Decompress files for aaa_update_test

Ok the only reference to this archive file is here:

    // Check to ensure an existing module can't be reinstalled. Also checks that
    // the archive was extracted since we can't know if the module is already
    // installed until after extraction.
    $validArchiveFile = __DIR__ . '/../../aaa_update_test.tar.gz';
    $edit = [
      'files[project_upload]' => $validArchiveFile,
    ];

I think we can just extract it and compress it right before this step as part of the step. It creates a bit of churn on each test, but it does solve the immediate security concern.

There are a lot of references in the code to modules/update/tests/aaa_update_test.module, that file does not exist though so I'm not sure if there is a process I'm missing that extracts the archive first.

Setting needs review for the two approaches in the IS.

Option 2 is not viable because we should be able to run tests without internet access.

I wonder if this is even worthwhile because update manager's ability to handle tarballs is going away once we have Automatic Updates, perhaps we should just do nothing until then (same for 📌 Decompress files for update_test_new_module Active )

I agree with longwave. And would rather see progress on 📌 Rework database update tests so we don't have to ship database dumps in git Active

I think as long as there is a way to generate it locally just like https://www.drupal.org/project/drupal/issues/3403649#comment-15331668 📌 Rework database update tests so we don't have to ship database dumps in git Active suggests it should be fine.

I also think this is much lower stakes and easier to tinker with than full DB dump generation.

We can also just postpone this and 📌 Decompress files for update_test_new_module Active

So should this be postponed?

Let me know if I'm wrong on this assumption.