- Issue created by @spokje
- last update
over 1 year ago 30,322 pass - last update
over 1 year ago 30,159 pass - last update
over 1 year ago 28,497 pass - last update
over 1 year ago 29,366 pass - Status changed to Needs review
over 1 year ago 8:32am 29 April 2023 - Status changed to RTBC
over 1 year ago 9:30am 29 April 2023 - Status changed to Fixed
over 1 year ago 9:32am 1 May 2023 - 🇬🇧United Kingdom catch
Committed/pushed the respective patches to the respective branches, thanks! Good idea to split this off.
- 🇳🇱Netherlands Eric_A
If I'm not mistaken only core-recommended constraints were updated and not core constraints.
Isn't the current policy still to also up core constraints (caret) for security updates? Meaning not just core-recommended constraints (tilde)?
Like for example when twig/twig was upped in core from ^2.15.0 to ^2.15.3 in drupal/core 9.4.7. (https://git.drupalcode.org/project/drupal/-/commit/82a7d4dd3077ef16b69f2...)
I think there are more recent examples out there, but not able to give one right now.
- 🇳🇱Netherlands Eric_A
If I'm not mistaken only core-recommended constraints were updated and not core constraints.
Isn't the current policy still to also up core constraints (caret) for security updates? Meaning not just core-recommended constraints (tilde)?
Like for example when twig/twig was upped in core from ^2.15.0 to ^2.15.3 in 9.4.7. (https://git.drupalcode.org/project/drupal/-/commit/82a7d4dd3077ef16b69f2...)
I think there are more recent examples out there, but not able to give one right now.
To be more precise: I am proposing to change ^2.4 to ^2.4.5 for 10.0 and 10.1. It's not an issue for the other branches because guzzlehttp/psr7 is not a core root requirement there.
- 🇬🇧United Kingdom catch
Eric_A I think that's a good idea but we can do it in a dedicated issue, can you open one?
- 🇳🇱Netherlands Eric_A
Eric_A I think that's a good idea but we can do it in a dedicated issue, can you open one?
Automatically closed - issue fixed for 2 weeks with no activity.