Conversation
…migration 1105 :: Sustainability news migration
…ng-issue #1069 :: Layout builder padding with 'preview content' disabled is overlapping causing cursor issues
…vocab #1094 :: Require a Name for Custom Vocabularies
#1129: IYY: Main Navigation issue - hierarchy indentation and drag and drop features not working
#1013 :: WHC: New Color Palette
Sites using the default noreply@noreply.yale.edu address would silently lose form submissions since the contact webform's email notification handler sends to [site:mail]. Users had no indication this was happening. Adds a warning in two places: - The Layout Builder block config modal, using Drupal's native messages markup, so editors see it immediately when adding or editing the block - The Layout Builder canvas preview, via the existing inline-message component (template in atomic repo), now updated to include a direct link to Site Settings Both warnings disappear automatically once the site email is updated from the default value. The Site Settings link points to ys_core.admin_site_settings (/admin/yalesites/settings).
The preview inline-message only rendered for inline blocks, not reusable blocks, creating an inconsistent experience. The config form warning added in this branch already works for both block types, so the preview warning is redundant. Removes _ys_core_webform_valid_email_check() and its call in ys_core_preprocess_block().
717: Add warning alert to pre-built form block for users with default site email
#980 :: Profile are missing meta data fields in /manage settings
…urce-category-view-block #1140 :: Support Portrait Images in Resource Category View Block
…t embed div Overrides getParams() to extract all query-string parameters from the embed URL and inject them as data-* attributes on the rendered container div via a Twig for loop. This enables per-instance configuration of GitHub Pages-hosted React apps (e.g. ?story=, ?height=, ?base=) without hardcoding specific parameter names. Key design decisions: - Attribute-agnostic: any query param becomes a data attribute, making the system extensible without code changes - Regex updated to stop app_directory capture at '?' to prevent query strings from corrupting the JS/CSS asset URLs - Query string stripped before parent::getParams() call as defense in depth against the regex capture issue - Keys sanitized to [a-z0-9-] to prevent attribute injection via crafted query param names containing spaces or quotes - Values rely on Twig auto-escaping for XSS protection
… list SA-CORE-2026-001 (Critical XSS in jQuery AJAX modal dialogs) and SA-CORE-2026-002 (Moderately Critical gadget chain) were recently added to the Packagist advisory database and are now blocking Pantheon multidev builds. Both are addressed by a Drupal core upgrade currently in progress. This extends the existing allowlist as a bridge until the upgrade lands: - SA-CORE-2026-001: Critical XSS via jQuery AJAX dialog configuration; acceptable to ignore temporarily given the active upgrade work - SA-CORE-2026-002: Gadget chain requiring a separate deserialization vulnerability to exploit; not directly exploitable standalone
Temporary CVE Allowlist: Drupal Core Security Advisory Ignores
…properties Event date/time changes in Campus Groups were not syncing to the Drupal site on subsequent hourly migrations. The field_event_date field was correctly mapped in the process section but missing from overwrite_properties, which controls which fields are updated when an already-imported event changes. Without this field listed, dates were only written on initial import and ignored on all subsequent syncs even when the source data changed. The Localist events migration already includes field_event_date in its overwrite_properties — this brings Campus Groups in line with that pattern.
1178: Enhance Storybook Color Page with Copyable Color Values (HEX, RGB, CMYK, Pantone)
…g-revert #1153 :: Sitewide Branding reverts to "Yale University" when admin edits Header Settings for a content collection In Site Header
#1160 :: SoundCloud embed code with double-encoded track ID fails validation
#292 :: Add Third Font Style Option to Site Settings: Yale Old-Style Numerals / Mallory
1025: Ensure Event Date/Time Changes in Campus Groups Sync to Website
Bump atomic to 1.72.0
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull requests
Changes without a pull request: