VACMS-16591: Update Drupal Core to v10.2

[edmund-dunn]

Description

Closes #16591

Testing done

Tested locally

Screenshots

QA steps

There are quite a few changes that are part of this, including a few module updates that got swept up in the update process. Please review your products and report any issues that are potential blockers.

Definition of Done

• Documentation has been updated, if applicable.
• Tests have been added if necessary.
• Automated tests have passed.
• Code Quality Tests have passed.
• Acceptance Criteria in related issue are met.
• Manual Code Review Approved.
• If there are field changes, front end output has been thoroughly checked.

Select Team for PR review

• CMS Team
• Public websites
• Facilities
• User support
• Accelerated Publishing

Is this PR blocked by another PR?

• DO NOT MERGE

Does this PR need review from a Product Owner

• Needs PO review

CMS user-facing announcement

Is an announcement needed to let editors know of this change?

• Yes, and it's written in issue ____ and queued for publication.
  • Merge and ping the UX writer so they are ready to publish after deployment
• Yes, but it hasn't yet been written
  • Don't merge yet -- ping the UX writer to write and queue content
• No announcement is needed for this code change.
  • Merge & carry on unburdened by announcements

[ndouglas]

🚨 This can't merge yet -- it'll break on BRD. 🚨

There are a number of things in the devops repo that hardcode references to /usr/local/bin/drush. Those all need to be ripped out first. I'm working on that in #16658 .

EDIT: This should be good to go now.

[swirtSJW]

This looks good and seems to be functioning fine (as near as I can tell with limited testing). One small request for history/future sake.

[swirtSJW]

It does seem like a lot of modules I would not have expected to be updated by a core update were touched.
Just double checking that all of these came in with
ddev composer update drupal/core --with-dependencies?

[swirtSJW]

Drupal modules that got bumped:

1. animated_gif
2. core_event_dispatcher (switched from stable to RC)
3. field_event_dispatcher(switched from stable to RC)
4. geocoder
5. geofield
6. danse
7. graphql_core
8. inline_entity_form
9. simple_oauth
10. subrequests
11. views_bulk_operations

Other supports

1. drush
2. guzzle
3. league
4. symfony

[tjheffner]

No concerns here for AP purposes, JSON:API outputs as expected

[swirtSJW]

Tested and looked into all the misc module bumps.

#16822 (comment)

For me the only two things of concern are:

1. The abrupt jump from hook_event_dispatcher from 3.3.4 ->4.0.0-rc1 A version jump and a jump from a stable release to a release candidate is a bit jarring. I looked through the release notes for anything indicating a breaking change or a need for updated config but did not see anything called out specifically.
2. The security updates in GraphQL had advice on how calls should be performed by downstream callers. But I did not see any indication in the VA CMS issue or on this PR that our primary downstream caller, (content-build) or VA forms, or chatbot teams were notified that they should check for any changes that might be needed.

[Becapa]

Steve's review covers a lot of it, but this manually tests well from a Public Websites standpoint - Comment in 16806.

[jilladams]

@edmund-dunn @BerniXiongA6 @maortiz-27-80 can y'all help clarify for the concerns flagged in code review what is y'alls take on those?