Updating Dependencies in Tsugi
13 views
Skip to first unread message
Charles Severance
Mar 16, 2024, 10:35:04 AM3/16/24
to Tsugi Developers
Hi all,
I have been getting a few dependabot notices - lately about phpseclib. Some of you have opened issues or sent me notes.
Just so you know the way I do updates to dependencies is to do them in batches - because as soon as you advance one thing there is a bunch of knock-on effects. Sometimes you advance a dependency that has a dependency and next thing you know the minimum PHP version has changed on us - which can cause its own complex effects as we have seen.
I consider any dependency update something that needs to be done with care and a lot of testing.
I like to advance dependencies when the code feels pretty stable and master is running in a lot of servers. I then make a “safety tag/branch” in case something goes wrong and then I start releasing dependencies to go forward.
Since I only do it once in a while - I like moving the dependencies as far forward as they can go.
The good news is that I feel pretty good about the PHP 8.2 work and folds are using PHP 8.3 - so that major update feels settled and so it is probably a good time to start looking into advancing dependencies.
If folks are successfully running PHP 8.3 wiht master - that would be good to know. Most of my 20+ servers are on PHP 8.2 so I have little experience with PHP 8.3 - so any info from you all would be helpful in case the dependencies push up to move the minimum PHP version.
So I will start looking into it in the next few weeks - I like to do this *before* the end of my on campus semester so I can use my UMich students as beta testers :)
/Chuck
I have been getting a few dependabot notices - lately about phpseclib. Some of you have opened issues or sent me notes.
Just so you know the way I do updates to dependencies is to do them in batches - because as soon as you advance one thing there is a bunch of knock-on effects. Sometimes you advance a dependency that has a dependency and next thing you know the minimum PHP version has changed on us - which can cause its own complex effects as we have seen.
I consider any dependency update something that needs to be done with care and a lot of testing.
I like to advance dependencies when the code feels pretty stable and master is running in a lot of servers. I then make a “safety tag/branch” in case something goes wrong and then I start releasing dependencies to go forward.
Since I only do it once in a while - I like moving the dependencies as far forward as they can go.
The good news is that I feel pretty good about the PHP 8.2 work and folds are using PHP 8.3 - so that major update feels settled and so it is probably a good time to start looking into advancing dependencies.
If folks are successfully running PHP 8.3 wiht master - that would be good to know. Most of my 20+ servers are on PHP 8.2 so I have little experience with PHP 8.3 - so any info from you all would be helpful in case the dependencies push up to move the minimum PHP version.
So I will start looking into it in the next few weeks - I like to do this *before* the end of my on campus semester so I can use my UMich students as beta testers :)
/Chuck
Reply all
Reply to author
Forward
0 new messages