Update Minor and Patch Core to ~11.1.0

composer.json

@@ -11,8 +11,8 @@
         "drupal/coffee": "^2",
         "drupal/config_split": "^2",
         "drupal/config_update": "^2@alpha",
-        "drupal/core-composer-scaffold": "~11.0.7",
-        "drupal/core-recommended": "~11.0.7",
+        "drupal/core-composer-scaffold": "~11.1.0",
+        "drupal/core-recommended": "~11.1.0",
         "drupal/environment_indicator": "^4.0",
         "drupal/pathauto": "^1.13",
         "drupal/redirect": "^1.10",
@@ -33,7 +33,7 @@
         "drevops/behat-format-progress-fail": "^1.2",
         "drevops/behat-screenshot": "^1.5",
         "drevops/behat-steps": "^2.4",
-        "drupal/core-dev": "~11.0.7",
+        "drupal/core-dev": "~11.1.0",
         "drupal/drupal-extension": "^5",
         "ergebnis/composer-normalize": "^2.43",
         "mglaman/phpstan-drupal": "^1.3",

recipes/.gitignore

@@ -0,0 +1 @@
+/README.txt

renovate.json

@@ -51,7 +51,8 @@
                 "/.*/",
                 "!drupal/core-composer-scaffold",
                 "!drupal/core-project-message",
-                "!drupal/core-recommended"
+                "!drupal/core-recommended",
+                "!drupal/core-dev"
             ]
         },
         {
@@ -70,7 +71,8 @@
             "matchDepNames": [
                 "drupal/core-composer-scaffold",
                 "drupal/core-project-message",
-                "drupal/core-recommended"
+                "drupal/core-recommended",
+                "drupal/core-dev"
             ]
         },
         {

web/sites/default/default.services.yml

@@ -38,6 +38,10 @@ parameters:
     # To maximize compatibility and normalize the behavior across user agents,
     # the cookie domain should start with a dot.
     #
+    # Sessions themselves will only be synchronized across subdomains if they
+    # are all served from the same Drupal installation or if some other session
+    # sharing mechanism is implemented.
+    #
     # @default none
     # cookie_domain: '.example.com'
     #
@@ -47,23 +51,6 @@ parameters:
     # information.
     # @default no value
     cookie_samesite: Lax
-    #
-    # Set the session ID string length. The length can be between 22 to 256. The
-    # PHP recommended value is 48. See
-    # https://www.php.net/manual/session.security.ini.php for more information.
-    # This value should be kept in sync with
-    # \Drupal\Core\Session\SessionConfiguration::__construct()
-    # @default 48
-    sid_length: 48
-    #
-    # Set the number of bits in encoded session ID character. The possible
-    # values are '4' (0-9, a-f), '5' (0-9, a-v), and '6' (0-9, a-z, A-Z, "-",
-    # ","). The PHP recommended value is 6. See
-    # https://www.php.net/manual/session.security.ini.php for more information.
-    # This value should be kept in sync with
-    # \Drupal\Core\Session\SessionConfiguration::__construct()
-    # @default 6
-    sid_bits_per_character: 6
     # By default, Drupal generates a session cookie name based on the full
     # domain name. Set the name_suffix to a short random string to ensure this
     # session cookie name is unique on different installations on the same
@@ -216,20 +203,39 @@ parameters:
   # Note: By default the configuration is disabled.
   cors.config:
     enabled: false
-    # Specify allowed headers, like 'x-allowed-header'.
+    # Specifies allowed headers and sets the Access-Control-Allow-Headers
+    # header. For example, ['X-Custom-Header']. See
+    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
     allowedHeaders: []
-    # Specify allowed request methods, specify ['*'] to allow all possible ones.
+    # Specifies allowed request methods and sets the
+    # Access-Control-Allow-Methods header. For example, ['POST', 'GET',
+    # 'OPTIONS'] or ['*'] to allow all. Note the wildcard is not yet implemented
+    # in all browsers. See
+    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
     allowedMethods: []
-    # Configure requests allowed from specific origins. Do not include trailing
-    # slashes with URLs.
+    # Configure requests allowed from specific origins and sets the
+    # Access-Control-Allow-Origin header. For example,
+    # ['https://www.drupal.org'] or ['*'] to allow any origin to access your
+    # resource. See
+    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
     allowedOrigins: ['*']
     # Configure requests allowed from origins, matching against regex patterns.
     allowedOriginsPatterns: []
-    # Sets the Access-Control-Expose-Headers header.
+    # Sets the Access-Control-Expose-Headers header. The default is false which
+    # means the header will not be set. To set the header use a comma delimited
+    # list within square brackets. For example, ['Content-Type', 'Expires'] or
+    # ['*'] to expose all headers. Setting exposedHeaders: ['*'] will result in
+    # a Access-Control-Expose-Headers: * response header. See
+    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
     exposedHeaders: false
-    # Sets the Access-Control-Max-Age header.
+    # Setting Access-Control-Max-Age header value to '0' or false will omit this
+    # from the response. However, setting it to '-1' will explicitly disable
+    # caching. For example, setting the value to 600 will cache results of a
+    # preflight request for 10 minutes. See
+    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
     maxAge: false
-    # Sets the Access-Control-Allow-Credentials header.
+    # Sets the Access-Control-Allow-Credentials header if set to true. See
+    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
     supportsCredentials: false
 
   queue.config: