Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Config Migration Needed

• Select this checkbox to let Renovate create an automated Config Migration PR.

Repository Problems

These problems occurred while renovating this repository. View logs.

• ⚠️ WARN: Package lookup failures

Awaiting Schedule

The following updates are awaiting their schedule. To get an update now, click on a checkbox below.

• Update github-actions (astral-sh/setup-uv, cbrgm/mastodon-github-action, github/codeql-action, metcalfc/changelog-generator, shivammathur/setup-php, step-security/harden-runner)

---

Warning

Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package ramsey/composer-install).

Files affected: .github/workflows/build.yml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• Update github-actions (major) (WyriHaximus/github-action-get-previous-tag, actions/cache, actions/checkout, astral-sh/setup-uv, boostsecurityio/poutine-action, dessant/lock-threads, peter-evans/repository-dispatch, ramsey/composer-install)
• Update root-composer (major) (cweagans/composer-patches, doctrine/collections, doctrine/dbal, doctrine/orm, doctrine/persistence, nesbot/carbon, phpunit/phpunit, symfony/cache, symfony/uid)
• Click on this checkbox to rebase all open PRs at once

Detected Dependencies

composer (1)

composer.json (24)

• php ^7.4 || ^8.0
• phpstan/phpstan ^2.1.34
• cache/array-adapter ^1.1
• composer/semver ^3.3.2
• cweagans/composer-patches ^1.7.3 → [Updates: ^2.0.0]
• doctrine/annotations ^2.0
• doctrine/collections ^1.6 || ^2.1 → [Updates: ^3.0]
• doctrine/common ^2.7 || ^3.0
• doctrine/dbal ^3.3.8 → [Updates: ^4.0.0]
• doctrine/lexer ^2.0 || ^3.0
• doctrine/mongodb-odm ^2.4.3
• doctrine/orm ^2.16.0 → [Updates: ^3.0.0]
• doctrine/persistence ^2.2.1 || ^3.4.3 → [Updates: ^4.0.0]
• gedmo/doctrine-extensions ^3.8
• nesbot/carbon ^2.49 → [Updates: ^3.0]
• php-parallel-lint/php-parallel-lint ^1.2
• phpstan/phpstan-deprecation-rules ^2.0.2
• phpstan/phpstan-phpunit ^2.0.8
• phpstan/phpstan-strict-rules ^2.0
• phpunit/phpunit ^9.6.20 → [Updates: ^13.0.0]
• ramsey/uuid ^4.2
• shipmonk/name-collision-detector ^2.1
• symfony/cache ^5.4 → [Updates: ^8.0]
• symfony/uid ^5.4 || ^6.4 || ^7.3 → [Updates: ^8.0]

github-actions (9)

.github/workflows/build.yml (21)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• shivammathur/setup-php v2@44454db4f0199b8b9685a5d763dc37cbf79108e1 → [Updates: v2]
• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• shivammathur/setup-php v2@44454db4f0199b8b9685a5d763dc37cbf79108e1 → [Updates: v2]
• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• shivammathur/setup-php v2@44454db4f0199b8b9685a5d763dc37cbf79108e1 → [Updates: v2]
• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• actions/cache v4.3.0@0057852bfaa89a56745cba8c7296529d2fc39830 → [Updates: v5.0.5]
• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• shivammathur/setup-php v2@44454db4f0199b8b9685a5d763dc37cbf79108e1 → [Updates: v2]
• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• actions/checkout v4.3.1@34e114876b0b11c390a56381ad16ebd13914f8d5 → [Updates: v6.0.2]
• shivammathur/setup-php v2@44454db4f0199b8b9685a5d763dc37cbf79108e1 → [Updates: v2]
• ramsey/composer-install v3@3cf229dc2919194e9e36783941438d17239e8520 → [Updates: 4.0.0]

.github/workflows/create-tag.yml (6)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• WyriHaximus/github-action-get-previous-tag v1.4.0@04e8485ecb6487243907e330d522ff60f02283ce → [Updates: v2]
• WyriHaximus/github-action-next-semvers v1@d079934efaf011a4cf8912d4637097fe35d32b93
• rickstaa/action-create-tag v1.7.2@a1c7777fcb2fee4f19b0f283ba888afa11678b72
• rickstaa/action-create-tag v1.7.2@a1c7777fcb2fee4f19b0f283ba888afa11678b72

.github/workflows/lint-workflows.yml (14)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• synacktiv/action-octoscan v1.0.0@6b1cf2343893dfb9e5f75652388bd2dc83f456b0
• github/codeql-action v4.32.4@89a39a4e59826350b863aa6b6252a07ad50cf83e → [Updates: v4.35.4]
• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• boostsecurityio/poutine-action v0.15.2@84c0a0d32e8d57ae12651222be1eb15351429228 → [Updates: v1.1.4]
• github/codeql-action v4.32.4@89a39a4e59826350b863aa6b6252a07ad50cf83e → [Updates: v4.35.4]
• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• actions/checkout v6.0.2@de0fac2e4500dabe0009e67214ff5f5447ce83dd
• astral-sh/setup-uv v7.3.0@eac588ad8def6316056a12d4907a9d4d84ff7a3b → [Updates: v7.6, v8.1.0]
• github/codeql-action v4.31.9@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 → [Updates: v4.35.4]

.github/workflows/lock-closed-issues.yml (2)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• dessant/lock-threads v5.0.1@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 → [Updates: v6]

.github/workflows/platform-test.yml (3)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• shivammathur/setup-php v2@44454db4f0199b8b9685a5d763dc37cbf79108e1 → [Updates: v2]

.github/workflows/release-toot.yml (2)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• cbrgm/mastodon-github-action v2.1.25@845250b56b82d94e26bf23984d5e0cf5ced6d18f → [Updates: v2.2]

.github/workflows/release-tweet.yml (2)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• Eomm/why-don-t-you-tweet v2.0.0@d9ec12835f4d494dda920f95f885df3dba380493

.github/workflows/release.yml (4)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• actions/checkout v5.0.1@93cb6efe18208431cddfb8368fd83d5badbf9bfd → [Updates: v6.0.2]
• metcalfc/changelog-generator v4.6.2@3f82cef08fe5dcf57c591fe165e70e1d5032e15a → [Updates: v4.7.0]
• actions/create-release v1.1.4@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e

.github/workflows/test-projects.yml (2)

• step-security/harden-runner v2.14.2@5ef0c079ce82195b2a36a210272d6b661572d83e → [Updates: v2.19.1]
• peter-evans/repository-dispatch v3.0.0@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 → [Updates: v4.0.1]

---

• Check this box to trigger a request for Renovate to run again on this repository