Update GitHub Actions

.github/dependabot.yml

@@ -0,0 +1,213 @@
+# Configure Dependabot scanning.
+version: 2
+
+updates:
+  # Check for updates to GitHub Actions.
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+    groups:
+      github-actions:
+        patterns:
+          - "*"
+
+  # Check for updates to Composer packages.
+  - package-ecosystem: "composer"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+    ignore:
+      # These dependencies do not currently need to be managed with Dependabot.
+      - dependency-name: "squizlabs/php_codesniffer"
+      - dependency-name: "wp-coding-standards/wpcs"
+      - dependency-name: "phpcompatibility/php-compatibility"
+      - dependency-name: "yoast/phpunit-polyfills"
+    groups:
+      composer-packages:
+        patterns:
+          - "composer/ca-bundle"
+
+  # Monitor some npm dependencies for updates in groups.
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 20
+    ignore:
+      - dependency-name: "@wordpress/*"
+    groups:
+      ##
+      # Groups for updating devDependencies.
+      ##
+
+      # Dependencies related to Playwright testing (E2E, performance).
+      tests-playwright:
+        patterns:
+          - "*playwright*"
+      # Dependencies related to JavaScript testing with QUnit.
+      tests-qunit:
+        patterns:
+          - "*qunit*"
+          - "sinon*"
+      # Dependencies related to CSS and SASS building and manilupating.
+      dev-css-sass:
+        patterns:
+          - "autoprefixer"
+          # postcss and css related dependencies.
+          - "*css*"
+          - "*sass"
+      # Dependencies related to the Webpack build process.
+      dev-webpack:
+        patterns:
+          - "*webpack*"
+          - "react-refresh"
+          - "source-map-loader"
+      # Dependencies related to the local Docker development environment.
+      dev-docker:
+        patterns:
+          - "dotenv*"
+          - "wait-on"
+      # Dependencies that do not fall into a specific grouping.
+      dev-miscellaneous:
+        patterns:
+          - "chalk"
+          - "check-node-version"
+          - "ink-docstrap"
+          - "install-changed"
+          - "matchdep"
+          - "uuid"
+      # Dependencies related to JavaScript minification.
+      dev-uglify:
+        patterns:
+          - "*uglify*"
+      # All GruntJS related dependencies that do not relate to another group.
+      dev-grunt:
+        patterns:
+          - "*grunt*"
+
+      ##
+      # Groups for updating production dependencies.
+      ##
+
+      # Dependencies related to jQuery and its ecosystem.
+      external-jquery:
+        patterns:
+          - "jquery*"
+      # Dependencies related to React and its ecosystem.
+      external-react:
+        patterns:
+          - "react*"
+          - "!react-refresh"
+      # Dependencies used for bundling polyfill libraries into WordPress.
+      external-polyfills:
+        patterns:
+          - "core-js-url-browser"
+          - "element-closest"
+          - "formdata-polyfill"
+          - "imagesloaded"
+          - "objectFitPolyfill"
+          - "polyfill-library"
+          - "regenerator-runtime"
+          - "whatwg-fetch"
+          - "wicg-inert"
+      # Dependencies related to the Masonry library.
+      external-masonry:
+        patterns:
+          - "masonry-layout"
+      # Dependencies that do not fall into a specific grouping.
+      external-miscellaneous:
+        patterns:
+          - "backbone"
+          - "clipboard"
+          - "hoverintent"
+          - "json2php"
+          - "lodash"
+          - "moment"
+          - "underscore"
+
+  # Monitor npm dependencies within default themes.
+  - package-ecosystem: "npm"
+    directory: "/src/wp-content/themes/twentytwentyfive"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 20
+    groups:
+      twentytwentyfive-css:
+        patterns:
+          - "**browserslist*"
+          - "*css*"
+
+  - package-ecosystem: "npm"
+    directory: "/src/wp-content/themes/twentytwentytwo"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 20
+    groups:
+      twentytwentytwo-css:
+        patterns:
+          - "**browserslist*"
+          - "*css*"
+
+  - package-ecosystem: "npm"
+    directory: "/src/wp-content/themes/twentytwentyone"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 20
+    groups:
+      twentytwentyone-sass-css:
+        patterns:
+          - "**browserslist*"
+          - "autoprefixer"
+          - "*css*"
+          - "*sass*"
+          - "!*stylelint*"
+      twentytwentyone-eslint:
+        patterns:
+          - "**eslint*"
+      twentytwentyone-stylelint:
+        patterns:
+          - "**stylelint*"
+      twentytwentyone-miscellaneous:
+        patterns:
+          - "chokidar-cli"
+          - "minimist"
+          - "npm-run-all"
+
+  - package-ecosystem: "npm"
+    directory: "/src/wp-content/themes/twentytwenty"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 20
+    groups:
+      twentytwenty-css:
+        patterns:
+          - "**browserslist*"
+          - "autoprefixer"
+          - "*css*"
+      twentytwenty-stylelint:
+        patterns:
+          - "*stylelint*"
+      twentytwenty-miscellaneous:
+        patterns:
+          - "concurrently"
+          - "@wordpress/scripts"
+
+  - package-ecosystem: "npm"
+    directory: "/src/wp-content/themes/twentynineteen"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 20
+    groups:
+      twentynineteen-css-sass:
+        patterns:
+          - "**browserslist*"
+          - "autoprefixer"
+          - "*css*"
+          - "*sass*"
+      twentynineteen-miscellaneous:
+        patterns:
+          - "chokidar-cli"
+          - "npm-run-all"

.github/workflows/install-testing.yml

@@ -118,7 +118,7 @@ jobs:
 
     steps:
       - name: Set up PHP ${{ matrix.php }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
+        uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0
         with:
           php-version: '${{ matrix.php }}'
           coverage: none

.github/workflows/reusable-build-package.yml

@@ -35,7 +35,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up Node.js
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -53,7 +53,7 @@ jobs:
         run: zip -q -r develop.zip wordpress/.
 
       - name: Upload ZIP as a GitHub Actions artifact
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: wordpress-develop
           path: develop.zip

.github/workflows/reusable-check-built-files.yml

@@ -42,7 +42,7 @@ jobs:
           show-progress: ${{ runner.debug == '1' && 'true' || 'false' }}
 
       - name: Set up Node.js
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -56,7 +56,7 @@ jobs:
       # Since Composer dependencies are installed using `composer update` and no lock file is in version control,
       # passing a custom cache suffix ensures that the cache is flushed at least once per week.
       - name: Install Composer dependencies
-        uses: ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520 # v3.1.1
+        uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # v4.0.0
         with:
           custom-cache-suffix: ${{ steps.get-date.outputs.date }}
 
@@ -103,7 +103,7 @@ jobs:
 
       # Uploads the diff file as an artifact.
       - name: Upload diff file as artifact
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         if: ${{ steps.built-file-check.outputs.uncommitted_changes == 'true' }}
         with:
           name: pr-built-file-changes

.github/workflows/reusable-coding-standards-javascript.yml

@@ -40,7 +40,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up Node.js
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version-file: '.nvmrc'
           cache: npm

.github/workflows/reusable-coding-standards-php.yml

@@ -52,7 +52,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up PHP
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
+        uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0
         with:
           php-version: ${{ inputs.php-version }}
           coverage: none
@@ -75,7 +75,7 @@ jobs:
       # Since Composer dependencies are installed using `composer update` and no lock file is in version control,
       # passing a custom cache suffix ensures that the cache is flushed at least once per week.
       - name: Install Composer dependencies
-        uses: ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520 # v3.1.1
+        uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # v4.0.0
         with:
           custom-cache-suffix: ${{ steps.get-date.outputs.date }}
 

.github/workflows/reusable-end-to-end-tests.yml

@@ -82,7 +82,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up Node.js
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -145,7 +145,7 @@ jobs:
         run: npm run test:e2e
 
       - name: Archive debug artifacts (screenshots, HTML snapshots)
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         if: always()
         with:
           name: failures-artifacts${{ inputs.LOCAL_SCRIPT_DEBUG && '-SCRIPT_DEBUG' || '' }}-${{ github.run_id }}

.github/workflows/reusable-javascript-tests.yml

@@ -41,7 +41,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up Node.js
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version-file: '.nvmrc'
           cache: npm

.github/workflows/reusable-javascript-type-checking-v1.yml

@@ -33,13 +33,13 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           show-progress: ${{ runner.debug == '1' && 'true' || 'false' }}
           persist-credentials: false
 
       - name: Set up Node.js
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -53,7 +53,7 @@ jobs:
         run: npm ci --ignore-scripts
 
       - name: Cache TypeScript build info
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
         with:
           path: |
             *.tsbuildinfo
@@ -65,7 +65,7 @@ jobs:
         run: npm run typecheck:js
 
       - name: "Save result cache"
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
         if: ${{ !cancelled() }}
         with:
           path: |

.github/workflows/reusable-performance-report-v2.yml

@@ -62,13 +62,13 @@ jobs:
           persist-credentials: false
 
       - name: Set up Node.js
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version-file: '.nvmrc'
           cache: npm
 
       - name: Download artifacts
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           pattern: performance-${{ inputs.multisite && 'multisite' || 'single' }}-${{ inputs.memcached && 'memcached' || 'default' }}-*
           path: artifacts

.github/workflows/reusable-performance-test-v2.yml

@@ -122,7 +122,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up Node.js
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -255,7 +255,7 @@ jobs:
           TEST_RESULTS_PREFIX: ${{ inputs.subject != 'current' && inputs.subject || '' }}
 
       - name: Archive artifacts
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         if: always()
         with:
           name: performance-${{ inputs.multisite && 'multisite' || 'single' }}-${{ inputs.memcached && 'memcached' || 'default' }}-${{ inputs.subject }}