(cherry picked from commit 3a601303cb840319d15fc463ea09f4b6ae6ad9b8)

(cherry picked from commit 782505f3aa54b9cef55eca7b16dc44f3400a1669)

(cherry picked from commit fca8041221aadd5d10d512c0bc0e2d974f7845d1)

(cherry picked from commit e114e22e45e9a8c9c6720675aa1108d4f5186cae)

(cherry picked from commit 42768554f88cb0e50d16fdc0f72d8cd0e6abf416)

(cherry picked from commit c88215b4a8b4a08251a849548ecbd49a305aafca)

(cherry picked from commit 125dc2330e845f7b4ee2ae768dfade114655bfba)

(cherry picked from commit acb76ed4d12d6e8f23067b64d31db71239be1c6f)

(cherry picked from commit cd2090d9d12f9b0da4bf814d5166101dda3e038a)

(cherry picked from commit 9a70845186c7b335de8e54e1962ab96b7ebe355d)

(cherry picked from commit 96c041100901a7760d2c2d037adea101aa09c68e)

(cherry picked from commit c2ec9234e8f7017ee4831ad010e9fd70118fa905)

https://github.com/python-ldap/python-ldap/releases/tag/python-ldap-3.4.5

Fixes: CVE-2025-61911, CVE-2025-61912
(cherry picked from commit 8619190cc709019cfcd9d56e341d626e17768bbe)

(cherry picked from commit 9f4f753fec3ac31cc019f67a234f349a47b6db85)

(cherry picked from commit 06d40e889f6b16d014965d3c803f846975df99ac)

Fixes CVE-2025-58246 and CVE-2025-58674.

https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
(cherry picked from commit cfdb6c1284f95e29bda18b985ca4b2131dc53a67)

(cherry picked from commit 8c4ab456b1d0dfe9ec3a2c71cc2ed3a6ca1a25f2)

We were relying on `composerNoScripts = false` to make sure post-install
command `assets:install` is run. `assets:install` copies assets from
`vendor/` directory into `public/` directory, placing it in appropriate
places.

However, with commit 80bb9aec24 ("kimai: switch to buildComposerProject2
and tag"), we switched to `buildComposerProject2` which has moved
`composer install` step to `composerVendor` derivation. By design,
`composerVendor` ignores anything that happens outside `vendor/`, so
the assets was not copied into final derivation.

So stop relying on `composerNoScripts = false` and run `assets:install`
ourselves in `postInstall` step. A side effect of this is that there is
another post-install step being skipped (`cache:clear`). However we
simply handle caches outside of the derivation (it's handled in the
module), so that's not a problem.

Fixes: https://github.com/NixOS/nixpkgs/issues/442208
(cherry picked from commit 1422ed88014e9a43d262fa5c3ff5a925d135c030)

(cherry picked from commit b0df84143c66d36e9d6dc917b195db7ff10c107d)

(cherry picked from commit 597c2c6fa5646d18b4ce4f7e0ffa7a6f75141e82)

(cherry picked from commit 5e1770aef6e8ab1d1c2a499d2a7579d66b096c99)

(cherry picked from commit 4163a8e661cf48528bec5351a2fa8796eb22199f)

(cherry picked from commit 95bf4c036d558cbfc957e447fb01c88f9a49d778)

Release notes: https://github.com/keycloak/keycloak/releases/tag/26.3.3
Full changelog: https://github.com/keycloak/keycloak/compare/26.3.2...26.3.3

(cherry picked from commit e61a31f1bbc8177c194d3cdfda17c3a93af4489c)

(cherry picked from commit 70ed84324e3b1e5e1eca06034c99c8b432f32b8b)

Release notes:
- https://github.com/keycloak/keycloak/releases/tag/26.3.0
- https://github.com/keycloak/keycloak/releases/tag/26.3.1
Full list of changes: https://github.com/keycloak/keycloak/compare/26.2.5...26.3.1

(cherry picked from commit c3d25e49019df195eeb3fc6a62c6fe0b9dfbf4bd)

(cherry picked from commit 5d16ecbf0e9d587f51862826c981f90b9baf5e64)

(cherry picked from commit 88c5e8e63d334a703b8867179088c9be8d8baa32)