Problem/Motivation
symfony/mime and symfony/var-dumper will be on v5 after committing #3088754: Update to Drupal 9 to Symfony 4.4.0. This issue will decide whether we want to constrain them in some way to keep them on a Symfony LTS version.
@mikelutz proposed some options in the original issue:
- Allow symfony/var-dumper and symfony/mime at 5.0, but know we will have to do a minor version bump before release and again in November 2020 in order to receive security updates through June 2021
- Explicitly require it at ^4 so that we can get security updates without requiring a minor version bump through the life of Drupal 9
- Conflict with =>5 so that we can get security updates without requiring a minor version bump through the life of Drupal 9
- Conflict with all of 5.0, 5.1, 5.2, 5.3? So that we get 4.4 or 5.4 but nothing in between.
The problem with an explicit require is that Drupal does not require them - our dependencies do. And the problem with a conflict is that we do not conflict with them.
Proposed resolution
Decide the best solution.