Updated dependencies for security releases. (#1451)

richardgaunt · web-flow · commit c27c5777a80a · 2025-11-21T14:09:06.000+11:00
diff --git a/composer.lock b/composer.lock
diff --git a/phpcs.xml b/phpcs.xml
@@ -41,6 +41,9 @@
     <exclude-pattern>\.components-civictheme/*</exclude-pattern>
     <exclude-pattern>components_combined/*</exclude-pattern>
 
+    <!-- Exclude settings.php file. -->
+    <exclude-pattern>web\/sites\/default\/settings\.php</exclude-pattern>
+
     <!-- Exclude array-heavy files without any logic. -->
     <exclude-pattern>web\/modules\/custom\/cs_generated_content\/generated_content\/node\/civictheme_page_variations\/.*</exclude-pattern>
 
diff --git a/tests/behat/bootstrap/BlockTrait.php b/tests/behat/bootstrap/BlockTrait.php
@@ -116,7 +116,8 @@ protected function blockConfigureBlockInstance(Block $block, TableNode $fields):
           break;
 
         case 'region':
-          $block->setRegion($value);
+          $value = is_array($value) ? reset($value) : $value;
+          $block->setRegion((string) $value);
           break;
 
         case 'status':
diff --git a/web/sites/default/default.services.yml b/web/sites/default/default.services.yml
@@ -238,6 +238,11 @@ parameters:
     # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
     supportsCredentials: false
 
+  # The maximum number of entities stored in memory. Lowering this number can
+  # reduce the amount of memory used in long-running processes like migrations,
+  # however will also increase requests to the database or entity cache backend.
+  entity.memory_cache.slots: 1000
+
   queue.config:
     # The maximum number of seconds to wait if a queue is temporarily suspended.
     # This is not applicable when a queue is suspended but does not specify
diff --git a/web/sites/default/default.settings.php b/web/sites/default/default.settings.php
@@ -67,10 +67,10 @@
  * during the same request.
  *
  * One example of the simplest connection array is shown below. To use the
- * sample settings, copy and uncomment the code below between the @code and
- * @endcode lines and paste it after the $databases declaration. You will need
- * to replace the database username and password and possibly the host and port
- * with the appropriate credentials for your database system.
+ * sample settings, copy and uncomment the code below and paste it after the
+ * $databases declaration. You will need to replace the database username and
+ * password and possibly the host and port with the appropriate credentials for
+ * your database system.
  *
  * The next section describes how to customize the $databases array for more
  * specific needs.
@@ -312,7 +312,7 @@
 $settings['update_free_access'] = FALSE;
 
 /**
- * Fallback to HTTP for Update Manager and for fetching security advisories.
+ * Fallback to HTTP for Update Status and for fetching security advisories.
  *
  * If your site fails to connect to updates.drupal.org over HTTPS (either when
  * fetching data on available updates, or when fetching the feed of critical
@@ -475,30 +475,6 @@
  */
 # $settings['class_loader_auto_detect'] = FALSE;
 
-/**
- * Authorized file system operations:
- *
- * The Update Manager module included with Drupal provides a mechanism for
- * site administrators to securely install missing updates for the site
- * directly through the web user interface. On securely-configured servers,
- * the Update manager will require the administrator to provide SSH or FTP
- * credentials before allowing the installation to proceed; this allows the
- * site to update the new files as the user who owns all the Drupal files,
- * instead of as the user the webserver is running as. On servers where the
- * webserver user is itself the owner of the Drupal files, the administrator
- * will not be prompted for SSH or FTP credentials (note that these server
- * setups are common on shared hosting, but are inherently insecure).
- *
- * Some sites might wish to disable the above functionality, and only update
- * the code directly via SSH or FTP themselves. This setting completely
- * disables all functionality related to these authorized file operations.
- *
- * @see https://www.drupal.org/node/244924
- *
- * Remove the leading hash signs to disable.
- */
-# $settings['allow_authorize_operations'] = FALSE;
-
 /**
  * Default mode for directories and files written by Drupal.
  *
diff --git a/web/themes/contrib/civictheme/civictheme_starter_kit/package-lock.json b/web/themes/contrib/civictheme/civictheme_starter_kit/package-lock.json
diff --git a/web/themes/contrib/civictheme/includes/menu.inc b/web/themes/contrib/civictheme/includes/menu.inc
@@ -8,7 +8,6 @@
 declare(strict_types=1);
 
 use Drupal\civictheme\CivicthemeConstants;
-use Drupal\Component\Utility\Xss;
 use Drupal\Core\Url;
 
 /**
diff --git a/web/themes/contrib/civictheme/src/CivicthemeStylesheetGenerator.php b/web/themes/contrib/civictheme/src/CivicthemeStylesheetGenerator.php
@@ -126,7 +126,7 @@ protected function getAllStylesheetFiles(): array {
   }
 
   /**
-   * Generate stylesheet using provided variables..
+   * Generate stylesheet using provided variables.
    *
    * @param array $variables
    *   Array of variables to use for the generation.

Original file line number	Diff line number	Diff line change
`@@ -126,7 +126,7 @@ protected function getAllStylesheetFiles(): array {`
`126`	`126`	`}`
`127`	`127`
`128`	`128`	`/**`
`129`		`- * Generate stylesheet using provided variables..`
	`129`	`+ * Generate stylesheet using provided variables.`
`130`	`130`	`*`
`131`	`131`	`* @param array $variables`
`132`	`132`	`* Array of variables to use for the generation.`