From 340c756e842310e49c3a584f0e954364cb6a5a0c Mon Sep 17 00:00:00 2001 From: jrfnl Date: Fri, 12 Dec 2025 18:28:18 +0100 Subject: [PATCH 01/24] Requests::VERSION: move to top of the class This constant needs to be updated regularly and having to search for it is getting annoying. --- src/Requests.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/Requests.php b/src/Requests.php index 556b06e0a..2c575e17c 100644 --- a/src/Requests.php +++ b/src/Requests.php @@ -35,6 +35,13 @@ * @package Requests */ class Requests { + /** + * Current version of Requests + * + * @var string + */ + const VERSION = '2.0.17'; + /** * POST method * @@ -143,13 +150,6 @@ class Requests { Fsockopen::class => Fsockopen::class, ]; - /** - * Current version of Requests - * - * @var string - */ - const VERSION = '2.0.17'; - /** * Selected transport name * From 4247ecb26f800f4d19282ff997e7561a208d9374 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Tue, 21 Jan 2025 12:30:28 +0100 Subject: [PATCH 02/24] PHPUnit: add clover code coverage config to config file This moves the clover code coverage config from the composer script to the `phpunit[10].xml.dist` config files. It also moves the default location for the file from the project root to the `tests/coverage/` directory so all coverage files are in the same place (and automatically git ignored etc). Includes updating the "upload to CodeCov" step to find the file in the new location. --- .github/workflows/test.yml | 4 ++-- phpunit.xml.dist | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 715e8b01a..94e9cae73 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -118,7 +118,7 @@ jobs: - name: Run the unit tests with code coverage if: ${{ matrix.coverage == true }} - run: vendor/bin/phpunit --coverage-clover clover.xml + run: vendor/bin/phpunit - name: Stop proxy server continue-on-error: true @@ -135,6 +135,6 @@ jobs: uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 with: token: "${{ secrets.CODECOV_TOKEN }}" - files: ./clover.xml + files: ./tests/coverage/clover.xml fail_ci_if_error: true verbose: true diff --git a/phpunit.xml.dist b/phpunit.xml.dist index 393afcbcb..89d411ab8 100644 --- a/phpunit.xml.dist +++ b/phpunit.xml.dist @@ -16,6 +16,7 @@ + From f2dfa571e5d4b69c9219755ece35f5acc596d3e5 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Sat, 22 Nov 2025 00:47:17 +0100 Subject: [PATCH 03/24] GH Actions/website: update PHP version used by phpDocumentor As of phpDocumentor 3.9.0, the recommended PHP version to run phpDocumentor on is PHP 8.4. Ref: https://github.com/phpDocumentor/phpDocumentor/releases/tag/v3.9.0 --- .github/workflows/update-website.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index d97cef679..95e2c184f 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -57,7 +57,7 @@ jobs: - name: Install PHP uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0 with: - php-version: '8.1' + php-version: '8.4' ini-values: display_errors=On, display_startup_errors=On coverage: none tools: phpdoc From 0b7a93b200be746d38f0b48797b1cb04440d2a5a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 08:35:17 +0000 Subject: [PATCH 04/24] GH Actions: Bump the action-runners group with 2 updates Bumps the action-runners group with 2 updates: [codecov/codecov-action](https://github.com/codecov/codecov-action) and [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `codecov/codecov-action` from 5.5.1 to 5.5.2 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/5a1091511ad55cbe89839c7260b706298ca349f7...671740ac38dd9b0130fbe1cec585b89eea48d3de) Updates `ruby/setup-ruby` from 1.269.0 to 1.270.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/d697be2f83c6234b20877c3b5eac7a7f342f0d0c...ac793fdd38cc468a4dd57246fa9d0e868aba9085) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 5.5.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-runners - dependency-name: ruby/setup-ruby dependency-version: 1.270.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-runners ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- .github/workflows/update-website.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 94e9cae73..6ab32e439 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -132,7 +132,7 @@ jobs: - name: Send coverage report to Codecov if: ${{ success() && matrix.coverage == true && github.event.repository.fork == false }} - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 with: token: "${{ secrets.CODECOV_TOKEN }}" files: ./tests/coverage/clover.xml diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index 95e2c184f..f72634412 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -193,7 +193,7 @@ jobs: # Test that the site builds correctly. - name: Set up Ruby - uses: ruby/setup-ruby@d697be2f83c6234b20877c3b5eac7a7f342f0d0c # v1.269.0 + uses: ruby/setup-ruby@ac793fdd38cc468a4dd57246fa9d0e868aba9085 # v1.270.0 with: # Use the version as per https://pages.github.com/versions/. ruby-version: 3.3.4 From c8bafc714886cd5d68046fb0075ebbfc1af52e10 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 08:35:20 +0000 Subject: [PATCH 05/24] GH Actions: Bump actions/upload-artifact from 5.0.0 to 6.0.0 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5.0.0 to 6.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/330a01c490aca151604b8cf639adc76d48f6c5d4...b7c566a772e6b6bfb58ed0dc250532a479d7789f) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/update-website.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index f72634412..dc84b3c15 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -74,7 +74,7 @@ jobs: # Retention is normally 90 days, but this artifact is only for review # and use in the next step, so no need to keep it for more than a day. - name: Upload the artifacts folder - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 if: ${{ success() }} with: name: website-updates From 2bf9f5eaaf51ecec2fc0917265a36c7c99f60477 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 08:35:25 +0000 Subject: [PATCH 06/24] GH Actions: Bump actions/cache from 4.3.0 to 5.0.1 Bumps [actions/cache](https://github.com/actions/cache) from 4.3.0 to 5.0.1. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...9255dc7a253b0ccc959486e2bca901246202afeb) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/reusable-update-cacert.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-update-cacert.yml b/.github/workflows/reusable-update-cacert.yml index 835e202b0..2158784d6 100644 --- a/.github/workflows/reusable-update-cacert.yml +++ b/.github/workflows/reusable-update-cacert.yml @@ -36,7 +36,7 @@ jobs: persist-credentials: false - name: Restore etags cache for certificate files - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: path: certificates/etag-*.txt key: curl-etag-${{ hashFiles('certificates/cacert.pem') }}-${{ hashFiles('certificates/cacert.pem.sha256') }} From d1bacd8f420bb4ccadfca7ef1ab2d25c2210ed83 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 08:35:30 +0000 Subject: [PATCH 07/24] GH Actions: Bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.11 to 8.0.0. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/22a9089034f40e5a961c8808d113e2c98fb63676...98357b18bf14b5342f975ff684046ec3b2a07725) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/reusable-update-cacert.yml | 2 +- .github/workflows/update-website.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-update-cacert.yml b/.github/workflows/reusable-update-cacert.yml index 2158784d6..912b153b0 100644 --- a/.github/workflows/reusable-update-cacert.yml +++ b/.github/workflows/reusable-update-cacert.yml @@ -64,7 +64,7 @@ jobs: run: echo "DATE=$(/bin/date -u "+%F")" >> "$GITHUB_OUTPUT" - name: Create pull request - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11 + uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0 with: base: ${{ steps.branches.outputs.BASE }} branch: ${{ steps.branches.outputs.PR_BRANCH }} diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index dc84b3c15..8a0e07df4 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -172,7 +172,7 @@ jobs: - name: Create pull request if: github.event_name != 'pull_request' - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11 + uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0 with: base: gh-pages branch: feature/auto-ghpages-update-${{ steps.get_pr_info.outputs.REF }} From dba826ea57e0eb46e198f2c4266938c6688c4fd0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 08:35:33 +0000 Subject: [PATCH 08/24] GH Actions: Bump actions/download-artifact from 6.0.0 to 7.0.0 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53...37930b1c2abaa49bbe596cd826c3c89aef350131) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/update-website.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index 8a0e07df4..990c7896c 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -118,7 +118,7 @@ jobs: persist-credentials: false - name: Download the prepared artifacts - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: website-updates path: artifacts From 9ec339d8685e278303d9b02628e94de9c9779eeb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Dec 2025 09:09:06 +0000 Subject: [PATCH 09/24] GH Actions: Bump ruby/setup-ruby in the action-runners group Bumps the action-runners group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `ruby/setup-ruby` from 1.270.0 to 1.275.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/ac793fdd38cc468a4dd57246fa9d0e868aba9085...d354de180d0c9e813cfddfcbdc079945d4be589b) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.275.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-runners ... Signed-off-by: dependabot[bot] --- .github/workflows/update-website.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index 990c7896c..d812809bc 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -193,7 +193,7 @@ jobs: # Test that the site builds correctly. - name: Set up Ruby - uses: ruby/setup-ruby@ac793fdd38cc468a4dd57246fa9d0e868aba9085 # v1.270.0 + uses: ruby/setup-ruby@d354de180d0c9e813cfddfcbdc079945d4be589b # v1.275.0 with: # Use the version as per https://pages.github.com/versions/. ruby-version: 3.3.4 From 8542f09109f8c3ff18a85a1a46c7c0108452df0b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Dec 2025 08:29:28 +0000 Subject: [PATCH 10/24] GH Actions: Bump ruby/setup-ruby in the action-runners group Bumps the action-runners group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `ruby/setup-ruby` from 1.275.0 to 1.276.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/d354de180d0c9e813cfddfcbdc079945d4be589b...ae195bbe749a7cef685ac729197124a48305c1cb) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.276.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-runners ... Signed-off-by: dependabot[bot] --- .github/workflows/update-website.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index d812809bc..cc20a5eed 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -193,7 +193,7 @@ jobs: # Test that the site builds correctly. - name: Set up Ruby - uses: ruby/setup-ruby@d354de180d0c9e813cfddfcbdc079945d4be589b # v1.275.0 + uses: ruby/setup-ruby@ae195bbe749a7cef685ac729197124a48305c1cb # v1.276.0 with: # Use the version as per https://pages.github.com/versions/. ruby-version: 3.3.4 From 4afd6cf2b0d996d16c370d70594d466117dbb22e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Jan 2026 08:29:33 +0000 Subject: [PATCH 11/24] GH Actions: Bump ruby/setup-ruby in the action-runners group Bumps the action-runners group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `ruby/setup-ruby` from 1.276.0 to 1.278.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/ae195bbe749a7cef685ac729197124a48305c1cb...4c24fa5ec04b2e79eb40571b1cee2a0d2b705771) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.278.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-runners ... Signed-off-by: dependabot[bot] --- .github/workflows/update-website.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index cc20a5eed..e319fac8f 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -193,7 +193,7 @@ jobs: # Test that the site builds correctly. - name: Set up Ruby - uses: ruby/setup-ruby@ae195bbe749a7cef685ac729197124a48305c1cb # v1.276.0 + uses: ruby/setup-ruby@4c24fa5ec04b2e79eb40571b1cee2a0d2b705771 # v1.278.0 with: # Use the version as per https://pages.github.com/versions/. ruby-version: 3.3.4 From 289c72463f742a6ad57714c59128031b61d568dc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jan 2026 09:36:35 +0000 Subject: [PATCH 12/24] GH Actions: Bump ruby/setup-ruby in the action-runners group Bumps the action-runners group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `ruby/setup-ruby` from 1.278.0 to 1.281.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/4c24fa5ec04b2e79eb40571b1cee2a0d2b705771...675dd7ba1b06c8786a1480d89c384f5620a42647) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.281.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-runners ... Signed-off-by: dependabot[bot] --- .github/workflows/update-website.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index e319fac8f..104ea2f1f 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -193,7 +193,7 @@ jobs: # Test that the site builds correctly. - name: Set up Ruby - uses: ruby/setup-ruby@4c24fa5ec04b2e79eb40571b1cee2a0d2b705771 # v1.278.0 + uses: ruby/setup-ruby@675dd7ba1b06c8786a1480d89c384f5620a42647 # v1.281.0 with: # Use the version as per https://pages.github.com/versions/. ruby-version: 3.3.4 From c3d5bcf17e5751888c8ba7496a90a52de148a5b7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Jan 2026 09:18:04 +0000 Subject: [PATCH 13/24] GH Actions: Bump the action-runners group with 2 updates Bumps the action-runners group with 2 updates: [actions/cache](https://github.com/actions/cache) and [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `actions/cache` from 5.0.1 to 5.0.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...8b402f58fbc84540c8b491a91e594a4576fec3d7) Updates `ruby/setup-ruby` from 1.281.0 to 1.284.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/675dd7ba1b06c8786a1480d89c384f5620a42647...80740b3b13bf9857e28854481ca95a84e78a2bdf) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-runners - dependency-name: ruby/setup-ruby dependency-version: 1.284.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-runners ... Signed-off-by: dependabot[bot] --- .github/workflows/reusable-update-cacert.yml | 2 +- .github/workflows/update-website.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-update-cacert.yml b/.github/workflows/reusable-update-cacert.yml index 912b153b0..b133ddb59 100644 --- a/.github/workflows/reusable-update-cacert.yml +++ b/.github/workflows/reusable-update-cacert.yml @@ -36,7 +36,7 @@ jobs: persist-credentials: false - name: Restore etags cache for certificate files - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 with: path: certificates/etag-*.txt key: curl-etag-${{ hashFiles('certificates/cacert.pem') }}-${{ hashFiles('certificates/cacert.pem.sha256') }} diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index 104ea2f1f..b245954e4 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -193,7 +193,7 @@ jobs: # Test that the site builds correctly. - name: Set up Ruby - uses: ruby/setup-ruby@675dd7ba1b06c8786a1480d89c384f5620a42647 # v1.281.0 + uses: ruby/setup-ruby@80740b3b13bf9857e28854481ca95a84e78a2bdf # v1.284.0 with: # Use the version as per https://pages.github.com/versions/. ruby-version: 3.3.4 From 6d310d0dba5cb6c959518f465eaafc7675d81450 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Feb 2026 08:57:01 +0000 Subject: [PATCH 14/24] GH Actions: Bump the action-runners group across 1 directory with 5 updates Bumps the action-runners group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6.0.1` | `6.0.2` | | [actions/setup-python](https://github.com/actions/setup-python) | `6.1.0` | `6.2.0` | | [actions/cache](https://github.com/actions/cache) | `5.0.2` | `5.0.3` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.0.0` | `8.1.0` | | [ruby/setup-ruby](https://github.com/ruby/setup-ruby) | `1.284.0` | `1.287.0` | Updates `actions/checkout` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `actions/setup-python` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/83679a892e2d95755f2dac6acb0bfd1e9ac5d548...a309ff8b426b58ec0e2a45f0f869d46889d02405) Updates `actions/cache` from 5.0.2 to 5.0.3 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/8b402f58fbc84540c8b491a91e594a4576fec3d7...cdf6c1fa76f9f475f3d7449005a359c84ca0f306) Updates `peter-evans/create-pull-request` from 8.0.0 to 8.1.0 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/98357b18bf14b5342f975ff684046ec3b2a07725...c0f553fe549906ede9cf27b5156039d195d2ece0) Updates `ruby/setup-ruby` from 1.284.0 to 1.287.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/80740b3b13bf9857e28854481ca95a84e78a2bdf...8d27f39a5e7ad39aebbcbd1324f7af020229645c) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-runners - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-runners - dependency-name: actions/cache dependency-version: 5.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-runners - dependency-name: peter-evans/create-pull-request dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-runners - dependency-name: ruby/setup-ruby dependency-version: 1.287.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-runners ... Signed-off-by: dependabot[bot] --- .github/workflows/cs.yml | 4 ++-- .github/workflows/lint.yml | 2 +- .github/workflows/quicktest.yml | 4 ++-- .github/workflows/reusable-update-cacert.yml | 6 +++--- .github/workflows/test.yml | 4 ++-- .github/workflows/update-website.yml | 8 ++++---- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/cs.yml b/.github/workflows/cs.yml index 551cd47e0..a0c281e66 100644 --- a/.github/workflows/cs.yml +++ b/.github/workflows/cs.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -44,7 +44,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 298abd2de..de78a72cf 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/quicktest.yml b/.github/workflows/quicktest.yml index f6655c448..cc4332c15 100644 --- a/.github/workflows/quicktest.yml +++ b/.github/workflows/quicktest.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -53,7 +53,7 @@ jobs: uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1 - name: Setup Python - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.14' diff --git a/.github/workflows/reusable-update-cacert.yml b/.github/workflows/reusable-update-cacert.yml index b133ddb59..721696a72 100644 --- a/.github/workflows/reusable-update-cacert.yml +++ b/.github/workflows/reusable-update-cacert.yml @@ -31,12 +31,12 @@ jobs: fi - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Restore etags cache for certificate files - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: certificates/etag-*.txt key: curl-etag-${{ hashFiles('certificates/cacert.pem') }}-${{ hashFiles('certificates/cacert.pem.sha256') }} @@ -64,7 +64,7 @@ jobs: run: echo "DATE=$(/bin/date -u "+%F")" >> "$GITHUB_OUTPUT" - name: Create pull request - uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 with: base: ${{ steps.branches.outputs.BASE }} branch: ${{ steps.branches.outputs.PR_BRANCH }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6ab32e439..c4f46633a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -73,7 +73,7 @@ jobs: run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json" - name: Setup Python - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.14' diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index b245954e4..c60c81b2b 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -49,7 +49,7 @@ jobs: fi - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ steps.base_branch.outputs.BRANCH }} persist-credentials: false @@ -112,7 +112,7 @@ jobs: fi - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: gh-pages persist-credentials: false @@ -172,7 +172,7 @@ jobs: - name: Create pull request if: github.event_name != 'pull_request' - uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 with: base: gh-pages branch: feature/auto-ghpages-update-${{ steps.get_pr_info.outputs.REF }} @@ -193,7 +193,7 @@ jobs: # Test that the site builds correctly. - name: Set up Ruby - uses: ruby/setup-ruby@80740b3b13bf9857e28854481ca95a84e78a2bdf # v1.284.0 + uses: ruby/setup-ruby@8d27f39a5e7ad39aebbcbd1324f7af020229645c # v1.287.0 with: # Use the version as per https://pages.github.com/versions/. ruby-version: 3.3.4 From 4ac65abe9a5c64a28eda2ced873bf44060886106 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Mar 2026 09:49:47 +0000 Subject: [PATCH 15/24] GH Actions: Bump the action-runners group with 2 updates Bumps the action-runners group with 2 updates: [ramsey/composer-install](https://github.com/ramsey/composer-install) and [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `ramsey/composer-install` from 3.1.1 to 3.2.0 - [Release notes](https://github.com/ramsey/composer-install/releases) - [Commits](https://github.com/ramsey/composer-install/compare/3cf229dc2919194e9e36783941438d17239e8520...a35c6ebd3d08125aaf8852dff361e686a1a67947) Updates `ruby/setup-ruby` from 1.287.0 to 1.290.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/8d27f39a5e7ad39aebbcbd1324f7af020229645c...6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c) --- updated-dependencies: - dependency-name: ramsey/composer-install dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-runners - dependency-name: ruby/setup-ruby dependency-version: 1.290.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-runners ... Signed-off-by: dependabot[bot] --- .github/workflows/cs.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/quicktest.yml | 2 +- .github/workflows/test.yml | 2 +- .github/workflows/update-website.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cs.yml b/.github/workflows/cs.yml index a0c281e66..d8b3dc83d 100644 --- a/.github/workflows/cs.yml +++ b/.github/workflows/cs.yml @@ -58,7 +58,7 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-composer-dependencies - name: Install Composer dependencies - uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1 + uses: "ramsey/composer-install@a35c6ebd3d08125aaf8852dff361e686a1a67947" # 3.2.0 # Check the code-style consistency of the PHP files. - name: Check PHP code style diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index de78a72cf..13eed92ee 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -42,7 +42,7 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-composer-dependencies - name: Install Composer dependencies - uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1 + uses: "ramsey/composer-install@a35c6ebd3d08125aaf8852dff361e686a1a67947" # 3.2.0 with: # For PHP "nightly", we need to install with ignore platform reqs as not all dependencies may allow it yet. composer-options: ${{ matrix.php == '8.6' && '--ignore-platform-req=php+' || '' }} diff --git a/.github/workflows/quicktest.yml b/.github/workflows/quicktest.yml index cc4332c15..4ec0a57ed 100644 --- a/.github/workflows/quicktest.yml +++ b/.github/workflows/quicktest.yml @@ -50,7 +50,7 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-composer-dependencies - name: Install Composer dependencies - normal - uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1 + uses: "ramsey/composer-install@a35c6ebd3d08125aaf8852dff361e686a1a67947" # 3.2.0 - name: Setup Python uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c4f46633a..b4239dd27 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -62,7 +62,7 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-composer-dependencies - name: Install Composer dependencies - uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1 + uses: "ramsey/composer-install@a35c6ebd3d08125aaf8852dff361e686a1a67947" # 3.2.0 with: # For PHP "nightly", we need to install with ignore platform reqs as not all dependencies may allow it yet. composer-options: ${{ matrix.php == '8.6' && '--ignore-platform-req=php+' || '' }} diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index c60c81b2b..a0e1ea622 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -193,7 +193,7 @@ jobs: # Test that the site builds correctly. - name: Set up Ruby - uses: ruby/setup-ruby@8d27f39a5e7ad39aebbcbd1324f7af020229645c # v1.287.0 + uses: ruby/setup-ruby@6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c # v1.290.0 with: # Use the version as per https://pages.github.com/versions/. ruby-version: 3.3.4 From 94c7b2eb722405f23483e5dcd78e678679d50eb0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Mar 2026 09:49:53 +0000 Subject: [PATCH 16/24] GH Actions: Bump actions/upload-artifact from 6.0.0 to 7.0.0 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/update-website.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index a0e1ea622..a8cd3558d 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -74,7 +74,7 @@ jobs: # Retention is normally 90 days, but this artifact is only for review # and use in the next step, so no need to keep it for more than a day. - name: Upload the artifacts folder - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: ${{ success() }} with: name: website-updates From 1cb7f6d366549538b866f9f6d60338284ab435d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Mar 2026 09:49:57 +0000 Subject: [PATCH 17/24] GH Actions: Bump actions/download-artifact from 7.0.0 to 8.0.0 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7.0.0 to 8.0.0. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/37930b1c2abaa49bbe596cd826c3c89aef350131...70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/update-website.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index a8cd3558d..b2b65324a 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -118,7 +118,7 @@ jobs: persist-credentials: false - name: Download the prepared artifacts - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: name: website-updates path: artifacts From 1630520b41b55847fb7b69bcf5134a0f3ea6ce38 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Mar 2026 22:15:24 +0000 Subject: [PATCH 18/24] GH Actions: Bump ramsey/composer-install from 3.2.0 to 4.0.0 Bumps [ramsey/composer-install](https://github.com/ramsey/composer-install) from 3.2.0 to 4.0.0. - [Release notes](https://github.com/ramsey/composer-install/releases) - [Commits](https://github.com/ramsey/composer-install/compare/a35c6ebd3d08125aaf8852dff361e686a1a67947...65e4f84970763564f46a70b8a54b90d033b3bdda) --- updated-dependencies: - dependency-name: ramsey/composer-install dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/cs.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/quicktest.yml | 2 +- .github/workflows/test.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cs.yml b/.github/workflows/cs.yml index d8b3dc83d..3d61b00b4 100644 --- a/.github/workflows/cs.yml +++ b/.github/workflows/cs.yml @@ -58,7 +58,7 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-composer-dependencies - name: Install Composer dependencies - uses: "ramsey/composer-install@a35c6ebd3d08125aaf8852dff361e686a1a67947" # 3.2.0 + uses: "ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda" # 4.0.0 # Check the code-style consistency of the PHP files. - name: Check PHP code style diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 13eed92ee..9936fccd6 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -42,7 +42,7 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-composer-dependencies - name: Install Composer dependencies - uses: "ramsey/composer-install@a35c6ebd3d08125aaf8852dff361e686a1a67947" # 3.2.0 + uses: "ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda" # 4.0.0 with: # For PHP "nightly", we need to install with ignore platform reqs as not all dependencies may allow it yet. composer-options: ${{ matrix.php == '8.6' && '--ignore-platform-req=php+' || '' }} diff --git a/.github/workflows/quicktest.yml b/.github/workflows/quicktest.yml index 4ec0a57ed..8f7caa49d 100644 --- a/.github/workflows/quicktest.yml +++ b/.github/workflows/quicktest.yml @@ -50,7 +50,7 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-composer-dependencies - name: Install Composer dependencies - normal - uses: "ramsey/composer-install@a35c6ebd3d08125aaf8852dff361e686a1a67947" # 3.2.0 + uses: "ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda" # 4.0.0 - name: Setup Python uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b4239dd27..f21efaedb 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -62,7 +62,7 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-composer-dependencies - name: Install Composer dependencies - uses: "ramsey/composer-install@a35c6ebd3d08125aaf8852dff361e686a1a67947" # 3.2.0 + uses: "ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda" # 4.0.0 with: # For PHP "nightly", we need to install with ignore platform reqs as not all dependencies may allow it yet. composer-options: ${{ matrix.php == '8.6' && '--ignore-platform-req=php+' || '' }} From 62f7ad18087b24e6449ca1dafbeeffc06933f3e7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 21 Mar 2026 00:16:11 +0000 Subject: [PATCH 19/24] :lock_with_ink_pen: Update certificate bundle --- certificates/cacert.pem | 28 +++++++++++++++++++++++----- certificates/cacert.pem.sha256 | 2 +- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/certificates/cacert.pem b/certificates/cacert.pem index 65be891ee..a78e1dd47 100644 --- a/certificates/cacert.pem +++ b/certificates/cacert.pem @@ -1,7 +1,7 @@ ## ## Bundle of CA Root Certificates ## -## Certificate data from Mozilla as of: Tue Dec 2 04:12:02 2025 GMT +## Certificate data from Mozilla last updated on: Wed Feb 11 18:26:30 2026 GMT ## ## Find updated versions here: https://curl.se/docs/caextract.html ## @@ -15,8 +15,8 @@ ## an Apache+mod_ssl webserver for SSL client authentication. ## Just configure this file as the SSLCACertificateFile. ## -## Conversion done with mk-ca-bundle.pl version 1.30. -## SHA256: a903b3cd05231e39332515ef7ebe37e697262f39515a52015c23c62805b73cd0 +## Conversion done with mk-ca-bundle.pl version 1.32. +## SHA256: 3b98d4e3ff57a326d9587c33633039c8c3a9cf0b55f7ca581d7598ff329eb1f3 ## @@ -3480,8 +3480,8 @@ SM49BAMDA2kAMGYCMQCpKjAd0MKfkFFRQD6VVCHNFmb3U2wIFjnQEnx/Yxvf4zgAOdktUyBFCxxg ZzFDJe0CMQCSia7pXGKDYmH5LVerVrkR3SW+ak5KGoJr3M/TvEqzPNcum9v4KGm8ay3sMaE641c= -----END CERTIFICATE----- - OISTE Server Root RSA G1 -========================= +OISTE Server Root RSA G1 +======================== -----BEGIN CERTIFICATE----- MIIFgzCCA2ugAwIBAgIQVaXZZ5Qoxu0M+ifdWwFNGDANBgkqhkiG9w0BAQwFADBLMQswCQYDVQQG EwJDSDEZMBcGA1UECgwQT0lTVEUgRm91bmRhdGlvbjEhMB8GA1UEAwwYT0lTVEUgU2VydmVyIFJv @@ -3509,3 +3509,21 @@ msuY33OhkKCgxeDoAaijFJzIwZqsFVAzje18KotzlUBDJvyBpCpfOZC3J8tRd/iWkx7P8nd9H0aT olkelUTFLXVksNb54Dxp6gS1HAviRkRNQzuXSXERvSS2wq1yVAb+axj5d9spLFKebXd7Yv0PTY6Y MjAwcRLWJTXjn/hvnLXrahut6hDTlhZyBiElxky8j3C7DOReIoMt0r7+hVu05L0= -----END CERTIFICATE----- + +e-Szigno TLS Root CA 2023 +========================= +-----BEGIN CERTIFICATE----- +MIICzzCCAjGgAwIBAgINAOhvGHvWOWuYSkmYCjAKBggqhkjOPQQDBDB1MQswCQYDVQQGEwJIVTER +MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xFzAVBgNVBGEMDlZBVEhV +LTIzNTg0NDk3MSIwIAYDVQQDDBllLVN6aWdubyBUTFMgUm9vdCBDQSAyMDIzMB4XDTIzMDcxNzE0 +MDAwMFoXDTM4MDcxNzE0MDAwMFowdTELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRYw +FAYDVQQKDA1NaWNyb3NlYyBMdGQuMRcwFQYDVQRhDA5WQVRIVS0yMzU4NDQ5NzEiMCAGA1UEAwwZ +ZS1Temlnbm8gVExTIFJvb3QgQ0EgMjAyMzCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAGgP36J8 +PKp0iGEKjcJMpQEiFNT3YHdCnAo4YKGMZz6zY+n6kbCLS+Y53wLCMAFSAL/fjO1ZrTJlqwlZULUZ +wmgcAOAFX9pQJhzDrAQixTpN7+lXWDajwRlTEArRzT/vSzUaQ49CE0y5LBqcvjC2xN7cS53kpDzL +Ltmt3999Cd8ukv+ho2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E +FgQUWYQCYlpGePVd3I8KECgj3NXW+0UwHwYDVR0jBBgwFoAUWYQCYlpGePVd3I8KECgj3NXW+0Uw +CgYIKoZIzj0EAwQDgYsAMIGHAkIBLdqu9S54tma4n7Zwf2Z0z+yOfP7AAXmazlIC58PRDHpty7Ve +7hekm9sEdu4pKeiv+62sUvTXK9Z3hBC9xdIoaDQCQTV2WnXzkoYI9bIeCvZlC9p2x1L/Cx6AcCIw +wzPbGO2E14vs7dOoY4G1VnxHx1YwlGhza9IuqbnZLBwpvQy6uWWL +-----END CERTIFICATE----- diff --git a/certificates/cacert.pem.sha256 b/certificates/cacert.pem.sha256 index 394e4a9a4..ecd2e5fdd 100644 --- a/certificates/cacert.pem.sha256 +++ b/certificates/cacert.pem.sha256 @@ -1 +1 @@ -f1407d974c5ed87d544bd931a278232e13925177e239fca370619aba63c757b4 cacert.pem +b6e66569cc3d438dd5abe514d0df50005d570bfc96c14dca8f768d020cb96171 cacert.pem From 1af2c64d70f79f61940bc455f0389faf0ab2fc5c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Mar 2026 00:20:18 +0000 Subject: [PATCH 20/24] GH Actions: Bump the action-runners group with 5 updates Bumps the action-runners group with 5 updates: | Package | From | To | | --- | --- | --- | | [shivammathur/setup-php](https://github.com/shivammathur/setup-php) | `2.36.0` | `2.37.0` | | [actions/cache](https://github.com/actions/cache) | `5.0.3` | `5.0.4` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `5.5.3` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `8.0.0` | `8.0.1` | | [ruby/setup-ruby](https://github.com/ruby/setup-ruby) | `1.290.0` | `1.295.0` | Updates `shivammathur/setup-php` from 2.36.0 to 2.37.0 - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](https://github.com/shivammathur/setup-php/compare/44454db4f0199b8b9685a5d763dc37cbf79108e1...accd6127cb78bee3e8082180cb391013d204ef9f) Updates `actions/cache` from 5.0.3 to 5.0.4 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/cdf6c1fa76f9f475f3d7449005a359c84ca0f306...668228422ae6a00e4ad889ee87cd7109ec5666a7) Updates `codecov/codecov-action` from 5.5.2 to 5.5.3 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/671740ac38dd9b0130fbe1cec585b89eea48d3de...1af58845a975a7985b0beb0cbe6fbbb71a41dbad) Updates `actions/download-artifact` from 8.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `ruby/setup-ruby` from 1.290.0 to 1.295.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c...319994f95fa847cf3fb3cd3dbe89f6dcde9f178f) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-version: 2.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-runners - dependency-name: actions/cache dependency-version: 5.0.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-runners - dependency-name: codecov/codecov-action dependency-version: 5.5.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-runners - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-runners - dependency-name: ruby/setup-ruby dependency-version: 1.295.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-runners ... Signed-off-by: dependabot[bot] --- .github/workflows/cs.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/quicktest.yml | 2 +- .github/workflows/reusable-update-cacert.yml | 2 +- .github/workflows/test.yml | 4 ++-- .github/workflows/update-website.yml | 6 +++--- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/cs.yml b/.github/workflows/cs.yml index 3d61b00b4..bab35856b 100644 --- a/.github/workflows/cs.yml +++ b/.github/workflows/cs.yml @@ -49,7 +49,7 @@ jobs: persist-credentials: false - name: Install PHP - uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: '7.4' coverage: none diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 9936fccd6..c1f24ed16 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -32,7 +32,7 @@ jobs: persist-credentials: false - name: Install PHP - uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ matrix.php }} ini-values: error_reporting=-1, display_errors=On, display_startup_errors=On, log_errors_max_len=0 diff --git a/.github/workflows/quicktest.yml b/.github/workflows/quicktest.yml index 8f7caa49d..afb5bc3fa 100644 --- a/.github/workflows/quicktest.yml +++ b/.github/workflows/quicktest.yml @@ -32,7 +32,7 @@ jobs: persist-credentials: false - name: Install PHP - uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ matrix.php }} ini-values: zend.assertions=1, error_reporting=-1, display_errors=On, display_startup_errors=On, log_errors_max_len=0 diff --git a/.github/workflows/reusable-update-cacert.yml b/.github/workflows/reusable-update-cacert.yml index 721696a72..fcea9965c 100644 --- a/.github/workflows/reusable-update-cacert.yml +++ b/.github/workflows/reusable-update-cacert.yml @@ -36,7 +36,7 @@ jobs: persist-credentials: false - name: Restore etags cache for certificate files - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: certificates/etag-*.txt key: curl-etag-${{ hashFiles('certificates/cacert.pem') }}-${{ hashFiles('certificates/cacert.pem.sha256') }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f21efaedb..a50024a1b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -43,7 +43,7 @@ jobs: persist-credentials: false - name: Install PHP - uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ matrix.php }} ini-values: zend.assertions=1, error_reporting=-1, display_errors=On, display_startup_errors=On, log_errors_max_len=0 @@ -132,7 +132,7 @@ jobs: - name: Send coverage report to Codecov if: ${{ success() && matrix.coverage == true && github.event.repository.fork == false }} - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 + uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3 with: token: "${{ secrets.CODECOV_TOKEN }}" files: ./tests/coverage/clover.xml diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index b2b65324a..9c10faaf8 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -55,7 +55,7 @@ jobs: persist-credentials: false - name: Install PHP - uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: '8.4' ini-values: display_errors=On, display_startup_errors=On @@ -118,7 +118,7 @@ jobs: persist-credentials: false - name: Download the prepared artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: website-updates path: artifacts @@ -193,7 +193,7 @@ jobs: # Test that the site builds correctly. - name: Set up Ruby - uses: ruby/setup-ruby@6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c # v1.290.0 + uses: ruby/setup-ruby@319994f95fa847cf3fb3cd3dbe89f6dcde9f178f # v1.295.0 with: # Use the version as per https://pages.github.com/versions/. ruby-version: 3.3.4 From 53eab5fc18c206c6fdf536a5e2f64745732011b4 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Sat, 21 Mar 2026 01:36:09 +0100 Subject: [PATCH 21/24] Changelog for release 2.0.18 * Includes updating the version number constant. --- CHANGELOG.md | 9 +++++++++ src/Requests.php | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8cc9812fc..01b274ce8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,15 @@ Changelog ========= +2.0.18 +------ + +### Overview of changes +- Update bundled certificates as of 2026-02-11. [#1039] +- General housekeeping. + +[#1039]: https://github.com/WordPress/Requests/pull/1039 + 2.0.17 ------ diff --git a/src/Requests.php b/src/Requests.php index 2c575e17c..3824670f2 100644 --- a/src/Requests.php +++ b/src/Requests.php @@ -40,7 +40,7 @@ class Requests { * * @var string */ - const VERSION = '2.0.17'; + const VERSION = '2.0.18'; /** * POST method From 250cced5538d081bf101c406247f519cf76c6f7c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 5 Apr 2026 22:12:59 +0000 Subject: [PATCH 22/24] GH Actions: Bump ruby/setup-ruby in the action-runners group Bumps the action-runners group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `ruby/setup-ruby` from 1.295.0 to 1.299.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/319994f95fa847cf3fb3cd3dbe89f6dcde9f178f...3ff19f5e2baf30647122352b96108b1fbe250c64) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.299.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-runners ... Signed-off-by: dependabot[bot] --- .github/workflows/update-website.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index 9c10faaf8..3fef292d3 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -193,7 +193,7 @@ jobs: # Test that the site builds correctly. - name: Set up Ruby - uses: ruby/setup-ruby@319994f95fa847cf3fb3cd3dbe89f6dcde9f178f # v1.295.0 + uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1.299.0 with: # Use the version as per https://pages.github.com/versions/. ruby-version: 3.3.4 From 39116af0fff04ea5eba79dd17b144d3680c4282a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 5 Apr 2026 22:13:06 +0000 Subject: [PATCH 23/24] GH Actions: Bump codecov/codecov-action from 5.5.3 to 6.0.0 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.3 to 6.0.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/1af58845a975a7985b0beb0cbe6fbbb71a41dbad...57e3a136b779b570ffcdbf80b3bdc90e7fab3de2) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a50024a1b..05b3512ff 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -132,7 +132,7 @@ jobs: - name: Send coverage report to Codecov if: ${{ success() && matrix.coverage == true && github.event.repository.fork == false }} - uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: token: "${{ secrets.CODECOV_TOKEN }}" files: ./tests/coverage/clover.xml From b47c95f57c4d7fb07de4b392c5c58f755adcf5c7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Apr 2026 23:32:46 +0000 Subject: [PATCH 24/24] GH Actions: Bump the action-runners group with 4 updates Bumps the action-runners group with 4 updates: [actions/cache](https://github.com/actions/cache), [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `actions/cache` from 5.0.4 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae) Updates `peter-evans/create-pull-request` from 8.1.0 to 8.1.1 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/c0f553fe549906ede9cf27b5156039d195d2ece0...5f6978faf089d4d20b00c7766989d076bb2fc7f1) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `ruby/setup-ruby` from 1.299.0 to 1.302.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/3ff19f5e2baf30647122352b96108b1fbe250c64...7372622e62b60b3cb750dcd2b9e32c247ffec26a) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-runners - dependency-name: peter-evans/create-pull-request dependency-version: 8.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-runners - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: action-runners - dependency-name: ruby/setup-ruby dependency-version: 1.302.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-runners ... Signed-off-by: dependabot[bot] --- .github/workflows/reusable-update-cacert.yml | 4 ++-- .github/workflows/update-website.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/reusable-update-cacert.yml b/.github/workflows/reusable-update-cacert.yml index fcea9965c..9ea93edfe 100644 --- a/.github/workflows/reusable-update-cacert.yml +++ b/.github/workflows/reusable-update-cacert.yml @@ -36,7 +36,7 @@ jobs: persist-credentials: false - name: Restore etags cache for certificate files - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: certificates/etag-*.txt key: curl-etag-${{ hashFiles('certificates/cacert.pem') }}-${{ hashFiles('certificates/cacert.pem.sha256') }} @@ -64,7 +64,7 @@ jobs: run: echo "DATE=$(/bin/date -u "+%F")" >> "$GITHUB_OUTPUT" - name: Create pull request - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: base: ${{ steps.branches.outputs.BASE }} branch: ${{ steps.branches.outputs.PR_BRANCH }} diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index 3fef292d3..55cdbc71f 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -74,7 +74,7 @@ jobs: # Retention is normally 90 days, but this artifact is only for review # and use in the next step, so no need to keep it for more than a day. - name: Upload the artifacts folder - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: ${{ success() }} with: name: website-updates @@ -172,7 +172,7 @@ jobs: - name: Create pull request if: github.event_name != 'pull_request' - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: base: gh-pages branch: feature/auto-ghpages-update-${{ steps.get_pr_info.outputs.REF }} @@ -193,7 +193,7 @@ jobs: # Test that the site builds correctly. - name: Set up Ruby - uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1.299.0 + uses: ruby/setup-ruby@7372622e62b60b3cb750dcd2b9e32c247ffec26a # v1.302.0 with: # Use the version as per https://pages.github.com/versions/. ruby-version: 3.3.4