Janitorial: bump various dependencies #40286

tbradsha · 2024-11-20T22:21:32Z

This bumps a few dependencies now that we're no longer bound to PHP <7.2.

Proposed changes:

The details are in each commit, but mostly the bumps didn't cause any issues, with one exception that required some minor adjustment due to a PhpDocParser API change: 78c163b

I also updated all packages using automattic/wordbless to ^0.4.2 instead of variations that ultimately pulled the same thing.

Other dependencies that could be bumped

yoast/phpunit-polyfills

Currently there are 90 packages on ^1.1.1. This is a big project (see also p1732198254207959/1732037783.177369-slack-C05Q5HSS013).

symfony/process

This is found in automattic/jetpack-changelogger.
Currently first three items have (Windows) security bulletins. 5.4.46 is the first without one, but requires PHP 7.2.5, so we may as well bump PHP too, then bump this dependency to ^5.4 || ^6.4 || ^7.1

symfony/console

This is found in automattic/jetpack-changelogger. I recommend bumping the dependency to ^5.4 || ^6.4 || ^7.1 (assuming we'll be bumping PHP to 7.2.5; see above).

dompdf/dompdf

This is found in automattic/jetpackcrm. I tried bumping it to ^3.0, but this messed up formatting, so will take a bit more digging.

composer-plugin-api and composer/composer

Both automattic/jetpack-autoloader and automattic/jetpack-composer-plugin use these. I believe they can bumped safely (and/or removed) but documentation is scarce as to why we use them in the first place.

dealerdirect/phpcodesniffer-composer-installer

Both automattic/jetpack-codesniffer and automattic/wpcomsh use this. This one is over my head as well.

Other information:

Have you written new tests for your changes, if applicable?
Have you checked the E2E test CI results, and verified that your changes do not break them?
Have you tested your changes on WordPress.com, if applicable (if so, you'll see a generated comment below with a script to run)?

Jetpack product discussion

Does this pull request change what data or activity we track or use?

Testing instructions:

Verify tests pass?

nikic/php-parser: drop PHP 7.0

nikic/php-parser: drop old PHPUnit phpstan/phpdoc-parser: drop PHP 7.2 symfony/console: just because

antecedent/patchwork: PHP >=5.4 → PHP >=7.1

antecedent/patchwork: PHP >=5.4 → PHP >=7.1 johnkary/phpunit-speedtrap: PHP >=7.0 → PHP >=7.1

automattic/woocommerce: PHP >=5.4 → >=7.1

github-actions · 2024-11-20T22:22:37Z

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

✅ Include a description of your PR changes.
✅ Add a "[Status]" label (In Progress, Needs Team Review, ...).
✅ Add testing instructions.
✅ Specify whether this PR includes any changes to data or privacy.
✅ Add changelog entries to affected projects

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

The e2e test report can be found here. Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available.

Follow this PR Review Process:

Ensure all required checks appearing at the bottom of this PR are passing.
Choose a review path based on your changes:
- A. Team Review: add the "[Status] Needs Team Review" label
  - For most changes, including minor cross-team impacts.
  - Example: Updating a team-specific component or a small change to a shared library.
- B. Crew Review: add the "[Status] Needs Review" label
  - For significant changes to core functionality.
  - Example: Major updates to a shared library or complex features.
- C. Both: Start with Team, then request Crew
  - For complex changes or when you need extra confidence.
  - Example: Refactor affecting multiple systems.
Get at least one approval before merging.

Still unsure? Reach out in #jetpack-developers for guidance!

Beta plugin:

Next scheduled release: none scheduled.