Merge branch 'main' into VACMS-15055

.gitattributes

@@ -42,6 +42,8 @@
 *.xml     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
 *.yml     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
 
+composer.lock linguist-generated=false
+
 # Define binary file attributes.
 # - Do not treat them as text.
 # - Include binary diff in patches instead of "binary files differ."

.github/ISSUE_TEMPLATE/cms-design-system-experimental-addition-request.md

@@ -0,0 +1,44 @@
+---
+name: CMS Design System Experimental Addition Request
+about: Use this template for designers outside of the CMS team to request a component or pattern be added to the CMS Design System.
+title: 'Experimental Design for [component or pattern name]'
+labels: CMS design system, CMS design, CMS Team, Needs refining
+assignees: BlakeOrgan
+
+---
+
+## What
+Give a brief description of the component or pattern you want to propose.
+
+## Purpose
+What problem does this component or pattern solve for the user?
+
+## Usage
+Context or task: Explain the scenario or user tasks where this component is, or could be, used.
+
+## Behavior
+Describe the key interactions for this component.
+
+## Examples
+Include any examples you have of this component or pattern. These can be screenshots, links to a Sketch or Figma file, or links to staging or production.
+
+## Drupal Modules
+If the functionality of this component or pattern is provided through a Drupal module, please link to the module currently being used or one that you plan to use.
+
+## Accessibility
+Include any accessibility considerations.
+
+## Guidance
+What would you want to tell other teams about this component or pattern?
+
+## Research (optional)
+Include any research you have already conducted, or plan to conduct, on this component or pattern.
+
+## Code (optional)
+Include any existing code.
+
+## Next steps
+Send a message in the #cms-design channel letting the CMS team know that this request has been submitted and include a link to this ticket.
+A designer on the CMS team will review this request and will reach out to you if they have questions/comments/concerns.
+If your request is approved, you can add your component or pattern to the system.
+If you have any questions on how to add your component or pattern to the system, please reach out in the #cms-design channel.

.github/workflows/contextual-advice.yml

@@ -17,7 +17,7 @@ jobs:
       # branch or its commits, regardless of provenance.
       #
       # Do not execute any code located within the repository!
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.sha }}

.github/workflows/continuous_integration.yml

@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
       - name: Check Corresponding Entity Reference Fields
         # See also `composer va:test:check-cer` in composer.json
         run: ./tests/scripts/check-cer.sh
@@ -25,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
       - name: Composer Validate
         run: composer validate
 
@@ -35,12 +35,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
       - name: Post-Checkout Actions
         uses: ./.github/actions/post-checkout
       - name: ReviewDog
         # See also `composer va:test:eslint` in composer.json
-        uses: reviewdog/action-eslint@f2ee6727e05e6f0e46ea1d06a16f6685d3d7fb37 # v1.19.2
+        uses: reviewdog/action-eslint@10ca150f51dbbb963467c37a03c873ba1fa75f91 # v1.20.0
         with:
           reporter: github-pr-review
           eslint_flags: '--max-warnings 0 -c .eslintrc.json --no-eslintrc docroot/modules/custom/**/*.es6.js docroot/themes/custom/**/*.es6.js tests/cypress/**/*.js'
@@ -52,7 +52,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
       - name: Post-Checkout Actions
         uses: ./.github/actions/post-checkout
       - name: Run PHP_CodeSniffer and ReviewDog
@@ -76,7 +76,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
       - name: Post-Checkout Actions
         uses: ./.github/actions/post-checkout
       - name: Run PHPLint
@@ -89,13 +89,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
       - name: Post-Checkout Actions
         uses: ./.github/actions/post-checkout
       - name: Run PHPStan and ReviewDog
         # See also `composer va:test:phpstan` in composer.json
         run: |
-          export REVIEWDOG_GITHUB_API_TOKEN="${GITHUB_TOKEN}"
           bin/phpstan analyze \
             --no-progress \
             --no-interaction \
@@ -105,17 +104,19 @@ jobs:
               -name="PHPStan" \
               -f=phpstan \
               -reporter=github-pr-review \
-              -diff='git diff'
+              -fail-on-error=true \
+              -diff='git diff' \
+              -tee
         env:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          REVIEWDOG_GITHUB_API_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
 
   # Run unit tests against codebase with PHPUnit.
   phpunit:
     name: PHPUnit
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
       - name: Post-Checkout Actions
         uses: ./.github/actions/post-checkout
       - name: Run PHPUnit (Unit Tests only)
@@ -132,10 +133,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
       - name: Stylelint modules
         # See also `composer va:test:stylelint-modules` in composer.json
-        uses: reviewdog/action-stylelint@e45410880466232c34ec6ab2e0fbc15f5ce3fdd2 # v1.17.1
+        uses: reviewdog/action-stylelint@548276a94275c7865effa8d72fa8b6983d9f47c4 # v1.18.1
         with:
           fail_on_error: true
           github_token: ${{ secrets.github_token }}
@@ -145,12 +146,49 @@ jobs:
           stylelint_input: 'docroot/modules/custom/**/*.css'
       - name: Stylelint themes
         # See also `composer va:test:stylelint-themes` in composer.json
-        uses: reviewdog/action-stylelint@e45410880466232c34ec6ab2e0fbc15f5ce3fdd2 # v1.17.1
+        uses: reviewdog/action-stylelint@548276a94275c7865effa8d72fa8b6983d9f47c4 # v1.18.1
         with:
           fail_on_error: true
           github_token: ${{ secrets.github_token }}
           packages: 'stylelint-config-sass-guidelines stylelint-order'
           reporter: github-pr-review
           stylelint_config: '.stylelintrc'
           stylelint_input: 'docroot/themes/custom/**/*.scss'
-
+
+  # Warn strongly if the `composer.lock` lines changed exceed a threshold.
+  check-composer-lock-changes:
+    name: Check composer.lock changes
+    if: ${{ github.actor != 'dependabot[bot]' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+        with:
+          fetch-depth: 0
+      - name: Delete any existing comment.
+        uses: thollander/actions-comment-pull-request@d61db783da9abefc3437960d0cce08552c7c004f # v2.4.2
+        with:
+          comment_tag: check-composer-lock-changes
+          mode: delete
+          message: |
+            Checking composer.lock changes...
+      - name: Check changes in composer.lock.
+        run: |
+          LINES_CHANGED=$(git diff --numstat origin/main..HEAD -- composer.lock | awk '{print $1+$2}')
+          THRESHOLD=200
+          >&2 echo "LINES CHANGED=$LINES_CHANGED"
+          >&2 echo "THRESHOLD=$THRESHOLD"
+          echo "LINES_CHANGED=$LINES_CHANGED" >> $GITHUB_ENV
+          echo "THRESHOLD=$THRESHOLD" >> $GITHUB_ENV
+      - name: Comment if composer.lock changes exceed threshold.
+        uses: thollander/actions-comment-pull-request@d61db783da9abefc3437960d0cce08552c7c004f # v2.4.2
+        if: env.LINES_CHANGED > env.THRESHOLD
+        with:
+          comment_tag: check-composer-lock-changes
+          message: |
+            The number of lines changed in composer.lock exceeds the acceptable threshold.
+
+            - Lines changed: ${{ env.LINES_CHANGED }}
+            - Threshold: ${{ env.THRESHOLD }}
+
+            This is a warning only. Please review the changes and ensure that they are acceptable.

.github/workflows/cypress.yml

@@ -30,7 +30,7 @@ jobs:
     steps:
 
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
           # When Sorry-Cypress support is enabled on `main`, this should be
           # removed so that the `main` version of the workflow is used
@@ -47,7 +47,7 @@ jobs:
           NODE_TLS_REJECT_UNAUTHORIZED: 0
 
       - name: Cypress run
-        uses: cypress-io/github-action@7215fc1624803790752b15000c55f71354592d84 # v6.4.0
+        uses: cypress-io/github-action@59810ebfa5a5ac6fcfdcfdf036d1cd4d083a88f2 # v6.5.0
         with:
           wait-on: "${{ inputs.preview_url }}"
           command: 'npm run test:cypress:parallel'

.github/workflows/default-branch-datadog-metrics.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
       - uses: ./.github/actions/post-checkout
       - name: Find occurrences of "Implements hook" in *.module files.
         id: hook_implementations
@@ -75,7 +75,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
       - uses: ./.github/actions/post-checkout
       - name: Run PHPUnit (Unit Tests only)
         run: bin/phpunit \
@@ -197,7 +197,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
       - uses: ./.github/actions/post-checkout
       - name: Run PHPLOC and parse output for metrics.
         id: phploc_code_quality

.github/workflows/dependabot-auto-merge.yml

@@ -21,7 +21,7 @@ jobs:
 
       # Checkout repo to make package allow list available
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
 
       # Use a YAML formatted config file to list which dependencies can be auto-merged
       - name: Read list of Allowed Auto-merge Dependencies
@@ -31,15 +31,15 @@ jobs:
 
       # Get the initial AWS IAM User credentials. Only has basic permissions for sts:assumeRole
       - name: Configure AWS credentials (1)
-        uses: aws-actions/configure-aws-credentials@04b98b3f9e85f563fb061be8751a0352327246b0 # v3.0.1
+        uses: aws-actions/configure-aws-credentials@50ac8dd1e1b10d09dac7b8727528b91bed831ac0 # v3.0.2
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: us-gov-west-1
 
       # Get credentials from our SSM role. Least privilege method for AWS IAM.
       - name: Configure AWS Credentials (2)
-        uses: aws-actions/configure-aws-credentials@04b98b3f9e85f563fb061be8751a0352327246b0 # v3.0.1
+        uses: aws-actions/configure-aws-credentials@50ac8dd1e1b10d09dac7b8727528b91bed831ac0 # v3.0.2
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

.github/workflows/pull-request-labels.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
           token: "${{ secrets.GITHUB_TOKEN }}"
       - name: Autolabel

.github/workflows/s3-backup-retention.yml

@@ -21,7 +21,7 @@ jobs:
 
       # Get the initial AWS IAM User credentials. Only has basic permissions for sts:assumeRole
       - name: Configure AWS credentials (1)
-        uses: aws-actions/configure-aws-credentials@04b98b3f9e85f563fb061be8751a0352327246b0 # v3.0.1
+        uses: aws-actions/configure-aws-credentials@50ac8dd1e1b10d09dac7b8727528b91bed831ac0 # v3.0.2
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -36,7 +36,7 @@ jobs:
 
       # Get credentials from our s3 role. Least privilege method for AWS IAM.
       - name: Configure AWS credentials (1)
-        uses: aws-actions/configure-aws-credentials@04b98b3f9e85f563fb061be8751a0352327246b0 # v3.0.1
+        uses: aws-actions/configure-aws-credentials@50ac8dd1e1b10d09dac7b8727528b91bed831ac0 # v3.0.2
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

.github/workflows/set-tugboat-tests-pending.yml

@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
       - name: Set status for Tugboat tasks.
         run: |
           test_names=(

READMES/devops/deploy-oob.md

@@ -40,13 +40,13 @@ For ease of reference, the following is a breakdown of our current product deplo
 
 | Step | Time to Complete | Time Remaining After Completion |
 | ---- | ---------------- | ------------------------------- |
-| Create a PR | ~5 minutes | ~3 hours, 30 minutes |
-| Pull Request CI Tests | ~50 minutes | ~2 hours, 30 minutes |
-| [`testing/cms`](http://jenkins.vfs.va.gov/job/testing/job/cms/) Jenkins job | ~25 minutes | ~2 hours, 10 minutes |
-| [`deploys/cms-vagov-staging`](http://jenkins.vfs.va.gov/job/deploys/job/cms-vagov-staging/) Jenkins job | ~35 minutes | ~90 minutes |
-| [`cms/deploy-live-staging`](http://jenkins.vfs.va.gov/job/cms/job/deploy-live-staging/) Jenkins job | ~1 minute | ~90 minutes |
-| [`testing/cms-post-deploy-tests-staging`](http://jenkins.vfs.va.gov/job/testing/job/cms-post-deploy-tests-staging/) Jenkins job | ~55 minutes | ~35 minutes |
-| [`deploys/cms-auto-deploy`](http://jenkins.vfs.va.gov/job/deploys/job/cms-auto-deploy/) Jenkins job | ~15 minutes | ~20 minutes |
+| Create a PR | ~5 minutes | ~2 hours, 30 minutes |
+| Pull Request CI Tests | ~20 minutes | ~2 hours, 10 minutes |
+| [`testing/cms`](http://jenkins.vfs.va.gov/job/testing/job/cms/) Jenkins job | ~30 minutes | ~1 hour, 40 minutes |
+| [`deploys/cms-vagov-staging`](http://jenkins.vfs.va.gov/job/deploys/job/cms-vagov-staging/) Jenkins job | ~40 minutes | ~60 minutes |
+| [`cms/deploy-live-staging`](http://jenkins.vfs.va.gov/job/cms/job/deploy-live-staging/) Jenkins job | ~1 minute | ~60 minutes |
+| [`testing/cms-post-deploy-tests-staging`](http://jenkins.vfs.va.gov/job/testing/job/cms-post-deploy-tests-staging/) Jenkins job | ~30 minutes | ~30 minutes |
+| [`deploys/cms-auto-deploy`](http://jenkins.vfs.va.gov/job/deploys/job/cms-auto-deploy/) Jenkins job | ~15 minutes | ~15 minutes |
 | [`cms/cms-full-pipeline`](http://jenkins.vfs.va.gov/job/cms/job/cms-full-pipeline/) Jenkins job | ~7 minutes | ~10 minutes |
 | [`releases/cms`](http://jenkins.vfs.va.gov/job/releases/job/cms/) Jenkins job | ~1 minute | ~10 minutes |
 | [`deploys/cms-vagov-prod`](http://jenkins.vfs.va.gov/job/deploys/job/cms-vagov-prod/) Jenkins job | ~7 minutes | |

composer.json

@@ -20,7 +20,7 @@
         "composer/installers": "^2.2.0",
         "consolidation/site-process": "^4.1",
         "cweagans/composer-patches": "^1.7",
-        "datadog/dd-trace": "^0.90.0",
+        "datadog/dd-trace": "^0.91.0",
         "dealerdirect/phpcodesniffer-composer-installer": "0.7.2",
         "drupal/address": "^1.4",
         "drupal/admin_feedback": "^2.2",
@@ -83,7 +83,7 @@
         "drupal/geofield_map": "^3.0",
         "drupal/google_analytics": "^4.0",
         "drupal/govdelivery_bulletins": "^1.2",
-        "drupal/graphql": "^3.0",
+        "drupal/graphql": "3.1.0",
         "drupal/graphql_core": "^3.1.0",
         "drupal/graphql_menu": "^1.0@alpha",
         "drupal/graphql_metatag": "^1.0",
@@ -201,14 +201,14 @@
         "phpstan/phpstan-deprecation-rules": "^1.0",
         "phpunit/phpunit": "^9.3.0",
         "querypath/querypath": "^3.0",
-        "simplesamlphp/simplesamlphp": "^1.18",
+        "simplesamlphp/simplesamlphp": "^1.19",
         "squizlabs/php_codesniffer": "^3.5",
         "symfony/browser-kit": "^6.3",
         "symfony/config": "^4.0",
         "symfony/phpunit-bridge": "^5.1",
         "symfony/process": "^4.0",
         "symfony/routing": "^4.0",
-        "va-gov/content-build": "^0.0.3338",
+        "va-gov/content-build": "^0.0.3342",
         "vlucas/phpdotenv": "^5.3",
         "webflo/drupal-finder": "^1.0.0",
         "webmozart/path-util": "^2.3",
@@ -507,7 +507,8 @@
                 "63049395 - Get same results on different request": "https://www.drupal.org/files/issues/2019-07-18/change_request_type-63049395-09.patch"
             },
             "drupal/smart_date": {
-                "3260965 - Undefined index: #value": "https://www.drupal.org/files/issues/2022-01-27/smart_date_undefined_value_in_validation.patch"
+                "3260965 - Undefined index: #value": "https://www.drupal.org/files/issues/2022-01-27/smart_date_undefined_value_in_validation.patch",
+                "3385720 - Implement errorElement() in Widgets": "https://www.drupal.org/files/issues/2023-09-08/smart_date-implement-errorelement-3385720-3.patch"
             },
             "drupal/tablefield": {
                 "3100109 - 0 string value in cell throws empty error": "https://www.drupal.org/files/issues/2019-12-10/0-value-throwing-empty-error.patch",