18 Jul 2026

feedDrupal.org aggregator

Penyaskito: Canvas Tips&Tricks: Declaring images in SDCs

Canvas Tips&Tricks: Declaring images in SDCs

I've read recently about making SDCs dependent on Drupal Canvas because of needing to reference Canvas in the definition of your prop, so the right media widget is used inside Canvas:

image:
  $ref: json-schema-definitions://canvas.module/image
  type: object
  title: Image
  description: >
    Image of the singer
  examples:
    - src: 'micro.webp'
      alt: 'Nice picture of the singer'
      width: 200
      height: 300

That was the case during the alphas. But was fixed long ago, even before the 1.0.0 release. See canvas#3515074.

image:
  type: object
  title: Image
  required: [src]
  properties:
    src:
      type: string
      format: uri-reference
      contentMediaType: "image/*"
      x-allowed-schemes: [http, https]   # this is image-uri, itself a nested $ref
    alt:    { type: string }
    width:  { type: integer }
    height: { type: integer }
  description: >
    Image of the singer
  examples:
    - src: 'micro.webp'
      alt: 'Nice picture of the singer'
      width: 200
      height: 300

That's more verbose, but would make your SDC Canvas-independent and re-usable, and it's 100% equivalent.

If we missed updating some docs, please create an issue on the Canvas issue queue.

penyaskito

18 Jul 2026 3:43pm GMT

BloomIdea: Make-to-Order production for Drupal Commerce: from a spreadsheet to a contrib module

At Josefinas, every pair of shoes is handmade in Portugal after the order is placed. There is no warehouse full of finished stock: a customer buys, and an atelier starts working. For years, the bridge between "order paid" and "order shipped" was a shared spreadsheet. It listed what had to be produced, who was making it, and when it might be ready. It also lived completely outside the store: no link to the actual orders, no states, no history, and no way to know where time was being lost.

We replaced that spreadsheet with a Drupal module. It has now been running Josefinas' production for months, and today we are releasing it to the community: Commerce Make-to-Order is available on drupal.org, with a stable 1.0.0 release.

What it does

Commerce Make-to-Order adds a production layer to Drupal Commerce. Make-to-order (also written made-to-order, or build-to-order) means producing items only after a customer order is received, instead of keeping pre-made inventory. When an order reaches a state you configure (for example, paid), the module creates one MTO order per order item: a production order the team tracks from queue to completion.

Each MTO order runs a State Machine workflow designed for real ateliers: Draft, Queued, Waiting for Materials, In Production, Quality Check, Rework, Completed, Canceled. QC failures do not silently loop back into production: they move to a dedicated Rework state and back through Quality Check, so first-pass rate and rework are measurable instead of invisible.

Around that core there is everything a production team needs day to day:

  • Production order numbers via Commerce Number Pattern (MTO-2026-00042)
  • Assignment to team members, priorities, and due dates with overdue highlighting
  • Estimated completion dates, calculated automatically from a per-type setting
  • Internal notes, transition notes, and team notes with optional email notification
  • An activity log timeline and a full state history with per-state timing
  • A production analytics dashboard: bottlenecks, team performance, materials wait analysis, QC metrics, on-time delivery

Closing the loop with the store

The interesting part is what happens when production finishes. The module offers two integration modes with the parent Commerce order:

  • State sync: when all MTO orders of a Commerce order complete, the order transitions directly (for example, Processing to Shipped).
  • Shipment integration: with Commerce Shipping, MTO orders link to the checkout shipment, and when the last one completes the order is promoted to a "ready to ship" state. The shipping team adds tracking, splits shipments if needed, and ships.

Automation has one important limit, learned in production: hold states. Some order states represent a deliberate human decision, like a customer asking not to ship yet. You can configure which states automatic promotion must never override; the module logs a note on the order instead and lets a person decide.

Battle-tested, then released

This is not a v1 built in the abstract. The module has managed hundreds of real production orders at Josefinas before its first public release. Publishing it meant generalizing what was site-specific (hold states became per-type configuration, integrations became optional), adding its own test coverage against Drupal Commerce's core workflows, and cleaning everything to drupal.org standards.

It also plays well with the rest of our contrib work: with Commerce Order Amend, amending a placed order keeps production orders in sync with the changed items.

Get it

composer require drupal/commerce_make_to_order:^1.0

Requires Drupal 10 or 11, Commerce 2.x or 3.x, and State Machine. Commerce Shipping is optional, for the shipment integration mode.

If you run a store where things are made after they are sold (furniture, fashion, print on demand, anything artisanal) we would love to hear how it fits your workflow. The issue queue is open.

18 Jul 2026 11:22am GMT

17 Jul 2026

feedDrupal.org aggregator

Drupal.org blog: Migrating issues from security.drupal.org to git.drupalcode.org

All security issues have been migrated from the older security.drupal.org site to our GitLab instance at git.drupalcode.org. This is the latest in a series of steps to improve Drupal's coordinated vulnerability disclosure tools. We hope this will help in a few ways:

Merge requests for security issues will get automated testing to increase the quality of the releases. (Previously, tests for core security issues had to be triggered manually, and contrib testing was not available.)
GitLab has more automation to help with advisory creation, reducing manual work.
Powerful features like labels, commenting, and thread reviews on merge requests are now possible for security issues as well.

Here are some of the key steps we took:

  • We started by evaluating a few solutions. We decided to use the GitLab instance on drupalcode.org.
  • We planned how to remap and improve the current features from security.drupal.org and added some labels and automation to private issues on drupalcode.org.
  • We made new security issue reporting default to git.drupalcode.org for several months. This helped us could gain confidence in the system, fix bugs, and make improvements.
  • While that happened, Neil Drumm worked to create the migration process.
  • The migration finally ran from July 9th to July 12th.

This work is possible because of support from the Drupal Association and is very appreciated.

We suppressed most emails during the migration, but a small number of people did get extra notification emails about issues, including old issues. We apologize for any resulting confusion.

How do I use GitLab to submit and manage security issues?

As before, security reports should be submitted by clicking the "Report a security vulnerability" link on the project page. If a project has already migrated public issues to git.drupalcode.org, you may also mark an issue confidential as you open it. The Security Team triages confidential issues for all covered projects.

For more information about how Drupal.org's GitLab instance works, read our documentation.

You can read about the Security Team's process in general. There is also a page dedicated to managing security issues on git.drupalcode.org. Those pages likely need updates, so please report any documentation issues in the Security Team Queue..

What do you think?

Let us know your thoughts. If you have feedback about how to further improve the Security Team process, you can file them in the Security Team Queue. If you have issues to report about the GitLab tooling itself on git.drupalcode.org, you can file them in the Drupal.org queue.

The old site does a redirect to the new location for issues and members of the Security Team can get content out of it if anyone notices items missing from the migration.

Thanks to longwave, hestenet, dokumori, drumm, and xjm for help in writing this post.

17 Jul 2026 9:50pm GMT

15 Jul 2026

feedW3C - Blog

CSS animations, human rights, and big accessibility at the AB Web Meetup

On 2 July 2026 , the W3C Advisory Board organised a meetup around the web and web standards. It featured three talks and had time to mingle.

15 Jul 2026 3:29pm GMT

06 Jul 2026

feedW3C - Blog

Improvements to how W3C Members manage employee participation in groups

This blog post is about incremental improvements by W3C's IT/Systems Operations Team to how W3C member representatives use the W3C website to nominate, change, and remove the people who participate in W3C groups on behalf of their organization.

06 Jul 2026 1:05pm GMT

23 Jun 2026

feedW3C - Blog

International Women in Engineering Day spotlight: Carine Bournez, W3C

In this blog post we celebrate International Women in Engineering Day by interviewing Carine Bournez, W3C Principal and Team Contact who specializes in WebRTC, Web Performance, SVG and Data Shapes.

23 Jun 2026 12:32pm GMT

18 Jan 2026

feedOfficial jQuery Blog

jQuery 4.0.0

On January 14, 2006, John Resig introduced a JavaScript library called jQuery at BarCamp in New York City. Now, 20 years later, the jQuery team is happy to announce the final release of jQuery 4.0.0. After a long development cycle and several pre-releases, jQuery 4.0.0 brings many improvements and modernizations. It is the first major … Continue reading

18 Jan 2026 12:29am GMT

11 Aug 2025

feedOfficial jQuery Blog

jQuery 4.0.0 Release Candidate 1

It's here! Almost. jQuery 4.0.0-rc.1 is now available. It's our way of saying, "we think this is ready; now poke it with many sticks". If nothing is found that requires a second release candidate, jQuery 4.0.0 final will follow. Please try out this release and let us know if you encounter any issues. A 4.0 … Continue reading

11 Aug 2025 5:35pm GMT

17 Jul 2024

feedOfficial jQuery Blog

Second Beta of jQuery 4.0.0

Last February, we released the first beta of jQuery 4.0.0. We're now ready to release a second, and we expect a release candidate to come soon™. This release comes with a major rewrite to jQuery's testing infrastructure, which removed all deprecated or under-supported dependencies. But the main change that warranted a second beta was a … Continue reading

17 Jul 2024 2:03pm GMT

29 May 2023

feedSmiley Cat: Christian Watson's Web Design Blog

7 Types of Article Headlines: Craft the Perfect Title Every Time

When it comes to crafting an article, the headline is crucial for grabbing the reader's attention and enticing them to read further. In this post, I'll explore the 7 types of article headlines and provide examples for each using the subjects of product management, user experience design, and search engine optimization. 1. The Know-it-All The […]

The post 7 Types of Article Headlines: Craft the Perfect Title Every Time first appeared on Smiley Cat.

29 May 2023 10:20pm GMT

09 Apr 2023

feedSmiley Cat: Christian Watson's Web Design Blog

5 Product Management Myths You Need to Stop Believing

Product management is one of the most exciting and rewarding careers in the tech world. But it's also one of the most misunderstood and misrepresented. There are many myths and misconceptions that cloud the reality of what product managers do, how they do it, and what skills they need to succeed. In this blog post, […]

The post 5 Product Management Myths You Need to Stop Believing first appeared on Smiley Cat.

09 Apr 2023 5:28pm GMT

11 Dec 2022

feedSmiley Cat: Christian Watson's Web Design Blog

The Key Strengths of the Best Product Managers

The role of a product manager is crucial to the success of any product. They are responsible for managing the entire product life cycle, from conceptualization to launch and beyond. A product manager must possess a unique blend of skills and qualities to be effective in their role. Strong strategic thinking A product manager must […]

The post The Key Strengths of the Best Product Managers first appeared on Smiley Cat.

11 Dec 2022 4:43pm GMT

01 Apr 2004

feedPlanet PHP

ezSystems are classy folks

cover
Last week I helped the folks at ezSystems debug some APC problems they were having. The problems ended up being a 64bit architecture problem (they have uber-fast Opterons) and the bug is now fixed in 2.0.3.

Today I received Python & XML from them (off my Amazon wishlist). Thanks guys!

On a side note, my wishlist seems borked. The list I get when I search on my email address or name is not the same one I can edit when I log into the site.

01 Apr 2004 6:53pm GMT

PHP april fools...

1st of April 2004 get's to it's end and I guess it's time, to summarize the recent April fools a bit. Not that I think anyone in the world believes in them, but some were quite funny:

1. Changes to case sensitivity in PHP.
Alan Knowles announced that PHP will change to the studlyCase API and therefor will get everything broken by changing established functions.

2. IBM takes over Zend.
Myself hacked a little article about IBM taking over Zend to make PHP a compete of Java.

3. The first PHP virus has been seen.
Wasn't there one last year, too?

4. PHP has been overtaken by Micro$oft.
Mhhh... a little bit unreliable, if they had been taken over by IBM this morning... Maybe one should first look, what others wrote...

5. And finally, PHP4 and 5 showed their real faces...
Take a look at a phpinfo() output!

I guess I missed some, so feel free to comment on this entry, if you found another!

01 Apr 2004 5:49pm GMT

PHP Virus Attacking Web Hosts

Symantec have a report of the virus here. I've yet to see any of the PHP news sites picking up on it but, using a virtual host account, managed to deliberately expose some PHP scripts to it. From examining the infected scripts, what's disturbing is once infected, every tim...

01 Apr 2004 12:19pm GMT