Log message:
Update drupal8 to 8.7.7

The update to 8.6.17 wasn't enough to make the annoying messages go away.

PHP 5 support, automatic entity updates, and Internet Explorer 9 workarounds
have been removed

     * PHP 5.5 and 5.6 will no longer be supported as of Drupal 8.7.0.
       As of December 2018, PHP 5.6 no longer receives security support
       from the maintainers of PHP. Anyone running Drupal 8 on PHP 5.5 or
       5.6 should upgrade their PHP version to at least 7.1. PHP 7.2 is
       now recommended. Read more in the change record for the PHP
       requirement update.
     * Starting with 8.7.0, Drupal core no longer provides support for
       automatic entity updates as these have resulted in conflicts with
       regular database updates and data integrity issues. Whenever an
       entity type or field storage definition needs to be created,
       changed or deleted, it has to be done with an explicit update
       function as provided by the Update API, and using the API provided
       by the entity definition update manager. (Note that using the API
       has always been the recommended way for developers to trigger
       entity updates.) drush entup is also no longer supported by Drupal
       core. These three change records provide further details:
         1. Support for automatic entity updates has been removed
         2. Kernel tests have to install entity type schemas for all the
            entity types they are testing, and before installing any other
            configuration
         3. New helper method available to set up the "current_user"
            service in kernel tests
     * Workarounds for the stylesheet limit in Internet Explorer 9 (IE9)
       and earlier have been removed. Drupal dropped support for Internet
       Explorer 9 and 10 in 8.4.0, but Drupal 8.5 and 8.6 retained a
       workaround to allow 32 or more stylesheets to be included. This
       workaround has been removed in 8.7. Sites still requiring Internet
       Explorer 9 support for the work around of IE's limit of 31 style
       sheets per page, should enable CSS aggregation (preferred) or
       install the IE9 Compatibility contributed module.

Extensive release notes here:
- https://www.drupal.org/project/drupal/releases/8.7.0
- https://www.drupal.org/project/drupal/releases/8.7.7

Log message:
Update drupal8 to 8.6.17

   This bugfix release is intended to resolve issues that might interfere
   with future security release upgrades. Symfony 3.4.25 reverted a
   previous change which affected Drupal's lazy session handling. This
   release updates Symfony to 3.4.25 and reverts a previous workaround for
   the regression.

Log message:
www/drupal8: update to 8.6.16

- Fixed security issues of SA-CORE-2019-007.

Log message:
www/drupal8: update to 8.6.15

Update drupal8 to 8.6.15.

* Fixed security issues:
   - SA-CORE-2019-005
   - SA-CORE-2019-006

Log message:
Update drupal8 to 8.6.13

* Drupal core - Cross-Site Scripting- SA-CORE-2019-004

Under certain circumstances the File module/subsystem allows a
malicious user to upload a file that can trigger a cross-site
scripting (XSS) vulnerability.

Log message:
Update to 8.6.12

Upstream changes:
8.6.12
The third-party Twig library, which powers Drupal 8's theme system, recently \ 
released new versions (Twig 1.38.0 and 1.38.1) that introduced a fatal error for \ 
Drupal 8 sites using Composer. Drupal 8.6.11 was released yesterday with an \ 
update to Twig 1.38.2 in order to resolve that error. However, this update also \ 
led to a different regression for certain Drupal 8 themes that use Twig {% embed \ 
%} tags. This release hotfixes Drupal 8 to resolve that regression. No other \ 
changes are included.

8.6.11
This release resolves two critical issues affecting Drupal 8 site updates:

    The third-party Twig library, which powers Drupal 8's theme system, recently \ 
released a new minor version (1.38.0) that introduced a fatal error when used \ 
with Drupal 8. As a result, Drupal 8 sites managed with Composer encountered \ 
this fatal error when updating Twig to version 1.38.0 or 1.38.1. This release \ 
updates Drupal to require Twig 1.38.2, which resolves the fatal error.

    The recent releases for SA-CORE-2019-003 introduced a serialized data \ 
integrity issue affecting some contributed and custom modules, including the \ 
Default Content and Paragraphs modules. This release resolves the issue for \ 
affected sites.

Additionally, this release resolves an administrator-only access bypass with the \ 
Layout Builder module. Previously, users who didn't have access to view \ 
individual entities were still granted access to configure the layout for that \ 
entity (if per-entity layout configuration was enabled) and therefore could view \ 
its content. This implicit access has been removed. Site owners should ensure \ 
that all content editor roles have access to view the content for which they are \ 
configuring the layout.

Log message:
www/drupal8: update to 8.6.10

Drupal 8.6.10 (2019-02-20)

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the security announcement and notes below:

* Drupal core - Remote code execution - SA-CORE-2019-003

Sites on 8.5.x or earlier should update immediately to Drupal 8.5.11 instead,
and plan to update to the latest 8.6.x release before May 2019 (when 8.7.0 is
released and 8.5.x security coverage ends).

Important update information

For site owners

* In addition to the above fix, this release includes the fix for #3031740:
  Updating to 8.6.8 or 8.6.9 with Drush 8 causes data loss via
  update_fix_compatibility() to prevent Drush 8 issues for sites updating
  directly from an earlier security release.

* update.php must be run after updating to ensure changes from the patch take
  effect.

* No changes have been made to the .htaccess, web.config, robots.txt or
  default settings.php files in this release, so upgrading custom versions of
  those files is not necessary if your site is already on the previous
  release.

For module developers

Some contributed module tests may need to be updated if they extend core's
test suite, due to a minor API change in a test base class.

Log message:
Update to 8.6.9
Remove the patch that included in upstream

Upstream changes:
8.6.7:
This is a hotfix release for a regression affecting some Drush installations \ 
that was introduced by the fix for SA-CORE-2019-002. No other fixes are \ 
included.

8.6.8:
Changes since 8.6.7

    #2975539 by mondrake, alexpott, marcoscano, desierto: Changing machine name \ 
of image style leads to WSOD when loading widgets that used the old name
    #2859315 by quietone, heddn, jhodgdon: SQL error from profile_fields when \ 
migrating d6 (or d7) to d8 without Profile module
    #2443165 by davidwbarratt, amateescu, HOG, kostyashupenko, yched, Berdir, \ 
andypost, alexpott, tstoeckler, xjm: \ 
Drupal\Core\Entity\EntityInterface\ContentEntityStorageBase::doCreate() assumes \ 
that the bundle is a string
    #2849074 by decafdennis, alexpott, zuuperman, AdamPS, sagesolutions, tucho, \ 
xjm: SiteConfigureForm overrides value from install profile
    #3007716 by Sam152, kevin.dutra, jhedstrom, larowlan: Security update \ 
introduces breaking changes to content moderation
    #2215857 by michielnugter, Lendude, gmercer, tim.plunkett, cferthorney, \ 
marabak, olli, ericmulder1980, TwoD, sanduhrs, stella, dww, nod_: Behaviors get \ 
attached to removed forms
    #3017812 by ibustos, joachim: Language selector is immune to \ 
hook_entity_field_access in entity forms
    #2900883 by larskhansen, GaëlG, kalyansamanta, Chi, tim.plunkett, Gábor \ 
Hojtsy, joachim: Wrong documentation of \ 
Drupal\Component\Plugin\Derivative\DeriverInterface::getDerivativeDefinitions()
    #3027595 by amateescu, pmelab: Incorrect blacklist condition in WorkspaceManager
    #2725259 by sardara, andrewmacpherson, claudiu.cristea, tedbow, \ 
alwaysworking, droplet, techmsi, kwoxer, xjm, alexpott, lauriii, catch, cilefen, \ 
Cottser: [regression] Table Drag handles no longer respond to up/down arrow keys
    Revert "Issue #2725259 by sardara, andrewmacpherson, claudiu.cristea, \ 
tedbow, alwaysworking, droplet, techmsi, kwoxer, xjm, alexpott, @catch, \ 
@cilefen, @Cottser, @lauriii: [regression] Table Drag handles no longer respond \ 
to up/down arrow keys"
    #2725259 by sardara, andrewmacpherson, claudiu.cristea, tedbow, \ 
alwaysworking, droplet, techmsi, kwoxer, xjm, alexpott, @catch, @cilefen, \ 
@Cottser, @lauriii: [regression] Table Drag handles no longer respond to up/down \ 
arrow keys
    #2937073 by tim.plunkett, Saviktor, tedbow: Improve robustness of FieldBlockTest
    #2973713 by quietone, Adita, etecjdo, apmsooner, mikeryan, gnuschichten, \ 
tstoeckler: cache_key source plugin configuration not documented
    #2949555 by quietone, ankitjain28may: Correct the documentation on method \ 
UserMigrationClassTest
    #3025685 by quietone: Add error msg to assertions in MigrateSourceTestBase
    #3026840 by izus: Fix plural typo in workspaces field
    #3024452 by kfritsche, hchonov, alexpott: \ 
DatabaseStorageExpirable:setWithExpireIfNotExists is not respecting expired
    #2999908 by penyaskito: View more link in recipe cards is not fully translated
    #3028819 by alwaysworking: Update username
    #2916021 by d.olaresko, wengerk, Chi, xjm, dawehner, idebr: Update \ 
"Running tests" section in core.api.php
    #2953995 by kjay, starshaped, rachel_norfolk, Vidushi Mehta, cferthorney, \ 
HAL 9000, Eli-T, markconroy, steveparks: Update the Umami Vegan Chocolate \ 
Brownie recipe
    #3028608 by danharper, Eli-T, markconroy, Not Real: Umami - favicon
    #2940027 by jmsosso: Add change record to @deprecated for AccountInterface
    #2995150 by msankhala, tim.plunkett: Command examples in \ 
core/tests/README.md are confusing and not executable
    #3024184 by seanB, andrewmacpherson, Kristen Pol: Make the tabbing order \ 
match the visual reading order in MediaLibraryWidget
    #2668416 by Krzysztof Domański, wheatpenny, Lendude, alexpott: Wrong assert \ 
in NodeTitleTest
    #2981870 by Lendude, alexpott: Duplicate BrokenSetUpTest for BrowserTestBase
    #2809513 by Lendude, brentgees: Convert AJAX part of \ 
\Drupal\responsive_image\Tests\ResponsiveImageFieldUiTest to JavascriptTestBase \ 
and the rest to BrowserTestBase
    #3027574 by tuutti: SqlContentEntityStorage no longer update entities with \ 
certain (id) fields
    #3026043 by Berdir: ConfigEntityBase::__sleep() serializes plugin instances \ 
if they were not previously initialized
    #3021395 by quietone, alexpott: \ 
MigrateDrupalTestBase::migrateContent(['translations') does not migrate \ 
translations
    Revert "Issue #3003238 by Sam152, amateescu, Berdir: \ 
EntityStorageException: Default revision can not be deleted in \ 
content_moderation_entity_revision_delete()"
    #2987418 by quietone, Kristen Pol: Rename MigrateUpgrade tests
    #3003238 by Sam152, amateescu, Berdir: EntityStorageException: Default \ 
revision can not be deleted in content_moderation_entity_revision_delete()
    #3026470 by alexpott, jrockowitz, Joseph Zhao: ArchiveTar is throwing fatal error
    Merged 8.6.7.
    Merged 8.6.6.
    #3015992 by Krzysztof Domański, alexpott, larowlan: Not affecting spacing \ 
in PhpTransliterationTest
    #2998769 by kiamlaluno, quietone, kkalaskar: @see directive used in the \ 
wrong place outputs the wrong HTML markup
    #3000677 by catch, Shane Birley, featherbelly, alexpott, larowlan: Fatal \ 
error after upgrade to 8.6x [due to regression in extension system]
    #2955457 by pfrenssen, Chewie, unrealauk, alexpott, Pol: ConfigFactory \ 
static cache gets polluted with data from config overrides
    #3020142 by mglaman, tim.plunkett: Test module no_transitions_css has \ 
invalid hook_page_attachments
    #3007973 by tim.plunkett, lukasss, xopoc, bnjmnm, stompersly: Layout builder \ 
prevents the rendering of extra fields (like Links) on pages not using Layout \ 
Builder
    #3024259 by Pol, alexpott: [PHP 7.3] Fix \ 
EnvironmentTest::providerTestCheckMemoryLimit() notice
    #3023747 by mikelutz, heddn: D6 profile migrations assume stubs, which fail
    #2978922 by brathbone, philipnorton42, msankhala, hardikpandya, alexpott, \ 
siliconmeadow: Improve batch_process() documentation
    #2845975 by quietone, Jo Fitzgerald, aleevas, maxocub, Gábor Hojtsy: \ 
Migrate Drupal 6 user profile field value option translations
    #2701829 by alexpott, andypost, Soul88, Graber, Eduardo Morales, dawehner, \ 
pingwin4eg, catch, Berdir, jibran, httang12: Extension objects should not \ 
implement \Serializable
    #2693727 by mikelutz, sanduhrs, CalebD, ajlib, Lendude, tstoeckler, catch: \ 
Limiting options for exposed Language filters causes errors and doesn't work for \ 
special languages

8.6.9:
Changes since 8.6.8:

    #2215857 followup by gaydamaka, timmillwood, alexpott, lauriii: Regression \ 
on Internet Explorer 11
    #3031128 by alexpott, TrevorBradley, indigoxela, catch, cilefen, larowlan, \ 
jibran: Update from 8.6.7 to 8.6.8 warnings - Drupal\Core\Extension\Extension \ 
has no unserializer
    Revert "Issue #2924201 by tim.plunkett, tedbow, larowlan, xjm, jibran, \ 
Kristen Pol: Resolve random failure in LayoutBuilderTest so that it can be added \ 
to HEAD"
    #2924201 by tim.plunkett, tedbow, larowlan, xjm, jibran, Kristen Pol: \ 
Resolve random failure in LayoutBuilderTest so that it can be added to HEAD

Log message:
www/drupal8: update to 8.6.6

This is a hotfix release for a regression affecting some Drush installations
that was introduced by the fix for SA-CORE-2019-002.  No other fixes are
included.

Log message:
drupal8 fix for:

Drupal\Core\Extension\Exception\UnknownExtensionException: The module standard \ 
does not exist. in Drupal\Core\Extension\ExtensionList->get() (line 257 of \ 
/usr/pkg/share/drupal/core/lib/Drupal/Core/Extension/ExtensionList.php)

e.g. when trying to put the site in maintenance mode.