Page MenuHomePhabricator
Create Task
Maniphest T360973

Upgrade composer from 2.6.4 to 2.7.2
Closed, ResolvedPublic
Actions

Description

T347360: Upgrade composer from 2.5.1 to 2.6.4 | T376409: Upgrade composer to 2.8.x

As of originally writing, we were on 2.6.4 (rCICFdc08c879d390: dockerfiles: [composer-scratch] Upgrade composer to 2.6.4), upstream is now upto 2.7.2 (as of 2024-03-26; it was released 2024-03-11).

2.7.0 included https://github.com/advisories/GHSA-7c6p-848j-wh5h / https://blog.packagist.com/composer-2-7-and-cve-2024-24821/

Previous update was T347360: Upgrade composer from 2.5.1 to 2.6.4 (though, not everything is finished from that either).

Latest release in 2.7.x is 2.7.2 (2024-03-11).

  • Upgrade the CI docker images
  • Switch the first jenkins jobs over and test
  • Switch all remaining jobs
  • Re-build vendor
  • Update any documentation
  • Upgrade the developer docker images

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Follow-up 58bb1f9e1: Change build script image to one with composer 2.7.2, not 2.6.4mediawiki/vendormaster+7 -7
Rebuild with composer 2.7.2mediawiki/vendormaster+6 -4
Rebuild with composer 2.7.2mediawiki/vendorREL1_41+3 -3
Rebuild with composer 2.7.2mediawiki/vendorREL1_40+3 -3
Rebuild with composer 2.7.2mediawiki/vendorREL1_39+3 -3
Re-build on composer 2.7.2, up from 2.6.4mediawiki/vendormaster+11 -5
jjb: Update all PHP-based jobs to images with composer 2.7.sintegration/configmaster+93 -93
dockerfiles: [composer-scratch] Upgrade composer from 2.6.4 to 2.7.2integration/configmaster+254 -4
Customize query in gerrit

Related Objects

Event Timeline

Reedy created this task.Mar 26 2024, 1:13 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 26 2024, 1:13 AM
Jdforrester-WMF updated the task description. (Show Details)Apr 5 2024, 2:00 PM
gerritbot added a comment.Apr 5 2024, 2:17 PM

Change #1017293 had a related patch set uploaded (by Jforrester; author: Jforrester):

[integration/config@master] dockerfiles: [composer-scratch] Upgrade composer from 2.6.4 to 2.7.2

https://gerrit.wikimedia.org/r/1017293

gerritbot added a project: Patch-For-Review.Apr 5 2024, 2:17 PM
gerritbot added a comment.Apr 5 2024, 2:21 PM

Change #1017293 merged by jenkins-bot:

[integration/config@master] dockerfiles: [composer-scratch] Upgrade composer from 2.6.4 to 2.7.2

https://gerrit.wikimedia.org/r/1017293

Jdforrester-WMF updated the task description. (Show Details)Apr 5 2024, 2:22 PM
Stashbot added a comment.Apr 5 2024, 2:22 PM

Mentioned in SAL (#wikimedia-releng) [2024-04-05T14:22:54Z] <James_F> Docker: Building new images with composer 2.7.2 for T360973

Jdforrester-WMF updated the task description. (Show Details)Apr 5 2024, 2:24 PM
Jdforrester-WMF mentioned this in T347360: Upgrade composer from 2.5.1 to 2.6.4.
gerritbot added a comment.Apr 5 2024, 3:13 PM

Change #1017304 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/vendor@master] Rebuild with composer 2.7.2

https://gerrit.wikimedia.org/r/1017304

gerritbot added a comment.Apr 5 2024, 3:16 PM

Change #1017305 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/vendor@REL1_39] Rebuild with composer 2.7.2

https://gerrit.wikimedia.org/r/1017305

gerritbot added a comment.Apr 5 2024, 3:16 PM

Change #1017306 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/vendor@REL1_40] Rebuild with composer 2.7.2

https://gerrit.wikimedia.org/r/1017306

gerritbot added a comment.Apr 5 2024, 3:17 PM

Change #1017307 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/vendor@REL1_41] Rebuild with composer 2.7.2

https://gerrit.wikimedia.org/r/1017307

gerritbot added a comment.Apr 5 2024, 7:11 PM

Change #1017348 had a related patch set uploaded (by Jforrester; author: Jforrester):

[integration/config@master] jjb: Update all PHP-based jobs to images with composer 2.7.s

https://gerrit.wikimedia.org/r/1017348

Jdforrester-WMF updated the task description. (Show Details)Apr 5 2024, 7:31 PM
gerritbot added a comment.Apr 5 2024, 7:32 PM

Change #1017348 merged by jenkins-bot:

[integration/config@master] jjb: Update all PHP-based jobs to images with composer 2.7.s

https://gerrit.wikimedia.org/r/1017348

gerritbot added a comment.Apr 5 2024, 7:33 PM

Change #1017353 had a related patch set uploaded (by Jforrester; author: Jforrester):

[mediawiki/vendor@master] Re-build on composer 2.7.2, up from 2.6.4

https://gerrit.wikimedia.org/r/1017353

gerritbot added a comment.Apr 5 2024, 7:34 PM

Change #1017353 abandoned by Jforrester:

[mediawiki/vendor@master] Re-build on composer 2.7.2, up from 2.6.4

Reason:

Let's go with Reedy's versions.

https://gerrit.wikimedia.org/r/1017353

gerritbot added a comment.Apr 5 2024, 7:34 PM

Change #1017305 merged by Jforrester:

[mediawiki/vendor@REL1_39] Rebuild with composer 2.7.2

https://gerrit.wikimedia.org/r/1017305

gerritbot added a comment.Apr 5 2024, 7:34 PM

Change #1017306 merged by Jforrester:

[mediawiki/vendor@REL1_40] Rebuild with composer 2.7.2

https://gerrit.wikimedia.org/r/1017306

gerritbot added a comment.Apr 5 2024, 7:35 PM

Change #1017307 merged by Jforrester:

[mediawiki/vendor@REL1_41] Rebuild with composer 2.7.2

https://gerrit.wikimedia.org/r/1017307

gerritbot added a comment.Apr 5 2024, 7:56 PM

Change #1017304 merged by jenkins-bot:

[mediawiki/vendor@master] Rebuild with composer 2.7.2

https://gerrit.wikimedia.org/r/1017304

Jdforrester-WMF updated the task description. (Show Details)Apr 5 2024, 7:57 PM
ReleaseTaggerBot added a project: MW-1.42-notes (1.42.0-wmf.26; 2024-04-09).Apr 5 2024, 8:00 PM
Jdforrester-WMF moved this task from Blocker to Not a blocker on the MW-1.42-release board.Apr 8 2024, 2:09 PM
Jdforrester-WMF moved this task from Blocker to Not a blocker on the MW-1.39-release board.
Jdforrester-WMF moved this task from Blocker to Not a blocker on the MW-1.40-release board.
Jdforrester-WMF moved this task from Blocker to Not a blocker on the MW-1.41-release board.
Reedy removed a project: Patch-For-Review.Jun 13 2024, 11:52 AM
Reedy removed a project: MW-1.40-release.Jun 27 2024, 3:43 PM
gerritbot added a comment.Sep 3 2024, 1:07 PM

Change #1070246 had a related patch set uploaded (by Jforrester; author: Jforrester):

[mediawiki/vendor@master] Follow-up 58bb1f9e1: Change build script image to one with composer 2.7.2, not 2.6.4

https://gerrit.wikimedia.org/r/1070246

gerritbot added a project: Patch-For-Review.Sep 3 2024, 1:07 PM
Krinkle added projects: MediaWiki-Releasing, MediaWiki-Platform-Team (Radar).Sep 4 2024, 8:49 PM
gerritbot added a comment.Sep 4 2024, 9:12 PM

Change #1070246 merged by jenkins-bot:

[mediawiki/vendor@master] Follow-up 58bb1f9e1: Change build script image to one with composer 2.7.2, not 2.6.4

https://gerrit.wikimedia.org/r/1070246

Maintenance_bot removed a project: Patch-For-Review.Sep 4 2024, 9:30 PM
ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.22; 2024-09-10).Sep 4 2024, 10:00 PM
Reedy mentioned this in T376409: Upgrade composer to 2.8.x.Oct 3 2024, 5:25 PM
Reedy updated the task description. (Show Details)
Reedy renamed this task from Upgrade composer from 2.6.4 to 2.7.x to Upgrade composer from 2.6.4 to 2.7.2.Oct 6 2024, 1:09 PM
Reedy updated the task description. (Show Details)
Reedy closed this task as Resolved.Oct 6 2024, 1:11 PM
Reedy claimed this task.
Reedy removed Reedy as the assignee of this task.Oct 6 2024, 1:14 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits