pantheon recipie requires drush 10, which has security issues #173
Description
I think I have this right.
When running lando start on a new project I have taken ownership of, I'm seeing this error.
Problem 1
- Root composer.json requires drush/drush ^10 -> satisfiable by drush/drush[10.0.0, ..., 10.6.2].
- chi-teck/drupal-code-generator 1.30.5 requires twig/twig ^1.38.2 || ^2.10 -> found twig/twig[v1.38.2, ..., v1.44.8, v2.10.0, ..., v2.16.1] but these were not loaded, because they are affected by security advisories ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky", "PKSA-6319-ffpf-gx66", "PKSA-n7sg-8f52-pqtf", "PKSA-8kk8-h2xr-h5nx"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- chi-teck/drupal-code-generator[1.31.0, ..., 1.33.1] require twig/twig ^1.41 || ^2.12 -> found twig/twig[v1.41.0, ..., v1.44.8, v2.12.0, ..., v2.16.1] but these were not loaded, because they are affected by security advisories ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky", "PKSA-6319-ffpf-gx66", "PKSA-n7sg-8f52-pqtf", "PKSA-8kk8-h2xr-h5nx"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- drush/drush[10.0.0, ..., 10.3.1] require chi-teck/drupal-code-generator ^1.30.5 -> satisfiable by chi-teck/drupal-code-generator[1.30.5, ..., 1.33.1].
- drush/drush[10.3.2, ..., 10.6.2] require chi-teck/drupal-code-generator ^1.32.1 -> satisfiable by chi-teck/drupal-code-generator[1.32.1, 1.33.0, 1.33.1].
the composer.json for this project is actually up to date... and drush/drush is set to "^12 || ^13"...
I can run composer install, and composer update, "locally" and not see any errors.
But then when I run lando start or lando rebuild I get that error... and I remembered that lando runs its own composer job also...
Ive run lando update, and have
@lando/pantheon ✔ Up to date All good
And everything else is up to date as well.
Thank you.