I'm trying to update my Symfony 4.4.19 to Symfony 5.x but i've got two conflicts who are blocking the process: symfony/monolog-bundle and roave/security-advisories
I'm running method composer update "symfony/*" --with-all-dependencies
In Symfony documentation about upgrading, it is clearly specified that "A few libraries starting with symfony/ follow their own versioning scheme. You do not need to update these versions: you can upgrade them independently whenever you want" and the example is...symfony/monolog-bundle
Updating dependencies
Problem 1
- Root composer.json requires symfony/monolog-bundle ^3.6 -> satisfiable by symfony/monolog-bundle[v3.6.0].
- symfony/monolog-bundle v3.6.0 requires symfony/http-kernel ~3.4 || ~4.0 || ^5.0 -> satisfiable by symfony/http-kernel[v5.0.0, ..., v5.0.11].
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.11.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.10.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.9.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.8.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.7.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.6.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.5.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.4.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.3.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.2.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.1.
- roave/security-advisories dev-latest conflicts with symfony/http-kernel v5.0.0.
- roave/security-advisories is locked to version dev-latest and an update of this package was not requested.
Here's my composer.json where i've replaced all 4.4 to 5.0 :
{
"type": "project",
"version": "1.2.0",
"license": "proprietary",
"require": {
"php": "^7.4.0",
"ext-ctype": "*",
"ext-iconv": "*",
"ext-intl": "*",
"ext-json": "*",
"abraham/twitteroauth": "^1.1",
"excelwebzone/recaptcha-bundle": "^1.5",
"facebook/graph-sdk": "^5.7",
"friendsofsymfony/rest-bundle": "^3.0",
"gesdinet/jwt-refresh-token-bundle": "^0.9.1",
"hamhamfonfon/astrobin-ws": "^2.0",
"jms/serializer-bundle": "^3.3",
"lexik/jwt-authentication-bundle": "^2.6",
"ruflin/elastica": "^6.0",
"sensio/framework-extra-bundle": "^5.2",
"symfony/asset": "^5.0",
"symfony/console": "^5.0",
"symfony/dotenv": "^5.0",
"symfony/expression-language": "^5.0",
"symfony/flex": "^1.11",
"symfony/form": "^5.0",
"symfony/framework-bundle": "^5.0",
"symfony/google-mailer": "5.0",
"symfony/http-client": "5.0",
"symfony/intl": "^5.0",
"symfony/mailer": "5.0.*",
"symfony/monolog-bundle": "^3.6",
"symfony/orm-pack": "^1.2",
"symfony/process": "5.0.*",
"symfony/requirements-checker": "^1.1",
"symfony/security-bundle": "^5.0",
"symfony/serializer": "^5.0",
"symfony/stopwatch": "^5.0",
"symfony/templating": "^5.0",
"symfony/translation": "^5.0",
"symfony/twig-bundle": "^5.0",
"symfony/validator": "^5.0",
"symfony/webpack-encore-bundle": "^1.0",
"symfony/yaml": "^5.0",
"twig/extensions": "^1.5"
},
//...
"extra": {
"symfony": {
"allow-contrib": false,
"require": "5.0.*"
}
},
"require-dev": {
"roave/security-advisories": "dev-latest",
"symfony/maker-bundle": "^1.12",
"symfony/profiler-pack": "^1.0",
"symfony/var-dumper": "^5.0"
}
}
I've made a "composer update" just before replacing 4.4 by 5.0 to be sure to be on the lastest version on 4.4.x version.
The problem is not really in monolog-bundle but as follows:
My suggestion: Symfony 5.0 reached end of life, so use the current release Symfony 5.2.x (Composer constraint "^5.2"). As Symfony uses strict Semantic Versioning there is no disadvantage for going to 5.2 instead of 5.0 (i.e. all code that runs on 5.0 will also run on 5.2).