Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
Twig 1.23.0 is out. Drupal 8 currently uses Twig 1.22. And they have now released Twig 1.23.1
Twig packages
Proposed resolution
Update it
Remaining tasks
Do it
User interface changes
None
API changes
None
Data model changes
None
Comment | File | Size | Author |
---|---|---|---|
#15 | update_twig_to_1_23_1-2609110-15.patch | 102.32 KB | andypost |
#15 | interdiff.txt | 356 bytes | andypost |
Comments
Comment #2
TJacksonVA CreditAttribution: TJacksonVA commentedAnd they have now released Twig 1.23.1.
Comment #3
star-szrThanks! I've been tracking the changes more closely and I don't think I saw any red flags.
Comment #4
joelpittet@tjacksonva feel free to post a patch with the updated composer and twig code.
Comment #5
TJacksonVA CreditAttribution: TJacksonVA commented@joelpittet, unfortunately, I'm currently on the road and cannot get to it at this point.
Comment #6
andypostHere's a patch, should be critical according #2400407: [meta] Ensure vendor (PHP) libraries are on latest stable release
2 new interfaces
no security bugs in commits found
Comment #7
hussainwebI see this difference in the patch when I try to create it myself.
This block is not there when I run
composer update
. I also made sure by checking for the file$vendorDir . '/sebastian/global-state/src/CodeExporter.php'
and it was not present. I suspect this came in because of other updates?I am attaching a patch without this change.
Comment #8
joelpittetThanks both of you for tackling this. One thing that still needs to change
core/composer.json
I think that is all that would be needed further here then I'll RTBC.
Comment #9
hussainweb@joelpittet: I am not sure if I am missing something. Why would we need that constraint? Drupal would work with
1.22.2
version, right? Is there a reason we can't work with1.22.2
?Comment #10
joelpittetOh I wasn't seeing it as a constraint I saw it as the indicator of what version to install with composer install.
Maybe that's more an npm thing or I'm just mistaken.
We are preparing it for 2.x so it may be still worth updating the constraint.
Comment #11
joelpittetUntil release anyways it may good to keep things as fresh as possible.
Comment #12
andypost@hussainweb strange, because the patch is what I get on clean 8.0.x after
composer update twig/*
Comment #13
andypost@joelpittet until core shipped with libraries bundled we have to update them, at least until #1475510: Remove external dependencies from the core repo and let Composer manage the dependencies instead
Comment #14
joelpittet@andypost re #13 are you agreeing with me then re #8?
Comment #15
andypost@joelpittet yep, get you wrong, sorry
Comment #16
joelpittetExcellent:) I usually sound like I don't know what I'm talking about;)
Comment #17
hussainweb@andypost: Re #13, as an application, Drupal will still get the version we are updating to because of the lock file. In any case, we are updating to the version in the code itself. Tightening the constraint only makes Drupal difficult to use in a composer workflow where another constraint might clash.
Now, I don't imagine this constraint could cause any problems as the earlier constraint was so close. Generally, however, the principle is that the composer should specify minimum (and if necessary, maximum) versions of the components with which Drupal can work. We had discussion related to this earlier. See #2400407-53: [meta] Ensure vendor (PHP) libraries are on latest stable release and following.
Comment #18
andypost@hussainweb thanx for explanation, so what is you suggestion? keep the minimal working version or make it higher?
Comment #19
catchCommitted/pushed to 8.0.x, thanks!
Comment #21
hussainweb@andypost: It's already committed. :)
But just for the record, I'd prefer the minimum version with which Drupal works. It just gives maximum flexibility. In this case, it is not a problem because the difference between two constraints is really small. There are other cases where the version is not specified as it should be (we only need PHPUnit 4.6, but we require ~4.8, and there could be more).
We can let this be and we can really focus on the version constraints in a follow-up issue after we have #1475510: Remove external dependencies from the core repo and let Composer manage the dependencies instead.
Comment #22
catchYes I should have noted, I don't think this matters much until #1475510: Remove external dependencies from the core repo and let Composer manage the dependencies instead, but then it will matter a lot when we do that.