Upgrading to Drupal 8.6

Upgrading to Drupal 8.6

Lessons learned from updating to Drupal 8.6.
Vladimir Roudakov


At the latest Drupal Europe Dries Buytaert the creator of Drupal announced extended security coverage of Drupal 8 minor releases​. The security support for dot releases (8.6, 8.7, etc) will be extended from 1 to 6 month allowing developers and site owners to have more time to upgrade to the next minor version.

Week before that in early September Drupal 8.6 was released making it the largest minor release of Drupal. I'll cover new features in separate post.​

In this blog post I'll share my experience of updating to Drupal 8.6 from previous version and what sort of issues we experienced.  

It's time to update?​

Although we have 6 month to update now, it should not stop us from testing the upgrade early and check if everything is working as intended.

So let's run composer update.

composer update --dry-run

which will result in

- Updating drupal/core (8.5.6) to drupal/core (8.6.1) - Updating webflo/drupal-core-require-dev (8.5.6) to webflo/drupal-core-require-dev (8.6.1)

among other updates.

If you have not seen webflo/drupal-core-require-dev package before, it is dev dependency and  contains all the testing related tools including phpunit, php code sniffer setup and similar. The update went smoothly however there were a few artefacts that I saw later in CI pipelines. They were related to Taxonomies update and PHP Code Sniffer.


If your current version is earlier than 8.5.7, make sure that you upgrade to 8.5.7 (or latest 8.5) before upgrading to 8.6.1 (or later). If you upgraded before 8.5.7 and 8.6.1 were out, make sure to check your taxonomy relationships in views (View > Advanced > Relationships).​

PHP Code Sniffer

Continuous Integration pipeline that I use to run phpcs to check linting and coding practices gave me the following:

Problem 1 - drupal/coder 8.3.1 requires squizlabs/php_codesniffer ^3.0.1 -> satisfiable by squizlabs/php_codesniffer[3.0.1, 3.0.2, 3.0.x-dev, 3.1.0, 3.1.1, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.3.0, 3.3.1, 3.3.2, 3.x-dev] but these conflict with your requirements or minimum-stability. - drupal/coder 8.3.0 requires squizlabs/php_codesniffer ^3.0.0 -> satisfiable by squizlabs/php_codesniffer[3.0.0, 3.0.0RC1, 3.0.0RC2, 3.0.0RC3, 3.0.0RC4, 3.0.0a1, 3.0.1, 3.0.2, 3.0.x-dev, 3.1.0, 3.1.1, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.3.0, 3.3.1, 3.3.2, 3.x-dev] but these conflict with your requirements or minimum-stability. - Installation request for drupal/coder ^8.3 -> satisfiable by drupal/coder[8.3.0, 8.3.1].

So if you read documentationfor phpcs and drupal standards setup previously, you'd needed to do the following:

  composer global require "squizlabs/php_codesniffer=2.*"   composer global require drupal/coder

Updates to webflo/drupal-core-require-dev brings php_codesniffer dependency to version 3:

  composer global require squizlabs/php_codesniffer   composer global require drupal/coder


Largest update to minor Drupal 8 version went pretty smooth and despite few small issues is the perfect indicator why Drupal 8 didn't go LTS (long term service release).

Extending Drupal 8 minor version security support window from 1 to 6 month gives developers more time to test the next version and allows website owners more time to plan the next release