[#124455] Update 8.x Drupal

-Updated to 8.9.9 core
-Updated to latest available modules

.csslintrc

+--errors=box-model,
+         display-property-grouping,
+         duplicate-background-images,
+         duplicate-properties,
+         empty-rules,
+         ids,
+         import,
+         important,
+         known-properties,
+         outline-none,
+         overqualified-elements,
+         qualified-headings,
+         shorthand,
+         star-property-hack,
+         text-indent,
+         underscore-property-hack,
+         unique-headings,
+         unqualified-attributes,
+         vendor-prefix,
+         zero-units
+--ignore=adjoining-classes,
+         box-sizing,
+         bulletproof-font-face,
+         compatible-vendor-prefixes,
+         errors,
+         fallback-colors,
+         floats,
+         font-faces,
+         font-sizes,
+         gradients,
+         import-ie-limit,
+         order-alphabetical,
+         regex-selectors,
+         rules-count,
+         selector-max,
+         selector-max-approaching,
+         selector-newline,
+         universal-selector
+--exclude-list=core/assets,
+               vendor

.editorconfig

+# Drupal editor configuration normalization
+# @see http://editorconfig.org/
+
+# This is the top-most .editorconfig file; do not search in parent directories.
+root = true
+
+# All files.
+[*]
+end_of_line = LF
+indent_style = space
+indent_size = 2
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[composer.{json,lock}]
+indent_size = 4

.eslintignore

+core/**/*
+vendor/**/*
+sites/**/files/**/*
+libraries/**/*
+sites/**/libraries/**/*
+profiles/**/libraries/**/*
+**/js_test_files/**/*
+**/node_modules/**/*

.eslintrc.json

+{
+  "extends": "./core/.eslintrc.json"
+}

.gitattributes

+# Drupal git normalization
+# @see https://www.kernel.org/pub/software/scm/git/docs/gitattributes.html
+# @see https://www.drupal.org/node/1542048
+
+# Normally these settings would be done with macro attributes for improved
+# readability and easier maintenance. However macros can only be defined at the
+# repository root directory. Drupal avoids making any assumptions about where it
+# is installed.
+
+# Define text file attributes.
+# - Treat them as text.
+# - Ensure no CRLF line-endings, neither on checkout nor on checkin.
+# - Detect whitespace errors.
+#   - Exposed by default in `git diff --color` on the CLI.
+#   - Validate with `git diff --check`.
+#   - Deny applying with `git apply --whitespace=error-all`.
+#   - Fix automatically with `git apply --whitespace=fix`.
+
+*.config  text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.css     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.dist    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.engine  text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.html    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=html
+*.inc     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.install text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.js      text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.json    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.lock    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.map     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.md      text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.module  text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.php     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.po      text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.profile text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.script  text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.sh      text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.sql     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.svg     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.theme   text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.twig    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.txt     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.xml     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.yml     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+
+# Define binary file attributes.
+# - Do not treat them as text.
+# - Include binary diff in patches instead of "binary files differ."
+*.eot     -text diff
+*.exe     -text diff
+*.gif     -text diff
+*.gz      -text diff
+*.ico     -text diff
+*.jpeg    -text diff
+*.jpg     -text diff
+*.otf     -text diff
+*.phar    -text diff
+*.png     -text diff
+*.svgz    -text diff
+*.ttf     -text diff
+*.woff    -text diff
+*.woff2   -text diff

.gitignore

@@ -4,3 +4,9 @@ sites/*/files/*
 !sites/*/files/translations
 sites/*/private
 sites/*/settings.php
+# Exclude update module
+docroot/core/modules/update
+
+# Exclude IDE specific directories.
+.idea
+.vscode

.ht.router.php

+<?php
+
+/**
+ * @file
+ * Router script for the built-in PHP web server.
+ *
+ * The built-in web server should only be used for development and testing as it
+ * has a number of limitations that makes running Drupal on it highly insecure
+ * and somewhat limited.
+ *
+ * Note that:
+ * - The server is single-threaded, any requests made during the execution of
+ *   the main request will hang until the main request has been completed.
+ * - The web server does not enforce any of the settings in .htaccess in
+ *   particular a remote user will be able to download files that normally would
+ *   be protected from direct access such as .module files.
+ *
+ * The router script is needed to work around a bug in PHP, see
+ * https://bugs.php.net/bug.php?id=61286.
+ *
+ * Usage:
+ * php -S localhost:8888 .ht.router.php
+ *
+ * @see http://php.net/manual/en/features.commandline.webserver.php
+ */
+
+$url = parse_url($_SERVER['REQUEST_URI']);
+if (file_exists(__DIR__ . $url['path'])) {
+  // Serve the requested resource as-is.
+  return FALSE;
+}
+
+// Work around the PHP bug.
+$path = $url['path'];
+$script = 'index.php';
+if (strpos($path, '.php') !== FALSE) {
+  // Work backwards through the path to check if a script exists. Otherwise
+  // fallback to index.php.
+  do {
+    $path = dirname($path);
+    if (preg_match('/\.php$/', $path) && is_file(__DIR__ . $path)) {
+      // Discovered that the path contains an existing PHP file. Use that as the
+      // script to include.
+      $script = ltrim($path, '/');
+      break;
+    }
+  } while ($path !== '/' && $path !== '.');
+}
+
+// Update $_SERVER variables to point to the correct index-file.
+$index_file_absolute = $_SERVER['DOCUMENT_ROOT'] . DIRECTORY_SEPARATOR . $script;
+$index_file_relative = DIRECTORY_SEPARATOR . $script;
+
+// SCRIPT_FILENAME will point to the router script itself, it should point to
+// the full path of index.php.
+$_SERVER['SCRIPT_FILENAME'] = $index_file_absolute;
+
+// SCRIPT_NAME and PHP_SELF will either point to index.php or contain the full
+// virtual path being requested depending on the URL being requested. They
+// should always point to index.php relative to document root.
+$_SERVER['SCRIPT_NAME'] = $index_file_relative;
+$_SERVER['PHP_SELF'] = $index_file_relative;
+
+// Require the script and let core take over.
+require $_SERVER['SCRIPT_FILENAME'];

.htaccess

@@ -3,7 +3,7 @@
 #
 
 # Protect files and directories from prying eyes.
-<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
+<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
   <IfModule mod_authz_core.c>
     Require all denied
   </IfModule>
@@ -27,16 +27,9 @@ AddEncoding gzip svgz
 # Drupal\Core\DrupalKernel::bootEnvironment() for settings that can be
 # changed at runtime.
 
-# PHP 5, Apache 1 and 2.
-<IfModule mod_php5.c>
+# PHP 7, Apache 1 and 2.
+<IfModule mod_php7.c>
   php_value assert.active                   0
-  php_flag session.auto_start               off
-  php_value mbstring.http_input             pass
-  php_value mbstring.http_output            pass
-  php_flag mbstring.encoding_translation    off
-  # PHP 5.6 has deprecated $HTTP_RAW_POST_DATA and produces warnings if this is
-  # not set.
-  php_value always_populate_raw_post_data   -1
 </IfModule>
 
 # Requires mod_expires to be enabled.
@@ -167,9 +160,9 @@ AddEncoding gzip svgz
     RewriteCond %{REQUEST_FILENAME}\.gz -s
     RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
 
-    # Serve correct content types, and prevent mod_deflate double gzip.
-    RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
-    RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
+    # Serve correct content types, and prevent double compression.
+    RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1,E=no-brotli:1]
+    RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1,E=no-brotli:1]
 
     <FilesMatch "(\.js\.gz|\.css\.gz)$">
       # Serve correct encoding type.

README.txt

@@ -9,6 +9,7 @@ CONTENTS OF THIS FILE
  * Developing for Drupal
  * More information
 
+
 ABOUT DRUPAL
 ------------
 
@@ -23,6 +24,7 @@ Legal information about Drupal:
  * Learn about the Drupal trademark and logo policy:
    https://www.drupal.com/trademark
 
+
 CONFIGURATION AND FEATURES
 --------------------------
 
@@ -68,7 +70,7 @@ the required extensions separately; place the downloaded profile in the
 
 More about installation profiles and distributions:
  * Read about the difference between installation profiles and distributions:
-   https://www.drupal.org/node/1089736
+   https://www.drupal.org/docs/8/distributions/creating-distributions
  * Download contributed installation profiles and distributions:
    https://www.drupal.org/project/distributions
  * Develop your own installation profile or distribution:
@@ -89,6 +91,7 @@ More about themes:
  * Develop your own theme:
    https://www.drupal.org/docs/8/theming
 
+
 DEVELOPING FOR DRUPAL
 ---------------------
 
@@ -120,6 +123,7 @@ More about developing:
  * Learn from documented Drupal API examples:
    https://www.drupal.org/project/examples
 
+
 MORE INFORMATION
 ----------------
 

composer.json

@@ -4,49 +4,55 @@
     "type": "project",
     "license": "GPL-2.0-or-later",
     "require": {
-        "composer/installers": "^1.0.24",
-        "wikimedia/composer-merge-plugin": "^1.4",
-        "drupal/bootstrap": "^3.16",
+        "composer/installers": "^1.7",
         "drupal/admin_toolbar": "^1.25",
+        "drupal/blazy": "^1.0",
+        "drupal/bootstrap": "^3.16",
+        "drupal/ckeditor_font": "^1.0",
+        "drupal/colorbutton": "^1.3",
+        "drupal/config_ignore": "^2.1",
         "drupal/config_pages": "^2.2",
+        "drupal/config_split": "^1.4",
+        "drupal/cookieconsent": "^1.4",
+        "drupal/core-composer-scaffold": "8.9.9",
+        "drupal/core-project-message": "8.9.9",
+        "drupal/core-recommended": "8.9.9",
+        "drupal/devel": "^1.2",
         "drupal/dropzonejs": "^2.0",
+        "drupal/embed": "^1.0",
         "drupal/entity_browser": "^2.0",
+        "drupal/entity_embed": "^1.0",
+        "drupal/google_analytics": "^2.3",
         "drupal/linkit": "^4.3",
+        "drupal/mailsystem": "^4.1",
         "drupal/media_bulk_upload": "^1.0",
         "drupal/media_entity_browser": "^2.0",
         "drupal/metatag": "^1.7",
         "drupal/module_filter": "^3.1",
+        "drupal/paragraphs": "^1.5",
         "drupal/paragraphs_browser": "^1.0",
         "drupal/paragraphs_browser_previewer": "^1.0",
         "drupal/paragraphs_previewer": "^1.2",
-        "drupal/webform": "^5.0",
         "drupal/pathauto": "^1.3",
-        "drupal/paragraphs": "^1.5",
-        "drupal/ckeditor_font": "^1.0",
-        "drupal/cookieconsent": "^1.4",
-        "drupal/google_analytics": "^2.3",
         "drupal/redirect": "^1.3",
-        "drupal/colorbutton": "^1.1",
-        "drupal/embed": "^1.0",
-        "drupal/entity_embed": "^1.0",
-        "drupal/blazy": "^1.0",
-        "drupal/mailsystem": "^4.1",
         "drupal/slick": "^1.1",
         "drupal/slick_entityreference": "^1.1",
         "drupal/video_embed_field": "^2.0",
+        "drupal/webform": "^5.0",
         "drush/drush": "^9.5",
-        "drupal/devel": "^1.2",
-        "drupal/config_split": "^1.4",
-        "drupal/config_ignore": "^2.1"
-    },
-    "replace": {
-        "drupal/core": "^8.6"
+        "oomphinc/composer-installers-extender": "^2.0"
     },
     "minimum-stability": "dev",
     "prefer-stable": true,
     "config": {
         "preferred-install": "dist",
-        "autoloader-suffix": "Drupal8"
+        "autoloader-suffix": "Drupal8",
+        "allow-plugins": {
+            "drupal/core-composer-scaffold": true,
+            "drupal/core-project-message": true,
+            "composer/installers": true,
+            "oomphinc/composer-installers-extender": true
+        }
     },
     "extra": {
         "_readme": [
@@ -100,12 +106,14 @@
         }
     },
     "scripts": {
+        "pre-install-cmd": "Drupal\\Composer\\Composer::ensureComposerVersion",
+        "pre-update-cmd": "Drupal\\Composer\\Composer::ensureComposerVersion",
         "pre-autoload-dump": "Drupal\\Core\\Composer\\Composer::preAutoloadDump",
-        "post-autoload-dump": "Drupal\\Core\\Composer\\Composer::ensureHtaccess",
-        "post-package-install": "Drupal\\Core\\Composer\\Composer::vendorTestCodeCleanup",
-        "post-package-update": "Drupal\\Core\\Composer\\Composer::vendorTestCodeCleanup",
         "drupal-phpunit-upgrade-check": "Drupal\\Core\\Composer\\Composer::upgradePHPUnit",
-        "drupal-phpunit-upgrade": "@composer update phpunit/phpunit --with-dependencies --no-progress",
+        "drupal-phpunit-upgrade": "@composer update phpunit/phpunit symfony/phpunit-bridge phpspec/prophecy symfony/yaml --with-dependencies --no-progress",
+        "post-update-cmd": [
+            "Drupal\\Composer\\Composer::generateMetapackages"
+        ],
         "phpcs": "phpcs --standard=core/phpcs.xml.dist --runtime-set installed_paths $($COMPOSER_BINARY config vendor-dir)/drupal/coder/coder_sniffer --",
         "phpcbf": "phpcbf --standard=core/phpcs.xml.dist --runtime-set installed_paths $($COMPOSER_BINARY config vendor-dir)/drupal/coder/coder_sniffer --"
     },

core/.eslintignore

@@ -5,3 +5,4 @@ node_modules/**/*
 !*.es6.js
 modules/locale/tests/locale_test.es6.js
 !tests/Drupal/Nightwatch/**/*.js
+misc/polyfills/object.assign.es6.js

core/.eslintrc.json

@@ -17,8 +17,11 @@
     "jQuery": true,
     "_": true,
     "matchMedia": true,
+    "Cookies": true,
     "Backbone": true,
     "Modernizr": true,
+    "Popper": true,
+    "Sortable": true,
     "CKEDITOR": true
   },
   "rules": {

core/.stylelintignore

+themes/claro/**/*.css
+!themes/claro/**/*.pcss.css

core/CHANGELOG.txt

-New minor (feature) releases of Drupal 8 are released every six months and
+New minor (feature) releases of Drupal are released every six months and
 patch (bugfix) releases are released every month. More information on the
-Drupal 8 release cycle: https://www.drupal.org/core/release-cycle-overview
+Drupal release cycle: https://www.drupal.org/core/release-cycle-overview
 
 * For a full list of fixes in the latest release, visit:
- https://www.drupal.org/8/download
+ https://www.drupal.org/latest-release
 * API change records for Drupal core:
  https://www.drupal.org/list-changes/drupal

core/COPYRIGHT.txt

-All Drupal code is Copyright 2001 - 2013 by the original authors.
+All Drupal code is Copyright 2001 - 2020 by the original authors.
 
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -24,45 +24,36 @@ Javascript
 
   Farbtastic - Copyright (c) 2010 Matt Farina
 
-  HTML5 Shiv - Copyright (c) 2012  Alexander Farkas, Jonathan Neal, Paul Irish,
+  HTML5 Shiv - Copyright (c) 2014  Alexander Farkas, Jonathan Neal, Paul Irish,
     and John-David Dalton
 
   jQuery - Copyright (c) 2011 John Resig
 
-  jQuery Bgiframe - Copyright (c) 2010 Brandon Aaron (http://brandonaaron.net)
+  jQuery Bgiframe - Copyright (c) 2013 Brandon Aaron (http://brandonaaron.net)
 
   jQuery BBQ - Copyright (c) 2010 "Cowboy" Ben Alman
 
-  jQuery Cookie - Copyright (c) 2010 Klaus Hartl
+  jQuery Cookie - Copyright (c) 2014 Klaus Hartl
 
-  jQuery Form - Copyright (c) 2011 Mike Alsup
+  jQuery Form - Copyright (c) 2017 Kevin Morris
 
   jQuery Globalize - Copyright (c) 2012 Software Freedom Conservancy, Inc.
 
-  jQuery Mousewheel - Copyright (c) 2010 Brandon Aaron
-    (http://brandonaaron.net)
+  jQuery Mousewheel - Copyright OpenJS Foundation and other contributors
+    (https://openjsf.org/)
 
   jQuery Metadata - Copyright (c) 2006 John Resig, Yehuda Katz, Jörn Zaefferer,
     Paul McLanahan
 
   jQuery Once - Copyright (c) 2009 Konstantin Käfer
 
-  jQuery UI - Copyright (c) 2012 by the original authors
+  jQuery UI - Copyright (c) 2015 by the authors and other contributors
     (http://jqueryui.com/about)
 
-  Sizzle.js - Copyright (c) 2011 The Dojo Foundation (http://sizzlejs.com/)
+  Sizzle.js - Copyright (c) 2016 JS Foundation and other contributors
+    (https://js.foundation)
 
 PHP
 
-  ArchiveTar - Copyright (c) 1997 - 2008 Vincent Blavet
-
-  Doctrine Common - Copyright (c) 2006 - 2012 Alexander Mols, Benjamin Eberlei,
-    Fabio B. Silva, Guilherme Blanco, Johannes M. Schmitt, Jonathan Wage,
-    Lukas K. Smith, Marco Pivetta et al.
-
-  Symfony2 - Copyright (c) 2004 - 2012 Fabien Potencier
-    - YUI - Copyright (c) 2010 Yahoo! Inc.
-    - Zend Framework (1.10dev - 2010-01-24) - Copyright (c) 2005-2010 Zend
-      Technologies USA Inc. (http://www.zend.com)
-
-  Twig - Copyright (c) 2009 Twig Team
+  Drupal depends on numerous PHP Composer packages. All Composer packages
+    retain the copyright of the authors.

core/INSTALL.sqlite.txt

@@ -2,11 +2,8 @@
 SQLITE REQUIREMENTS
 -------------------
 
-To use SQLite with your Drupal installation, the following requirements must be
-met: Server has PHP 5.3.10 or later with PDO, and the PDO SQLite driver must be
-enabled.
-
-If you have not pdo_sqlite available depending on your system there are different ways to install it.
+PHP's PDO SQLite driver must be enabled. If you do not have pdo_sqlite
+available, depending on your system there are different ways to install it.
 
 Windows
 -------
@@ -23,13 +20,13 @@ SQLITE DATABASE CREATION
 The Drupal installer will create the SQLite database for you. The only
 requirement is that the installer must have write permissions to the directory
 where the database file resides. This directory (not just the database file) also
-has to remain writeable by the web server going forward for SQLite to continue to
+has to remain writable by the web server going forward for SQLite to continue to
 be able to operate.
 
 On the "Database configuration" form in the "Database file" field, you must
 supply the exact path to where you wish your database file to reside. It is
 strongly suggested that you choose a path that is outside of the webroot, yet
-ensure that the directory is writeable by the web server.
+ensure that the directory is writable by the web server.
 
 If you must place your database file in your webroot, you could try using the
 following in your "Database file" field:

core/INSTALL.txt

@@ -15,7 +15,7 @@ QUICKSTART
 ----------------------
 
 Prerequisites:
-- PHP 5.5.9 (or greater) (https://php.net).
+- PHP 7.0.8 (or greater) (https://php.net).
 
 In the instructions below, replace the version x.y.z with the specific version
 you wish to download. Example: 8.6.0.zip. You can find the latest stable version
@@ -48,8 +48,8 @@ Drupal requires:
 - A web server with PHP support, for example:
   - Apache 2.0 (or greater) (http://httpd.apache.org/).
   - Nginx 1.1 (or greater) (http://nginx.com/).
-- PHP 5.5.9 (or greater) (http://php.net/). For better security support it is
-  recommended to update to at least 5.5.21 or 5.6.5.
+- PHP 7.0.8 (or greater) (http://php.net/). For better security support it is
+  recommended to update to at least 7.2.17.
 - One of the following databases:
   - MySQL 5.5.3 (or greater) (http://www.mysql.com/).
   - MariaDB 5.5.20 (or greater) (https://mariadb.org/). MariaDB is a fully
@@ -93,10 +93,6 @@ OPTIONAL SERVER REQUIREMENTS
   configuration allows the web server to initiate outbound connections. Most web
   hosting setups allow this.
 
-- PHP 5.5.21 provides features for improved security when used with MySQL. While
-  this is not required, it is highly encouraged to use PHP 5.5.21 or 5.6.5 and
-  above.
-
 INSTALLATION
 ------------
 
@@ -180,7 +176,7 @@ INSTALLATION
       permissions on the sites/default directory. The web server can then
       create the files directory within it for you.
 
-      For example, on a Unix/Linux command line, you can you can grant everyone
+      For example, on a Unix/Linux command line, you can grant everyone
       (including the web server) permission to write to the sites/default
       directory with this command:
 
@@ -194,7 +190,7 @@ INSTALLATION
         chmod a+w sites/default/files
 
       Be sure to set the permissions for the default directory back after the
-      installation is finished! (Leave the files directory writeable.)
+      installation is finished! (Leave the files directory writable.)
       Sample command:
 
         chmod go-w sites/default
@@ -238,7 +234,7 @@ INSTALLATION
    maintenance account on a "Welcome" page. If the default Drupal theme is not
    displaying properly and links on the page result in "Page Not Found" errors,
    you may be experiencing problems with clean URLs. Visit
-   https://www.drupal.org/getting-started/clean-urls to troubleshoot.
+   https://www.drupal.org/docs/8/clean-urls-in-drupal-8 to troubleshoot.
 
 5. Change file system storage settings (optional).
 
@@ -333,7 +329,7 @@ INSTALLATION
    cron key, is available in the "Cron maintenance tasks" section of the Status
    report page at Administration > Reports > Status report.
 
-   As an example for how to set up this automated process, you can use the
+   As an example of how to set up this automated process, you can use the
    crontab utility on Unix/Linux systems. The following crontab line uses the
    wget command to visit the cron page, and runs each hour, on the hour:
 
@@ -405,7 +401,7 @@ The new directory name is constructed from the site's URL. The configuration
 for www.example.com could be in 'sites/example.com/settings.php' (note that
 'www.' should be omitted if users can access your site at http://example.com/).
 
-  $ cp sites/default/defaults.settings.php sites/example.com/settings.php
+  $ cp sites/default/default.settings.php sites/example.com/settings.php
 
 Sites do not have to have a different domain. You can also use subdomains and
 subdirectories for Drupal sites. For example, example.com, sub.example.com, and
@@ -448,7 +444,7 @@ accessible to other sites, the setup would look like this:
     modules/custom_module
 
 For more information about multiple virtual hosts or the configuration
-settings, consult https://www.drupal.org/documentation/install/multi-site
+settings, consult https://www.drupal.org/docs/8/multisite
 
 For more information on configuring Drupal's file system path in a multisite
 configuration, see step 6 above.
@@ -460,4 +456,4 @@ By default, Drupal is installed in one language, and further languages may be
 installed later.
 
 For detailed instructions, visit
-https://www.drupal.org/documentation/multilingual
+https://www.drupal.org/docs/8/multilingual

core/MAINTAINERS.txt

@@ -27,18 +27,19 @@ Framework managers
   Backend
   - Alex Bronstein 'effulgentsia' https://www.drupal.org/u/effulgentsia
   - Nathaniel Catchpole 'catch' https://www.drupal.org/u/catch
+  - Francesco Placella 'plach' https://www.drupal.org/u/plach
   - Alex Pott 'alexpott' https://www.drupal.org/u/alexpott
   - Lee Rowlands 'larowlan' https://www.drupal.org/u/larowlan
-  - (provisional) Francesco Placella 'plach' https://www.drupal.org/u/plach
 
   Frontend
   - Lauri Eskola 'lauriii' https://www.drupal.org/u/lauriii
 
 Release managers
 - Nathaniel Catchpole 'catch' https://www.drupal.org/u/catch
-- Chris McCafferty 'cilefen' https://www.drupal.org/u/cilefen
 - Jess Myrbo 'xjm' https://www.drupal.org/u/xjm
 
+Committer team facilitators
+- Pamela Barone 'pameeela' https://www.drupal.org/u/pameeela
 
 Subsystem maintainers
 ---------------------
@@ -113,7 +114,6 @@ CKEditor
 
 Classy
 - David Hernandez 'davidhernandez' https://www.drupal.org/u/davidhernandez
-- Morten Birch Heide-Jørgensen 'mortendk' https://www.drupal.org/u/mortendk
 
 Color
 - ?
@@ -145,7 +145,6 @@ Contact
 
 Content Moderation
 - Sam Becker 'Sam152' https://www.drupal.org/u/sam152
-- Tim Millwood 'timmillwood' https://www.drupal.org/u/timmillwood
 
 Content Translation
 - Francesco Placella 'plach' https://www.drupal.org/u/plach
@@ -211,7 +210,7 @@ Field UI
 - Andrei Mateescu 'amateescu' https://www.drupal.org/u/amateescu
 
 File
-- ?
+- Kim Pepper 'kim.pepper' https://www.drupal.org/u/kimpepper
 
 Filter
 - ?
@@ -232,6 +231,10 @@ Hypertext Application Language (HAL)
 Help
 - ?
 
+Help Topics
+- Amber Matz 'Amber Himes Matz' https://www.drupal.org/u/amber-himes-matz
+- Andrey Postnikov 'andypost' https://www.drupal.org/u/andypost
+
 Image
 - Claudiu Cristea 'claudiu.cristea' https://www.drupal.org/u/claudiu.cristea
 
@@ -246,13 +249,22 @@ Interface Translation (locale)
 
 JavaScript
 - Théodore Biadala 'nod_' https://www.drupal.org/u/nod_
-- Matthew Grill 'drpal' https://www.drupal.org/u/drpal
 - Sally Young 'justafish' https://www.drupal.org/u/justafish
 
+JSON:API
+- Gabe Sullice 'gabesullice' https://www.drupal.org/u/gabesullice
+- Mateu Aguiló Bosch 'e0ipso' https://www.drupal.org/u/e0ipso
+- Wim Leers 'Wim Leers' https://www.drupal.org/u/wim-leers
+
 Language
 - Francesco Placella 'plach' https://www.drupal.org/u/plach
 - Daniel F. Kudwien 'sun' https://www.drupal.org/u/sun
 
+Layout Builder
+- Ted Bowman 'tedbow' https://www.drupal.org/u/tedbow
+- Emilie Nouveau 'DyanneNova' https://www.drupal.org/u/dyannenova
+- Tim Plunkett 'tim.plunkett' https://www.drupal.org/u/tim.plunkett
+
 Link Field
 - Weber Macedo 'Mac_Weber' https://www.drupal.org/u/mac_weber
 
@@ -271,6 +283,10 @@ Media
 - Christian Fritsch 'chr.fritsch' https://www.drupal.org/u/chr.fritsch
 - Adam Globus-Hoenich 'phenaproxima' https://www.drupal.org/u/phenaproxima
 
+  Media Library
+  - Sean Blommaert 'seanB' https://www.drupal.org/u/seanb
+  - Adam Globus-Hoenich 'phenaproxima' https://www.drupal.org/u/phenaproxima
+
 Menu
 - Daniel Wehner 'dawehner' https://www.drupal.org/u/dawehner
 - Peter Wolanin 'pwolanin' https://www.drupal.org/u/pwolanin
@@ -283,14 +299,14 @@ Menu UI
 - ?
 
 Migrate
+- Benji Fisher 'benjifisher' https://www.drupal.org/u/benjifisher
 - Adam Globus-Hoenich 'phenaproxima' https://www.drupal.org/u/phenaproxima
 - Lucas Hedding 'heddn' https://www.drupal.org/u/heddn
-- Markus Sipilä 'masipila' https://www.drupal.org/u/masipila
+- Michael Lutz 'mikelutz' https://www.drupal.org/u/mikelutz
 - Vicki Spagnolo 'quietone' https://www.drupal.org/u/quietone
-- Maxime Turcotte 'maxocub' https://www.drupal.org/u/maxocub
 
 Node
-- Tim Millwood 'timmillwood' https://www.drupal.org/u/timmillwood
+- ?
 
 Node Access
 - Ken Rickard 'agentrickard' https://www.drupal.org/u/agentrickard
@@ -307,6 +323,9 @@ Page Cache
 Path
 - Nathaniel Catchpole 'catch' https://www.drupal.org/u/catch
 
+Path Alias
+- Nathaniel Catchpole 'catch' https://www.drupal.org/u/catch
+
 Plugin
 - Kris Vanderwater 'EclipseGc' https://www.drupal.org/u/eclipseGc
 - Alex Bronstein 'effulgentsia' https://www.drupal.org/u/effulgentsia
@@ -320,7 +339,7 @@ Quick Edit
 - Théodore Biadala 'nod_' https://www.drupal.org/u/nod_
 
 RDF
-- Stéphane Corlosquet 'scor' https://www.drupal.org/u/scor
+- ?
 
 Render API
 - Alex Bronstein 'effulgentsia' https://www.drupal.org/u/effulgentsia
@@ -363,7 +382,7 @@ Stark
 - John Albin Wilkins 'JohnAlbin' https://www.drupal.org/u/johnalbin
 
 Statistics
-- Tim Millwood 'timmillwood' https://www.drupal.org/u/timmillwood
+- ?
 
 Syslog
 - Mariano D'Agostino 'dagmar' https://www.drupal.org/u/dagmar
@@ -410,6 +429,12 @@ Transliteration
 Typed Data
 - Wolfgang Ziegler 'fago' https://www.drupal.org/u/fago
 
+Umami demo
+- Mark Conroy 'markconroy' https://www.drupal.org/u/markconroy
+- Gareth Goodwin 'smaz' https://www.drupal.org/u/smaz
+- Keith Jay 'kjay' https://www.drupal.org/u/kjay
+- Ofer Shaal 'shaal' https://www.drupal.org/u/shaal
+
 Update UI
 - ?
 
@@ -431,6 +456,7 @@ Topic maintainers
 -----------------
 
 Accessibility
+- Rain Breaw Michaels 'rainbreaw' https://www.drupal.org/u/rainbreaw
 - Mike Gifford 'mgifford' https://www.drupal.org/u/mgifford
 - Andrew Macpherson 'andrewmacpherson' https://www.drupal.org/u/andrewmacpherson
 
@@ -444,6 +470,7 @@ Testing
 - ?
 
 Usability
+- Cristina Chumillas 'ckrina' https://www.drupal.org/u/ckrina
 - Roy Scholten 'yoroy' https://www.drupal.org/u/yoroy
 - Bojhan Somers 'Bojhan' https://www.drupal.org/u/bojhan
 
@@ -475,11 +502,10 @@ their responsibilities. The initiative coordinators for Drupal 8 are:
 API-first Initiative
 - Wim Leers 'Wim Leers' https://www.drupal.org/u/wim-leers
 - Mateu Aguiló Bosch 'e0ipso' https://www.drupal.org/u/e0ipso
+- Gabe Sullice 'gabesullice' https://www.drupal.org/u/gabesullice
 
 Admin UI & JavaScript Modernisation Initiative
-- Angela Byron 'webchick' https://www.drupal.org/u/webchick
 - Cristina Chumillas 'ckrina' https://www.drupal.org/u/ckrina
-- Matthew Grill 'drpal' https://www.drupal.org/u/drpal
 - Sally Young 'justafish' https://www.drupal.org/u/justafish
 
 Layout Initiative
@@ -489,12 +515,6 @@ Layout Initiative
 Media Initiative
 - Janez Urevc 'slashrsm' https://www.drupal.org/u/slashrsm
 
-Out-of-the-Box Initiative
-- Mark Conroy 'markconroy' https://www.drupal.org/u/markconroy
-- Gareth Goodwin 'smaz' https://www.drupal.org/u/smaz
-- Keith Jay 'kjay' https://www.drupal.org/u/kjay
-- Elliot Ward 'eli-t' https://www.drupal.org/u/eli-t
-
 PHPUnit Initiative
 - Daniel Wehner 'dawehner' https://www.drupal.org/u/dawehner
 - (provisional) Michiel Nugter 'michielnugter' https://www.drupal.org/u/michielnugter

core/UPDATE.txt

-INTRODUCTION
-------------
-This document describes how to update your Drupal site between 8.x.x minor and
-patch versions; for example, from 8.1.2 to 8.1.3, or from 8.3.5 to 8.4.0.
-
-To upgrade from a previous major version (for example, Drupal 6 or 7), the
-process involves importing site configuration and content from your old site
-into a new Drupal 8 site. The tools and process are currently experimental,
-rather than being fully supported, so be sure to test in a development
-environment. You will need to use the core Migrate Drupal UI module which
-provides a user interface for the Migrate and Migrate Drupal modules included
-in core. See https://www.drupal.org/upgrade/migrate for details, and
-https://www.drupal.org/node/2167633 for known issues.
-
-First steps and definitions:
-
-  * If you are upgrading to Drupal version x.y.z, then x is known as the major
-    version number, y is known as the minor version number, and z is known as
-    the patch version number. The download file will be named
-    drupal-x.y.z.tar.gz (or drupal-x.y.z.zip). Previous Drupal versions used
-    only x.y (MAJOR.MINOR) to designate their versions.
-
-  * All directories mentioned in this document are relative to the directory of
-    your Drupal installation.
-
-  * Make a full backup of all files, directories, and your database(s) before
-    starting, and save it outside your Drupal installation directory.
-    Instructions may be found at
-    https://www.drupal.org/upgrade/backing-up-the-db
-
-  * It is wise to try an update or upgrade on a test copy of your site before
-    applying it to your live site. Even minor updates can cause your site's
-    behavior to change.
-
-  * Each new release of Drupal has release notes, which explain the changes made
-    since the previous version and any special instructions needed to update or
-    upgrade to the new version. You can find a link to the release notes for the
-    version you are upgrading or updating to on the Drupal project page
-    (https://www.drupal.org/project/drupal).
+CONTENTS OF THIS FILE
+---------------------
 
-UPDATE PROBLEMS
-----------------
-If you encounter errors during this process,
+ * Introduction
+ * Minor and patch version updates
+ * Is my site using Composer?
+ * Updating code manually
+ * Updating code with Composer
+ * Updating Drupal 8 to Drupal 9
+ * Updating Drupal 6 or 7 to Drupal 9
 
-  * Note any error messages you see.
 
-  * Restore your site to its previous state, using the file and database backups
-    you created before you started the update process. Do not attempt to do
-    further updates on a site that had update problems.
+INTRODUCTION
+------------
 
-  * Consult one of the support options listed on https://www.drupal.org/support
+This document provides links to resources on how to update or migrate your
+Drupal site.
 
-More in-depth information on updating and upgrading can be found at
-https://www.drupal.org/upgrade
 
 MINOR AND PATCH VERSION UPDATES
 -------------------------------
-To update from one 8.x.x version of Drupal to any later 8.x.x version, after
-following the instructions in the INTRODUCTION section at the top of this file:
-
-1. Log in as a user with the permission "Administer software updates".
-
-2. Go to Administration > Configuration > Development > Maintenance mode.
-   Enable the "Put site into maintenance mode" checkbox and save the
-   configuration.
-
-3. Remove the 'core' and 'vendor' directories. Also remove all of the files
-   in the top-level directory, except any that you added manually.
-
-   If you made modifications to files like .htaccess, composer.json, or
-   robots.txt you will need to re-apply them from your backup, after the new
-   files are in place.
-
-   Sometimes an update includes changes to default.settings.php (this will be
-   noted in the release notes). If that's the case, follow these steps:
-
-   - Locate your settings.php file in the /sites/* directory. (Typically
-     sites/default.)
 
-   - Make a backup copy of your settings.php file, with a different file name.
+Minor and patch updates are done either manually or with Composer, depending on
+how the site was installed. Refer to the sections below on updating with
+Composer or updating manually for tarball/zip installations.
 
-   - Make a copy of the new default.settings.php file, and name the copy
-     settings.php (overwriting your previous settings.php file).
+Minor and patch versions are updates such as:
+ * Patch releases (e.g. 9.1.2 to 9.1.3)
+ * Scheduled minor releases (e.g 9.3.5 to 9.4.0)
+ * Beta to final releases (e.g. 9.1.0-beta2 to 9.1.0)
 
-   - Copy the custom and site-specific entries from the backup you made into the
-     new settings.php file. You will definitely need the lines giving the
-     database information, and you will also want to copy in any other
-     customizations you have added.
 
-   You can find the release notes for your version at
-   https://www.drupal.org/project/drupal. At bottom of the project page under
-   "Downloads" use the link for your version of Drupal to view the release
-   notes. If your version is not listed, use the 'View all releases' link. From
-   this page you can scroll down or use the filter to find your version and its
-   release notes.
+IS MY SITE USING COMPOSER?
+--------------------------
 
-4. Download the latest Drupal 8.x.x release from https://www.drupal.org to a
-   directory outside of your web root. Extract the archive and copy the files
-   into your Drupal directory.
+Before updating, determine if your site is currently managed by Composer.
 
-   On a typical Unix/Linux command line, use the following commands to download
-   and extract:
+On a typical Unix/Linux command line, this can be determined by running the
+following command (replace /PATH/TO/composer with the appropriate location
+for your system):
 
-     wget https://www.drupal.org/files/projects/drupal-x.y.z.tar.gz
-     tar -zxvf drupal-x.y.z.tar.gz
+  /PATH/TO/composer info drupal/core
 
-   This creates a new directory drupal-x.y.z/ containing all Drupal files and
-   directories. Copy the files into your Drupal installation directory:
 
-     cp -R drupal-x.y.z/* drupal-x.y.z/.htaccess /path/to/your/installation
+UPDATING CODE WITH COMPOSER
+---------------------------
 
-   If you do not have command line access to your server, download the archive
-   from https://www.drupal.org using your web browser, extract it, and then use
-   an FTP client to upload the files to your web root.
+ * Refer to 'Update Drupal core via Composer' for details on using Composer:
+   https://www.drupal.org/docs/8/update/update-drupal-core-via-composer
 
-5. Re-apply any modifications to files such as .htaccess, composer.json, or
-   robots.txt.
 
-6. Run update.php by visiting http://www.example.com/update.php (replace
-   www.example.com with your domain name). This will update the core database
-   tables.
+UPDATING CODE MANUALLY
+----------------------
 
-   If you are unable to access update.php do the following:
+ * Refer to 'Updating the Core Software' for details on updating manually:
+   https://www.drupal.org/docs/8/update/update-core-manually
 
-   - Open settings.php with a text editor.
 
-   - Find the line that says:
-     $settings['update_free_access'] = FALSE;
+UPDATING DRUPAL 8 TO DRUPAL 9
+-----------------------------
 
-   - Change it into:
-     $settings['update_free_access'] = TRUE;
+    1. Prepare the Drupal 8 site for Drupal 9:
+    https://www.drupal.org/docs/9/how-to-prepare-your-drupal-7-or-8-site-for-drupal-9/upgrading-a-drupal-8-site-to-drupal-9
 
-   - Once the update is done, $settings['update_free_access'] must be reverted
-     to FALSE.
+    2. Update the Drupal 8 codebase to Drupal 9:
+    https://www.drupal.org/docs/8/upgrade/upgrading-between-drupal-8-major-versions-eg-from-drupal-8-to-drupal-9
 
-7. Go to Administration > Reports > Status report. Verify that everything is
-   working as expected.
+    3. Navigate to /update.php to initiate the update process.
 
-8. Ensure that $settings['update_free_access'] is FALSE in settings.php.
 
-9. Go to Administration > Configuration > Development > Maintenance mode.
-   Disable the "Put site into maintenance mode" checkbox and save the
-   configuration.
+UPDATING DRUPAL 6 OR 7 TO DRUPAL 9
+----------------------------------
 
+ * Updating from a previous major version, such as Drupal 6 or 7, requires
+   importing the old site configuration and content into a new Drupal 9 site.
+   Refer to the 'Migrate Guide' for more details on this process:
+   https://www.drupal.org/upgrade/migrate

core/assets/scaffold/README.txt

+Drupal Scaffold Files are files that are contained inside drupal/core, but are
+installed outside of the core directory (e.g. at the Drupal root).
+
+Scaffold files were added to drupal/core in Drupal 8.8.x. During the Drupal 8
+development cycle, the scaffold files are also being maintained in their original
+locations. This is done so that Drupal sites based on the template project
+drupal-composer/drupal-project may continue to download these files from the same
+URLs they have historically been found at.
+
+The scaffold files will be deleted from their original location in Drupal 9.
+See https://www.drupal.org/project/drupal/issues/3075954 for follow-on work.

core/assets/scaffold/TESTING.txt

+HOW-TO: Test these Drupal scaffold files
+
+In order to test these scaffold files, you'll need to get the entire Drupal repo and
+run the tests there.
+
+You'll find the tests in core/tests/Drupal/Tests/ComposerIntegrationTest.php.
+
+You can get the full Drupal repo here:
+https://www.drupal.org/project/drupal/git-instructions
+
+You can find more information about running PHPUnit tests with Drupal here:
+https://www.drupal.org/node/2116263
+
+You can run a single phpunit test file like so:
+
+$ ./vendor/bin/phpunit -c core core/tests/Drupal/Tests/ComposerIntegrationTest.php

core/assets/scaffold/files/csslintrc

+--errors=box-model,
+         display-property-grouping,
+         duplicate-background-images,
+         duplicate-properties,
+         empty-rules,
+         ids,
+         import,
+         important,
+         known-properties,
+         outline-none,
+         overqualified-elements,
+         qualified-headings,
+         shorthand,
+         star-property-hack,
+         text-indent,
+         underscore-property-hack,
+         unique-headings,
+         unqualified-attributes,
+         vendor-prefix,
+         zero-units
+--ignore=adjoining-classes,
+         box-sizing,
+         bulletproof-font-face,
+         compatible-vendor-prefixes,
+         errors,
+         fallback-colors,
+         floats,
+         font-faces,
+         font-sizes,
+         gradients,
+         import-ie-limit,
+         order-alphabetical,
+         regex-selectors,
+         rules-count,
+         selector-max,
+         selector-max-approaching,
+         selector-newline,
+         universal-selector
+--exclude-list=core/assets,
+               vendor

core/assets/scaffold/files/default.services.yml

+parameters:
+  session.storage.options:
+    # Default ini options for sessions.
+    #
+    # Some distributions of Linux (most notably Debian) ship their PHP
+    # installations with garbage collection (gc) disabled. Since Drupal depends
+    # on PHP's garbage collection for clearing sessions, ensure that garbage
+    # collection occurs by using the most common settings.
+    # @default 1
+    gc_probability: 1
+    # @default 100
+    gc_divisor: 100
+    #
+    # Set session lifetime (in seconds), i.e. the time from the user's last
+    # visit to the active session may be deleted by the session garbage
+    # collector. When a session is deleted, authenticated users are logged out,
+    # and the contents of the user's $_SESSION variable is discarded.
+    # @default 200000
+    gc_maxlifetime: 200000
+    #
+    # Set session cookie lifetime (in seconds), i.e. the time from the session
+    # is created to the cookie expires, i.e. when the browser is expected to
+    # discard the cookie. The value 0 means "until the browser is closed".
+    # @default 2000000
+    cookie_lifetime: 2000000
+    #
+    # Drupal automatically generates a unique session cookie name based on the
+    # full domain name used to access the site. This mechanism is sufficient
+    # for most use-cases, including multi-site deployments. However, if it is
+    # desired that a session can be reused across different subdomains, the
+    # cookie domain needs to be set to the shared base domain. Doing so assures
+    # that users remain logged in as they cross between various subdomains.
+    # To maximize compatibility and normalize the behavior across user agents,
+    # the cookie domain should start with a dot.
+    #
+    # @default none
+    # cookie_domain: '.example.com'
+    #
+  twig.config:
+    # Twig debugging:
+    #
+    # When debugging is enabled:
+    # - The markup of each Twig template is surrounded by HTML comments that
+    #   contain theming information, such as template file name suggestions.
+    # - Note that this debugging markup will cause automated tests that directly
+    #   check rendered HTML to fail. When running automated tests, 'debug'
+    #   should be set to FALSE.
+    # - The dump() function can be used in Twig templates to output information
+    #   about template variables.
+    # - Twig templates are automatically recompiled whenever the source code
+    #   changes (see auto_reload below).
+    #
+    # For more information about debugging Twig templates, see
+    # https://www.drupal.org/node/1906392.
+    #
+    # Not recommended in production environments
+    # @default false
+    debug: false
+    # Twig auto-reload:
+    #
+    # Automatically recompile Twig templates whenever the source code changes.
+    # If you don't provide a value for auto_reload, it will be determined
+    # based on the value of debug.
+    #
+    # Not recommended in production environments
+    # @default null
+    auto_reload: null
+    # Twig cache:
+    #
+    # By default, Twig templates will be compiled and stored in the filesystem
+    # to increase performance. Disabling the Twig cache will recompile the
+    # templates from source each time they are used. In most cases the
+    # auto_reload setting above should be enabled rather than disabling the
+    # Twig cache.
+    #
+    # Not recommended in production environments
+    # @default true
+    cache: true
+  renderer.config:
+    # Renderer required cache contexts:
+    #
+    # The Renderer will automatically associate these cache contexts with every
+    # render array, hence varying every render array by these cache contexts.
+    #
+    # @default ['languages:language_interface', 'theme', 'user.permissions']
+    required_cache_contexts: ['languages:language_interface', 'theme', 'user.permissions']
+    # Renderer automatic placeholdering conditions:
+    #
+    # Drupal allows portions of the page to be automatically deferred when
+    # rendering to improve cache performance. That is especially helpful for
+    # cache contexts that vary widely, such as the active user. On some sites
+    # those may be different, however, such as sites with only a handful of
+    # users. If you know what the high-cardinality cache contexts are for your
+    # site, specify those here. If you're not sure, the defaults are fairly safe
+    # in general.
+    #
+    # For more information about rendering optimizations see
+    # https://www.drupal.org/developing/api/8/render/arrays/cacheability#optimizing
+    auto_placeholder_conditions:
+      # Max-age at or below which caching is not considered worthwhile.
+      #
+      # Disable by setting to -1.
+      #
+      # @default 0
+      max-age: 0
+      # Cache contexts with a high cardinality.
+      #
+      # Disable by setting to [].
+      #
+      # @default ['session', 'user']
+      contexts: ['session', 'user']
+      # Tags with a high invalidation frequency.
+      #
+      # Disable by setting to [].
+      #
+      # @default []
+      tags: []
+  # Cacheability debugging:
+  #
+  # Responses with cacheability metadata (CacheableResponseInterface instances)
+  # get X-Drupal-Cache-Tags and X-Drupal-Cache-Contexts headers.
+  #
+  # For more information about debugging cacheable responses, see
+  # https://www.drupal.org/developing/api/8/response/cacheable-response-interface
+  #
+  # Not recommended in production environments
+  # @default false
+  http.response.debug_cacheability_headers: false
+  factory.keyvalue:
+    {}
+    # Default key/value storage service to use.
+    # @default keyvalue.database
+    # default: keyvalue.database
+    # Collection-specific overrides.
+    # state: keyvalue.database
+  factory.keyvalue.expirable:
+    {}
+    # Default key/value expirable storage service to use.
+    # @default keyvalue.database.expirable
+    # default: keyvalue.database.expirable
+  # Allowed protocols for URL generation.
+  filter_protocols:
+    - http
+    - https
+    - ftp
+    - news
+    - nntp
+    - tel
+    - telnet
+    - mailto
+    - irc
+    - ssh
+    - sftp
+    - webcal
+    - rtsp
+
+   # Configure Cross-Site HTTP requests (CORS).
+   # Read https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
+   # for more information about the topic in general.
+   # Note: By default the configuration is disabled.
+  cors.config:
+    enabled: false
+    # Specify allowed headers, like 'x-allowed-header'.
+    allowedHeaders: []
+    # Specify allowed request methods, specify ['*'] to allow all possible ones.
+    allowedMethods: []
+    # Configure requests allowed from specific origins.
+    allowedOrigins: ['*']
+    # Sets the Access-Control-Expose-Headers header.
+    exposedHeaders: false
+    # Sets the Access-Control-Max-Age header.
+    maxAge: false
+    # Sets the Access-Control-Allow-Credentials header.
+    supportsCredentials: false

core/assets/scaffold/files/development.services.yml

+# Local development services.
+#
+# To activate this feature, follow the instructions at the top of the
+# 'example.settings.local.php' file, which sits next to this file.
+parameters:
+  http.response.debug_cacheability_headers: true
+services:
+  cache.backend.null:
+    class: Drupal\Core\Cache\NullBackendFactory

core/assets/scaffold/files/drupal.INSTALL.txt

+
+Please read core/INSTALL.txt for detailed installation instructions for your
+Drupal web site.

core/assets/scaffold/files/drupal.README.txt

+
+CONTENTS OF THIS FILE
+---------------------
+
+ * About Drupal
+ * Configuration and features
+ * Installation profiles
+ * Appearance
+ * Developing for Drupal
+ * More information
+
+
+ABOUT DRUPAL
+------------
+
+Drupal is an open source content management platform supporting a variety of
+websites ranging from personal weblogs to large community-driven websites. For
+more information, see the Drupal website at https://www.drupal.org, and join
+the Drupal community at https://www.drupal.org/community.
+
+Legal information about Drupal:
+ * Know your rights when using Drupal:
+   See LICENSE.txt in the "core" directory.
+ * Learn about the Drupal trademark and logo policy:
+   https://www.drupal.com/trademark
+
+
+CONFIGURATION AND FEATURES
+--------------------------
+
+Drupal core (what you get when you download and extract a drupal-x.y.tar.gz or
+drupal-x.y.zip file from https://www.drupal.org/project/drupal) has what you
+need to get started with your website. It includes several modules (extensions
+that add functionality) for common website features, such as managing content,
+user accounts, image uploading, and search. Core comes with many options that
+allow site-specific configuration. In addition to the core modules, there are
+thousands of contributed modules (for functionality not included with Drupal
+core) available for download.
+
+More about configuration:
+ * Install, update, and maintain Drupal:
+   See INSTALL.txt and UPDATE.txt in the "core" directory.
+ * Learn about how to use Drupal to create your site:
+   https://www.drupal.org/documentation
+ * Follow best practices:
+   https://www.drupal.org/best-practices
+ * Download contributed modules to /modules to extend Drupal's functionality:
+   https://www.drupal.org/project/modules
+ * See also: "Developing for Drupal" for writing your own modules, below.
+
+
+INSTALLATION PROFILES
+---------------------
+
+Installation profiles define additional steps (such as enabling modules,
+defining content types, etc.) that run after the base installation provided
+by core when Drupal is first installed. There are two basic installation
+profiles provided with Drupal core.
+
+Installation profiles from the Drupal community modify the installation process
+to provide a website for a specific use case, such as a CMS for media
+publishers, a web-based project tracking tool, or a full-fledged CRM for
+non-profit organizations raising money and accepting donations. They can be
+distributed as bare installation profiles or as "distributions". Distributions
+include Drupal core, the installation profile, and all other required
+extensions, such as contributed and custom modules, themes, and third-party
+libraries. Bare installation profiles require you to download Drupal Core and
+the required extensions separately; place the downloaded profile in the
+/profiles directory before you start the installation process.
+
+More about installation profiles and distributions:
+ * Read about the difference between installation profiles and distributions:
+   https://www.drupal.org/docs/8/distributions/creating-distributions
+ * Download contributed installation profiles and distributions:
+   https://www.drupal.org/project/distributions
+ * Develop your own installation profile or distribution:
+   https://www.drupal.org/docs/8/creating-distributions
+
+
+APPEARANCE
+----------
+
+In Drupal, the appearance of your site is set by the theme (themes are
+extensions that set fonts, colors, and layout). Drupal core comes with several
+themes. More themes are available for download, and you can also create your own
+custom theme.
+
+More about themes:
+ * Download contributed themes to /themes to modify Drupal's appearance:
+   https://www.drupal.org/project/themes
+ * Develop your own theme:
+   https://www.drupal.org/docs/8/theming
+
+
+DEVELOPING FOR DRUPAL
+---------------------
+
+Drupal contains an extensive API that allows you to add to and modify the
+functionality of your site. The API consists of "hooks", which allow modules to
+react to system events and customize Drupal's behavior, and functions that
+standardize common operations such as database queries and form generation. The
+flexible hook architecture means that you should never need to directly modify
+the files that come with Drupal core to achieve the functionality you want;
+instead, functionality modifications take the form of modules.
+
+When you need new functionality for your Drupal site, search for existing
+contributed modules. If you find a module that matches except for a bug or an
+additional needed feature, change the module and contribute your improvements
+back to the project in the form of a "patch". Create new custom modules only
+when nothing existing comes close to what you need.
+
+More about developing:
+ * Search for existing contributed modules:
+   https://www.drupal.org/project/modules
+ * Contribute a patch:
+   https://www.drupal.org/patch/submit
+ * Develop your own module:
+   https://www.drupal.org/developing/modules
+ * Follow programming best practices:
+   https://www.drupal.org/developing/best-practices
+ * Refer to the API documentation:
+   https://api.drupal.org/api/drupal/8
+ * Learn from documented Drupal API examples:
+   https://www.drupal.org/project/examples
+
+
+MORE INFORMATION
+----------------
+
+ * See the Drupal.org online documentation:
+   https://www.drupal.org/documentation
+
+ * For a list of security announcements, see the "Security advisories" page at
+   https://www.drupal.org/security (available as an RSS feed). This page also
+   describes how to subscribe to these announcements via email.
+
+ * For information about the Drupal security process, or to find out how to
+   report a potential security issue to the Drupal security team, see the
+   "Security team" page at https://www.drupal.org/security-team
+
+ * For information about the wide range of available support options, visit
+   https://www.drupal.org and click on Community and Support in the top or
+   bottom navigation.

core/assets/scaffold/files/editorconfig

+# Drupal editor configuration normalization
+# @see http://editorconfig.org/
+
+# This is the top-most .editorconfig file; do not search in parent directories.
+root = true
+
+# All files.
+[*]
+end_of_line = LF
+indent_style = space
+indent_size = 2
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[composer.{json,lock}]
+indent_size = 4

core/assets/scaffold/files/eslintignore

+core/**/*
+vendor/**/*
+sites/**/files/**/*
+libraries/**/*
+sites/**/libraries/**/*
+profiles/**/libraries/**/*
+**/js_test_files/**/*
+**/node_modules/**/*

core/assets/scaffold/files/eslintrc.json

+{
+  "extends": "./core/.eslintrc.json"
+}

core/assets/scaffold/files/example.gitignore

+# This file contains default .gitignore rules. To use it, copy it to .gitignore,
+# and it will cause files like your settings.php and user-uploaded files to be
+# excluded from Git version control. This is a common strategy to avoid
+# accidentally including private information in public repositories and patch
+# files.
+#
+# Because .gitignore can be specific to your site, this file has a different
+# name; updating Drupal core will not override your custom .gitignore file.
+
+# Ignore core when managing all of a project's dependencies with Composer
+# including Drupal core.
+# core
+
+# Ignore dependencies that are managed with Composer.
+# Generally you should only ignore the root vendor directory. It's important
+# that core/assets/vendor and any other vendor directories within contrib or
+# custom module, theme, etc., are not ignored unless you purposely do so.
+/vendor/
+
+# Ignore configuration files that may contain sensitive information.
+sites/*/settings*.php
+sites/*/services*.yml
+
+# Ignore paths that contain user-generated content.
+sites/*/files
+sites/*/private
+
+# Ignore SimpleTest multi-site environment.
+sites/simpletest
+
+# If you prefer to store your .gitignore file in the sites/ folder, comment
+# or delete the previous settings and uncomment the following ones, instead.
+
+# Ignore configuration files that may contain sensitive information.
+# */settings*.php
+
+# Ignore paths that contain user-generated content.
+# */files
+# */private
+
+# Ignore SimpleTest multi-site environment.
+# simpletest

core/assets/scaffold/files/example.settings.local.php

+<?php
+
+// @codingStandardsIgnoreFile
+
+/**
+ * @file
+ * Local development override configuration feature.
+ *
+ * To activate this feature, copy and rename it such that its path plus
+ * filename is 'sites/default/settings.local.php'. Then, go to the bottom of
+ * 'sites/default/settings.php' and uncomment the commented lines that mention
+ * 'settings.local.php'.
+ *
+ * If you are using a site name in the path, such as 'sites/example.com', copy
+ * this file to 'sites/example.com/settings.local.php', and uncomment the lines
+ * at the bottom of 'sites/example.com/settings.php'.
+ */
+
+/**
+ * Assertions.
+ *
+ * The Drupal project primarily uses runtime assertions to enforce the
+ * expectations of the API by failing when incorrect calls are made by code
+ * under development.
+ *
+ * @see http://php.net/assert
+ * @see https://www.drupal.org/node/2492225
+ *
+ * If you are using PHP 7.0 it is strongly recommended that you set
+ * zend.assertions=1 in the PHP.ini file (It cannot be changed from .htaccess
+ * or runtime) on development machines and to 0 in production.
+ *
+ * @see https://wiki.php.net/rfc/expectations
+ */
+assert_options(ASSERT_ACTIVE, TRUE);
+\Drupal\Component\Assertion\Handle::register();
+
+/**
+ * Enable local development services.
+ */
+$settings['container_yamls'][] = DRUPAL_ROOT . '/sites/development.services.yml';
+
+/**
+ * Show all error messages, with backtrace information.
+ *
+ * In case the error level could not be fetched from the database, as for
+ * example the database connection failed, we rely only on this value.
+ */
+$config['system.logging']['error_level'] = 'verbose';
+
+/**
+ * Disable CSS and JS aggregation.
+ */
+$config['system.performance']['css']['preprocess'] = FALSE;
+$config['system.performance']['js']['preprocess'] = FALSE;
+
+/**
+ * Disable the render cache.
+ *
+ * Note: you should test with the render cache enabled, to ensure the correct
+ * cacheability metadata is present. However, in the early stages of
+ * development, you may want to disable it.
+ *
+ * This setting disables the render cache by using the Null cache back-end
+ * defined by the development.services.yml file above.
+ *
+ * Only use this setting once the site has been installed.
+ */
+# $settings['cache']['bins']['render'] = 'cache.backend.null';
+
+/**
+ * Disable caching for migrations.
+ *
+ * Uncomment the code below to only store migrations in memory and not in the
+ * database. This makes it easier to develop custom migrations.
+ */
+# $settings['cache']['bins']['discovery_migration'] = 'cache.backend.memory';
+
+/**
+ * Disable Internal Page Cache.
+ *
+ * Note: you should test with Internal Page Cache enabled, to ensure the correct
+ * cacheability metadata is present. However, in the early stages of
+ * development, you may want to disable it.
+ *
+ * This setting disables the page cache by using the Null cache back-end
+ * defined by the development.services.yml file above.
+ *
+ * Only use this setting once the site has been installed.
+ */
+# $settings['cache']['bins']['page'] = 'cache.backend.null';
+
+/**
+ * Disable Dynamic Page Cache.
+ *
+ * Note: you should test with Dynamic Page Cache enabled, to ensure the correct
+ * cacheability metadata is present (and hence the expected behavior). However,
+ * in the early stages of development, you may want to disable it.
+ */
+# $settings['cache']['bins']['dynamic_page_cache'] = 'cache.backend.null';
+
+/**
+ * Allow test modules and themes to be installed.
+ *
+ * Drupal ignores test modules and themes by default for performance reasons.
+ * During development it can be useful to install test extensions for debugging
+ * purposes.
+ */
+# $settings['extension_discovery_scan_tests'] = TRUE;
+
+/**
+ * Enable access to rebuild.php.
+ *
+ * This setting can be enabled to allow Drupal's php and database cached
+ * storage to be cleared via the rebuild.php page. Access to this page can also
+ * be gained by generating a query string from rebuild_token_calculator.sh and
+ * using these parameters in a request to rebuild.php.
+ */
+$settings['rebuild_access'] = TRUE;
+
+/**
+ * Skip file system permissions hardening.
+ *
+ * The system module will periodically check the permissions of your site's
+ * site directory to ensure that it is not writable by the website user. For
+ * sites that are managed with a version control system, this can cause problems
+ * when files in that directory such as settings.php are updated, because the
+ * user pulling in the changes won't have permissions to modify files in the
+ * directory.
+ */
+$settings['skip_permissions_hardening'] = TRUE;
+
+/**
+ * Exclude modules from configuration synchronization.
+ *
+ * On config export sync, no config or dependent config of any excluded module
+ * is exported. On config import sync, any config of any installed excluded
+ * module is ignored. In the exported configuration, it will be as if the
+ * excluded module had never been installed. When syncing configuration, if an
+ * excluded module is already installed, it will not be uninstalled by the
+ * configuration synchronization, and dependent configuration will remain
+ * intact. This affects only configuration synchronization; single import and
+ * export of configuration are not affected.
+ *
+ * Drupal does not validate or sanity check the list of excluded modules. For
+ * instance, it is your own responsibility to never exclude required modules,
+ * because it would mean that the exported configuration can not be imported
+ * anymore.
+ *
+ * This is an advanced feature and using it means opting out of some of the
+ * guarantees the configuration synchronization provides. It is not recommended
+ * to use this feature with modules that affect Drupal in a major way such as
+ * the language or field module.
+ */
+# $settings['config_exclude_modules'] = ['devel', 'stage_file_proxy'];

core/assets/scaffold/files/example.sites.php

+<?php
+
+// @codingStandardsIgnoreFile
+
+/**
+ * @file
+ * Configuration file for multi-site support and directory aliasing feature.
+ *
+ * This file is required for multi-site support and also allows you to define a
+ * set of aliases that map hostnames, ports, and pathnames to configuration
+ * directories in the sites directory. These aliases are loaded prior to
+ * scanning for directories, and they are exempt from the normal discovery
+ * rules. See default.settings.php to view how Drupal discovers the
+ * configuration directory when no alias is found.
+ *
+ * Aliases are useful on development servers, where the domain name may not be
+ * the same as the domain of the live server. Since Drupal stores file paths in
+ * the database (files, system table, etc.) this will ensure the paths are
+ * correct when the site is deployed to a live server.
+ *
+ * To activate this feature, copy and rename it such that its path plus
+ * filename is 'sites/sites.php'.
+ *
+ * Aliases are defined in an associative array named $sites. The array is
+ * written in the format: '<port>.<domain>.<path>' => 'directory'. As an
+ * example, to map https://www.drupal.org:8080/mysite/test to the configuration
+ * directory sites/example.com, the array should be defined as:
+ * @code
+ * $sites = [
+ *   '8080.www.drupal.org.mysite.test' => 'example.com',
+ * ];
+ * @endcode
+ * The URL, https://www.drupal.org:8080/mysite/test/, could be a symbolic link
+ * or an Apache Alias directive that points to the Drupal root containing
+ * index.php. An alias could also be created for a subdomain. See the
+ * @link https://www.drupal.org/documentation/install online Drupal installation guide @endlink
+ * for more information on setting up domains, subdomains, and subdirectories.
+ *
+ * The following examples look for a site configuration in sites/example.com:
+ * @code
+ * URL: http://dev.drupal.org
+ * $sites['dev.drupal.org'] = 'example.com';
+ *
+ * URL: http://localhost/example
+ * $sites['localhost.example'] = 'example.com';
+ *
+ * URL: http://localhost:8080/example
+ * $sites['8080.localhost.example'] = 'example.com';
+ *
+ * URL: https://www.drupal.org:8080/mysite/test/
+ * $sites['8080.www.drupal.org.mysite.test'] = 'example.com';
+ * @endcode
+ *
+ * @see default.settings.php
+ * @see \Drupal\Core\DrupalKernel::getSitePath()
+ * @see https://www.drupal.org/documentation/install/multi-site
+ */

core/assets/scaffold/files/gitattributes

+# Drupal git normalization
+# @see https://www.kernel.org/pub/software/scm/git/docs/gitattributes.html
+# @see https://www.drupal.org/node/1542048
+
+# Normally these settings would be done with macro attributes for improved
+# readability and easier maintenance. However macros can only be defined at the
+# repository root directory. Drupal avoids making any assumptions about where it
+# is installed.
+
+# Define text file attributes.
+# - Treat them as text.
+# - Ensure no CRLF line-endings, neither on checkout nor on checkin.
+# - Detect whitespace errors.
+#   - Exposed by default in `git diff --color` on the CLI.
+#   - Validate with `git diff --check`.
+#   - Deny applying with `git apply --whitespace=error-all`.
+#   - Fix automatically with `git apply --whitespace=fix`.
+
+*.config  text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.css     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.dist    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.engine  text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.html    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=html
+*.inc     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.install text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.js      text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.json    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.lock    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.map     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.md      text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.module  text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.php     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.po      text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.profile text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.script  text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.sh      text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.sql     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.svg     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.theme   text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2 diff=php
+*.twig    text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.txt     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.xml     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+*.yml     text eol=lf whitespace=blank-at-eol,-blank-at-eof,-space-before-tab,tab-in-indent,tabwidth=2
+
+# Define binary file attributes.
+# - Do not treat them as text.
+# - Include binary diff in patches instead of "binary files differ."
+*.eot     -text diff
+*.exe     -text diff
+*.gif     -text diff
+*.gz      -text diff
+*.ico     -text diff
+*.jpeg    -text diff
+*.jpg     -text diff
+*.otf     -text diff
+*.phar    -text diff
+*.png     -text diff
+*.svgz    -text diff
+*.ttf     -text diff
+*.woff    -text diff
+*.woff2   -text diff

core/assets/scaffold/files/ht.router.php

+<?php
+
+/**
+ * @file
+ * Router script for the built-in PHP web server.
+ *
+ * The built-in web server should only be used for development and testing as it
+ * has a number of limitations that makes running Drupal on it highly insecure
+ * and somewhat limited.
+ *
+ * Note that:
+ * - The server is single-threaded, any requests made during the execution of
+ *   the main request will hang until the main request has been completed.
+ * - The web server does not enforce any of the settings in .htaccess in
+ *   particular a remote user will be able to download files that normally would
+ *   be protected from direct access such as .module files.
+ *
+ * The router script is needed to work around a bug in PHP, see
+ * https://bugs.php.net/bug.php?id=61286.
+ *
+ * Usage:
+ * php -S localhost:8888 .ht.router.php
+ *
+ * @see http://php.net/manual/en/features.commandline.webserver.php
+ */
+
+$url = parse_url($_SERVER['REQUEST_URI']);
+if (file_exists(__DIR__ . $url['path'])) {
+  // Serve the requested resource as-is.
+  return FALSE;
+}
+
+// Work around the PHP bug.
+$path = $url['path'];
+$script = 'index.php';
+if (strpos($path, '.php') !== FALSE) {
+  // Work backwards through the path to check if a script exists. Otherwise
+  // fallback to index.php.
+  do {
+    $path = dirname($path);
+    if (preg_match('/\.php$/', $path) && is_file(__DIR__ . $path)) {
+      // Discovered that the path contains an existing PHP file. Use that as the
+      // script to include.
+      $script = ltrim($path, '/');
+      break;
+    }
+  } while ($path !== '/' && $path !== '.');
+}
+
+// Update $_SERVER variables to point to the correct index-file.
+$index_file_absolute = $_SERVER['DOCUMENT_ROOT'] . DIRECTORY_SEPARATOR . $script;
+$index_file_relative = DIRECTORY_SEPARATOR . $script;
+
+// SCRIPT_FILENAME will point to the router script itself, it should point to
+// the full path of index.php.
+$_SERVER['SCRIPT_FILENAME'] = $index_file_absolute;
+
+// SCRIPT_NAME and PHP_SELF will either point to index.php or contain the full
+// virtual path being requested depending on the URL being requested. They
+// should always point to index.php relative to document root.
+$_SERVER['SCRIPT_NAME'] = $index_file_relative;
+$_SERVER['PHP_SELF'] = $index_file_relative;
+
+// Require the script and let core take over.
+require $_SERVER['SCRIPT_FILENAME'];

core/assets/scaffold/files/htaccess

+#
+# Apache/PHP/Drupal settings:
+#
+
+# Protect files and directories from prying eyes.
+<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
+  <IfModule mod_authz_core.c>
+    Require all denied
+  </IfModule>
+  <IfModule !mod_authz_core.c>
+    Order allow,deny
+  </IfModule>
+</FilesMatch>
+
+# Don't show directory listings for URLs which map to a directory.
+Options -Indexes
+
+# Set the default handler.
+DirectoryIndex index.php index.html index.htm
+
+# Add correct encoding for SVGZ.
+AddType image/svg+xml svg svgz
+AddEncoding gzip svgz
+
+# Most of the following PHP settings cannot be changed at runtime. See
+# sites/default/default.settings.php and
+# Drupal\Core\DrupalKernel::bootEnvironment() for settings that can be
+# changed at runtime.
+
+# PHP 7, Apache 1 and 2.
+<IfModule mod_php7.c>
+  php_value assert.active                   0
+</IfModule>
+
+# Requires mod_expires to be enabled.
+<IfModule mod_expires.c>
+  # Enable expirations.
+  ExpiresActive On
+
+  # Cache all files for 2 weeks after access (A).
+  ExpiresDefault A1209600
+
+  <FilesMatch \.php$>
+    # Do not allow PHP scripts to be cached unless they explicitly send cache
+    # headers themselves. Otherwise all scripts would have to overwrite the
+    # headers set by mod_expires if they want another caching behavior. This may
+    # fail if an error occurs early in the bootstrap process, and it may cause
+    # problems if a non-Drupal PHP file is installed in a subdirectory.
+    ExpiresActive Off
+  </FilesMatch>
+</IfModule>
+
+# Set a fallback resource if mod_rewrite is not enabled. This allows Drupal to
+# work without clean URLs. This requires Apache version >= 2.2.16. If Drupal is
+# not accessed by the top level URL (i.e.: http://example.com/drupal/ instead of
+# http://example.com/), the path to index.php will need to be adjusted.
+<IfModule !mod_rewrite.c>
+  FallbackResource /index.php
+</IfModule>
+
+# Various rewrite rules.
+<IfModule mod_rewrite.c>
+  RewriteEngine on
+
+  # Set "protossl" to "s" if we were accessed via https://.  This is used later
+  # if you enable "www." stripping or enforcement, in order to ensure that
+  # you don't bounce between http and https.
+  RewriteRule ^ - [E=protossl]
+  RewriteCond %{HTTPS} on
+  RewriteRule ^ - [E=protossl:s]
+
+  # Make sure Authorization HTTP header is available to PHP
+  # even when running as CGI or FastCGI.
+  RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
+  # Block access to "hidden" directories whose names begin with a period. This
+  # includes directories used by version control systems such as Subversion or
+  # Git to store control files. Files whose names begin with a period, as well
+  # as the control files used by CVS, are protected by the FilesMatch directive
+  # above.
+  #
+  # NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is
+  # not possible to block access to entire directories from .htaccess because
+  # <DirectoryMatch> is not allowed here.
+  #
+  # If you do not have mod_rewrite installed, you should remove these
+  # directories from your webroot or otherwise protect them from being
+  # downloaded.
+  RewriteRule "/\.|^\.(?!well-known/)" - [F]
+
+  # If your site can be accessed both with and without the 'www.' prefix, you
+  # can use one of the following settings to redirect users to your preferred
+  # URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
+  #
+  # To redirect all users to access the site WITH the 'www.' prefix,
+  # (http://example.com/foo will be redirected to http://www.example.com/foo)
+  # uncomment the following:
+  # RewriteCond %{HTTP_HOST} .
+  # RewriteCond %{HTTP_HOST} !^www\. [NC]
+  # RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
+  #
+  # To redirect all users to access the site WITHOUT the 'www.' prefix,
+  # (http://www.example.com/foo will be redirected to http://example.com/foo)
+  # uncomment the following:
+  # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
+  # RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
+
+  # Modify the RewriteBase if you are using Drupal in a subdirectory or in a
+  # VirtualDocumentRoot and the rewrite rules are not working properly.
+  # For example if your site is at http://example.com/drupal uncomment and
+  # modify the following line:
+  # RewriteBase /drupal
+  #
+  # If your site is running in a VirtualDocumentRoot at http://example.com/,
+  # uncomment the following line:
+  # RewriteBase /
+
+  # Redirect common PHP files to their new locations.
+  RewriteCond %{REQUEST_URI} ^(.*)?/(install.php) [OR]
+  RewriteCond %{REQUEST_URI} ^(.*)?/(rebuild.php)
+  RewriteCond %{REQUEST_URI} !core
+  RewriteRule ^ %1/core/%2 [L,QSA,R=301]
+
+  # Rewrite install.php during installation to see if mod_rewrite is working
+  RewriteRule ^core/install.php core/install.php?rewrite=ok [QSA,L]
+
+  # Pass all requests not referring directly to files in the filesystem to
+  # index.php.
+  RewriteCond %{REQUEST_FILENAME} !-f
+  RewriteCond %{REQUEST_FILENAME} !-d
+  RewriteCond %{REQUEST_URI} !=/favicon.ico
+  RewriteRule ^ index.php [L]
+
+  # For security reasons, deny access to other PHP files on public sites.
+  # Note: The following URI conditions are not anchored at the start (^),
+  # because Drupal may be located in a subdirectory. To further improve
+  # security, you can replace '!/' with '!^/'.
+  # Allow access to PHP files in /core (like authorize.php or install.php):
+  RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
+  # Allow access to test-specific PHP files:
+  RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
+  # Allow access to Statistics module's custom front controller.
+  # Copy and adapt this rule to directly execute PHP files in contributed or
+  # custom modules or to run another PHP application in the same directory.
+  RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
+  # Deny access to any other PHP files that do not match the rules above.
+  # Specifically, disallow autoload.php from being served directly.
+  RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]
+
+  # Rules to correctly serve gzip compressed CSS and JS files.
+  # Requires both mod_rewrite and mod_headers to be enabled.
+  <IfModule mod_headers.c>
+    # Serve gzip compressed CSS files if they exist and the client accepts gzip.
+    RewriteCond %{HTTP:Accept-encoding} gzip
+    RewriteCond %{REQUEST_FILENAME}\.gz -s
+    RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
+
+    # Serve gzip compressed JS files if they exist and the client accepts gzip.
+    RewriteCond %{HTTP:Accept-encoding} gzip
+    RewriteCond %{REQUEST_FILENAME}\.gz -s
+    RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
+
+    # Serve correct content types, and prevent double compression.
+    RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1,E=no-brotli:1]
+    RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1,E=no-brotli:1]
+
+    <FilesMatch "(\.js\.gz|\.css\.gz)$">
+      # Serve correct encoding type.
+      Header set Content-Encoding gzip
+      # Force proxies to cache gzipped & non-gzipped css/js files separately.
+      Header append Vary Accept-Encoding
+    </FilesMatch>
+  </IfModule>
+</IfModule>
+
+# Various header fixes.
+<IfModule mod_headers.c>
+  # Disable content sniffing, since it's an attack vector.
+  Header always set X-Content-Type-Options nosniff
+  # Disable Proxy header, since it's an attack vector.
+  RequestHeader unset Proxy
+</IfModule>

core/assets/scaffold/files/index.php

+<?php
+
+/**
+ * @file
+ * The PHP page that serves all page requests on a Drupal installation.
+ *
+ * All Drupal code is released under the GNU General Public License.
+ * See COPYRIGHT.txt and LICENSE.txt files in the "core" directory.
+ */
+
+use Drupal\Core\DrupalKernel;
+use Symfony\Component\HttpFoundation\Request;
+
+$autoloader = require_once 'autoload.php';
+
+$kernel = new DrupalKernel('prod', $autoloader);
+
+$request = Request::createFromGlobals();
+$response = $kernel->handle($request);
+$response->send();
+
+$kernel->terminate($request, $response);

core/assets/scaffold/files/modules.README.txt

+Modules extend your site functionality beyond Drupal core.
+
+WHAT TO PLACE IN THIS DIRECTORY?
+--------------------------------
+
+Placing downloaded and custom modules in this directory separates downloaded and
+custom modules from Drupal core's modules. This allows Drupal core to be updated
+without overwriting these files.
+
+DOWNLOAD ADDITIONAL MODULES
+---------------------------
+
+Contributed modules from the Drupal community may be downloaded at
+https://www.drupal.org/project/project_module.
+
+ORGANIZING MODULES IN THIS DIRECTORY
+------------------------------------
+
+You may create subdirectories in this directory, to organize your added modules,
+without breaking the site. Some common subdirectories include "contrib" for
+contributed modules, and "custom" for custom modules. Note that if you move a
+module to a subdirectory after it has been enabled, you may need to clear the
+Drupal cache so it can be found.
+
+There are number of directories that are ignored when looking for modules. These
+are 'src', 'lib', 'vendor', 'assets', 'css', 'files', 'images', 'js', 'misc',
+'templates', 'includes', 'fixtures' and 'Drupal'.
+
+MULTISITE CONFIGURATION
+-----------------------
+
+In multisite configurations, modules found in this directory are available to
+all sites. You may also put modules in the sites/all/modules directory, and the
+versions in sites/all/modules will take precedence over versions of the same
+module that are here. Alternatively, the sites/your_site_name/modules directory
+pattern may be used to restrict modules to a specific site instance.
+
+MORE INFORMATION
+----------------
+
+Refer to the “Developing for Drupal” section of the README.txt in the Drupal
+root directory for further information on extending Drupal with custom modules.

core/assets/scaffold/files/profiles.README.txt

+Installation profiles define additional steps that run after the base
+installation of Drupal is completed. They may also offer additional
+functionality and change the behavior of the site.
+
+WHAT TO PLACE IN THIS DIRECTORY?
+--------------------------------
+
+Place downloaded and custom installation profiles in this directory.
+Note that installation profiles are generally provided as part of a Drupal
+distribution.
+
+DOWNLOAD ADDITIONAL DISTRIBUTIONS
+---------------------------------
+
+Contributed distributions from the Drupal community may be downloaded at
+https://www.drupal.org/project/project_distribution.
+
+MULTISITE CONFIGURATION
+-----------------------
+
+In multisite configurations, installation profiles found in this directory are
+available to all sites during their initial site installation.
+
+MORE INFORMATION
+----------------
+
+Refer to the "Installation profiles" section of the README.txt in the Drupal
+root directory for further information on extending Drupal with custom profiles.

core/assets/scaffold/files/robots.txt

+#
+# robots.txt
+#
+# This file is to prevent the crawling and indexing of certain parts
+# of your site by web crawlers and spiders run by sites like Yahoo!
+# and Google. By telling these "robots" where not to go on your site,
+# you save bandwidth and server resources.
+#
+# This file will be ignored unless it is at the root of your host:
+# Used:    http://example.com/robots.txt
+# Ignored: http://example.com/site/robots.txt
+#
+# For more information about the robots.txt standard, see:
+# http://www.robotstxt.org/robotstxt.html
+
+User-agent: *
+# CSS, JS, Images
+Allow: /core/*.css$
+Allow: /core/*.css?
+Allow: /core/*.js$
+Allow: /core/*.js?
+Allow: /core/*.gif
+Allow: /core/*.jpg
+Allow: /core/*.jpeg
+Allow: /core/*.png
+Allow: /core/*.svg
+Allow: /profiles/*.css$
+Allow: /profiles/*.css?
+Allow: /profiles/*.js$
+Allow: /profiles/*.js?
+Allow: /profiles/*.gif
+Allow: /profiles/*.jpg
+Allow: /profiles/*.jpeg
+Allow: /profiles/*.png
+Allow: /profiles/*.svg
+# Directories
+Disallow: /core/
+Disallow: /profiles/
+# Files
+Disallow: /README.txt
+Disallow: /web.config
+# Paths (clean URLs)
+Disallow: /admin/
+Disallow: /comment/reply/
+Disallow: /filter/tips
+Disallow: /node/add/
+Disallow: /search/
+Disallow: /user/register/
+Disallow: /user/password/
+Disallow: /user/login/
+Disallow: /user/logout/
+# Paths (no clean URLs)
+Disallow: /index.php/admin/
+Disallow: /index.php/comment/reply/
+Disallow: /index.php/filter/tips
+Disallow: /index.php/node/add/
+Disallow: /index.php/search/
+Disallow: /index.php/user/password/
+Disallow: /index.php/user/register/
+Disallow: /index.php/user/login/
+Disallow: /index.php/user/logout/

core/assets/scaffold/files/sites.README.txt

+This directory structure contains the settings and configuration files specific
+to your site or sites and is an integral part of multisite configurations.
+
+It is now recommended to place your custom and downloaded extensions in the
+/modules, /themes, and /profiles directories located in the Drupal root. The
+sites/all/ subdirectory structure, which was recommended in previous versions
+of Drupal, is still supported.
+
+See core/INSTALL.txt for information about single-site installation or
+multisite configuration.

core/assets/scaffold/files/themes.README.txt

+Themes allow you to change the look and feel of your Drupal site. You can use
+themes contributed by others or create your own.
+
+WHAT TO PLACE IN THIS DIRECTORY?
+--------------------------------
+
+Placing downloaded and custom themes in this directory separates downloaded and
+custom themes from Drupal core's themes. This allows Drupal core to be updated
+without overwriting these files.
+
+DOWNLOAD ADDITIONAL THEMES
+--------------------------
+
+Contributed themes from the Drupal community may be downloaded at
+https://www.drupal.org/project/project_theme.
+
+MULTISITE CONFIGURATION
+-----------------------
+
+In multisite configurations, themes found in this directory are available to
+all sites. You may also put themes in the sites/all/themes directory, and the
+versions in sites/all/themes will take precedence over versions of the same
+themes that are here. Alternatively, the sites/your_site_name/themes directory
+pattern may be used to restrict themes to a specific site instance.
+
+MORE INFORMATION
+-----------------
+
+Refer to the "Appearance" section of the README.txt in the Drupal root directory
+for further information on customizing the appearance of Drupal with custom
+themes.

core/assets/scaffold/files/update.php

+<?php
+
+/**
+ * @file
+ * The PHP page that handles updating the Drupal installation.
+ *
+ * All Drupal code is released under the GNU General Public License.
+ * See COPYRIGHT.txt and LICENSE.txt files in the "core" directory.
+ */
+
+use Drupal\Core\Update\UpdateKernel;
+use Symfony\Component\HttpFoundation\Request;
+
+$autoloader = require_once 'autoload.php';
+
+// Disable garbage collection during test runs. Under certain circumstances the
+// update path will create so many objects that garbage collection causes
+// segmentation faults.
+require_once 'core/includes/bootstrap.inc';
+if (drupal_valid_test_ua()) {
+  gc_collect_cycles();
+  gc_disable();
+}
+
+$kernel = new UpdateKernel('prod', $autoloader, FALSE);
+$request = Request::createFromGlobals();
+
+$response = $kernel->handle($request);
+$response->send();
+
+$kernel->terminate($request, $response);

core/assets/scaffold/files/web.config

+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+  <system.webServer>
+    <!-- Don't show directory listings for URLs which map to a directory. -->
+    <directoryBrowse enabled="false" />
+
+    <!--
+       Caching configuration was not delegated by default. Some hosters may not
+       delegate the caching configuration to site owners by default and that
+       may cause errors when users install. Uncomment this if you want to and
+       are allowed to enable caching.
+     -->
+    <!--
+    <caching>
+      <profiles>
+        <add extension=".php" policy="DisableCache" kernelCachePolicy="DisableCache" />
+        <add extension=".html" policy="CacheForTimePeriod" kernelCachePolicy="CacheForTimePeriod" duration="14:00:00" />
+      </profiles>
+    </caching>
+     -->
+
+    <rewrite>
+      <rules>
+        <rule name="Protect files and directories from prying eyes" stopProcessing="true">
+          <match url="\.(engine|inc|install|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format|composer\.(json|lock)|\.htaccess)$" />
+          <action type="CustomResponse" statusCode="403" subStatusCode="0" statusReason="Forbidden" statusDescription="Access is forbidden." />
+        </rule>
+
+        <rule name="Force simple error message for requests for non-existent favicon.ico" stopProcessing="true">
+          <match url="favicon\.ico" />
+          <action type="CustomResponse" statusCode="404" subStatusCode="1" statusReason="File Not Found" statusDescription="The requested file favicon.ico was not found" />
+          <conditions>
+            <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
+          </conditions>
+        </rule>
+     <!-- If running on a PHP version affected by httpoxy vulnerability
+      uncomment the following rule to mitigate it's impact. To make this
+      rule work, you will also need to add HTTP_PROXY to the allowed server
+      variables manually in IIS. See https://www.drupal.org/node/2783079.
+        <rule name="Erase HTTP_PROXY" patternSyntax="Wildcard">
+          <match url="*.*" />
+          <serverVariables>
+            <set name="HTTP_PROXY" value="" />
+          </serverVariables>
+          <action type="None" />
+        </rule>
+    -->
+    <!-- To redirect all users to access the site WITH the 'www.' prefix,
+     http://example.com/foo will be redirected to http://www.example.com/foo)
+     adapt and uncomment the following:   -->
+    <!--
+        <rule name="Redirect to add www" stopProcessing="true">
+          <match url="^(.*)$" ignoreCase="false" />
+          <conditions>
+            <add input="{HTTP_HOST}" pattern="^example\.com$" />
+          </conditions>
+          <action type="Redirect" redirectType="Permanent" url="http://www.example.com/{R:1}" />
+        </rule>
+    -->
+
+    <!-- To redirect all users to access the site WITHOUT the 'www.' prefix,
+     http://www.example.com/foo will be redirected to http://example.com/foo)
+     adapt and uncomment the following:   -->
+    <!--
+        <rule name="Redirect to remove www" stopProcessing="true">
+          <match url="^(.*)$" ignoreCase="false" />
+          <conditions>
+            <add input="{HTTP_HOST}" pattern="^www\.example\.com$" />
+          </conditions>
+          <action type="Redirect" redirectType="Permanent" url="http://example.com/{R:1}" />
+        </rule>
+    -->
+
+        <!-- Pass all requests not referring directly to files in the filesystem
+         to index.php. -->
+        <rule name="Short URLS" stopProcessing="true">
+          <match url="^(.*)$" ignoreCase="false" />
+          <conditions>
+            <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
+            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
+            <add input="{URL}" pattern="^/favicon.ico$" ignoreCase="false" negate="true" />
+          </conditions>
+          <action type="Rewrite" url="index.php" />
+        </rule>
+      </rules>
+    </rewrite>
+
+  <!-- If running Windows Server 2008 R2 this can be commented out -->
+    <!-- httpErrors>
+      <remove statusCode="404" subStatusCode="-1" />
+      <error statusCode="404" prefixLanguageFilePath="" path="/index.php" responseMode="ExecuteURL" />
+    </httpErrors -->
+
+    <defaultDocument>
+     <!-- Set the default document -->
+      <files>
+         <clear />
+        <add value="index.php" />
+      </files>
+    </defaultDocument>
+
+  </system.webServer>
+</configuration>

core/assets/vendor/ckeditor/LICENSE.md

@@ -2,21 +2,21 @@ Software License Agreement
 ==========================
 
 CKEditor - The text editor for Internet - https://ckeditor.com/
-Copyright (c) 2003-2018, CKSource - Frederico Knabben. All rights reserved.
+Copyright (c) 2003-2020, CKSource - Frederico Knabben. All rights reserved.
 
 Licensed under the terms of any of the following licenses at your
 choice:
 
  - GNU General Public License Version 2 or later (the "GPL")
-   http://www.gnu.org/licenses/gpl.html
+   https://www.gnu.org/licenses/gpl.html
    (See Appendix A)
 
  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
-   http://www.gnu.org/licenses/lgpl.html
+   https://www.gnu.org/licenses/lgpl.html
    (See Appendix B)
 
  - Mozilla Public License Version 1.1 or later (the "MPL")
-   http://www.mozilla.org/MPL/MPL-1.1.html
+   https://www.mozilla.org/MPL/MPL-1.1.html
    (See Appendix C)
 
 You are not required to, but if you want to explicitly declare the
@@ -37,13 +37,14 @@ done by developers outside of CKSource with their express permission.
 
 The following libraries are included in CKEditor under the MIT license (see Appendix D):
 
-* CKSource Samples Framework (included in the samples) - Copyright (c) 2014-2018, CKSource - Frederico Knabben.
+* CKSource Samples Framework (included in the samples) - Copyright (c) 2014-2020, CKSource - Frederico Knabben.
 * PicoModal (included in `samples/js/sf.js`) - Copyright (c) 2012 James Frasca.
 * CodeMirror (included in the samples) - Copyright (C) 2014 by Marijn Haverbeke <marijnh@gmail.com> and others.
+* ES6Promise - Copyright (c) 2014 Yehuda Katz, Tom Dale, Stefan Penner and contributors.
 
 Parts of code taken from the following libraries are included in CKEditor under the MIT license (see Appendix D):
 
-* jQuery (inspired the domReady function, ckeditor_base.js) - Copyright (c) 2011 John Resig, http://jquery.com/
+* jQuery (inspired the domReady function, ckeditor_base.js) - Copyright (c) 2011 John Resig, https://jquery.com/
 
 The following libraries are included in CKEditor under the SIL Open Font License, Version 1.1 (see Appendix E):
 

core/assets/vendor/ckeditor/build-config.js

 /**
  * This is a Drupal-optimized build of CKEditor.
  *
- * You may re-use it at any time at http://ckeditor.com/builder to build
- * CKEditor again. Alternatively, use the "build.sh" script to build it locally.
- * If you do so, be sure to pass it the "-s" flag. So: "sh build.sh -s".
+ * To re-create this build:
+ * 1. Clone the development repo of CKEditor to your machine
+ * 2. Check out the version you'd like to build
+ * 3. Copy PATH/TO/DRUPAL/core/assets/vendor/ckeditor/build-config.js ./dev/builder/
+ * 4. Run ./dev/builder/build.sh -s
  *
- * If you are developing or debugging CKEditor plugins, you may want to work
- * against an unoptimized (unminified) CKEditor build. To do so, you have two
- * options:
- * 1. Upload build-config.js to http://ckeditor.com/builder and choose the
- *    "Source (Big N'Slow)" option when downloading.
- * 2. Use the "build.sh" script to build it locally, with one additional flag:
- *    "sh build.sh -s --leave-js-unminified".
  * Then, replace this directory (core/assets/vendor/ckeditor) with your build.
  *
+ * If you are developing or debugging CKEditor plugins, you may want to work
+ * against an unoptimized (unminified) CKEditor build. To do so,
+ * run the build command with the --leave-js-unminified flag.
+ *
  * NOTE:
  *    This file is not used by CKEditor, you may remove it.
  *    Changing this file will not change your CKEditor configuration.
@@ -80,6 +79,8 @@ var CKBUILDER_CONFIG = {
 		list: 1,
 		magicline: 1,
 		maximize: 1,
+    pastefromgdocs: 1,
+    pastefromlibreoffice: 1,
 		pastefromword: 1,
 		pastetext: 1,
 		removeformat: 1,

core/assets/vendor/ckeditor/lang/_translationstatus.txt

+Copyright (c) 2003-2020, CKSource - Frederico Knabben. All rights reserved.
+For licensing, see LICENSE.md or https://ckeditor.com/legal/ckeditor-oss-license
+
+af.js      Found: 62 Missing: 4
+ar.js      Found: 51 Missing: 15
+bg.js      Found: 58 Missing: 8
+bn.js      Found: 40 Missing: 26
+bs.js      Found: 29 Missing: 37
+ca.js      Found: 61 Missing: 5
+cs.js      Found: 66 Missing: 0
+cy.js      Found: 66 Missing: 0
+da.js      Found: 66 Missing: 0
+de.js      Found: 66 Missing: 0
+el.js      Found: 59 Missing: 7
+en-au.js   Found: 38 Missing: 28
+en-ca.js   Found: 37 Missing: 29
+en-gb.js   Found: 61 Missing: 5
+eo.js      Found: 66 Missing: 0
+es.js      Found: 66 Missing: 0
+et.js      Found: 66 Missing: 0
+eu.js      Found: 48 Missing: 18
+fa.js      Found: 66 Missing: 0
+fi.js      Found: 66 Missing: 0
+fo.js      Found: 66 Missing: 0
+fr-ca.js   Found: 42 Missing: 24
+fr.js      Found: 66 Missing: 0
+gl.js      Found: 40 Missing: 26
+gu.js      Found: 66 Missing: 0
+he.js      Found: 66 Missing: 0
+hi.js      Found: 43 Missing: 23
+hr.js      Found: 66 Missing: 0
+hu.js      Found: 63 Missing: 3
+is.js      Found: 41 Missing: 25
+it.js      Found: 66 Missing: 0
+ja.js      Found: 62 Missing: 4
+ka.js      Found: 62 Missing: 4
+km.js      Found: 40 Missing: 26
+ko.js      Found: 40 Missing: 26
+lt.js      Found: 66 Missing: 0
+lv.js      Found: 40 Missing: 26
+mk.js      Found: 0 Missing: 66
+mn.js      Found: 40 Missing: 26
+ms.js      Found: 39 Missing: 27
+nb.js      Found: 66 Missing: 0
+nl.js      Found: 65 Missing: 1
+no.js      Found: 66 Missing: 0
+pl.js      Found: 66 Missing: 0
+pt-br.js   Found: 66 Missing: 0
+pt.js      Found: 52 Missing: 14
+ro.js      Found: 61 Missing: 5
+ru.js      Found: 66 Missing: 0
+sk.js      Found: 49 Missing: 17
+sl.js      Found: 48 Missing: 18
+sr-latn.js Found: 40 Missing: 26
+sr.js      Found: 40 Missing: 26
+sv.js      Found: 62 Missing: 4
+th.js      Found: 40 Missing: 26
+tr.js      Found: 66 Missing: 0
+ug.js      Found: 66 Missing: 0
+uk.js      Found: 66 Missing: 0
+vi.js      Found: 66 Missing: 0
+zh-cn.js   Found: 66 Missing: 0
+zh.js      Found: 58 Missing: 8