Skip to content

chore(deps): bump the composer-all group with 2 updates#30

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/composer/composer-all-485912aedd
Open

chore(deps): bump the composer-all group with 2 updates#30
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/composer/composer-all-485912aedd

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 12, 2026

Copy link
Copy Markdown

Bumps the composer-all group with 2 updates: yahnis-elsts/plugin-update-checker and dealerdirect/phpcodesniffer-composer-installer.

Updates yahnis-elsts/plugin-update-checker from 5.6 to 5.7

Release notes

Sourced from yahnis-elsts/plugin-update-checker's releases.

5.7

  • Added optional support for the "autoupdate" field that allows triggering unattended plugin updates. To enable it, you need to both set autoupdate to true in plugin update metadata and call $updateChceker->allowAutoupdateField() in your plugin. Props to @​hisman for part of the implementation.
  • BitBucket: Added support for basic auth with API tokens. Props to @​cristianozanca for part of the implementation.
  • BitBucket: Removed OAuth 1 support since it's no longer supported by BitBucket.
  • Replaced all htmlentities() calls with esc_html(). This takes advantage of automatic character set detection in WP core, and should eliminate some static analysis warnings. See #597.
  • Replaced all wp_redirect() calls with wp_safe_redirect(). This shouldn't matter in practice since PUC only ever does internal redirects, but it pacifies some static analysis tools. See #597.
  • Added and updated translations:
Commits
  • 275a96a Bump version number to 5.7
  • 8b2396f Minor: Update year in the license block
  • 299a869 Minor: Update docs for BitBucket auth
  • c31b762 Remove OAuth 1 support for the BitBucket integration.
  • eceb677 BitBucket support: Support basic auth with API tokens.
  • 3ceae95 Don't allow autoupdate = true unless you call $checked->allowAutoupdateField(...
  • b0acf15 Minor: Typo
  • 9c044de Update README with regex filtering for GitHub release assets
  • 68a70bf Merge pull request #602 from hisman/add-autoupdate-field-to-plugininfo
  • 36f3c2b Add default value to the autoupdate field
  • Additional commits viewable in compare view

Updates dealerdirect/phpcodesniffer-composer-installer from 1.2.0 to 1.2.1

Release notes

Sourced from dealerdirect/phpcodesniffer-composer-installer's releases.

v1.2.1

Changed

  • Various housekeeping, including improvements to CI.

Fixed

  • Fix potential error when running composer install with an open_basedir restriction in effect. Thanks @​srebb ! #271, #272

New Contributors

Full Changelog: PHPCSStandards/composer-installer@v1.2.0...v1.2.1

Changelog

Sourced from dealerdirect/phpcodesniffer-composer-installer's changelog.

[v1.2.1] - 2026-05-06

Changed

  • Various housekeeping, including improvements to CI.

Fixed

  • Fix potential error when running composer install with an open_basedir restriction in effect. Thanks [@​srebb] ! #271, #272

#271: PHPCSStandards/composer-installer#271 #272: PHPCSStandards/composer-installer#272

Commits
  • 963f0c6 Merge pull request #284 from PHPCSStandards/feature/changelog-for-release-1.2.1
  • b1bf91e Changelog for the 1.2.1 release
  • 0ded545 Resolve relative paths to absolute before validation to avoid open_basedir wa...
  • 467286b Merge pull request #283 from PHPCSStandards/dependabot/github_actions/ramsey/...
  • 83c65e6 Merge pull request #282 from PHPCSStandards/dependabot/github_actions/action-...
  • d384a67 GH Actions: Bump ramsey/composer-install from 3.1.1 to 4.0.0
  • c3f9878 GH Actions: Bump shivammathur/setup-php in the action-runners group
  • 7e6a7a3 Merge pull request #275 from PHPCSStandards/feature/tests-phpcsversions-updat...
  • 4a03570 Merge pull request #274 from PHPCSStandards/feature/dependabot-every-two-weeks
  • 375c41d Merge pull request #276 from PHPCSStandards/dependabot/github_actions/action-...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the composer-all group with 2 updates: [yahnis-elsts/plugin-update-checker](https://github.com/YahnisElsts/plugin-update-checker) and [dealerdirect/phpcodesniffer-composer-installer](https://github.com/PHPCSStandards/composer-installer).


Updates `yahnis-elsts/plugin-update-checker` from 5.6 to 5.7
- [Release notes](https://github.com/YahnisElsts/plugin-update-checker/releases)
- [Commits](YahnisElsts/plugin-update-checker@v5.6...v5.7)

Updates `dealerdirect/phpcodesniffer-composer-installer` from 1.2.0 to 1.2.1
- [Release notes](https://github.com/PHPCSStandards/composer-installer/releases)
- [Changelog](https://github.com/PHPCSStandards/composer-installer/blob/main/CHANGELOG.md)
- [Commits](PHPCSStandards/composer-installer@v1.2.0...v1.2.1)

---
updated-dependencies:
- dependency-name: yahnis-elsts/plugin-update-checker
  dependency-version: '5.7'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: composer-all
- dependency-name: dealerdirect/phpcodesniffer-composer-installer
  dependency-version: 1.2.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: composer-all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Jul 12, 2026
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedcomposer/​yahnis-elsts/​plugin-update-checker@​5.6.0.0 ⏵ 5.7.0.010010090100100
Updatedcomposer/​dealerdirect/​phpcodesniffer-composer-installer@​1.2.0.0 ⏵ 1.2.1.010010090100100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants