Merge pull request #353 from itk-dev/feature/1322-security-update

Security update

Author: rimi-itk

.docker/templates/default.conf.template

@@ -4,6 +4,8 @@ server {
 
     root ${NGINX_WEB_ROOT};
 
+    client_max_body_size ${NGINX_MAX_BODY_SIZE};
+
     location = /favicon.ico {
         log_not_found off;
         access_log off;

.gitattributes

@@ -42,6 +42,9 @@
 *.xml     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
 *.yml     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
 
+# PHPStan's baseline uses tabs instead of spaces.
+core/.phpstan-baseline.php text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tabwidth=2 diff=php linguist-language=php
+
 # Define binary file attributes.
 # - Do not treat them as text.
 # - Include binary diff in patches instead of "binary files differ."

.github/workflows/pr.yaml

@@ -43,6 +43,10 @@ jobs:
       - name: Validate composer files
         run: |
           composer validate composer.json
+      - name: Check composer file is normalized
+        run: |
+          composer install --no-interaction --no-progress
+          composer normalize composer.json --dry-run
 
   phpcs:
     name: PHP - Check Coding Standards

.gitignore

@@ -201,3 +201,4 @@ yarn-error.log
 .DS_Store
 
 .env*.local
+.twig-cs-fixer.cache

.twig-cs-fixer.php

@@ -0,0 +1,9 @@
+<?php
+
+// @see https://github.com/VincentLanglet/Twig-CS-Fixer/blob/main/docs/configuration.md#standard
+$config = new TwigCsFixer\Config\Config();
+
+// @see https://github.com/VincentLanglet/Twig-CS-Fixer/pull/134#issuecomment-1756924889
+$config->addTokenParser(new Drupal\Core\Template\TwigTransTokenParser());
+
+return $config;

CHANGELOG.md

@@ -8,6 +8,8 @@ Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+- [PR-353](https://github.com/itk-dev/os2loop/pull/353):
+  Security update
 - [PR-352](https://github.com/itk-dev/os2loop/pull/352):
   Fix spacing
 - [PR-351](https://github.com/itk-dev/os2loop/pull/351):

README.md

@@ -161,14 +161,14 @@ for further details.
 ## Coding standards
 
 ```sh
-docker compose exec phpfpm composer coding-standards-check
 docker compose exec phpfpm composer coding-standards-apply
+docker compose exec phpfpm composer coding-standards-check
 ```
 
 ```sh
 docker compose run --rm node yarn install
-docker compose run --rm node yarn coding-standards-check
 docker compose run --rm node yarn coding-standards-apply
+docker compose run --rm node yarn coding-standards-check
 ```
 
 ### GitHub Actions
@@ -187,20 +187,6 @@ act -P ubuntu-latest=shivammathur/node:focal pull_request
 
 (cf. <https://github.com/shivammathur/setup-php#local-testing-setup>).
 
-### Twigcs
-
-To run only twigcs:
-
-```sh
-docker compose exec phpfpm composer coding-standards-check/twigcs
-```
-
-But this is also a part of
-
-```sh
-docker compose exec phpfpm composer coding-standards-check
-```
-
 ## Build theme assets
 
 See

composer.json

@@ -1,37 +1,9 @@
 {
     "name": "os2loop/os2loop",
     "description": "OS2Loop",
-    "type": "project",
     "license": "GPL-2.0-or-later",
+    "type": "project",
     "homepage": "https://github.com/os2loop/os2loop",
-    "repositories": {
-        "drupal": {
-            "type": "composer",
-            "url": "https://packages.drupal.org/8",
-            "canonical": false
-        },
-        "drupal/theme_switcher": {
-            "type": "vcs",
-            "url": "https://git.drupalcode.org/project/theme_switcher"
-        },
-        "os2loop/os2loop_fixtures": {
-            "type": "path",
-            "url": "web/profiles/custom/os2loop/modules/os2loop_fixtures"
-        },
-        "drupal/views_flag_refresh": {
-            "type": "package",
-            "package": {
-                "name": "drupal/views_flag_refresh",
-                "version": "dev-2929394-drupal-8-port",
-                "type": "drupal-module",
-                "source": {
-                    "url": "https://git.drupalcode.org/issue/views_flag_refresh-2929394.git",
-                    "type": "git",
-                    "reference": "origin/2929394-drupal-8-port"
-                }
-            }
-        }
-    },
     "require": {
         "php": "^8.2",
         "composer/installers": "^2.0",
@@ -79,65 +51,107 @@
         "drupal/token": "^1.12",
         "drupal/token_filter": "^2.0",
         "drupal/twig_tweak": "^3.2",
-        "drupal/view_unpublished": "^1.1",
+        "drupal/view_unpublished": "^1.2",
         "drupal/views_autosubmit": "^1.6",
         "drupal/views_data_export": "^1.3",
         "drupal/views_flag_refresh": "^1.0",
         "drupal/viewsreference": "^2.0@beta",
         "drupal/xls_serialization": "^1.3",
         "drush/drush": "^12.2"
     },
-    "scripts": {
-        "code-analysis/phpstan": [
-            "phpstan analyse --configuration=phpstan.neon --memory-limit=2G"
-        ],
-        "code-analysis": [
-            "@code-analysis/phpstan"
-        ],
-        "coding-standards-check/phpcs": [
-            "php vendor/bin/phpcs --standard=phpcs.xml.dist"
-        ],
-        "coding-standards-check/twigcs": [
-            "twigcs web/profiles/custom/os2loop/themes/os2loop_theme/templates"
-        ],
-        "coding-standards-check": [
-            "@coding-standards-check/phpcs",
-            "@coding-standards-check/twigcs"
-        ],
-        "coding-standards-apply/phpcs": [
-            "vendor/bin/phpcbf --standard=phpcs.xml.dist"
-        ],
-        "coding-standards-apply": [
-            "@coding-standards-apply/phpcs"
-        ]
+    "require-dev": {
+        "dealerdirect/phpcodesniffer-composer-installer": "^1.0",
+        "drupal/coder": "^8.3",
+        "drupal/core-dev": "^10.1",
+        "drupal/devel": "^5.1",
+        "ergebnis/composer-normalize": "^2.42",
+        "kint-php/kint": "^5.0",
+        "mglaman/phpstan-drupal": "^1.2",
+        "os2loop/os2loop_fixtures": "*",
+        "phpspec/prophecy-phpunit": "^2.0",
+        "phpstan/extension-installer": "^1.3",
+        "phpstan/phpstan-deprecation-rules": "^1.1",
+        "vincentlanglet/twig-cs-fixer": "^2.9"
     },
     "conflict": {
         "drupal/drupal": "*"
     },
+    "repositories": {
+        "drupal": {
+            "type": "composer",
+            "url": "https://packages.drupal.org/8",
+            "canonical": false
+        },
+        "drupal/theme_switcher": {
+            "type": "vcs",
+            "url": "https://git.drupalcode.org/project/theme_switcher"
+        },
+        "os2loop/os2loop_fixtures": {
+            "type": "path",
+            "url": "web/profiles/custom/os2loop/modules/os2loop_fixtures"
+        },
+        "drupal/views_flag_refresh": {
+            "type": "package",
+            "package": {
+                "name": "drupal/views_flag_refresh",
+                "type": "drupal-module",
+                "version": "dev-2929394-drupal-8-port",
+                "source": {
+                    "type": "git",
+                    "url": "https://git.drupalcode.org/issue/views_flag_refresh-2929394.git",
+                    "reference": "origin/2929394-drupal-8-port"
+                }
+            }
+        }
+    },
     "minimum-stability": "dev",
     "prefer-stable": true,
     "config": {
-        "sort-packages": true,
-        "process-timeout": 0,
         "allow-plugins": {
             "composer/installers": true,
             "cweagans/composer-patches": true,
             "dealerdirect/phpcodesniffer-composer-installer": true,
             "drupal/console-extend-plugin": true,
             "drupal/core-composer-scaffold": true,
             "drupal/core-project-message": true,
+            "ergebnis/composer-normalize": true,
+            "php-http/discovery": true,
             "phpstan/extension-installer": true
-        }
+        },
+        "process-timeout": 0,
+        "sort-packages": true
     },
     "extra": {
+        "drupal-core-project-message": {
+            "include-keys": [
+                "homepage",
+                "support"
+            ],
+            "post-create-project-cmd-message": [
+                "<bg=blue;fg=white>                                                         </>",
+                "<bg=blue;fg=white>  Congratulations, you’ve installed the Drupal codebase  </>",
+                "<bg=blue;fg=white>  from the drupal/recommended-project template!          </>",
+                "<bg=blue;fg=white>                                                         </>",
+                "",
+                "<bg=yellow;fg=black>Next steps</>:",
+                "  * Install the site: https://www.drupal.org/docs/8/install",
+                "  * Read the user guide: https://www.drupal.org/docs/user_guide/en/index.html",
+                "  * Get support: https://www.drupal.org/support",
+                "  * Get involved with the Drupal community:",
+                "      https://www.drupal.org/getting-involved",
+                "  * Remove the plugin that prints this message:",
+                "      composer remove drupal/core-project-message"
+            ]
+        },
         "drupal-scaffold": {
-            "locations": {
-                "web-root": "web/"
-            },
             "file-mapping": {
                 "[web-root]/sites/development.services.yml": false
+            },
+            "locations": {
+                "web-root": "web/"
             }
         },
+        "enable-patching": true,
         "installer-paths": {
             "web/core": [
                 "type:drupal-core"
@@ -170,68 +184,63 @@
                 "type:os2loop-custom-module"
             ]
         },
-        "drupal-core-project-message": {
-            "include-keys": [
-                "homepage",
-                "support"
-            ],
-            "post-create-project-cmd-message": [
-                "<bg=blue;fg=white>                                                         </>",
-                "<bg=blue;fg=white>  Congratulations, you’ve installed the Drupal codebase  </>",
-                "<bg=blue;fg=white>  from the drupal/recommended-project template!          </>",
-                "<bg=blue;fg=white>                                                         </>",
-                "",
-                "<bg=yellow;fg=black>Next steps</>:",
-                "  * Install the site: https://www.drupal.org/docs/8/install",
-                "  * Read the user guide: https://www.drupal.org/docs/user_guide/en/index.html",
-                "  * Get support: https://www.drupal.org/support",
-                "  * Get involved with the Drupal community:",
-                "      https://www.drupal.org/getting-involved",
-                "  * Remove the plugin that prints this message:",
-                "      composer remove drupal/core-project-message"
-            ]
-        },
-        "enable-patching": true,
         "patches": {
             "drupal/core": {
-                "Disable forced configuration langcode (https://www.drupal.org/project/drupal/issues/3150540)": "https://www.drupal.org/files/issues/2023-05-24/3150540-36.patch",
+                "Disable forced configuration langcode (https://www.drupal.org/project/drupal/issues/3150540)": "https://www.drupal.org/files/issues/2024-01-25/3150540-40.patch",
                 "Handle undefined index when using form states (https://www.drupal.org/project/drupal/issues/2700667)": "https://www.drupal.org/files/issues/2020-03-11/2700667-104.patch"
             },
-            "drupal/flag": {
-                "Implement Migration Paths for Flag 7.x (https://www.drupal.org/project/flag/issues/2409901#comment-13082245)": "https://www.drupal.org/files/issues/2019-04-25/2409901_flag_migration_paths_52.patch",
-                "Implement Migration Paths for Flag 7.x (https://www.drupal.org/project/flag/issues/2409901#comment-13281955)": "https://www.drupal.org/files/issues/2019-10-02/2409901-60.patch"
-            },
-            "drupal/openid_connect": {
-                "Revoking group access does not reflect on applied roles (https://www.drupal.org/project/openid_connect/issues/3224128)": "https://git.drupalcode.org/project/openid_connect/-/merge_requests/31.diff"
-            },
-            "drupal/masquerade": {
-                "https://www.drupal.org/project/masquerade/issues/2962970#comment-13391256": "https://www.drupal.org/files/issues/2019-12-13/temporary%20unmask%20workaround-2962970-8.patch"
-            },
             "drupal/devel": {
                 "Public methods are not visible in kint (https://www.drupal.org/project/devel/issues/3112201)": "https://www.drupal.org/files/issues/2022-04-26/devel_3112201_4.patch"
             },
-            "drupal/view_unpublished": {
-                "Grants are not cached if the user has \"view any unpublished content\" permission (https://www.drupal.org/project/view_unpublished/issues/3226756)": "https://www.drupal.org/files/issues/2021-08-04/view_unpublished-cache_ignored-3226756-2-8.x.patch"
-            },
             "drupal/entity_print": {
                 "Add page count https://www.drupal.org/project/entity_print/issues/2823430": "https://www.drupal.org/files/issues/2023-07-10/entity_print-dompdf_page_count-2823430-14.patch"
             },
             "drupal/entity_reference_integrity": {
                 "https://www.drupal.org/project/entity_reference_integrity/issues/3380250": "https://www.drupal.org/files/issues/2023-08-29/entity_reference_integrity-3380250-5.patch"
+            },
+            "drupal/flag": {
+                "Implement Migration Paths for Flag 7.x (https://www.drupal.org/project/flag/issues/2409901#comment-13082245)": "https://www.drupal.org/files/issues/2019-04-25/2409901_flag_migration_paths_52.patch",
+                "Implement Migration Paths for Flag 7.x (https://www.drupal.org/project/flag/issues/2409901#comment-13281955)": "https://www.drupal.org/files/issues/2019-10-02/2409901-60.patch"
+            },
+            "drupal/masquerade": {
+                "https://www.drupal.org/project/masquerade/issues/2962970#comment-13391256": "https://www.drupal.org/files/issues/2019-12-13/temporary%20unmask%20workaround-2962970-8.patch"
             }
         }
     },
-    "require-dev": {
-        "dealerdirect/phpcodesniffer-composer-installer": "^1.0",
-        "drupal/coder": "^8.3",
-        "drupal/core-dev": "^10.1",
-        "drupal/devel": "^5.1",
-        "friendsoftwig/twigcs": "^6.2",
-        "kint-php/kint": "^5.0",
-        "mglaman/phpstan-drupal": "^1.2",
-        "os2loop/os2loop_fixtures": "*",
-        "phpspec/prophecy-phpunit": "^2.0",
-        "phpstan/extension-installer": "^1.3",
-        "phpstan/phpstan-deprecation-rules": "^1.1"
+    "scripts": {
+        "code-analysis": [
+            "@code-analysis/phpstan"
+        ],
+        "code-analysis/phpstan": [
+            "phpstan analyse --configuration=phpstan.neon --memory-limit=2G"
+        ],
+        "coding-standards-apply": [
+            "@coding-standards-apply/phpcs",
+            "@coding-standards-apply/twig-cs-fixer",
+            "@coding-standards-apply/composer-normalize"
+        ],
+        "coding-standards-apply/composer-normalize": [
+            "composer normalize"
+        ],
+        "coding-standards-apply/phpcs": [
+            "vendor/bin/phpcbf --standard=phpcs.xml.dist"
+        ],
+        "coding-standards-apply/twig-cs-fixer": [
+            "twig-cs-fixer lint --fix web/profiles/custom/os2loop/themes/os2loop_theme/templates"
+        ],
+        "coding-standards-check": [
+            "@coding-standards-check/phpcs",
+            "@coding-standards-check/twig-cs-fixer",
+            "@coding-standards-check/composer-normalize"
+        ],
+        "coding-standards-check/composer-normalize": [
+            "composer normalize --dry-run"
+        ],
+        "coding-standards-check/phpcs": [
+            "php vendor/bin/phpcs --standard=phpcs.xml.dist"
+        ],
+        "coding-standards-check/twig-cs-fixer": [
+            "twig-cs-fixer lint web/profiles/custom/os2loop/themes/os2loop_theme/templates"
+        ]
     }
 }