www/drupal8: update to 8.6.2

Release notes

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the notes below and the security announcement:

* Drupal Core - Multiple vulnerabilities - SA-CORE-2018-006

No other fixes are included.

Sites on 8.5.x should update immediately to Drupal 8.5.8 instead, and plan to
update to the latest 8.6.x release before May 2019.

Important update information

Site update and module owners planning to update to this should take note of
the following important changes.

For site owners

* Previously, users who didn't have access to use any Content Moderation
  transitions were granted implicit access to update content provided the
  state of the content did not change. This access has been removed. Site
  owners should ensure that all content editor roles have access to
  appropriate transitions for moderated content types (including published to
  published where appropriate).

* There are no database updates in this release, but site owners will need to
  run update.php to ensure a cache clear.

* No changes have been made to the .htaccess, web.config, robots.txt or
  default settings.php files in this release, so upgrading custom versions of
  those files is not necessary.

For contributed and custom module developers

* \Drupal\Core\EventSubscriber\RedirectResponseSubscriber::sanitizeDestination()
  has been removed. If you have extended that class or are calling that
  method, you should review your implementation in line with the changes in
  the patch.

* An additional method has been added to
  StateTransitionValidationInterface. Implementations should review the new
  method and ensure compatibility with it.

* ModerationStateConstraintValidator now has two additional service
  dependencies. Subclasses will need to update their constructor to inject the
  new services.

(taca)