Update Drupal Extension #4232

danepowell · 2020-08-27T22:52:40Z

Is your feature request related to a problem? Please describe.
via Slack, blt-require-dev depends on drupal-extension 3.x, which depends on a version of Drupal Driver with a vulnerability.

Describe the solution you'd like
Updating Drupal Extension to 4.x might also update Drupal Driver and fix the vulnerability, we need to confirm that.

Describe alternatives you've considered
Individual users can stop using blt-require-dev and pull in the dependencies manually, or possibly use Composer aliases to use a newer version of Drupal Driver / Drupal Extension than what BLT requires.

danepowell · 2020-09-02T21:04:05Z

We already use Drupal Extension 4.x in BLT 12 so I think it's safe to update.

danepowell added Enhancement A feature or feature request 11.x Affects or applies to 11.x labels Aug 27, 2020

danepowell added a commit to danepowell/blt that referenced this issue Sep 2, 2020

Fixes acquia#4232: Update drupal-extension

235e3f2

danepowell added a commit that referenced this issue Sep 2, 2020

Fixes #4232: Update drupal-extension (#4237)

1c0e076

danepowell mentioned this issue Sep 4, 2020

Fixes #4232: Update drupal-extension #4237

Merged

danepowell closed this as completed Mar 10, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update Drupal Extension #4232

Update Drupal Extension #4232

danepowell commented Aug 27, 2020

danepowell commented Sep 2, 2020

Update Drupal Extension #4232

Update Drupal Extension #4232

Comments

danepowell commented Aug 27, 2020

danepowell commented Sep 2, 2020