Issues Updating Drupal Core from 8.5.1 to 8.5.3

Introduction

Another highly critical security advisory has been issued for Drupal.

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core – Highly critical – Remote Code Execution – SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.

I ran into two different issues when updating from Drupal version 8.5.1 to 8.5.3 using composer on a Drupal instance.

Issue 1: Cannot Allocate Memory

composer update
...
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 0 installs, 30 updates, 0 removals
  - Updating guzzlehttp/guzzle (6.3.2 => 6.3.3): The following exception is caused by a lack of memory or swap, or not having swap configured
Check https://getcomposer.org/doc/articles/troubleshooting.md#proc-open-fork-failed-errors for details
                                                    

  [ErrorException]                                   
  proc_open(): fork failed - Cannot allocate memory 

I was able to fix the issue by following the link in the error message: https://getcomposer.org/doc/articles/troubleshooting.md#proc-open-fork-failed-errors. Increasing the swap space fixed this issue.

sudo /bin/dd if=/dev/zero of=/var/swap.1 bs=1M count=1024
sudo /sbin/mkswap /var/swap.1
sudo /sbin/swapon /var/swap.1

Issue 2: Nothing to install or update

composer update
> DrupalProject\composer\ScriptHandler::checkComposerVersion
Loading composer repositories with package information
Updating dependencies (including require-dev)
Nothing to install or update

This was another trivial issue. The composer.json file was restricted the update from updating past version 8.5.1

composer prohibits drupal/core:8.5.3
drupal-composer/drupal-project - requires drupal/core (8.5.1)

Changing the require section in the composer.json from:

“require”:{
	

	"drupal/core": "8.5.1",

}

To

“require”:{


	"drupal/core": "~8.5",


}

This tells composer that it can update to the latest version of the Drupal core in 8.5.x.

composer update
> DrupalProject\composer\ScriptHandler::checkComposerVersion
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 0 installs, 1 update, 0 removals
  - Updating drupal/core (8.5.1 => 8.5.3):  Checking out b012f0ae51
Writing lock file
Generating autoload files
Downloading (100%)Downloading (100%)Downloading (100%)Downloading (100%)Downloading (100%)Downloading (100%)Downloading (100%)Downloading (100%)Downloading (100%)Downloading (100%)Downloading (100%)Downloading (100%)Downloading (100%)Downloading (100%)Downloading (100%)Downloading (100%)> DrupalProject\composer\ScriptHandler::createRequiredFiles

Success!