Prestashop: Upgrade the latest Symfony LTS version

Thanks for opening this issue! We will help you to keep its state consistent

The first step is analyzing what needs to be done in order to be able to run on Sf 4.4

If the task seems too complex, we can postpone this for 1.7.9

FYI, we will have to update GuzzleHttp, TranslationsToolsBundle, Circuit-breaker, and many other packages that are not compatible with Symfony 4.

Symfony 4 uses guzzle? O_o

No, but csa guzzle bundle uses

        "symfony/framework-bundle": "^3.4",
        "symfony/dependency-injection": "^3.4",
        "symfony/http-kernel": "^3.4",
        "twig/twig": "^1.34|^2.4",
        "symfony/expression-language": "^3.4"

It's time to update our dependencies instead of continuing forking the world :(

You know that updating Guzzle will break a lot of modules

@eternoendless we will face this issue over and over in the incoming years. Even if we manage to release 1 major version per year, it will only mean "yeah this is a major update so we cant break whatever we want".

What if the root cause is different?

Hexagonal architecture teaches us not to rely on implementations but on interfaces to allow easy replacement of component. Maybe our mistake was to tell people our Composer dependencies are part of PrestaShop public API.

My question/suggestion is:

• should we continue to say all our Composer dependencies are part of PrestaShop public API? maybe we should define what belongs to it and what does not
• should we start creating interface (exemple: PHPCurlClientInterface) that are being implemented by a Guzzle Adapter, allowing us to modify Guzzle version behind the adapter at will while interface remains backward compatible

I know, but we can't continue to update forks, it's ugly and against all good practices :/

Yes but modules are using Guzzle now. What do we do with that?

Yes but modules are using Guzzle now. What do we do with that?

What about

1. we warn everybody that we cannot keep our SemVer promise for Guzzle (and other libs, to be identified) for PS 1.7.9 (= build article)
2. in 1.7.8 we introduce new interfaces and classes to wrap the future implementation and add deprecation messages for existing code
3. in 1.7.9 we perform the upgrade and we write a detailed article about what has been changed and how to update their code

By the way maybe we could look at the upgrade diff right for (step 3). Maybe actually there's not so many differences. Or it could be polyfilled.

We will have to be compatible with PHP8.0, Symfony 4.4 for the 1.7.8.0 and not only for security reasons. Using old, outdated and unmaintained packages is dangerous :/

From my point of view, the faster we warn everybody the less problems we'll have.

IMO communication is the key, let developers know as early as possible and they'll handle it, we know that it's impossible to keep everything backward compatible, I think it's time to stop wasting energy in a fight that cannot be won?

The problem is that module developers will be forced to maintain two separate packages for <1.7.8 and >1.7.8, and some developers might take a long time to do that, which may hold back adoption of 1.7.8.

One day or another, they will have to do it.
We use packages that are not maintained anymore, if they receive security issues, we will not be able to fix it without forking.
I think the solution from @matks is the best one. If we provide interface/helpers to use requests, it will do the job whatever the version of PS you used.