? Well, I leave the current outstanding PR as evidence...

photodude - comment - 23 Feb 2016

Like so many other things, #8735 and #8734 didn't get enough attention when they were opened and now they have merge conflicts slowing/blocking testing.

More or less my question was directed towards what Dependencies should or shouldn't be included in the list to be updated.

mbabker - comment - 23 Feb 2016

All of them. Short of a B/C break that is impossible to work around, all dependencies should always be at the latest versions.

brianteeman - change - 24 Feb 2016

Labels

Added: ?

photodude - comment - 25 Feb 2016

PHPUnit updated with merged PR #9203
Filter package update from #8734 is now included in PR #8681 (Needs review and Testing)

wilsonge - change - 2 Mar 2016

Labels

Added: ?

wilsonge - reference | f72c0a0 - 3 Mar 16

wilsonge - comment - 3 Mar 2016

I just manually updated the session package as we aren't using it in core

wilsonge - comment - 6 Mar 2016

Symfony dependencies updated with 23ce025 - YAML isn't used in core and manually reviewed the changes to the PHP 5.6 polyfill and they weren't patching functions we were using (and it's new to 3.5 anyhow)

wilsonge - comment - 6 Mar 2016

Utilities done with 8cb784f

wilsonge - comment - 6 Mar 2016

Final dependency updated in #9320

wilsonge - change - 6 Mar 2016

The description was changed

Status	New	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2016-03-06 20:33:43
Closed_By		⇒	wilsonge

wilsonge - close - 6 Mar 2016

wilsonge - change - 6 Mar 2016

Labels

Removed: ?

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#9157] - Outdated Dependencies

Add a Comment