tiny-blocks · gustavofreze · Jan 7, 2026 · Jan 7, 2026 · Jan 7, 2026 · Jan 7, 2026
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,31 @@
+version: 2
+
+updates:
+  - package-ecosystem: "composer"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 0
+    labels:
+      - "php"
+      - "security"
+      - "dependencies"
+    groups:
+      php-security:
+        applies-to: security-updates
+        patterns:
+          - "*"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "build"
+    labels:
+      - "dependencies"
+      - "github-actions"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml
@@ -18,7 +18,7 @@ jobs:
       - name: Assign issues and pull requests
         uses: gustavofreze/auto-assign@2.0.0
         with:
-          assignees: '${{ secrets.ASSIGNEES }}'
+          assignees: '${{ vars.ASSIGNEES }}'
           github_token: '${{ secrets.GITHUB_TOKEN }}'
           allow_self_assign: 'true'
           allow_no_assignees: 'true'

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,35 @@
+name: Security checks
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: "0 0 * * *"
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ "actions" ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Perform CodeQL analysis
+        uses: github/codeql-action/analyze@v4
diff --git a/.gitignore b/.gitignore
@@ -1,7 +1,6 @@
 .idea
-vendor
-report
-.phpunit.cache
 
-composer.lock
-.phpunit.result.cache
+/vendor/
+/report
+*.lock
+.phpunit.*
diff --git a/composer.json b/composer.json
@@ -42,14 +42,13 @@
         }
     },
     "require": {
-        "php": "^8.3",
-        "tiny-blocks/collection": "dev-main"
+        "php": "^8.3"
     },
     "require-dev": {
         "phpmd/phpmd": "^2.15",
-        "phpstan/phpstan": "^1",
-        "phpunit/phpunit": "^11",
-        "infection/infection": "^0",
+        "phpstan/phpstan": "^1.12",
+        "phpunit/phpunit": "^11.5",
+        "infection/infection": "^0.32",
         "squizlabs/php_codesniffer": "^3.11"
     },
     "scripts": {
@@ -58,7 +57,7 @@
         "phpmd": "phpmd ./src text phpmd.xml --suffixes php --ignore-violations-on-exit",
         "phpstan": "phpstan analyse -c phpstan.neon.dist --quiet --no-progress",
         "test-file": "phpunit --configuration phpunit.xml --no-coverage --filter",
-        "mutation-test": "infection --only-covered --threads=max --logger-html=report/coverage/mutation-report.html --coverage=report/coverage",
+        "mutation-test": "infection --threads=max --logger-html=report/coverage/mutation-report.html --coverage=report/coverage",
         "test-no-coverage": "phpunit --configuration phpunit.xml --no-coverage tests",
         "review": [
             "@phpcs",