- Issue created by @harpade
- 🇩🇪Germany Feuerwagen Bonn 🇩🇪🇪🇺
Seems to be a duplicate of https://www.drupal.org/project/drupal/issues/3503195 🐛 twig/twig in drupal/recommended-settings is at it again Active
Reference: Twig security issue where escaping was missing when using null coalesce operator.
https://github.com/advisories/GHSA-3xg3-cgvq-2xwr
Attempting to update twig/twig to version 3.19.0 results in dependency conflicts with Drupal core and related packages.
Current Dependencies Blocking Update
composer why twig/twig
chi-teck/drupal-code-generator 4.1.0 requires twig/twig (^3.4)
drupal/core 11.1.1 requires twig/twig (^3.15.0)
drupal/core-recommended 11.1.1 requires twig/twig (~v3.16.0)
drupal/twig_tweak 3.4.0 requires twig/twig (^3.10.3)
symfony/http-kernel v7.2.3 conflicts twig/twig (<3.12)
Run the following command to update Twig:
composer require twig/twig:^3.19.0 --with-all-dependencies
Composer fails with dependency conflicts related to drupal/core-recommended, twig_tweak, and chi-teck/drupal-code-generator.
Update drupal/core-recommended to support twig/twig:^3.19.0.
Ensure compatibility updates for dependent modules like drupal/twig_tweak and chi-teck/drupal-code-generator.
Review and align with symfony/http-kernel requirements.
Identify necessary updates to drupal/core-recommended and related packages.
Investigate if other modules/extensions are affected.
Create/update patches to allow twig/twig:^3.19.0.
Test compatibility after updates
None expected.
Active
11.1 🔥
composer
Seems to be a duplicate of https://www.drupal.org/project/drupal/issues/3503195 🐛 twig/twig in drupal/recommended-settings is at it again Active