- Issue created by @xiwar
The provided patch was successfully applied to my local Drupal 8.9 installation
- Status changed to RTBC
12 months ago 12:48pm 12 April 2024 - 🇦🇷Argentina darktek
I would like to use this patch but I'm wondering, what If I already have this module installed?
I applied the patch but even if I execute composer update I don't get any new update in my files.
Could someone help me please? - 🇨🇷Costa Rica maxmendez
After testing on a fresh installation, I found that dompdf/dompdf (v2.0.8) was automatically downloaded when requiring drupal/pdf_generator:^2.0, as shown below:
$ composer require 'drupal/pdf_generator:^2.0' ... - Locking dompdf/dompdf (v2.0.8) ...Considering this, the patch may not be strictly necessary, as updating dependencies seems sufficient to address the vulnerability. Reviewing the patch, it introduces minimal changes, so sites already using the module might only need to update their dependencies.
- 🇦🇷Argentina darktek
Even using this patch the module doesn't download the new dompdf library because the
composer.lockfile points out to the v2.0.
The idea is to have the v3.0 to avoid current warnings when you execute a composer install command:Warning: Ambiguous class resolution, "FontLib\OpenType\File" was found in both "/var/www/html/vendor/dompdf/php-font-lib/src/FontLib/OpenType/File.php" and "/var/www/html/vendor/phenx/php-font-lib/src/FontLib/OpenType/File.php", the first will be used.