[stable30] fix(deps): Bump doctrine/dbal from 3.8.3 to 3.9.1

[dependabot]

Bumps doctrine/dbal from 3.8.3 to 3.8.7.

Release notes

Sourced from doctrine/dbal's releases.

3.8.7

Release Notes for 3.8.7

3.8.7

• Total issues resolved: 0
• Total pull requests resolved: 8
• Total contributors: 6

Bugfixes

• 6483: Make the schema manager aware of the disabling of type comments thanks to @​stof
• 6363: Properly handle MySQL error code 4031 from PHP 8.4 thanks to @​mbeccati

Static Analysis

• 6476: Bump dev tools thanks to @​derrabus
• 6334: Make AbstractSchemaManager covariant to its template argument thanks to @​zerkms

Test Suite

• 6462: CI: Add MySQL 9, reduce test matrix thanks to @​derrabus

Documentation

• 6461: Complete sentence thanks to @​greg0ire

CI

• 6435: mariadb: add nightly workflow to facilitate mariadb "nightlies" thanks to @​grooverdan
• 6484: Adapt to mssql-docker breaking change thanks to @​greg0ire

3.8.6

Release Notes for 3.8.6

3.8.6

• Total issues resolved: 0
• Total pull requests resolved: 4
• Total contributors: 3

Code Style

• 6453: PHP CodeSniffer 3.10.1 thanks to @​derrabus

... (truncated)

Commits

• 2093d67 Merge pull request #6483 from stof/fix_type_comment_removal
• a456fbf Merge pull request #6484 from greg0ire/try-new-path
• 7e511f7 Adapt to mssql-docker breaking change
• 8ce05ed Make the schema manager aware of the disabling of type comments
• 8a7e9b7 Merge pull request #6334 from zerkms/patch-2
• f5d3777 Make AbstractSchemaManager covariant to its template argument
• 98c5b03 Bump dev tools (#6476)
• 349c833 Properly handle MySQL error code 4031 from PHP 8.4 (#6363)
• b35648d CI: Add MySQL 9, reduce test matrix (#6462)
• 893417f Merge pull request #6461 from greg0ire/finish-sentence
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[joshtrichards]

@dependabot recreate

[joshtrichards]

/composer-update

[joshtrichards]

Needs a server counterpart still, but just trying to nudge this along while I decipher how it's done. :)

Though looking at this I'm not clear why we needed a specific merge of 3.8.3 into stable29 previously (#1791). We're still on dbal 3.8.x even in master (#1754 / nextcloud/server#44683) so we should be safe doing this there. Maybe the only reason for #1791 was a timing thing?

[nickvergessen]

We're still on dbal 3.8.x even in master

Yeah which is not a problem. Actually updating to 4 is problematic. I started it in a PR but there are various heavily breaking things

[nickvergessen]

@dependabot recreate

[nickvergessen]

• Server PR: [stable30] fix(deps): Bump doctrine/dbal from 3.8.3 to 3.9.1 server#48330

Prod Packages	Operation	Base	Target
doctrine/dbal	Upgraded	3.8.3	3.9.1
doctrine/event-manager	Upgraded	1.2.0	2.0.1

[joshtrichards]

I may have worded my point poorly (or maybe the answer is obvious to you all already).

Aren't we just going to have to repeat this exercise to do the same change against master after we do this one? Shouldn't we first merge this change against master instead then backport as needed since we're using the same dbal 3.x?

master/v30/v29 all are already using 3.8.3

• bump master to 3.9.1
• backport to stable30 + stable29

v28 is using 3.7.0 (we can fix that too)

• backport to stable28 too

[susnux]

bump master to 3.9.1

I think the plan is to bump master to v4 once we found a migration for our API, as only v4 will support PHP 8.4.

[nickvergessen]

3rdparty can not be "backported" as composer file gets messed up by conflicts.
I will also update master to 3.9.1 soon.
But we can only run 1 update of a 3rdparty at a time for either server version, as the 3rdparty commit needs to be added to the server sibling PR.

Just did another PR in master in server due to security alert, so will come as well