Composer Updates

User Story:

As the IT department, I want my site dependencies updated so that my site is secure as possible.

Acceptance Criteria:

(i) Scenario 1: Update composer packages Given that I am viewing the composer.json file Then all composer packages are up to date And all patches are still applicable.

• /rss.xml

• /node

• /taxonomy/term/%/feed

• /taxonomy/term/%

• /rest/session/token

• /session/token

• /machine_name/transliterate

• /filter/tips/plain_text

• /filter/tips

Implementation Details

() Review outdated dependencies with the terminal or in the admin ui /admin/reports/updates or $ composer outdate

() update any composer packages composer clear-cache export COMPOSER_PROCESS_TIMEOUT=2000 rm -rf vendor composer self-update composer update () check all patches are still current () remove composer dependencies we are not using () confirm site works as expected with all new updates

Description

note: This description field is a place for notes about past complications and notes for future dependency updates. When creating a new ticket for composer updates you must clone this ticket for history knowledge transfer. All dependency complications and issues must be documented in comments.

Notes about modules that need to be removed

MODULE_NAME

Modules left at outdated versions because of complications.

• mockery - was breaking behat tests

• faker - was breaking behat tests

• behat - behat 3.4 does not allow individual test execution

Testing Steps

Log into the dev site and go to /admin/reports/updates review the following modules are updated

• drupal core: "x"

• MODULE_NAME: "x"