Skip to content

Bump symfony/cache from 7.4.7 to 8.0.13#55

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/composer/symfony/cache-8.0.13
Open

Bump symfony/cache from 7.4.7 to 8.0.13#55
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/composer/symfony/cache-8.0.13

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 27, 2026
edited by cursor Bot
Loading

Bumps symfony/cache from 7.4.7 to 8.0.13.

Release notes

Sourced from symfony/cache's releases.

v8.0.13

Changelog (symfony/cache@v8.0.12...v8.0.13)

v8.0.12

Changelog (symfony/cache@v8.0.10...v8.0.12)

v8.0.10

Changelog (symfony/cache@v8.0.9...v8.0.10)

v8.0.9

Changelog (symfony/cache@v8.0.8...v8.0.9)

v8.0.8

Changelog (symfony/cache@v8.0.7...v8.0.8)

  • bug #63818 Ensure compatibility with Relay extension 0.21.0 (@​lyrixx)
  • bug #63747 Fix Psr16Cache::getMultiple() returning ValueWrapper with TagAwareAdapter (@​pcescon)
  • bug #63736 Fix undefined array key when tag save fails in AbstractTagAwareAdapter (@​pcescon)
  • bug #63655 Fix ChainAdapter ignoring item expiry when propagating to earlier adapters (@​guillaumeVDP)

v8.0.7

Changelog (symfony/cache@v8.0.6...v8.0.7)

v8.0.6

Changelog (symfony/cache@v8.0.5...v8.0.6)

v8.0.5

Changelog (symfony/cache@v8.0.4...v8.0.5)

... (truncated)

Changelog

Sourced from symfony/cache's changelog.

CHANGELOG

8.0

  • Remove CouchbaseBucketAdapter, use CouchbaseCollectionAdapter instead

7.4

  • Bump ext-redis to 6.1 and ext-relay to 0.12 minimum

7.3

  • Add support for \Relay\Cluster in RedisAdapter
  • Add support for valkey: / valkeys: schemes
  • Add support for namespace-based invalidation
  • Rename options "redis_cluster" and "redis_sentinel" to "cluster" and "sentinel" respectively

7.2

  • igbinary_serialize() is no longer used instead of serialize() by default when the igbinary extension is installed, due to behavior compatibilities between the two
  • Add optional Psr\Clock\ClockInterface parameter to ArrayAdapter

7.1

  • Add option sentinel_master as an alias for redis_sentinel
  • Deprecate CouchbaseBucketAdapter, use CouchbaseCollectionAdapter
  • Add support for URL encoded characters in Couchbase DSN
  • Add support for using DSN with PDOAdapter
  • The algorithm for the default cache namespace changed from SHA256 to XXH128

7.0

  • Add parameter $isSameDatabase to DoctrineDbalAdapter::configureSchema()
  • Drop support for Postgres < 9.5 and SQL Server < 2008 in DoctrineDbalAdapter

6.4

  • EarlyExpirationHandler no longer implements MessageHandlerInterface, rely on AsMessageHandler instead

6.3

... (truncated)

Commits
  • 75f9223 Merge branch '7.4' into 8.0
  • 4c09e18 Merge branch '6.4' into 7.4
  • 5490a57 Merge branch '5.4' into 6.4
  • bf58147 [Cache] skip tests for adapters that cannot clear by prefix
  • 62ee88d Merge branch '7.4' into 8.0
  • f796e47 Ignore Doctrine DBAL deprecations that can't be worked around
  • 12cc026 Merge branch '7.4' into 8.0
  • bf9d30f Merge branch '6.4' into 7.4
  • 03472b6 [Cache] Fix strlen(null) deprecation on RelayCluster path in RedisTrait::doCl...
  • 8602405 Merge branch '5.4' into 6.4
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note

Medium Risk
Major-version cache dependency with PHP 8.4+ requirement affects dev-tooling paths; low production surface if cache is dev-only, but CI/runtime PHP version mismatch is the main failure mode.

Overview
Updates composer.lock only: bumps symfony/cache from 7.4.7 to 8.0.13 (major) and pulls aligned Symfony contract / support packages (symfony/cache-contracts, symfony/deprecation-contracts, symfony/service-contracts, symfony/var-exporter).

The resolved symfony/cache tree now requires PHP >= 8.4 (was >= 8.2) and symfony/var-exporter ^7.4|^8.0 at v8.0.9. Dependency metadata in the lockfile reflects Symfony 8 constraints (e.g. trimmed conflicts, dev deps pinned to ^7.4|^8.0). No application source files change—verify CI/dev environments run PHP 8.4+ and that dev tooling (e.g. phplint) still passes after the upgrade.

Reviewed by Cursor Bugbot for commit 66964bb. Bugbot is set up for automated code reviews on this repo. Configure here.

@dependabot
Bump symfony/cache from 7.4.7 to 8.0.13
66964bb 
Bumps [symfony/cache](https://github.com/symfony/cache) from 7.4.7 to 8.0.13.
- [Release notes](https://github.com/symfony/cache/releases)
- [Changelog](https://github.com/symfony/cache/blob/8.1/CHANGELOG.md)
- [Commits](symfony/cache@v7.4.7...v8.0.13)

---
updated-dependencies:
- dependency-name: symfony/cache
  dependency-version: 8.0.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels May 27, 2026
cursor[bot]
cursor Bot reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 66964bb. Configure here.

Comment thread composer.lock
},
"require": {
"php": ">=8.2",
"php": ">=8.4",
Copy link
Copy Markdown

@cursor cursor Bot May 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Major version bump breaks PHP 8.3 CI pipeline

High Severity

The bump from symfony/cache v7.4.7 to v8.0.13 introduces a php >= 8.4 requirement, but the project's CI pipeline in .github/workflows/quality.yml runs on PHP 8.3. The composer install step will fail because the locked symfony/cache and symfony/var-exporter packages refuse to install on PHP versions below 8.4. This is a major version bump (7.x → 8.x) disguised as a security patch that silently raises the minimum PHP version.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 66964bb. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants