diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..333ba2f --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,18 @@ +#### Link to ticket + +Please add a link to the ticket being addressed by this change. + +#### Description + +Please include a short description of the suggested change and the reasoning behind the approach you have chosen. + +#### Screenshot of the result + +If your change affects the user interface you should include a screenshot of the result with the pull request. + +#### Checklist + +- [ ] My code is covered by test cases. +- [ ] My code passes our test (all our tests). +- [ ] My code passes our static analysis suite. +- [ ] My code passes our continuous integration process. diff --git a/CHANGELOG.md b/CHANGELOG.md index 467e398..6ee1208 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +* [#15](https://github.com/itk-dev/project-database/pull/15) + Security updates * [#14](https://github.com/itk-dev/project-database/pull/14) Aligned the development setup with the itk-dev D11 Docker template * [#13](https://github.com/itk-dev/project-database/pull/13) diff --git a/composer.lock b/composer.lock index f8328bc..a1650db 100644 --- a/composer.lock +++ b/composer.lock @@ -1014,16 +1014,16 @@ }, { "name": "drupal/core", - "version": "11.3.11", + "version": "11.3.12", "source": { "type": "git", "url": "https://github.com/drupal/core.git", - "reference": "a708c1023aa2c45bfd02770acf7978d665e01d04" + "reference": "743f30ab2cb2ea2166499b1b568988ddc9f4ee02" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/drupal/core/zipball/a708c1023aa2c45bfd02770acf7978d665e01d04", - "reference": "a708c1023aa2c45bfd02770acf7978d665e01d04", + "url": "https://api.github.com/repos/drupal/core/zipball/743f30ab2cb2ea2166499b1b568988ddc9f4ee02", + "reference": "743f30ab2cb2ea2166499b1b568988ddc9f4ee02", "shasum": "" }, "require": { @@ -1048,7 +1048,7 @@ "ext-xml": "*", "ext-zlib": "*", "guzzlehttp/guzzle": "^7.10", - "guzzlehttp/psr7": "^2.8.0", + "guzzlehttp/psr7": "^2.10.2", "masterminds/html5": "^2.7", "mck89/peast": "^1.17.4", "pear/archive_tar": "^1.4.14", @@ -1181,13 +1181,13 @@ ], "description": "Drupal is an open source content management platform powering millions of websites and applications.", "support": { - "source": "https://github.com/drupal/core/tree/11.3.11" + "source": "https://github.com/drupal/core/tree/11.3.12" }, - "time": "2026-05-28T11:26:22+00:00" + "time": "2026-06-17T15:59:46+00:00" }, { "name": "drupal/core-composer-scaffold", - "version": "11.3.11", + "version": "11.3.12", "source": { "type": "git", "url": "https://github.com/drupal/core-composer-scaffold.git", @@ -1231,13 +1231,13 @@ "drupal" ], "support": { - "source": "https://github.com/drupal/core-composer-scaffold/tree/11.3.11" + "source": "https://github.com/drupal/core-composer-scaffold/tree/11.3.12" }, "time": "2026-02-10T11:39:53+00:00" }, { "name": "drupal/core-project-message", - "version": "11.3.11", + "version": "11.3.12", "source": { "type": "git", "url": "https://github.com/drupal/core-project-message.git", @@ -1272,33 +1272,33 @@ "drupal" ], "support": { - "source": "https://github.com/drupal/core-project-message/tree/11.3.11" + "source": "https://github.com/drupal/core-project-message/tree/11.3.12" }, "time": "2025-02-03T10:59:29+00:00" }, { "name": "drupal/core-recommended", - "version": "11.3.11", + "version": "11.3.12", "source": { "type": "git", "url": "https://github.com/drupal/core-recommended.git", - "reference": "ea735f52395e28eba8492dcbcd5608af70c0b0cc" + "reference": "c1dbae25caa2ab70e89f40b0a11312526e7f5365" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/drupal/core-recommended/zipball/ea735f52395e28eba8492dcbcd5608af70c0b0cc", - "reference": "ea735f52395e28eba8492dcbcd5608af70c0b0cc", + "url": "https://api.github.com/repos/drupal/core-recommended/zipball/c1dbae25caa2ab70e89f40b0a11312526e7f5365", + "reference": "c1dbae25caa2ab70e89f40b0a11312526e7f5365", "shasum": "" }, "require": { "asm89/stack-cors": "~v2.3.0", "composer/semver": "~3.4.4", "doctrine/lexer": "~3.0.1", - "drupal/core": "11.3.11", + "drupal/core": "11.3.12", "egulias/email-validator": "~4.0.4", "guzzlehttp/guzzle": "~7.10.0", "guzzlehttp/promises": "~2.3.0", - "guzzlehttp/psr7": "~2.8.0", + "guzzlehttp/psr7": "~2.10.4", "masterminds/html5": "~2.10.0", "mck89/peast": "~v1.17.4", "pear/archive_tar": "~1.6.0", @@ -1356,9 +1356,9 @@ ], "description": "Core and its dependencies with known-compatible minor versions. Require this project INSTEAD OF drupal/core.", "support": { - "source": "https://github.com/drupal/core-recommended/tree/11.3.11" + "source": "https://github.com/drupal/core-recommended/tree/11.3.12" }, - "time": "2026-05-28T11:26:22+00:00" + "time": "2026-06-17T15:59:46+00:00" }, { "name": "drupal/csv_serialization", @@ -2744,16 +2744,16 @@ }, { "name": "guzzlehttp/psr7", - "version": "2.8.1", + "version": "2.10.4", "source": { "type": "git", "url": "https://github.com/guzzle/psr7.git", - "reference": "718f1ee6a878be5290af3557aeda0c91278361d9" + "reference": "d2a1a094e396da8957e797489fddaf860c340cfc" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/psr7/zipball/718f1ee6a878be5290af3557aeda0c91278361d9", - "reference": "718f1ee6a878be5290af3557aeda0c91278361d9", + "url": "https://api.github.com/repos/guzzle/psr7/zipball/d2a1a094e396da8957e797489fddaf860c340cfc", + "reference": "d2a1a094e396da8957e797489fddaf860c340cfc", "shasum": "" }, "require": { @@ -2768,8 +2768,9 @@ }, "require-dev": { "bamarni/composer-bin-plugin": "^1.8.2", - "http-interop/http-factory-tests": "0.9.0", - "phpunit/phpunit": "^8.5.44 || ^9.6.25" + "http-interop/http-factory-tests": "1.1.0", + "jshttp/mime-db": "1.54.0.1", + "phpunit/phpunit": "^8.5.52 || ^9.6.34" }, "suggest": { "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses" @@ -2840,7 +2841,7 @@ ], "support": { "issues": "https://github.com/guzzle/psr7/issues", - "source": "https://github.com/guzzle/psr7/tree/2.8.1" + "source": "https://github.com/guzzle/psr7/tree/2.10.4" }, "funding": [ { @@ -2856,7 +2857,7 @@ "type": "tidelift" } ], - "time": "2026-03-10T09:55:26+00:00" + "time": "2026-05-29T12:59:07+00:00" }, { "name": "justinrainbow/json-schema", diff --git a/web/sites/default/default.settings.php b/web/sites/default/default.settings.php index e1c965e..eabb829 100644 --- a/web/sites/default/default.settings.php +++ b/web/sites/default/default.settings.php @@ -842,6 +842,23 @@ # $settings['migrate_file_public_path'] = ''; # $settings['migrate_file_private_path'] = ''; +/** + * Media oEmbed discovery trusted host configuration. + * + * The oEmbed spec allows for provider/resource discovery by fetching a URL. The + * patterns here restrict which domains Drupal will make a request to for oEmbed + * discovery. + * + * For example: + * @code + * $settings['media_oembed_discovery_trusted_host_patterns'] = [ + * '^www\.example\.com$', + * ]; + * @endcode + * will allow the site to make oEmbed discovery requests to www.example.com. + */ +# $settings['media_oembed_discovery_trusted_host_patterns'] = []; + /** * Load local development override configuration, if available. *