Downgrade utopia-php/storage to 0.* for compatibility

[TorstenDittmann]

Summary

Downgrades the utopia-php/storage dependency constraint from 1.0.* to 0.* to maintain compatibility with the broader dependency tree.

Changes

• Updated composer.json: utopia-php/storage 1.0.* → 0.*
• Updated composer.lock to reflect the resolved dependency tree

[greptile-apps]

Greptile Summary

This PR downgrades utopia-php/storage from 1.0.* to 0.* (resolving to 0.19.2) to restore dependency-tree compatibility. Beyond the intended downgrade, the lock file also updates a number of unrelated packages (google/protobuf, open-telemetry/*, several Symfony polyfills, utopia-php/cache, utopia-php/mongo, utopia-php/pools, utopia-php/telemetry, dev tools) and introduces three new transitive packages (utopia-php/di, utopia-php/framework, utopia-php/servers).

• utopia-php/storage 0.19.2 requires five non-standard native extensions (ext-brotli, ext-lz4, ext-snappy, ext-xz, ext-zstd) that the previous 1.0.0 did not, and its new transitive dependency utopia-php/framework 1.0.2 adds ext-swoole. None of these are declared in the project's own composer.json, so environments missing any of them will fail at composer install.

Confidence Score: 3/5

Needs verification that all non-standard native extensions required by the downgraded storage package are available in all deployment environments before merging.

A P1 finding is present: utopia-php/storage 0.19.2 introduces hard Composer requirements on five uncommon native extensions plus ext-swoole (via a new transitive dep), none of which are declared in the project composer.json. Missing any one of them would cause composer install to fail. The additional unrelated lock-file updates also widen the blast radius of the change, reducing confidence further.

composer.lock — the resolved utopia-php/storage 0.19.2 entry and the new utopia-php/framework 1.0.2 entry for the extension requirements.

Important Files Changed

Filename	Overview
composer.json	Single-line change downgrading utopia-php/storage from 1.0.* to 0.*; the broad 0.* constraint could resolve to any future 0.x minor release including breaking changes.
composer.lock	Lock file resolves storage to 0.19.2, pulling in three new transitive packages (utopia-php/di, utopia-php/framework, utopia-php/servers), five new non-standard native extensions, and a utopia-php/system downgrade from 0.10.0 to 0.9.0.

Comments Outside Diff (2)

1. composer.json, line 10 (link)

   Overly broad version constraint

   0.* allows Composer to resolve any future 0.x minor version. In 0.x semver, minor bumps are not required to be backwards-compatible, so a future composer update could pull in a breaking release. Pinning to the currently-resolved minor (0.19.*) would give the same compatibility fix while preventing unexpected API changes.

2. composer.lock, line 634-668 (link)

   New non-standard native extension requirements

   utopia-php/storage 0.19.2 declares hard require entries for five uncommon native extensions: ext-brotli, ext-lz4, ext-snappy, ext-xz, and ext-zstd. The previous 1.0.0 version only needed ext-curl, ext-simplexml, and ext-zlib. Additionally, the new transitive dependency utopia-php/framework 1.0.2 (brought in as a storage 0.19.2 dependency) requires ext-swoole. These extensions are not declared in the project's own composer.json, so deployment environments that lack any of them will fail at install time (or at runtime for Swoole). Please verify all six extensions are available in every CI, staging, and production target before merging.

_{Reviews (1): Last reviewed commit: "Downgrade utopia-php/storage to 0.* for ..." | Re-trigger Greptile}