I'm trying to update my Symfony 4.4.19 to Symfony 5.x but i've got two conflicts who are blocking the process:
symfony/monolog-bundle and roave/security-advisories
I'm running method composer update "symfony/*" --with-all-dependencies
In Symfony documentation about upgrading, it is clearly specified that "A few libraries starting with symfony/ follow their own versioning scheme. You do not need to update these versions: you can upgrade them independently whenever you want" and the example is...symfony/monolog-bundle
Updating dependencies
Problem 1
- Root composer.json requires symfony/monolog-bundle ^3.6 -> satisfiable by symfony/monolog-bundle[v3.6.0].
- symfony/monolog-bundle v3.6.0 requires symfony/http-kernel ~3.4 || ~4.0 || ^5.0 -> satisfiable by symfony/http-kernel[v5.0.0, ..., v5.0.11].
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.11.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.10.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.9.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.8.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.7.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.6.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.5.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.4.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.3.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.2.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.1.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.0.
- roave/security-advisories is locked to version dev-latest and an update of this package was not requested.
Here's my composer.json where i've replaced all 4.4 to 5.0 :
{
"type": "project",
"version": "1.2.0",
"license": "proprietary",
"require": {
"php": "^7.4.0",
"ext-ctype": "*",
"ext-iconv": "*",
"ext-intl": "*",
"ext-json": "*",
"abraham/twitteroauth": "^1.1",
"excelwebzone/recaptcha-bundle": "^1.5",
"facebook/graph-sdk": "^5.7",
"friendsofsymfony/rest-bundle": "^3.0",
"gesdinet/jwt-refresh-token-bundle": "^0.9.1",
"hamhamfonfon/astrobin-ws": "^2.0",
"jms/serializer-bundle": "^3.3",
"lexik/jwt-authentication-bundle": "^2.6",
"ruflin/elastica": "^6.0",
"sensio/framework-extra-bundle": "^5.2",
"symfony/asset": "^5.0",
"symfony/console": "^5.0",
"symfony/dotenv": "^5.0",
"symfony/expression-language": "^5.0",
"symfony/flex": "^1.11",
"symfony/form": "^5.0",
"symfony/framework-bundle": "^5.0",
"symfony/google-mailer": "5.0",
"symfony/http-client": "5.0",
"symfony/intl": "^5.0",
"symfony/mailer": "5.0.*",
"symfony/monolog-bundle": "^3.6",
"symfony/orm-pack": "^1.2",
"symfony/process": "5.0.*",
"symfony/requirements-checker": "^1.1",
"symfony/security-bundle": "^5.0",
"symfony/serializer": "^5.0",
"symfony/stopwatch": "^5.0",
"symfony/templating": "^5.0",
"symfony/translation": "^5.0",
"symfony/twig-bundle": "^5.0",
"symfony/validator": "^5.0",
"symfony/webpack-encore-bundle": "^1.0",
"symfony/yaml": "^5.0",
"twig/extensions": "^1.5"
},
//...
"extra": {
"symfony": {
"allow-contrib": false,
"require": "5.0.*"
}
},
"require-dev": {
"roave/security-advisories": "dev-latest",
"symfony/maker-bundle": "^1.12",
"symfony/profiler-pack": "^1.0",
"symfony/var-dumper": "^5.0"
}
}
I've made a "composer update" just before replacing 4.4 by 5.0 to be sure to be on the lastest version on 4.4.x version.
The problem is not really in monolog-bundle but as follows:
monolog-bundle requires symfony/http-kernel ~3.4 || ~4.0 || ^5.0
You restricted all Symfony components to 5.0 (by setting "extra" -> "symfony" -> "require" to 5.0.*). So the only fulfillable requirement for monolog-bundle is http-kernel 5.0.*
roave/security-advisories works by purposely conflicting with lib versions that have known security issues. In this case, every 5.0.* release has vulnerability CVE-2020-15094 (see https://symfony.com/blog/cve-2020-15094-prevent-rce-when-calling-untrusted-remote-with-cachinghttpclient) and is therefore blocked. So there is no valid version left and Composer aborts.
My suggestion: Symfony 5.0 reached end of life, so use the current release Symfony 5.2.x (Composer constraint "^5.2"). As Symfony uses strict Semantic Versioning there is no disadvantage for going to 5.2 instead of 5.0 (i.e. all code that runs on 5.0 will also run on 5.2).
Related
PHP Symfony Sylius on Windows 11 with docker
I launch a sylius:install and the 2 steps of 5 stop this : warning error
Step 2 of 5. Setting up the database.
-------------------------------------
Creating Sylius database for environment dev.
It appears that your database already exists.
Warning! This action will erase your database.
Would you like to reset it? (y/N) y
1/4 [░░░░░░░░ ] 25%
In ImagesRemoveListener.php line 40:
Attempted to call an undefined method named "getObjectManager" of class "Doctrine\ORM\Event\OnFlushEventArgs".
doctrine:migrations:migrate [--write-sql [WRITE-SQL]] [--dry-run] [--query-time] [--allow-no-migration] [--all-or-nothing [ALL-OR-NOTHING]] [--configuration CONFIGURATION] [--em EM] [--conn CONN] [--] [<version>]
I confirm have the Doctrine\ORM\Event\OnFlushEventArgs Class.
But nothing getObjectManager method into this.
This is the require of the composer :
"require": {
"php": "^8.0",
"sylius/paypal-plugin": "^1.2.1",
"sylius/sylius": "^1.12#dev",
"symfony/dotenv": "^5.4",
"symfony/flex": "^2.1"
},
"require-dev": {
"behat/behat": "^3.7",
"behat/mink-selenium2-driver": "^1.4",
"dmore/behat-chrome-extension": "^1.3",
"dmore/chrome-mink-driver": "^2.7",
"friends-of-behat/mink": "^1.8",
"friends-of-behat/mink-browserkit-driver": "^1.4",
"friends-of-behat/mink-debug-extension": "^2.0",
"friends-of-behat/mink-extension": "^2.4",
"friends-of-behat/page-object-extension": "^0.3",
"friends-of-behat/suite-settings-extension": "^1.0",
"friends-of-behat/symfony-extension": "^2.1",
"friends-of-behat/variadic-extension": "^1.3",
"lchrusciel/api-test-case": "^5.0",
"phpspec/phpspec": "^7.0",
"phpstan/extension-installer": "^1.0",
"phpstan/phpstan": "1.5.4",
"phpstan/phpstan-doctrine": "1.3.2",
"phpstan/phpstan-webmozart-assert": "^1.1",
"phpunit/phpunit": "^8.5",
"stripe/stripe-php": "^6.43",
"sylius-labs/coding-standard": "^4.0",
"symfony/browser-kit": "^5.4",
"symfony/debug-bundle": "^5.4",
"symfony/intl": "^5.4",
"symfony/web-profiler-bundle": "^5.4",
"polishsymfonycommunity/symfony-mocker-container": "^1.0"
},
The part dealing with doctrine into sylius/sylius vendor bundles composer.json file :
"doctrine/collections": "^1.6",
"doctrine/common": "^3.2",
"doctrine/dbal": "^2.7|^3.0",
"doctrine/doctrine-bundle": "^1.12 || ^2.0",
"doctrine/doctrine-migrations-bundle": "^3.0.1",
"doctrine/event-manager": "^1.1",
"doctrine/inflector": "^1.4 || ^2.0",
"doctrine/migrations": "^3.0",
"doctrine/orm": "^2.7",
"doctrine/persistence": "^2.3",
OnFlushEventArgs.php is part of doctrine/orm package. The 2.7 version.
Downgrade or update version of doctrine/orm ?
So I am trinyg to install twig extensions to use truncate() twig filter, and cannot do it for some dependencies incompatabilities
When I run composer require twig/extensions I get this message :
Your requirements could not be resolved to an installable set of packages.
Problem 1
- twig/extensions[v1.5.2, ..., 1.x-dev] require twig/twig ^1.27|^2.0 -> found twig/twig[v1.27.0, ..., 1.x-dev, v2.0.0, ..., 2.x-dev] but the package is fixed to v3.2.1 (lock file version) by a partial update and that version doe
s not match. Make sure you list it as an argument for the update command.
- twig/extensions[v1.5.0, ..., v1.5.1] require twig/twig ~1.27|~2.0 -> found twig/twig[v1.27.0, ..., 1.x-dev, v2.0.0, ..., 2.x-dev] but the package is fixed to v3.2.1 (lock file version) by a partial update and that version does
not match. Make sure you list it as an argument for the update command.
- Root composer.json requires twig/extensions ^1.5 -> satisfiable by twig/extensions[v1.5.0, ..., 1.x-dev].
Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.
Installation failed, reverting ./composer.json and ./composer.lock to their original content.
It suggest me to run it with -W option, when I run it composer require twig/extensions -W
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Conclusion: don't install twig/extensions v1.5.4 (conflict analysis result)
- symfony/http-kernel v5.2.2 conflicts with twig/twig v2.12.0.
- sensio/framework-extra-bundle v5.6.1 requires symfony/http-kernel ^4.4|^5.0 -> satisfiable by symfony/http-kernel[v5.2.2].
- twig/extra-bundle is locked to version v3.2.1 and an update of this package was not requested.
- sensio/framework-extra-bundle is locked to version v5.6.1 and an update of this package was not requested.
- Root composer.json requires twig/extensions ^1.5 -> satisfiable by twig/extensions[v1.5.0, ..., 1.x-dev].
- twig/extensions 1.x-dev requires twig/twig ^1.27|^2.0 -> satisfiable by twig/twig[v2.12.0, ..., 2.x-dev].
- You can only install one version of a package, so only one of these can be installed: twig/twig[v2.12.0, ..., 2.x-dev, v3.0.0-BETA1, ..., 3.x-dev].
- twig/extra-bundle v3.2.1 requires twig/twig ^3.2 -> satisfiable by twig/twig[v3.2.1, 3.x-dev].
- Conclusion: don't install twig/twig v3.2.1 (conflict analysis result)
This is my composer.json files require and require-dev
{
"require": {
"php": ">=7.2.5",
"ext-ctype": "*",
"ext-iconv": "*",
"composer/package-versions-deprecated": "1.11.99.1",
"doctrine/doctrine-bundle": "^2.2",
"doctrine/doctrine-migrations-bundle": "^3.0",
"doctrine/orm": "^2.8",
"sensio/framework-extra-bundle": "^5.6",
"symfony/asset": "5.2.*",
"symfony/console": "5.2.*",
"symfony/dotenv": "5.2.*",
"symfony/flex": "^1.3.1",
"symfony/form": "5.2.*",
"symfony/framework-bundle": "5.2.*",
"symfony/proxy-manager-bridge": "5.2.*",
"symfony/security-bundle": "5.2.*",
"symfony/stopwatch": "5.2.*",
"symfony/twig-bundle": "5.2.*",
"symfony/validator": "5.2.*",
"symfony/webpack-encore-bundle": "^1.8",
"symfony/yaml": "5.2.*",
"twig/extra-bundle": "^2.12|^3.0",
"twig/twig": "^2.12|^3.0"
},
"require-dev": {
"doctrine/doctrine-fixtures-bundle": "^3.4",
"symfony/maker-bundle": "^1.26",
"symfony/web-profiler-bundle": "5.2.*"
}
}
I'd like to add sonata-project/user-bundle to Symfony 3.4 project but i received the following error message, BTW, i already installed "sonata-project/doctrine-orm-admin-bundle" :
composer require "sonata-project/user-bundle"
-------------------------------
Using version ^4.7 for sonata-project/user-bundle
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.
Problem 1
- sonata-project/user-bundle 4.7.0 conflicts with sonata-project/core-bundle[3.17.2].
- sonata-project/user-bundle 4.7.0 conflicts with sonata-project/core-bundle[3.17.2].
- sonata-project/user-bundle 4.7.0 conflicts with sonata-project/core-bundle[3.17.2].
- Installation request for sonata-project/user-bundle ^4.7 -> satisfiable by sonata-project/user-bundle[4.7.0].
- Installation request for sonata-project/core-bundle (locked at 3.17.2) -> satisfiable by sonata-project/core-bundle[3.17.2].
For information, this the content of the composer.json file :
"require": {
"php": ">=5.5.9",
"doctrine/doctrine-bundle": "^1.6",
"doctrine/orm": "^2.5",
"incenteev/composer-parameter-handler": "^2.0",
"sensio/distribution-bundle": "^5.0.19",
"sensio/framework-extra-bundle": "^5.0.0",
"sonata-project/doctrine-orm-admin-bundle": "^3.8",
"symfony/monolog-bundle": "^3.1.0",
"symfony/polyfill-apcu": "^1.0",
"symfony/swiftmailer-bundle": "^2.6.4",
"symfony/symfony": "3.4.*",
"twig/twig": "^1.0||^2.0"
}
So what can i do please ?
After a composer update to fix some vulnerabilities on package used by my application, I handle an error:
The service "sensio_framework_extra.controller.listener" has a dependency on a non-existent service "annotation_reader"
As suggested in this answer, I tried to add the doctrine/annotations package, but it doesn't solved my issue (package seems to be already installed).
λ composer require doctrine/annotations
Using version ^1.8 for doctrine/annotations
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Restricting packages listed in "symfony/symfony" to "4.2.*"
Nothing to install or update
Here is the packages used by my composer.json:
"require": {
"php": "^7.1.3",
"ext-ctype": "*",
"ext-fileinfo": "*",
"ext-iconv": "*",
"ext-json": "*",
"doctrine/doctrine-fixtures-bundle": "^3.1",
"ekyna/payum-monetico-bundle": "^1.5",
"gedmo/doctrine-extensions": "^2.4",
"knplabs/knp-paginator-bundle": "^3.0",
"payum/offline": "^1.5",
"payum/paypal-express-checkout-nvp": "^1.5",
"payum/payum-bundle": "^2.3",
"php-http/guzzle6-adapter": "^2.0",
"sensio/framework-extra-bundle": "^5.1",
"stof/doctrine-extensions-bundle": "^1.3",
"symfony/asset": "4.2.*",
"symfony/console": "4.2.*",
"symfony/dotenv": "4.2.*",
"symfony/expression-language": "4.2.*",
"symfony/flex": "^1.1",
"symfony/form": "4.2.*",
"symfony/framework-bundle": "4.2.*",
"symfony/monolog-bundle": "^3.1",
"symfony/orm-pack": "1.*",
"symfony/process": "4.2.*",
"symfony/security-bundle": "4.2.*",
"symfony/serializer-pack": "1.*",
"symfony/swiftmailer-bundle": "^3.1",
"symfony/templating": "4.2.*",
"symfony/translation": "4.2.*",
"symfony/twig-bundle": "4.2.*",
"symfony/validator": "4.2.*",
"symfony/web-link": "4.2.*",
"symfony/webpack-encore-bundle": "^1.4",
"symfony/yaml": "4.2.*",
"twig/extensions": "^1.5",
"vich/uploader-bundle": "^1.8"
},
"require-dev": {
"codeception/codeception": "^2.5",
"codeception/c3": "2.*",
"friendsofphp/php-cs-fixer": "^2.14",
"php-coveralls/php-coveralls": "^2.1",
"phpmd/phpmd": "2.*",
"squizlabs/php_codesniffer": "*",
"symfony/debug-pack": "*",
"symfony/maker-bundle": "^1.11",
"symfony/profiler-pack": "*",
"symfony/test-pack": "^1.0",
"symfony/web-server-bundle": "4.2.*"
}
Edit :
I'm using all the framework, I've manually dropped cache to be sure there is no problem. I rebooted my dev computer too. Finally, I went around the problem by deploying my github project in another directory and application works fine. I don't close this question because I want to find the problem if it occurs in production.
since doctrine (or doctrine/annotations) itself does not register services (why would it), I looked up the doctrine bundles and the doctrine/doctrine-bundle provides the annotation_reader service: https://github.com/doctrine/DoctrineBundle/blob/af8ac792c9b970ff2bc25b49ab9b31afd9e03dbf/Resources/config/orm.xml#L82
I ran into a very similar error (The service "doctrine.orm.default_annotation_metadata_driver" has a dependency on a non-existent service "annotation_reader".) while trying to create a new setup. I have some instructions documented and had tried to composer install ormfixtures (--dev) before doctrine. Once I did that in the right order, everything was working as expected.
My specific example is from Twilio's instructions, which have these commands in this order:
composer req --dev maker ormfixtures fakerphp/faker
composer req doctrine twig
It worked when I reversed them to be in this order:
composer req doctrine twig
composer req --dev maker ormfixtures fakerphp/faker
I Had the same issue after a composer update from Symfony 4.4.
It was because I have replace de "Doctrine\Common" with "Doctrine" from all the using instead of "Doctrine\Common\Persistence" with "Doctrine\Persistence".
In other term: no matters why you have this error, it come from a broken namespace in your code.
This is the official link of the SensioFrameworkExtraBundle: https://symfony.com/doc/current/bundles/SensioFrameworkExtraBundle/index.html
I've been trying to install the cache/cache-bundle recipe into my symfony4 flex-configured project, but to no avail. I execute:
composer require cache/cache-bundle
And this is what I got on the shell:
Installing the cache-bundle generates a cache.yml file under config/packages/cache.yml, and its default content is:
cache:
session:
enabled: "%env(bool:SESSION_CACHE_ENABLED)%"
service_id: "cache.provider.default"
use_tagging: true
ttl: 7200
router:
enabled: "%env(bool:ROUTER_CACHE_ENABLED)%"
service_id: "cache.provider.default"
ttl: 86400
logging:
enabled: "%env(bool:APP_DEBUG)%"
logger: "logger"
level: "info"
The problematic line is the first "enabled" one. For some reason, Symfony or composer doesn't like that %env(bool:SESSION_CACHE_ENABLED)% and returns that error message:
Invalid type for path "cache.session.enabled". Expected boolean, but
got string.
SESSION_CACHE_ENABLED is a value introduced in the .env file of the project by composer in a block like this.
###> cache/cache-bundle ###
SESSION_CACHE_ENABLED=true
ROUTER_CACHE_ENABLED=false
###< cache/cache-bundle ###
Then, the question is if someone else has "suffered" this problem and found a fix or workaround to make this config work. My objective is to use this dependency in my mock project to cache arrays in memory to use them as a fake DB system.
I thought to open an issue about this, but since I'm not sure if this is a Simfony issue or just a problem in the recipe I preferred to ask here first.
And for the sake of completion, here's the list of current dependencies already in my project.
"require": {
"php": "^7.1.3",
"easycorp/easy-log-handler": "^1.0",
"friendsofsymfony/rest-bundle": "^2.3",
"hermes/bridge/common": "dev-master",
"hermes/common": "dev-master",
"jms/serializer": "^1.10",
"jms/serializer-bundle": "^2.3",
"ramsey/uuid": "^3.7",
"sensio/framework-extra-bundle": "^5.1",
"symfony/cache": "^4.0",
"symfony/console": "^4.0",
"symfony/framework-bundle": "^4.0",
"symfony/http-foundation": "^4.0",
"symfony/monolog-bundle": "^3.1",
"symfony/stopwatch": "^4.0",
"symfony/web-server-bundle": "^4.0",
"symfony/yaml": "^4.0"
},
"require-dev": {
"symfony/flex": "^1.0",
"symfony/dotenv": "^4.0"
}
I've seen questions about issues regarding booleans in dotenv files, but nothing conclusive for this question, I'm afraid.
Have you tried to get rid off the quotes around "%env(bool:SESSION_CACHE_ENABLED)%"?