tiny-blocks · gustavofreze · Jan 3, 2026 · Jan 3, 2026
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,31 @@
+version: 2
+
+updates:
+  - package-ecosystem: "composer"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 0
+    labels:
+      - "php"
+      - "security"
+      - "dependencies"
+    groups:
+      php-security:
+        applies-to: security-updates
+        patterns:
+          - "*"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "build"
+    labels:
+      - "dependencies"
+      - "github-actions"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml
@@ -18,7 +18,7 @@ jobs:
       - name: Assign issues and pull requests
         uses: gustavofreze/auto-assign@2.0.0
         with:
-          assignees: '${{ secrets.ASSIGNEES }}'
+          assignees: '${{ vars.ASSIGNEES }}'
           github_token: '${{ secrets.GITHUB_TOKEN }}'
           allow_self_assign: 'true'
           allow_no_assignees: 'true'

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -13,7 +13,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Configure PHP
         uses: shivammathur/setup-php@v2
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Configure PHP
         uses: shivammathur/setup-php@v2

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,35 @@
+name: Security checks
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: "0 0 * * *"
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ "actions" ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Perform CodeQL analysis
+        uses: github/codeql-action/analyze@v4
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,7 @@
 .idea
 
-/vendor/
-/report
-*.lock
+vendor
+report
 .phpunit.*
+
+*.lock
diff --git a/composer.json b/composer.json
@@ -40,15 +40,15 @@
     },
     "require": {
         "php": "^8.3",
-        "symfony/process": "^7.1",
-        "tiny-blocks/ksuid": "^1",
-        "tiny-blocks/mapper": "^1",
-        "tiny-blocks/collection": "^1"
+        "symfony/process": "^7.2",
+        "tiny-blocks/ksuid": "^1.3",
+        "tiny-blocks/mapper": "^1.1",
+        "tiny-blocks/collection": "^1.10"
     },
     "require-dev": {
         "phpmd/phpmd": "^2.15",
-        "phpunit/phpunit": "^11",
-        "phpstan/phpstan": "^1",
+        "phpunit/phpunit": "^11.5",
+        "phpstan/phpstan": "^1.12",
         "dg/bypass-finals": "^1.8",
         "squizlabs/php_codesniffer": "^3.11",
         "ext-pdo": "*"