From 28a1da3a1aaf40e397e5ada734403972088f53e0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jun 2026 22:14:12 +0000 Subject: [PATCH 1/2] Bump actions/checkout from 6.0.2 to 6.0.3 Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/format.yml | 2 +- .github/workflows/phpstan.yml | 2 +- .github/workflows/tests.yml | 2 +- .github/workflows/zizmor.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml index fa810e77..981025bc 100644 --- a/.github/workflows/format.yml +++ b/.github/workflows/format.yml @@ -22,7 +22,7 @@ jobs: - name: Checkout code # Uses a maintainer PAT so the auto-commit push can bypass branch protection; # the default GITHUB_TOKEN pushes as `github-actions[bot]` and gets rejected. - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # zizmor: ignore[artipacked] + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.2 # zizmor: ignore[artipacked] with: token: ${{ secrets.GH_ACCESS_TOKEN }} - name: Set up PHP diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml index 4a57f6ae..e0e4db92 100644 --- a/.github/workflows/phpstan.yml +++ b/.github/workflows/phpstan.yml @@ -15,7 +15,7 @@ jobs: phpstan: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Cache Composer dependencies diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 4b74037a..c6efe6f5 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -15,7 +15,7 @@ jobs: run-tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Cache Composer dependencies diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 3a526ecb..7643e7f6 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -20,7 +20,7 @@ jobs: contents: read security-events: write steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false From f29c57713fb9219c38b6778c5d2ada1f19f15877 Mon Sep 17 00:00:00 2001 From: Dan Harrin Date: Thu, 11 Jun 2026 11:21:27 +0100 Subject: [PATCH 2/2] Update format.yml --- .github/workflows/format.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml index 981025bc..49b4a2a9 100644 --- a/.github/workflows/format.yml +++ b/.github/workflows/format.yml @@ -22,7 +22,7 @@ jobs: - name: Checkout code # Uses a maintainer PAT so the auto-commit push can bypass branch protection; # the default GITHUB_TOKEN pushes as `github-actions[bot]` and gets rejected. - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.2 # zizmor: ignore[artipacked] + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # zizmor: ignore[artipacked] with: token: ${{ secrets.GH_ACCESS_TOKEN }} - name: Set up PHP