Update az-digital/az_quickstart requirement from 2.10.7 to 2.11.0 in /upstream

[dependabot]

Updates the requirements on az-digital/az_quickstart to permit the latest version.

Release notes

Sourced from az-digital/az_quickstart's releases.

2.11.0

Important Notes

1. End of Security Support for Quickstart 2.9.x

Quickstart 2.9.x will no longer receive security support. Sites on Quickstart 2.9.x or earlier should upgrade to a supported release as soon as possible. See our release policy for more information.

2. Update to Drupal 10.3

Quickstart 2.11.0 includes an update from Drupal Core 10.2 to Drupal Core 10.3.1. Be sure to read both the 10.3.0 release notes and the 10.3.1 release notes.

3. Removal of Deprecated Modules

Modules deprecated as of 2.9.x have been removed from Quickstart 2.11.x and should be uninstalled on sites before upgrading to 2.11.x (unless they have been added to a site-specific composer.json file).

• block_content_permissions

4. Chaos Tools (ctools) Dependency Removed from Quickstart 2

Quickstart no longer has a runtime dependency on the ctools module, and the module has been slated for removal. This might cause problems if other modules implicitly use ctools functionality without depending on it.

Note that for backwards compatibility, the composer definition still depends on the ctools project, but it's no longer installed on new projects and existing projects may uninstall it if they are not using it.

The composer definition is there so that existing sites do not automatically have the code removed underneath them and continue to work. This will be removed in the future in a new major version. It is recommended to either add an explicit dependency on ctools if you plan to keep using it or uninstall it.

To fully remove ctools from the project, add a replace section to the root composer.json:

"replace": {
  "drupal/ctools": "*"
}

Note that this will also skip it in case another module depends on it and the definition will need to be removed then.

Before uninstalling ctools, verify that no configuration dependencies remain on views or other config entities. Views should have that dependency removed automatically when resaving them.

5. WebP Image Conversion

This release adds a WebP conversion step to all image styles provided by AZ Quickstart and Drupal core. A patch for Drupal core has also been included that adds a directive to the .htaccess file included with Drupal core to ensure the WebP image MIME type is supported. Sites hosted on Apache web servers may need to update their .htaccess files to take advantage of this improvement.

6. New NetID field on AZ Person

A new NetID field has been added to the AZ Person content type. Sites that have added additional fields to the AZ Person content type may need to adjust the field display and form display settings for the AZ Person content type after applying configuration changes from the distribution. This new field will be needed for planned future AZQS integrations and enhancements.

7. Sanitization of Filenames

Quickstart now sanitizes the names of uploaded files by default to replace whitespace and non-alphanumeric characters with a dash. This change only affects newly uploaded files. For more details on this change, see the relevant Quickstart issue and Drupal change record.

How to Update

• Important: Database updates and Distribution configuration updates should always be applied when updating Quickstart sites.
• Important: Updating from a Quickstart codebase version less than 2.6.x is no longer supported. To update to a Quickstart 2.11.x release (e.g. 2.11.0) from a version less than 2.6.8 you must first update to 2.6.8 or greater and run database updates. Database updates added to Quickstart prior to version 2.6.0 have been removed in 2.7.x, 2.8.x, and 2.9.x. Also, some core modules included in Drupal 9 have been removed in Drupal 10. For more relevant info about upgrading from 2.6.x, see Quickstart 2.7.0 Upgrade Notes.
• For Site Updaters Managing Their Own Environments: With the inclusion of a minor Drupal update in this release, it's imperative for site updaters who manage their own environments to thoroughly review the Drupal release notes and their own setups. Please review https://github.com/az-digital/az-quickstart-scaffolding for the latest recommendations.
• Refer to Quickstart 2.11.0 Upgrade Notes on the wiki for more information about updating to 2.11.

... (truncated)

Changelog

Sourced from az-digital/az_quickstart's changelog.

Arizona Quickstart Releases

The overarching goal of this release policy is to make sure that developers know what to expect when they use Arizona Quickstart for their websites. Arizona Quickstart has adopted semantic versioning to allow site maintainers to keep websites up to date with security updates and other critical improvements without having to track the ongoing feature development of Arizona Quickstart.

Release Overview

Arizona Digital will support two minor releases at a time with ongoing patch releases. This process will allow for flexibility of development while allowing site owners to have more stable websites with fewer ongoing updates.

Note: When an Arizona Quickstart minor release contains a major or minor Drupal core release, it will be vital that existing sites are updated to the latest patch release of the previous minor version of Arizona Quickstart and ensure that Drupal database updates have been applied BEFORE updating to the new minor release.

Patch Releases (x.y.Z)

Patch releases will be applied to the current development branch first and then backported to the currently supported minor release(s). These will be released as necessary and limited to:

• Arizona Quickstart (install profile, custom modules, custom theme)
  • Bug fixes
  • Accessibility improvements
  • Performance improvements
  • Security improvements
  • Critical institutional link changes
  • Critical brand changes
  • Add Experimental modules
  • Update Experimental modules
• Third-party code / dependencies
  • Drupal core
    • Security updates
    • Patch level releases (non-security bug-fix releases)
    • Removal of patches that are no longer necessary
  • Drupal contrib projects
    • Security updates
    • Patch and minor level updates
    • Addition of new modules
    • Removal of patches that are no longer necessary

Minor Releases (x.Y.z)

The following types of changes are allowed for minor releases in addition to those allowed for patch releases.

• Functionality and frontend
  • New features
  • Experimental modules changed to Stable
  • Enable formally experimental modules by default or via database update.
  • Changes to behavior that existing sites might rely on
  • CSS, markup or template changes
    • Not critical brand changes (see patch release)
    • Breaking changes that require manual action to return content to previous visual state
    • Changes to visual appearance of a website
• Third-party code / dependencies
  • Drupal core
    • Major or minor level releases
  • Drupal contrib projects
    • Major level releases
• APIs
  • New internal APIs or API improvements with backwards compatibility
• Coding Standards
  • Risky or disruptive cleanups to comply with coding standards

... (truncated)

Commits

• f325a18 Preparing to tag 2.11.0.
• b68817d Closes #3597: Add lifecycle_link to experimental modules documentation in exp...
• d62c80f Close #3602 transpile JS with build tools lando yarn run build (#3603)
• 7199de6 Fix #3599 Can no longer save text format and editor configuration form, and u...
• a809b0b Closes #3473: Adding policy recommendations for Experimental Modules (#3477)
• 5a31aa7 Closes #3567 Styling adjustments for the AZ Finder exposed form (AZDIGITAL-15...
• 1dc97e8 Fixes #3591 Add NetID Unique Constraint (#3592)
• 4c4a0c6 Close #3588 Allow newly enabled module config to be overridden. (#3589)
• 0c112db Close #3586 Set lifecycle key in info files of experimental modules. (#3587)
• f7520fd Closes #3445 Make config dependencies, module dependencies in az_paragraphs:a...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[joeparsons]

We'll be merging #266 instead.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.