Incompatible requirements with symfony 4

[yurtesen]

sonata-project/doctrine-orm-admin-bundle require symfony/security-acl ^2.8 || ^3.0 which has incompatible requirements. Besides symfony/security-acl seems to be abandoned?
Will there be a resolution for this?

[greg0ire]

I think making it optional could be a good first step

[yurtesen]

Can it be removed in next release from requirements then? Because I think now it is impossible to use SonataAdmin with doctrine and symfony 4 because of this.

[greg0ire]

Yes, it can. Please make a PR.

[yurtesen]

@greg0ire I do not know if it is safe to simply remove that requirement. Do you? Shouldn't somebody who knows what he is doing, do this change?

Actually, in my opinion, perhaps the best is to simply remove it because it is incompatible and symfony/security-acl is abandoned and should be phased out totally.

[greg0ire]

First, please prove that it has indeed incompatible requirements. I gave it a quick look and it doesn't seem so.

[yurtesen]

@greg0ire The problem is because latest release of security-acl currently require "symfony/security-core": "~2.8|~3.0" and if you had any package which installed security-core ^4.0 then you can't install doctrine orm admin anymore.

But more over, security-acl seems to be abandoned. Why not just lose the dead weight?

$ ../composer.phar info
psr/cache                    1.0.1              Common interface for caching libraries
psr/container                1.0.0              Common Container Interface (PHP FIG PSR-11)
psr/log                      1.0.2              Common interface for logging libraries
psr/simple-cache             1.0.0              Common interfaces for simple caching
symfony/cache                v4.0.1             Symfony Cache component with PSR-6, PSR-16, and tags
symfony/config               v4.0.1             Symfony Config Component
symfony/console              v4.0.1             Symfony Console Component
symfony/debug                v4.0.1             Symfony Debug Component
symfony/dependency-injection v3.4.1             Symfony DependencyInjection Component
symfony/dotenv               v4.0.1             Registers environment variables from a .env file
symfony/event-dispatcher     v4.0.1             Symfony EventDispatcher Component
symfony/filesystem           v4.0.1             Symfony Filesystem Component
symfony/finder               v4.0.1             Symfony Finder Component
symfony/flex                 v1.0.49
symfony/framework-bundle     v4.0.1             Symfony FrameworkBundle
symfony/http-foundation      v4.0.1             Symfony HttpFoundation Component
symfony/http-kernel          v4.0.1             Symfony HttpKernel Component
symfony/lts                  dev-master 396c5fc Enforces Long Term Supported versions of Symfony components
symfony/polyfill-mbstring    v1.6.0             Symfony polyfill for the Mbstring extension
symfony/routing              v4.0.1             Symfony Routing Component
symfony/security-core        v4.0.1             Symfony Security Component - Core Library
symfony/yaml                 v4.0.1             Symfony Yaml Component
$ ../composer.phar require sonata-project/doctrine-orm-admin-bundle
Using version ^3.2 for sonata-project/doctrine-orm-admin-bundle
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - symfony/security-acl v3.0.0 requires symfony/security-core ~2.8|~3.0 -> satisfiable by symfony/security-core[2.8.x-dev, 3.0.x-dev, 3.1.x-dev, 3.2.x-dev, 3.3.x-dev, 3.4.x-dev, v2.8.0, v2.8.0-BETA1, v2.8.1, v2.8.10, v2.8.11, v2.8.12, v2.8.13, v2.8.14, v2.8.15, v2.8.16, v2.8.17, v2.8.18, v2.8.19, v2.8.2, v2.8.20, v2.8.21, v2.8.22, v2.8.23, v2.8.24, v2.8.25, v2.8.26, v2.8.27, v2.8.28, v2.8.29, v2.8.3, v2.8.30, v2.8.31, v2.8.32, v2.8.4, v2.8.5, v2.8.6, v2.8.7, v2.8.8, v2.8.9, v3.0.0, v3.0.0-BETA1, v3.0.1, v3.0.2, v3.0.3, v3.0.4, v3.0.5, v3.0.6, v3.0.7, v3.0.8, v3.0.9, v3.1.0, v3.1.0-BETA1, v3.1.0-RC1, v3.1.1, v3.1.10, v3.1.2, v3.1.3, v3.1.4, v3.1.5, v3.1.6, v3.1.7, v3.1.8, v3.1.9, v3.2.0, v3.2.0-BETA1, v3.2.0-RC1, v3.2.0-RC2, v3.2.1, v3.2.10, v3.2.11, v3.2.12, v3.2.13, v3.2.14, v3.2.2, v3.2.3, v3.2.4, v3.2.5, v3.2.6, v3.2.7, v3.2.8, v3.2.9, v3.3.0, v3.3.0-BETA1, v3.3.0-RC1, v3.3.1, v3.3.10, v3.3.11, v3.3.12, v3.3.13, v3.3.14, v3.3.2, v3.3.3, v3.3.4, v3.3.5, v3.3.6, v3.3.7, v3.3.8, v3.3.9, v3.4.0, v3.4.0-BETA1, v3.4.0-BETA2, v3.4.0-BETA3, v3.4.0-BETA4, v3.4.0-RC1, v3.4.0-RC2, v3.4.1] but these conflict with your requirements or minimum-stability.
    - symfony/security-acl v2.8.0 requires symfony/security-core ~2.4|~3.0.0 -> satisfiable by symfony/security-core[2.4.x-dev, 2.5.x-dev, 2.6.x-dev, 2.7.x-dev, 2.8.x-dev, 3.0.x-dev, v2.4.0, v2.4.0-BETA1, v2.4.0-BETA2, v2.4.0-RC1, v2.4.1, v2.4.10, v2.4.2, v2.4.3, v2.4.4, v2.4.5, v2.4.6, v2.4.7, v2.4.8, v2.4.9, v2.5.0, v2.5.0-BETA1, v2.5.0-BETA2, v2.5.0-RC1, v2.5.1, v2.5.10, v2.5.11, v2.5.12, v2.5.2, v2.5.3, v2.5.4, v2.5.5, v2.5.6, v2.5.7, v2.5.8, v2.5.9, v2.6.0, v2.6.0-BETA1, v2.6.0-BETA2, v2.6.1, v2.6.10, v2.6.11, v2.6.12, v2.6.13, v2.6.2, v2.6.3, v2.6.4, v2.6.5, v2.6.6, v2.6.7, v2.6.8, v2.6.9, v2.7.0, v2.7.0-BETA1, v2.7.0-BETA2, v2.7.1, v2.7.10, v2.7.11, v2.7.12, v2.7.13, v2.7.14, v2.7.15, v2.7.16, v2.7.17, v2.7.18, v2.7.19, v2.7.2, v2.7.20, v2.7.21, v2.7.22, v2.7.23, v2.7.24, v2.7.25, v2.7.26, v2.7.27, v2.7.28, v2.7.29, v2.7.3, v2.7.30, v2.7.31, v2.7.32, v2.7.33, v2.7.34, v2.7.35, v2.7.36, v2.7.37, v2.7.38, v2.7.39, v2.7.4, v2.7.5, v2.7.6, v2.7.7, v2.7.8, v2.7.9, v2.8.0, v2.8.0-BETA1, v2.8.1, v2.8.10, v2.8.11, v2.8.12, v2.8.13, v2.8.14, v2.8.15, v2.8.16, v2.8.17, v2.8.18, v2.8.19, v2.8.2, v2.8.20, v2.8.21, v2.8.22, v2.8.23, v2.8.24, v2.8.25, v2.8.26, v2.8.27, v2.8.28, v2.8.29, v2.8.3, v2.8.30, v2.8.31, v2.8.32, v2.8.4, v2.8.5, v2.8.6, v2.8.7, v2.8.8, v2.8.9, v3.0.0, v3.0.0-BETA1, v3.0.1, v3.0.2, v3.0.3, v3.0.4, v3.0.5, v3.0.6, v3.0.7, v3.0.8, v3.0.9] but these conflict with your requirements or minimum-stability.
    - sonata-project/doctrine-orm-admin-bundle 3.2.0 requires symfony/security-acl ^2.8 || ^3.0 -> satisfiable by symfony/security-acl[v2.8.0, v3.0.0].
    - Installation request for sonata-project/doctrine-orm-admin-bundle ^3.2 -> satisfiable by sonata-project/doctrine-orm-admin-bundle[3.2.0].


Installation failed, reverting ./composer.json to its original content.

[greg0ire]

But more over, security-acl seems to be abandoned. Why not just lose the dead weight?

I'm all for it, but we can't do this in a minor. So maybe we'll do it in the next major, to be discussed, but before that, moving that requirement would be good IMO.

[jordisala1991]

It should be a require-dev on 3.x (that one will be easy) and it could be removed on master (this will take a lot of work)

[jaikdean]

symfony/security-acl v3.0.1 has just been released with Symfony 4 support, which closes this issue.

[greg0ire]

Link for the lazy: https://packagist.org/packages/symfony/security-acl#v3.0.1

[greg0ire]

Thanks @jaikdean !