- Issue created by @drupalite1411
- 🇳🇿New Zealand quietone
Changes are made on on 11.x (our main development branch) first, and are then back ported as needed according to our policies. Also, 10.2 is in security mode now.
- Status changed to Postponed
about 1 month ago 3:29am 4 March 2025 - 🇺🇸United States luke.leber Pennsylvania
I've opened an upstream pull request that may resolve this linked to the issue that was reported upstream.
Hopefully the fix ends up being as simple as it seems!
- 🇺🇸United States greggles Denver, Colorado, USA
There is now a version of the upstream library that fixes this, so core should be adjusted to rely on that
- 🇺🇸United States luke.leber Pennsylvania
I couldn't actually find any instructions on how to upgrade composer dependencies in core issues, so I just took a wild guess. I'm guessing the automation will bark if it's way off-base.
- 🇬🇧United Kingdom catch
Committed/pushed to 11.x, thanks!
We definitely need to backport this to 10.5.x.
11.1 and 10.4 are possible, but this will need a backport MR for each branch.
- 🇺🇸United States luke.leber Pennsylvania
luke.leber → changed the visibility of the branch 3471642-upgrade-asm89stack-cors-to to hidden.
- 🇺🇸United States luke.leber Pennsylvania
Back to NR for !11689 (10.5.x) - I'm out of time to open other PR's, we've decided to patch this in as needed.
- 🇺🇸United States smustgrave
RTBC as 10.5 looks good.
Know this is a bug but do we push version updates to releases?
- 🇬🇧United Kingdom catch
Committed/pushed to 10.5.x, thanks!
@smustgrave we can update dependencies in patch releases, but we don't tend to do it routinely. Partly because it would be endless work, partly because patch releases of dependencies have caused regressions multiple times in the past so it's better to find this out in a minor release.