Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commita235f7d

Browse files
authored
Update packages to address vulnerabilities (#2648)
## SummaryUpdate packages in devbox repo to address any vulnerabilities:- Updated drupal and other devbox examples- Update to typeid/v2- Update to latest dependencies on opensource/pkg (and by extensionupdate the transitive extract/v3 dependency to extract/v4)## How was it tested?Ran all tests but ... tests do seem to be hanging and timing out. Hopingsomeone has run into this issue to help debug and make sure the tests dopass.## Community Contribution LicenseAll community contributions in this pull request are licensed to theprojectmaintainers under the terms of the[Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0).By creating this pull request, I represent that I have the right tolicense thecontributions to the project maintainers under the Apache 2 License asstated inthe[Community ContributionLicense](https://github.com/jetify-com/opensource/blob/main/CONTRIBUTING.md#community-contribution-license).
1 parent72d01ea commita235f7d

File tree

13 files changed

+755
-687
lines changed

13 files changed

+755
-687
lines changed

‎docs/app/package.json

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -17,10 +17,10 @@
1717
"typecheck":"tsc"
1818
},
1919
"dependencies": {
20-
"@docusaurus/core":"^3.7.0",
21-
"@docusaurus/preset-classic":"^3.7.0",
22-
"@docusaurus/theme-common":"^3.7.0",
23-
"@docusaurus/theme-mermaid":"^3.7.0",
20+
"@docusaurus/core":"^3.8.1",
21+
"@docusaurus/preset-classic":"^3.8.1",
22+
"@docusaurus/theme-common":"^3.8.1",
23+
"@docusaurus/theme-mermaid":"^3.8.1",
2424
"@mdx-js/react":"^3.1.0",
2525
"clsx":"^2.1.1",
2626
"docusaurus-plugin-openapi-docs":"^4.4.0",
@@ -31,7 +31,7 @@
3131
"reactflow":"^11.11.4"
3232
},
3333
"devDependencies": {
34-
"@docusaurus/module-type-aliases":"^3.7.0",
34+
"@docusaurus/module-type-aliases":"^3.8.1",
3535
"@tsconfig/docusaurus":"^2.0.3",
3636
"typescript":"^5.8.3"
3737
},

‎examples/stacks/drupal/.gitattributes

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,9 @@
4242
*.xmltexteol=lfwhitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
4343
*.ymltexteol=lfwhitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
4444

45+
# PHPStan's baseline uses tabs instead of spaces.
46+
core/.phpstan-baseline.phptexteol=lfwhitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tabwidth=2diff=phplinguist-language=php
47+
4548
# Define binary file attributes.
4649
# - Do not treat them as text.
4750
# - Include binary diff in patches instead of "binary files differ."

‎examples/stacks/drupal/composer.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@
1616
],
1717
"require": {
1818
"composer/installers":"^1.9",
19-
"drupal/core-composer-scaffold":"^10.2",
20-
"drupal/core-project-message":"^10.2",
21-
"drupal/core-recommended":"^10.2",
19+
"drupal/core-composer-scaffold":"^10.3.14",
20+
"drupal/core-project-message":"^10.3.14",
21+
"drupal/core-recommended":"^10.3.14",
2222
"drush/drush":"^12.4"
2323
},
2424
"conflict": {

‎examples/stacks/drupal/composer.lock

Lines changed: 471 additions & 642 deletions
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎examples/stacks/drupal/devbox.lock

Lines changed: 188 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -125,6 +125,190 @@
125125
}
126126
}
127127
},
128+
"gawk@latest": {
129+
"last_modified": "2025-06-20T02:24:11Z",
130+
"resolved": "github:NixOS/nixpkgs/076e8c6678d8c54204abcb4b1b14c366835a58bb#gawk",
131+
"source": "devbox-search",
132+
"version": "5.3.2",
133+
"systems": {
134+
"aarch64-darwin": {
135+
"outputs": [
136+
{
137+
"name": "out",
138+
"path": "/nix/store/kdfkv0klzis9jaaba1g0gf0cgllpjnbz-gawk-5.3.2",
139+
"default": true
140+
},
141+
{
142+
"name": "man",
143+
"path": "/nix/store/1zcwxmb2aa3nqz0sa5flzj8q14ah7dcy-gawk-5.3.2-man",
144+
"default": true
145+
},
146+
{
147+
"name": "info",
148+
"path": "/nix/store/jnlhmlrdxlvcali678mz01sgpjn95ncs-gawk-5.3.2-info"
149+
}
150+
],
151+
"store_path": "/nix/store/kdfkv0klzis9jaaba1g0gf0cgllpjnbz-gawk-5.3.2"
152+
},
153+
"aarch64-linux": {
154+
"outputs": [
155+
{
156+
"name": "out",
157+
"path": "/nix/store/a8n59qawqhy5ih5n8sdg9ll7crv1fk6a-gawk-5.3.2",
158+
"default": true
159+
},
160+
{
161+
"name": "man",
162+
"path": "/nix/store/6k9wzygpq8idh8ljzbf6p08ys8v64l4d-gawk-5.3.2-man",
163+
"default": true
164+
},
165+
{
166+
"name": "info",
167+
"path": "/nix/store/mpdvvphbvwg1flnjm8pjjdn9z0fjna2q-gawk-5.3.2-info"
168+
}
169+
],
170+
"store_path": "/nix/store/a8n59qawqhy5ih5n8sdg9ll7crv1fk6a-gawk-5.3.2"
171+
},
172+
"x86_64-darwin": {
173+
"outputs": [
174+
{
175+
"name": "out",
176+
"path": "/nix/store/wdl0kwzniglqcny5hb4qg87hfld9psq5-gawk-5.3.2",
177+
"default": true
178+
},
179+
{
180+
"name": "man",
181+
"path": "/nix/store/pzk91by11wdr1xqg6ka9n5vbwfvvw995-gawk-5.3.2-man",
182+
"default": true
183+
},
184+
{
185+
"name": "info",
186+
"path": "/nix/store/laj3yx5nfmi8wcs69wnsbmjgqpjpg45l-gawk-5.3.2-info"
187+
}
188+
],
189+
"store_path": "/nix/store/wdl0kwzniglqcny5hb4qg87hfld9psq5-gawk-5.3.2"
190+
},
191+
"x86_64-linux": {
192+
"outputs": [
193+
{
194+
"name": "out",
195+
"path": "/nix/store/nv3y7zb1cwz1h9qy7nwz0s54j8dl1kqj-gawk-5.3.2",
196+
"default": true
197+
},
198+
{
199+
"name": "man",
200+
"path": "/nix/store/fszky5w8irnlysc3pribh6jgb67c17qr-gawk-5.3.2-man",
201+
"default": true
202+
},
203+
{
204+
"name": "info",
205+
"path": "/nix/store/mv868jczhk4vlfsym7mmk4dkxy63xpwq-gawk-5.3.2-info"
206+
}
207+
],
208+
"store_path": "/nix/store/nv3y7zb1cwz1h9qy7nwz0s54j8dl1kqj-gawk-5.3.2"
209+
}
210+
}
211+
},
212+
"gettext@latest": {
213+
"last_modified": "2025-07-07T11:34:27Z",
214+
"resolved": "github:NixOS/nixpkgs/0acc6a91343eb987397c27044a8d1fbcb374c265#gettext",
215+
"source": "devbox-search",
216+
"version": "0.22.5",
217+
"systems": {
218+
"aarch64-darwin": {
219+
"outputs": [
220+
{
221+
"name": "out",
222+
"path": "/nix/store/i1cf5x10799v48g9x4hiks9bfd671ka5-gettext-0.22.5",
223+
"default": true
224+
},
225+
{
226+
"name": "man",
227+
"path": "/nix/store/yyijkzw43sji9vmkvgp5xd59qhgcqk0i-gettext-0.22.5-man",
228+
"default": true
229+
},
230+
{
231+
"name": "doc",
232+
"path": "/nix/store/hdbngsjdsz6rw0rs5201jwxgmig0bir9-gettext-0.22.5-doc"
233+
},
234+
{
235+
"name": "info",
236+
"path": "/nix/store/bn7zq16wifi5naccpjgx2wscbxrx1r9y-gettext-0.22.5-info"
237+
}
238+
],
239+
"store_path": "/nix/store/i1cf5x10799v48g9x4hiks9bfd671ka5-gettext-0.22.5"
240+
},
241+
"aarch64-linux": {
242+
"outputs": [
243+
{
244+
"name": "out",
245+
"path": "/nix/store/4yw094fdf4hg71ffmkiciffzri75l52f-gettext-0.22.5",
246+
"default": true
247+
},
248+
{
249+
"name": "man",
250+
"path": "/nix/store/aw19w3wzq8b2vbn0xbxygikz1192hd9f-gettext-0.22.5-man",
251+
"default": true
252+
},
253+
{
254+
"name": "doc",
255+
"path": "/nix/store/1k64vvyzdiixl1sqb4j5gr3s0jaw36mb-gettext-0.22.5-doc"
256+
},
257+
{
258+
"name": "info",
259+
"path": "/nix/store/9x2h9jkx962sv43ifh3j7qrfgy2a1b4p-gettext-0.22.5-info"
260+
}
261+
],
262+
"store_path": "/nix/store/4yw094fdf4hg71ffmkiciffzri75l52f-gettext-0.22.5"
263+
},
264+
"x86_64-darwin": {
265+
"outputs": [
266+
{
267+
"name": "out",
268+
"path": "/nix/store/5qi7j7hqbp157iygygys9pb36d8ik4i0-gettext-0.22.5",
269+
"default": true
270+
},
271+
{
272+
"name": "man",
273+
"path": "/nix/store/pb3awbc3p0y3r5g5sfjz66c5x168yx3r-gettext-0.22.5-man",
274+
"default": true
275+
},
276+
{
277+
"name": "info",
278+
"path": "/nix/store/h9g11qmdvcfj5c63s3rksz3w4byb903s-gettext-0.22.5-info"
279+
},
280+
{
281+
"name": "doc",
282+
"path": "/nix/store/9ff482n21sifam67a4hawlmim5qd2xj3-gettext-0.22.5-doc"
283+
}
284+
],
285+
"store_path": "/nix/store/5qi7j7hqbp157iygygys9pb36d8ik4i0-gettext-0.22.5"
286+
},
287+
"x86_64-linux": {
288+
"outputs": [
289+
{
290+
"name": "out",
291+
"path": "/nix/store/zs5crhr67zp8cxn7dh4mwq08zw3sb31m-gettext-0.22.5",
292+
"default": true
293+
},
294+
{
295+
"name": "man",
296+
"path": "/nix/store/fmyjd06fivjkyja34lk9jfxllma3gr5k-gettext-0.22.5-man",
297+
"default": true
298+
},
299+
{
300+
"name": "doc",
301+
"path": "/nix/store/29k7rgjb1jz85wp5r2rb8fbmwjmp4yf7-gettext-0.22.5-doc"
302+
},
303+
{
304+
"name": "info",
305+
"path": "/nix/store/mppr77ji66sqxwwc7c12619csq6mvras-gettext-0.22.5-info"
306+
}
307+
],
308+
"store_path": "/nix/store/zs5crhr67zp8cxn7dh4mwq08zw3sb31m-gettext-0.22.5"
309+
}
310+
}
311+
},
128312
"git@latest": {
129313
"last_modified": "2024-02-10T18:15:24Z",
130314
"resolved": "github:NixOS/nixpkgs/10b813040df67c4039086db0f6eaf65c536886c6#git",
@@ -197,6 +381,10 @@
197381
}
198382
}
199383
},
384+
"github:NixOS/nixpkgs/nixpkgs-unstable": {
385+
"last_modified": "2025-06-18T03:01:18Z",
386+
"resolved": "github:NixOS/nixpkgs/5395fb3ab3f97b9b7abca147249fa2e8ed27b192?lastModified=1750215678&narHash=sha256-Rc%2FytpamXRf6z8UA2SGa4aaWxUXRbX2MAWIu2C8M%2Bok%3D"
387+
},
200388
"mariadb@latest": {
201389
"last_modified": "2024-02-10T18:15:24Z",
202390
"plugin_version": "0.0.4",

‎examples/stacks/drupal/web/sites/default/default.services.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,8 @@
11
parameters:
2+
# Toggles the super user access policy. If your website has at least one user
3+
# with the Administrator role, it is advised to set this to false. This allows
4+
# you to make user 1 a regular user, strengthening the security of your site.
5+
security.enable_super_user:true
26
session.storage.options:
37
# Default ini options for sessions.
48
#
@@ -60,6 +64,11 @@ parameters:
6064
# \Drupal\Core\Session\SessionConfiguration::__construct()
6165
# @default 6
6266
sid_bits_per_character:6
67+
# By default, Drupal generates a session cookie name based on the full
68+
# domain name. Set the name_suffix to a short random string to ensure this
69+
# session cookie name is unique on different installations on the same
70+
# domain and path (for example, when migrating from Drupal 7).
71+
name_suffix:''
6372
twig.config:
6473
# Twig debugging:
6574
#

‎examples/stacks/drupal/web/sites/default/default.settings.php

Lines changed: 25 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@
7777
*
7878
* @code
7979
* $databases['default']['default'] = [
80-
* 'database' => 'databasename',
80+
* 'database' => 'database_name',
8181
* 'username' => 'sql_username',
8282
* 'password' => 'sql_password',
8383
* 'host' => 'localhost',
@@ -181,8 +181,8 @@
181181
*
182182
* WARNING: The above defaults are designed for database portability. Changing
183183
* them may cause unexpected behavior, including potential data loss. See
184-
* https://www.drupal.org/developing/api/database/configuration for more
185-
* information on these defaults and the potential issues.
184+
* https://www.drupal.org/docs/8/api/database-api/database-configuration for
185+
*moreinformation on these defaults and the potential issues.
186186
*
187187
* More details can be found in the constructor methods for each driver:
188188
* - \Drupal\mysql\Driver\Database\mysql\Connection::__construct()
@@ -193,7 +193,7 @@
193193
* @code
194194
* $databases['default']['default'] = [
195195
* 'driver' => 'pgsql',
196-
* 'database' => 'databasename',
196+
* 'database' => 'database_name',
197197
* 'username' => 'sql_username',
198198
* 'password' => 'sql_password',
199199
* 'host' => 'localhost',
@@ -215,7 +215,7 @@
215215
* 'driver' => 'my_driver',
216216
* 'namespace' => 'Drupal\my_module\Driver\Database\my_driver',
217217
* 'autoload' => 'modules/my_module/src/Driver/Database/my_driver/',
218-
* 'database' => 'databasename',
218+
* 'database' => 'database_name',
219219
* 'username' => 'sql_username',
220220
* 'password' => 'sql_password',
221221
* 'host' => 'localhost',
@@ -230,7 +230,7 @@
230230
* 'driver' => 'my_driver',
231231
* 'namespace' => 'Drupal\my_module\Driver\Database\my_driver',
232232
* 'autoload' => 'modules/my_module/src/Driver/Database/my_driver/',
233-
* 'database' => 'databasename',
233+
* 'database' => 'database_name',
234234
* 'username' => 'sql_username',
235235
* 'password' => 'sql_password',
236236
* 'host' => 'localhost',
@@ -355,14 +355,13 @@
355355
* security, or encryption benefits. In an environment where Drupal
356356
* is behind a reverse proxy, the real IP address of the client should
357357
* be determined such that the correct client IP address is available
358-
* to Drupal's logging, statistics, and access management systems. In
359-
* the most simple scenario, the proxy server will add an
360-
* X-Forwarded-For header to the request that contains the client IP
361-
* address. However, HTTP headers are vulnerable to spoofing, where a
362-
* malicious client could bypass restrictions by setting the
363-
* X-Forwarded-For header directly. Therefore, Drupal's proxy
364-
* configuration requires the IP addresses of all remote proxies to be
365-
* specified in $settings['reverse_proxy_addresses'] to work correctly.
358+
* to Drupal's logging and access management systems. In the most simple
359+
* scenario, the proxy server will add an X-Forwarded-For header to the request
360+
* that contains the client IP address. However, HTTP headers are vulnerable to
361+
* spoofing, where a malicious client could bypass restrictions by setting the
362+
* X-Forwarded-For header directly. Therefore, Drupal's proxy configuration
363+
* requires the IP addresses of all remote proxies to be specified in
364+
* $settings['reverse_proxy_addresses'] to work correctly.
366365
*
367366
* Enable this setting to get Drupal to determine the client IP from the
368367
* X-Forwarded-For header. If you are unsure about this setting, do not have a
@@ -731,6 +730,8 @@
731730
* Provide a fully qualified class name here if you would like to provide an
732731
* alternate implementation YAML parser. The class must implement the
733732
* \Drupal\Component\Serialization\SerializationInterface interface.
733+
*
734+
* This setting is deprecated in Drupal 10.3 and removed in Drupal 11.
734735
*/
735736
# $settings['yaml_parser_class'] = NULL;
736737

@@ -808,6 +809,16 @@
808809
*/
809810
$settings['entity_update_backup'] =TRUE;
810811

812+
/**
813+
* State caching.
814+
*
815+
* State caching uses the cache collector pattern to cache all requested keys
816+
* from the state API in a single cache entry, which can greatly reduce the
817+
* amount of database queries. However, some sites may use state with a
818+
* lot of dynamic keys which could result in a very large cache.
819+
*/
820+
$settings['state_cache'] =TRUE;
821+
811822
/**
812823
* Node migration type.
813824
*

‎examples/stacks/drupal/web/sites/development.services.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,17 @@
11
# Local development services.
22
#
3+
# The development.services.yml file allows the developer to override
4+
# container parameters for debugging.
5+
#
36
# To activate this feature, follow the instructions at the top of the
47
# 'example.settings.local.php' file, which sits next to this file.
8+
#
9+
# Be aware that in Drupal's configuration system, all the files that
10+
# provide container definitions are merged using a shallow merge approach
11+
# within \Drupal\Core\DependencyInjection\YamlFileLoader.
12+
# This means that if you want to override any value of a parameter, the
13+
# whole parameter array needs to be copied from
14+
# sites/default/default.services.yml or from core/core.services.yml file.
515
parameters:
616
http.response.debug_cacheability_headers:true
717
services:

‎examples/stacks/drupal/web/sites/example.sites.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
* Configuration file for multi-site support and directory aliasing feature.
88
*
99
* This file is required for multi-site support and also allows you to define a
10-
* set of aliases that maphostnames, ports, andpathnames to configuration
10+
* set of aliases that maphost names, ports, andpath names to configuration
1111
* directories in the sites directory. These aliases are loaded prior to
1212
* scanning for directories, and they are exempt from the normal discovery
1313
* rules. See default.settings.php to view how Drupal discovers the
@@ -53,5 +53,5 @@
5353
*
5454
* @see default.settings.php
5555
* @see \Drupal\Core\DrupalKernel::getSitePath()
56-
* @see https://www.drupal.org/documentation/install/multi-site
56+
* @see https://www.drupal.org/docs/getting-started/multisite-drupal
5757
*/

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp