Symfony and Twig have had some updates recently, which we should bring in.
- Update which versions of the projects we're targeting in core/composer.json.
- We want to target 2.3 when Drupal 8 is released, so update the composer.json definition to look for
"<2.4". This way, it allows downloading 2.2, and 2.3, but won't update to 2.4.
- 1.11 is out. We were targeting 1.8.*, but Twig has a much faster release cycle. So, let's target
"1.*"instead so that 1.11 is brought in.
- Update the dependencies by running a composer update...
$ drush dl composer
$ cd core
$ drush composer update
- Verify the packages are updated using
drush composer show
doctrine/common [2.3.0] : Common Library for Doctrine projects
kriswallsmith/assetic [v1.1.0-alpha1] : Asset Management for PHP
symfony/class-loader [v2.1.3] : Symfony ClassLoader Component
symfony/dependency-injection [v2.1.3] : Symfony DependencyInjection Component
symfony/event-dispatcher [v2.1.3] : Symfony EventDispatcher Component
symfony/http-foundation [v2.1.3] : Symfony HttpFoundation Component
symfony/http-kernel [v2.1.3] : Symfony HttpKernel Component
symfony/process [v2.1.3] : Symfony Process Component
symfony/routing [v2.1.3] : Symfony Routing Component
symfony/serializer [v2.1.3] : Symfony Serializer Component
symfony/yaml [v2.1.3] : Symfony Yaml Component
twig/twig [v1.11.0] : Twig, the flexible, fast, and secure template language for PHP
Get a working, RTBC patch.
User interface changes
There are some updates in the Symfony API, but
@api code we're using stays the same.
Updating our out of date dependencies is partially or completely blocking a number of other issues, including:
#1561362: Change file_transfer() to use BinaryFileResponse (API cleanup)
#1854902: Document possible CSRF vulnerability in REST module (critical security issue)
#1855260: Make sure page caching works with accept header-based routing (Fixed bugs in HttpCache upstream)
#1831074: Send 415 Unsupported Media Type http header when serializer encounters an unsupported format (API cleanup)
#1289536: Add test coverage and/or one real use of PSR-3 based watchdog logger object (Revised logger)
(Add more here as they're identified)