www/drupal9: update to 9.3.20

9.3.20 (2022-07-28)

This is a patch (bugfix) release of Drupal 9 and is ready for use on
production sites.  Learn more about Drupal 9.

* Drupal core uses the third-party Diactoros library as its PSR-7
  implementation. Diactoros has issued a security advisory:

* CVE-2022-31109: Diactoros before 2.11.1 vulnerable to HTTP Host Header
  Attack

Drupal core is unlikely to be vulnerable.  This bugfix release updates the
version of Diactoros used in drupal/core-recommended to a secure version as
a precaution.

9.3.19 (2022-07-20)

This is a security release of the Drupal 9 series.

This release fixes security vulnerabilities.  Sites are urged to update
immediately after reading the notes below and the security announcement:

* Drupal core - Moderately critical - Information Disclosure -
  SA-CORE-2022-012

* Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013

* Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014

* Drupal core - Moderately critical - Multiple vulnerabilities -
  SA-CORE-2022-015

No other changes are included.

(taca)