{"id":2620,"name":"shivammathur/setup-php","ecosystem":"actions","repository_url":"https://github.com/shivammathur/setup-php","issues_count":3173,"created_at":"2025-06-06T15:02:07.973Z","updated_at":"2025-06-06T15:02:07.973Z","purl":"pkg:githubactions/shivammathur/setup-php","metadata":{"id":4454462,"name":"setupphp","ecosystem":"deno","description":"GitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and various tools.","homepage":null,"licenses":"mit","normalized_licenses":["MIT"],"repository_url":"https://github.com/shivammathur/setup-php","keywords_array":[],"namespace":null,"versions_count":32,"first_release_published_at":"2022-05-30T05:02:14.621Z","latest_release_published_at":"2025-04-15T08:26:19.529Z","latest_release_number":"2.33.0","last_synced_at":"2025-06-04T21:25:41.724Z","created_at":"2022-05-30T05:10:08.291Z","updated_at":"2025-06-04T21:26:06.022Z","registry_url":"https://deno.land/x/setupphp","install_command":null,"documentation_url":"https://doc.deno.land/https://deno.land/x/setupphp/mod.ts","metadata":{},"repo_metadata":{"id":38421087,"uuid":"206578964","full_name":"shivammathur/setup-php","owner":"shivammathur","description":"GitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and various tools.","archived":false,"fork":false,"pushed_at":"2025-06-04T08:33:12.000Z","size":26583,"stargazers_count":3050,"open_issues_count":10,"forks_count":379,"subscribers_count":28,"default_branch":"main","last_synced_at":"2025-06-04T15:52:09.422Z","etag":null,"topics":["code-coverage","composer","continuous-integration","github-actions","php","php-extensions","static-analysis","tools"],"latest_commit_sha":null,"homepage":"https://setup-php.com","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shivammathur.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"shivammathur"}},"created_at":"2019-09-05T14:06:45.000Z","updated_at":"2025-06-03T15:00:09.000Z","dependencies_parsed_at":"2023-10-01T14:49:22.683Z","dependency_job_id":"b213111f-e7c7-4a18-ad34-2b4b3b5abb46","html_url":"https://github.com/shivammathur/setup-php","commit_stats":{"total_commits":1230,"total_committers":48,"mean_commits":25.625,"dds":"0.10162601626016265","last_synced_commit":"9f51892bda551c29f469a2b3d8514b6d2ed84dc9"},"previous_names":[],"tags_count":137,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shivammathur","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":258042858,"owners_count":22641880,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"shivammathur","name":"Shivam Mathur","uuid":"1571086","kind":"user","description":"Creator of @setup-php","email":"","website":"https://shivammathur.com","location":"India","twitter":"meshivammathur","company":"@fastlabtech ","icon_url":"https://avatars.githubusercontent.com/u/1571086?u=f63c0cb500d193031930485d3a2c766ae0073669\u0026v=4","repositories_count":105,"last_synced_at":"2025-05-25T13:15:40.497Z","metadata":{"has_sponsors_listing":true,"funding":{"github":"shivammathur"}},"html_url":"https://github.com/shivammathur","funding_links":["https://github.com/sponsors/shivammathur"],"total_stars":6938,"followers":1072,"following":22,"created_at":"2022-11-14T06:13:56.201Z","updated_at":"2025-05-25T13:15:40.498Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shivammathur","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shivammathur/repositories"},"tags":[{"name":"2.33.0","sha":"cf4cade2721270509d5b1c766ab3549210a39a2a","kind":"commit","published_at":"2025-04-14T01:55:31.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.33.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.33.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.33.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.33.0/manifests"},{"name":"2.32.0","sha":"9e72090525849c5e82e596468b86eb55e9cc5401","kind":"tag","published_at":"2024-12-30T16:31:50.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.32.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.32.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.32.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.32.0/manifests"},{"name":"2.31.1","sha":"c541c155eee45413f5b09a52248675b1a2575231","kind":"commit","published_at":"2024-07-08T10:41:28.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.31.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.31.1","dependencies_parsed_at":"2024-07-11T05:38:10.417Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.31.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.31.1/manifests"},{"name":"2.31.0","sha":"2e947f1f6932d141d076ca441d0e1e881775e95b","kind":"commit","published_at":"2024-06-23T21:49:18.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.31.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.31.0","dependencies_parsed_at":"2024-06-25T05:18:56.711Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.31.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.31.0/manifests"},{"name":"2.30.5","sha":"fc14643b0a99ee9db10a3c025a33d76544fa3761","kind":"commit","published_at":"2024-06-02T17:34:56.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.30.5","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.30.5","dependencies_parsed_at":"2024-06-05T05:14:49.194Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.30.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.30.5/manifests"},{"name":"2.30.4","sha":"c665c7a15b5295c2488ac8a87af9cb806cd72198","kind":"commit","published_at":"2024-04-23T22:24:07.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.30.4","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.30.4","dependencies_parsed_at":"2024-04-25T04:18:46.181Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.30.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.30.4/manifests"},{"name":"2.30.3","sha":"efffd0e4f2504f936fcfe3b69293d31ce0e2fd7a","kind":"commit","published_at":"2024-04-21T13:25:19.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.30.3","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.30.3","dependencies_parsed_at":"2024-04-23T08:53:44.856Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.30.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.30.3/manifests"},{"name":"2.30.2","sha":"8872c784b04a1420e81191df5d64fbd59d3d3033","kind":"commit","published_at":"2024-03-30T22:23:16.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.30.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.30.2","dependencies_parsed_at":"2024-04-01T04:04:01.577Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.30.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.30.2/manifests"},{"name":"2.30.1","sha":"73963f5001e335723c998e4a0125ce060083985c","kind":"commit","published_at":"2024-03-25T02:00:22.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.30.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.30.1","dependencies_parsed_at":"2024-03-27T04:50:56.094Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.30.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.30.1/manifests"},{"name":"2.30.0","sha":"a4e22b60bbb9c1021113f2860347b0759f66fe5d","kind":"commit","published_at":"2024-03-01T06:36:41.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.30.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.30.0","dependencies_parsed_at":"2024-03-03T04:10:17.562Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.30.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.30.0/manifests"},{"name":"2.29.0","sha":"6d7209f44a25a59e904b1ee9f3b0c33ab2cd888d","kind":"tag","published_at":"2024-01-15T09:45:09.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.29.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.29.0","dependencies_parsed_at":"2024-01-19T04:53:24.340Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.29.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.29.0/manifests"},{"name":"2.28.0","sha":"e6f75134d35752277f093989e72e140eaa222f35","kind":"commit","published_at":"2023-11-27T12:37:02.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.28.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.28.0","dependencies_parsed_at":"2023-11-29T04:05:00.890Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.28.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.28.0/manifests"},{"name":"verbose","sha":"0b5a21a74ff3377178a9269e0aa01142e6baa108","kind":"tag","published_at":"2023-11-07T09:31:38.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/verbose","html_url":"https://github.com/shivammathur/setup-php/releases/tag/verbose","dependencies_parsed_at":"2023-11-09T04:17:32.015Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/verbose","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/verbose/manifests"},{"name":"master","sha":"a36e1e52ff4a1c9e9c9be31551ee4712a6cb6bd0","kind":"tag","published_at":"2023-11-07T09:29:49.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/master","html_url":"https://github.com/shivammathur/setup-php/releases/tag/master","dependencies_parsed_at":"2023-11-09T04:17:32.031Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/master","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/master/manifests"},{"name":"v2","sha":"a36e1e52ff4a1c9e9c9be31551ee4712a6cb6bd0","kind":"tag","published_at":"2023-11-07T09:29:44.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/v2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/v2","dependencies_parsed_at":"2023-11-09T04:17:32.011Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/v2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/v2/manifests"},{"name":"2.27.1","sha":"a36e1e52ff4a1c9e9c9be31551ee4712a6cb6bd0","kind":"commit","published_at":"2023-11-07T08:25:37.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.27.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.27.1","dependencies_parsed_at":"2023-11-09T04:17:32.022Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.27.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.27.1/manifests"},{"name":"2.27.0","sha":"81cd5ae0920b34eef300e1775313071038a53429","kind":"commit","published_at":"2023-11-01T14:26:15.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.27.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.27.0","dependencies_parsed_at":"2023-11-09T04:17:32.039Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.27.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.27.0/manifests"},{"name":"2.26.0","sha":"7fdd3ece872ec7ec4c098ae5ab7637d5e0a96067","kind":"commit","published_at":"2023-09-13T21:21:49.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.26.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.26.0","dependencies_parsed_at":"2023-11-09T04:17:32.027Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.26.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.26.0/manifests"},{"name":"2.25.5","sha":"72ae4ccbe57f82bbe08411e84e2130bd4ba1c10f","kind":"commit","published_at":"2023-07-29T16:33:23.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.25.5","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.25.5","dependencies_parsed_at":"2023-11-09T04:17:32.014Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.25.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.25.5/manifests"},{"name":"2.25.4","sha":"4bd44f22a98a19e0950cbad5f31095157cc9621b","kind":"commit","published_at":"2023-06-12T21:55:48.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.25.4","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.25.4","dependencies_parsed_at":"2023-11-09T04:17:32.022Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.25.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.25.4/manifests"},{"name":"2.25.3","sha":"8cac79fdb158907c5fbc74b91c90342b86f9bdf5","kind":"commit","published_at":"2023-06-12T09:58:42.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.25.3","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.25.3","dependencies_parsed_at":"2023-11-09T04:17:32.028Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.25.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.25.3/manifests"},{"name":"2.25.2","sha":"c5fc0d8281aba02c7fda07d3a70cc5371548067d","kind":"commit","published_at":"2023-05-24T17:31:34.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.25.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.25.2","dependencies_parsed_at":"2023-11-09T04:17:32.016Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.25.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.25.2/manifests"},{"name":"2.25.1","sha":"cb8f453143149404c7fd670b5f37c91d395b3054","kind":"commit","published_at":"2023-04-19T03:07:25.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.25.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.25.1","dependencies_parsed_at":"2023-11-09T04:17:32.017Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.25.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.25.1/manifests"},{"name":"2.25.0","sha":"1fdc5e773bb54b5aa541c73679d6e9acc692d0cd","kind":"commit","published_at":"2023-04-16T22:06:15.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.25.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.25.0","dependencies_parsed_at":"2023-11-09T04:17:32.021Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.25.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.25.0/manifests"},{"name":"2.24.0","sha":"d30ad8b1843ace22e6698ab99bbafaa747b6bd0d","kind":"commit","published_at":"2023-01-27T03:08:32.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.24.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.24.0","dependencies_parsed_at":"2023-11-09T04:17:32.029Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.24.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.24.0/manifests"},{"name":"2.23.0","sha":"8e2ac35f639d3e794c1da1f28999385ab6fdf0fc","kind":"commit","published_at":"2022-12-25T22:15:00.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.23.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.23.0","dependencies_parsed_at":"2023-11-09T04:17:32.029Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.23.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.23.0/manifests"},{"name":"2.22.0","sha":"1a18b2267f80291a81ca1d33e7c851fe09e7dfc4","kind":"commit","published_at":"2022-10-28T10:15:12.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.22.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.22.0","dependencies_parsed_at":"2023-11-09T04:17:32.019Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.22.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.22.0/manifests"},{"name":"2.21.2","sha":"e04e1d97f0c0481c6e1ba40f8a538454fe5d7709","kind":"commit","published_at":"2022-08-17T11:35:01.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.21.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.21.2","dependencies_parsed_at":"2023-11-09T04:17:32.014Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.21.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.21.2/manifests"},{"name":"2.21.1","sha":"16011a795d747d5f45038f96371c3b98aec5669d","kind":"commit","published_at":"2022-07-27T22:09:51.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.21.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.21.1","dependencies_parsed_at":"2023-11-09T04:17:32.028Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.21.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.21.1/manifests"},{"name":"2.21.0","sha":"945c34c1751f6d2c8106ec0feba5662fcbc1c943","kind":"commit","published_at":"2022-07-19T10:14:51.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.21.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.21.0","dependencies_parsed_at":"2023-11-09T04:17:32.025Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.21.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.21.0/manifests"},{"name":"2.20.1","sha":"3312ea6101295aeda1e702b5d3b641e9717de6d6","kind":"tag","published_at":"2022-07-07T23:30:16.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.20.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.20.1","dependencies_parsed_at":"2023-11-09T04:17:32.026Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.20.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.20.1/manifests"},{"name":"2.20.0","sha":"cdb037c2a47e89a90eb317c7376c32a4cf92ddcc","kind":"commit","published_at":"2022-07-05T19:13:26.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.20.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.20.0","dependencies_parsed_at":"2023-11-09T04:17:32.023Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.20.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.20.0/manifests"},{"name":"2.19.1","sha":"3eda58347216592f618bb1dff277810b6698e4ca","kind":"commit","published_at":"2022-06-06T02:52:16.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.19.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.19.1","dependencies_parsed_at":"2023-11-09T04:17:32.031Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.19.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.19.1/manifests"},{"name":"2.19.0","sha":"aa1fe473f9c687b6fb896056d771232c0bc41161","kind":"commit","published_at":"2022-05-30T02:22:31.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.19.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.19.0","dependencies_parsed_at":"2023-11-09T04:17:32.018Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.19.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.19.0/manifests"},{"name":"v1","sha":"28c92ba4eed7710cd14a3bc9b50fea9dbd81b4bb","kind":"tag","published_at":"2022-04-09T21:39:54.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/v1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/v1","dependencies_parsed_at":"2023-05-30T17:40:34.078Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/v1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/v1/manifests"},{"name":"2.18.1","sha":"448bd61c6fe9db2113173467e4c22b87ddc2971a","kind":"commit","published_at":"2022-04-09T16:17:25.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.18.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.18.1","dependencies_parsed_at":"2023-11-09T04:17:32.804Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.18.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.18.1/manifests"},{"name":"1.11.7","sha":"28c92ba4eed7710cd14a3bc9b50fea9dbd81b4bb","kind":"commit","published_at":"2022-04-09T14:54:57.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.11.7","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.11.7","dependencies_parsed_at":"2023-11-09T04:17:32.826Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.11.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.11.7/manifests"},{"name":"2.18.0","sha":"36d70683e90ca4d08b23b400110ab8459df76e80","kind":"tag","published_at":"2022-04-09T13:58:18.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.18.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.18.0","dependencies_parsed_at":"2023-11-09T04:17:32.802Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.18.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.18.0/manifests"},{"name":"2.17.1","sha":"b75c104ca87c371bbc71be81a4e5dd5a5d298241","kind":"commit","published_at":"2022-03-01T15:14:20.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.17.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.17.1","dependencies_parsed_at":"2023-05-30T17:40:34.979Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.17.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.17.1/manifests"},{"name":"2.17.0","sha":"7854a0cae7fa7a5f3feac66d27bae2dc42d1067a","kind":"tag","published_at":"2022-02-08T22:02:53.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.17.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.17.0","dependencies_parsed_at":"2023-05-30T17:40:35.759Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.17.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.17.0/manifests"},{"name":"1.11.6","sha":"2a0c477416f5dacd55c8fd099562404b8eef4c91","kind":"commit","published_at":"2022-02-08T12:40:43.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.11.6","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.11.6","dependencies_parsed_at":"2023-05-30T17:40:36.501Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.11.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.11.6/manifests"},{"name":"2.16.0","sha":"da0e8547371daac1784abb79f9bb2af76dcdfaf0","kind":"tag","published_at":"2022-01-09T07:59:02.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.16.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.16.0","dependencies_parsed_at":"2023-05-30T17:40:37.369Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.16.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.16.0/manifests"},{"name":"2.15.0","sha":"4c5c122aa65e90c21a9ddc71071e94ad8b6d33e2","kind":"tag","published_at":"2021-11-25T12:10:40.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.15.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.15.0","dependencies_parsed_at":"2023-05-30T17:40:38.116Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.15.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.15.0/manifests"},{"name":"1.11.5","sha":"fbdd58c5bc976262c033aa2317a675c93f8eff3a","kind":"commit","published_at":"2021-09-27T20:21:40.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.11.5","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.11.5","dependencies_parsed_at":"2023-05-30T17:40:38.710Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.11.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.11.5/manifests"},{"name":"2.14.0","sha":"1fa3ba1b162e818eed12eed233c9837299574948","kind":"tag","published_at":"2021-09-18T23:26:08.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.14.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.14.0","dependencies_parsed_at":"2023-05-30T17:40:39.482Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.14.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.14.0/manifests"},{"name":"1.11.4","sha":"d7eb9ade23fe575292c55cc6436a9788c260c8c0","kind":"commit","published_at":"2021-09-10T23:12:32.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.11.4","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.11.4","dependencies_parsed_at":"2023-05-30T17:40:40.136Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.11.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.11.4/manifests"},{"name":"2.13.0","sha":"2cb9b829437ee246e9b3cac53555a39208ca6d28","kind":"tag","published_at":"2021-08-24T14:02:01.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.13.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.13.0","dependencies_parsed_at":"2023-05-30T17:40:40.803Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.13.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.13.0/manifests"},{"name":"1.11.3","sha":"7958a5ccff6f2de591cedf5f7a8eb0decc78be20","kind":"commit","published_at":"2021-08-23T07:24:39.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.11.3","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.11.3","dependencies_parsed_at":"2023-05-30T17:40:41.429Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.11.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.11.3/manifests"},{"name":"2.12.0","sha":"947009a71769c25ab5292f073f5343624b7c879d","kind":"tag","published_at":"2021-08-02T18:09:50.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.12.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.12.0","dependencies_parsed_at":"2023-05-30T17:40:42.204Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.12.0/manifests"},{"name":"1.11.2","sha":"506357cdb9f33326136afc333798fb186a86fdea","kind":"tag","published_at":"2021-08-02T18:09:38.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.11.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.11.2","dependencies_parsed_at":"2023-05-30T17:40:42.839Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.11.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.11.2/manifests"},{"name":"2.11.0","sha":"fefbd7a497af49675efddfb3d1b068acb4044a8a","kind":"tag","published_at":"2021-07-16T10:29:16.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.11.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.11.0","dependencies_parsed_at":"2023-05-30T17:40:43.708Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.11.0/manifests"},{"name":"2.10.0","sha":"6dba529f13ee5f16811f0b9dea63c516800684bd","kind":"tag","published_at":"2021-06-04T16:00:16.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.10.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.10.0","dependencies_parsed_at":"2023-05-30T17:40:44.491Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.10.0/manifests"},{"name":"2.9.0","sha":"b2f833f7d1c070621af195c088d275c4cd60ef8f","kind":"tag","published_at":"2021-06-04T15:56:38.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.9.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.9.0","dependencies_parsed_at":"2023-05-30T17:40:45.360Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.9.0/manifests"},{"name":"1.11.1","sha":"32c143624720c3d185dee9d64dd9c550a9e9f8c6","kind":"tag","published_at":"2021-05-30T23:54:04.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.11.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.11.1","dependencies_parsed_at":"2023-05-30T17:40:45.983Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.11.1/manifests"},{"name":"1.11.0","sha":"cb746892c2f9bbb8381713943259dcd1db9d9f39","kind":"tag","published_at":"2021-03-10T22:24:47.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.11.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.11.0","dependencies_parsed_at":"2023-05-30T17:40:46.756Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.11.0/manifests"},{"name":"1.10.1","sha":"847ea654687d9ffc3da886774ce854eff446921b","kind":"tag","published_at":"2020-11-28T09:36:51.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.10.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.10.1","dependencies_parsed_at":"2023-05-30T17:40:48.857Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.10.1/manifests"},{"name":"2.8.0","sha":"d14c0d0dd7813e2cd24dd8c5214ddbca9ef5e0f9","kind":"tag","published_at":"2020-11-28T09:33:21.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.8.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.8.0","dependencies_parsed_at":"2023-05-30T17:40:47.493Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.8.0/manifests"},{"name":"2.7.0","sha":"c188004a5280827be087dc4ce16f7775660a7159","kind":"tag","published_at":"2020-11-28T09:30:21.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.7.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.7.0","dependencies_parsed_at":"2023-05-30T17:40:48.130Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.7.0/manifests"},{"name":"1.10.0","sha":"44cf056ba8be34ffa85475d5c1020cd28380acea","kind":"commit","published_at":"2020-11-15T21:56:49.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.10.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.10.0","dependencies_parsed_at":"2023-05-30T17:40:49.483Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.10.0/manifests"},{"name":"1.9.8","sha":"bea4065e1149743ccb0bdac09ab1ef6d7415caee","kind":"commit","published_at":"2020-10-23T01:47:55.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.9.8","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.9.8","dependencies_parsed_at":"2023-05-30T17:40:50.161Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.8/manifests"},{"name":"2.6.0","sha":"eaaab1cec3dd2b48b26a56827fcfabe445db83f2","kind":"commit","published_at":"2020-10-18T14:03:03.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.6.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.6.0","dependencies_parsed_at":"2023-05-30T17:40:50.789Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.6.0/manifests"},{"name":"1.9.7","sha":"efbde18f4ffe1c478f519e1538b083bdcc49abe8","kind":"tag","published_at":"2020-10-15T08:38:20.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.9.7","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.9.7","dependencies_parsed_at":"2023-05-30T17:40:52.333Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.7/manifests"},{"name":"1.9.6","sha":"454626ac7ab8a6af2aa1cfc516f8fd7e193de6b8","kind":"tag","published_at":"2020-10-15T08:33:08.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.9.6","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.9.6","dependencies_parsed_at":"2023-05-30T17:40:52.972Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.6/manifests"},{"name":"2.5.0","sha":"983892b3c38e012faa196d3d9d53912c6204a883","kind":"tag","published_at":"2020-10-15T08:29:58.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.5.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.5.0","dependencies_parsed_at":"2023-05-30T17:40:51.555Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.5.0/manifests"},{"name":"2.4.3","sha":"ffded4a3e8f5f2559aa84920d75722690cf082f2","kind":"commit","published_at":"2020-08-21T18:28:53.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.4.3","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.4.3","dependencies_parsed_at":"2023-05-30T17:40:53.643Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.4.3/manifests"},{"name":"1.9.5","sha":"f7fb800623d078f6871d7ad3168e6ca140b7e4ba","kind":"commit","published_at":"2020-08-16T01:56:49.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.9.5","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.9.5","dependencies_parsed_at":"2023-05-30T17:40:54.327Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.5/manifests"},{"name":"2.4.2","sha":"c5e0997b446f44610a6249ec876a07d53cb0b326","kind":"commit","published_at":"2020-08-10T14:00:25.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.4.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.4.2","dependencies_parsed_at":"2023-05-30T17:40:55.015Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.4.2/manifests"},{"name":"1.9.4","sha":"3160874a27482a9dcd0d7c0521de888f892d4b03","kind":"commit","published_at":"2020-08-10T11:13:54.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.9.4","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.9.4","dependencies_parsed_at":"2023-05-30T17:40:55.736Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.4/manifests"},{"name":"2.4.1","sha":"975f42da8e1db90880357f8d6073bd12719d1ad8","kind":"commit","published_at":"2020-08-08T11:23:35.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.4.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.4.1","dependencies_parsed_at":"2023-05-30T17:40:56.476Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.4.1/manifests"},{"name":"2.4.0","sha":"7961bc11b161170a2cf13fbe3573edb88fad7c29","kind":"commit","published_at":"2020-07-21T06:47:40.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.4.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.4.0","dependencies_parsed_at":"2023-05-30T17:40:57.022Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.4.0/manifests"},{"name":"1.9.3","sha":"17983e66e5887cb75418ab3c817d9efee066258d","kind":"commit","published_at":"2020-07-20T15:28:08.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.9.3","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.9.3","dependencies_parsed_at":"2023-05-30T17:40:57.744Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.3/manifests"},{"name":"2.3.2","sha":"38731c6386cb82423176e3eaf878615515c3da70","kind":"commit","published_at":"2020-07-06T19:35:02.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.3.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.3.2","dependencies_parsed_at":"2023-05-30T17:40:58.342Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.3.2/manifests"},{"name":"1.9.2","sha":"e763fddf01fd77ca4e427056861a3781ca0fab08","kind":"commit","published_at":"2020-07-06T19:17:45.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.9.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.9.2","dependencies_parsed_at":"2023-05-30T17:40:59.036Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.2/manifests"},{"name":"2.3.1","sha":"dd27d4eb8158e1dd5bd52a143a7468d7a7fb302a","kind":"commit","published_at":"2020-06-22T02:03:24.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.3.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.3.1","dependencies_parsed_at":"2023-05-30T17:40:59.622Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.3.1/manifests"},{"name":"1.9.1","sha":"a74c3369c5ab7f6ce9449b28e063dfc64ffc1b14","kind":"commit","published_at":"2020-06-19T19:32:16.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.9.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.9.1","dependencies_parsed_at":"2023-05-30T17:41:00.225Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.1/manifests"},{"name":"2.3.0","sha":"70954fb6f8f84aafa4977dfff10bf95ca19fc6d0","kind":"commit","published_at":"2020-06-11T10:40:15.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.3.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.3.0","dependencies_parsed_at":"2023-05-30T17:41:00.950Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.3.0/manifests"},{"name":"1.9.0","sha":"fe504c5e23ccffb0569103538a4b51363a5992f3","kind":"commit","published_at":"2020-06-09T01:47:38.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.9.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.9.0","dependencies_parsed_at":"2023-05-30T17:41:01.578Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.9.0/manifests"},{"name":"2.2.2","sha":"b84dd3ce2517573c64219c4697d6758295133569","kind":"commit","published_at":"2020-05-26T01:11:18.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.2.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.2.2","dependencies_parsed_at":"2023-05-30T17:41:02.222Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.2.2/manifests"},{"name":"2.2.1","sha":"a48ff666f8ce1807ff400e284c5b14b5cd117c84","kind":"commit","published_at":"2020-05-18T19:48:32.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.2.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.2.1","dependencies_parsed_at":"2023-05-30T17:41:02.783Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.2.1/manifests"},{"name":"2.2.0","sha":"3bffbad95a43f55606b2ee69e70c70856ae5c046","kind":"commit","published_at":"2020-05-18T18:20:49.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.2.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.2.0","dependencies_parsed_at":"2023-05-30T17:41:03.442Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.2.0/manifests"},{"name":"1.8.8","sha":"062567eeb11c6f0df81235d645970224e600dcf8","kind":"commit","published_at":"2020-05-18T17:04:49.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.8.8","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.8.8","dependencies_parsed_at":"2023-05-30T17:41:04.139Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.8/manifests"},{"name":"1.8.7","sha":"e9e024e6008b247d9ca01718acaa83c270ab8c98","kind":"commit","published_at":"2020-05-05T09:27:36.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.8.7","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.8.7","dependencies_parsed_at":"2023-05-30T17:41:05.268Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.7/manifests"},{"name":"2.1.4","sha":"dccdb5ab679ff41ff0c6ffddfd383b1bc23cb9eb","kind":"commit","published_at":"2020-05-05T09:14:56.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.1.4","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.1.4","dependencies_parsed_at":"2023-05-30T17:41:04.667Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.1.4/manifests"},{"name":"2.1.3","sha":"f58dc6eca1679a8581be95e21e2213cdad7290f7","kind":"commit","published_at":"2020-03-20T13:39:27.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.1.3","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.1.3","dependencies_parsed_at":"2023-05-30T17:41:05.916Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.1.3/manifests"},{"name":"1.8.6","sha":"fdfa901941794151a52f471613c1672fffccdc08","kind":"commit","published_at":"2020-03-20T13:34:24.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.8.6","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.8.6","dependencies_parsed_at":"2023-05-30T17:41:06.521Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.6/manifests"},{"name":"2.1.2","sha":"f3a1262ff685f3e2a2a546bffa4b3127ce50cdf2","kind":"commit","published_at":"2020-03-16T02:43:25.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.1.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.1.2","dependencies_parsed_at":"2023-05-30T17:41:07.199Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.1.2/manifests"},{"name":"1.8.5","sha":"5ad0888329890815dee75fed3cf07ec9f90be4a4","kind":"commit","published_at":"2020-03-16T02:34:49.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.8.5","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.8.5","dependencies_parsed_at":"2023-05-30T17:41:07.835Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.5/manifests"},{"name":"2.1.1","sha":"0585c3d59d483de3dd44317fed456c8c53a6eb3a","kind":"commit","published_at":"2020-03-08T03:09:56.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.1.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.1.1","dependencies_parsed_at":"2023-05-30T17:41:08.401Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.1.1/manifests"},{"name":"1.8.4","sha":"0da52b13271f1da9cb68cea818ff32311b9469a1","kind":"commit","published_at":"2020-03-02T15:10:27.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.8.4","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.8.4","dependencies_parsed_at":"2023-05-30T17:41:09.701Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.4/manifests"},{"name":"2.1.0","sha":"b7d68d8225bdcb173cba1b6371613a3492d71aaa","kind":"commit","published_at":"2020-03-02T14:41:17.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.1.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.1.0","dependencies_parsed_at":"2023-05-30T17:41:09.101Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.1.0/manifests"},{"name":"2.0.2","sha":"03fd0b8719f892f52e4def8effdef10cc2ee4f4c","kind":"commit","published_at":"2020-02-22T19:13:53.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.0.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.0.2","dependencies_parsed_at":"2023-05-30T17:41:10.402Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.0.2/manifests"},{"name":"2.0.1","sha":"cdfbf6d0f088186699bef3589e3e67997da784ec","kind":"commit","published_at":"2020-02-19T03:38:04.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.0.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.0.1","dependencies_parsed_at":"2023-05-30T17:41:11.081Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.0.1/manifests"},{"name":"2.0.0","sha":"383a511d0ed762f8bdb060ec71ff6cbefc41f73a","kind":"commit","published_at":"2020-02-16T23:10:05.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/2.0.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/2.0.0","dependencies_parsed_at":"2023-05-30T17:41:11.767Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/2.0.0/manifests"},{"name":"1.8.3","sha":"3579c7ef2894b9e3897dfafeb1eeed48933db5f2","kind":"commit","published_at":"2020-02-16T22:19:19.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.8.3","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.8.3","dependencies_parsed_at":"2023-05-30T17:41:12.523Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.3/manifests"},{"name":"1.8.2","sha":"d9cf6f5ad6f0b3a7ae9e5ca4aa78c95ea948823f","kind":"commit","published_at":"2020-02-02T22:56:49.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.8.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.8.2","dependencies_parsed_at":"2023-05-30T17:41:13.454Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.2/manifests"},{"name":"1.8.1","sha":"76cecacc5ecce8695c273fc73498553fcaa63a29","kind":"commit","published_at":"2020-01-27T17:09:10.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.8.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.8.1","dependencies_parsed_at":"2023-05-30T17:41:13.988Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.1/manifests"},{"name":"1.8.0","sha":"d384d9fe7eafebd438e55e7b32e33cc2955dc272","kind":"commit","published_at":"2020-01-26T12:51:58.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.8.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.8.0","dependencies_parsed_at":"2023-05-30T17:41:14.847Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.8.0/manifests"},{"name":"1.7.4","sha":"e01b2f0bf7de3c6c77ecd30b25a3cafecc5a5673","kind":"commit","published_at":"2020-01-21T20:50:27.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.7.4","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.7.4","dependencies_parsed_at":"2023-05-30T17:41:15.474Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.7.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.7.4/manifests"},{"name":"1.7.3","sha":"8489dbf4deff305b4d8fd497e9e62907259844a1","kind":"commit","published_at":"2020-01-17T11:46:16.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.7.3","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.7.3","dependencies_parsed_at":"2023-05-30T17:41:16.190Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.7.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.7.3/manifests"},{"name":"1.7.2","sha":"2ee4653d1c9614fc475d949b6bc26ad455bb21b2","kind":"commit","published_at":"2020-01-10T01:40:05.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.7.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.7.2","dependencies_parsed_at":"2023-05-30T17:41:16.790Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.7.2/manifests"},{"name":"1.7.1","sha":"71db1e2cf12bf0d2c4003652e6f69d382d41be1b","kind":"commit","published_at":"2020-01-08T22:26:18.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.7.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.7.1","dependencies_parsed_at":"2023-05-30T17:41:17.432Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.7.1/manifests"},{"name":"1.7.0","sha":"7b8bf7af6a42e028cbcccf623bb8499b4d6edf02","kind":"commit","published_at":"2020-01-01T10:52:07.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.7.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.7.0","dependencies_parsed_at":"2023-05-30T17:41:18.104Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.7.0/manifests"},{"name":"1.6.2","sha":"a507be73b5d36403550e47e30e0a01725a932c54","kind":"commit","published_at":"2019-12-22T04:32:11.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.6.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.6.2","dependencies_parsed_at":"2023-05-30T17:41:18.773Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.6.2/manifests"},{"name":"1.6.1","sha":"51c7527bd880153c913674f27a988b16294451ae","kind":"commit","published_at":"2019-12-16T22:58:05.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.6.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.6.1","dependencies_parsed_at":"2023-05-30T17:41:23.072Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.6.1/manifests"},{"name":"1.6.0","sha":"cfa7bc51cda7fdd59771ef600683c99770f84b0c","kind":"commit","published_at":"2019-12-09T10:00:42.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.6.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.6.0","dependencies_parsed_at":"2023-05-30T17:41:25.403Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.6.0/manifests"},{"name":"1.5.8","sha":"14acb26bdc67690fd835a68c89ab8fd06454d6a3","kind":"commit","published_at":"2019-12-06T04:00:32.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.5.8","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.5.8","dependencies_parsed_at":"2023-05-30T17:41:27.525Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.8/manifests"},{"name":"1.5.7","sha":"3164116a425d2dcc07cf6c3656b031c54295f1fd","kind":"commit","published_at":"2019-12-02T19:47:20.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.5.7","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.5.7","dependencies_parsed_at":"2023-05-30T17:41:29.857Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.7/manifests"},{"name":"1.5.6","sha":"3039a720ed87734767abf5cd5e22f1292d5cf7d0","kind":"commit","published_at":"2019-11-30T01:41:14.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.5.6","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.5.6","dependencies_parsed_at":"2023-05-30T17:41:33.876Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.6/manifests"},{"name":"1.5.5","sha":"99e2d8d309932f9a83345708cc65367855272c68","kind":"commit","published_at":"2019-11-27T18:26:05.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.5.5","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.5.5","dependencies_parsed_at":"2023-05-30T17:41:34.422Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.5/manifests"},{"name":"1.5.4","sha":"cade5f7157644bf352608627a88fa36c0046861b","kind":"commit","published_at":"2019-11-26T06:54:58.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.5.4","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.5.4","dependencies_parsed_at":"2023-05-30T17:41:37.787Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.4/manifests"},{"name":"1.5.3","sha":"2b938d931a23ab867d0e52f17ea2ac67c87a3f73","kind":"commit","published_at":"2019-11-21T20:29:30.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.5.3","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.5.3","dependencies_parsed_at":"2023-05-30T17:41:38.285Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.3/manifests"},{"name":"1.5.2","sha":"63d8fa1a9e3a907752d3ac93b131607397759142","kind":"commit","published_at":"2019-11-15T00:50:14.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.5.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.5.2","dependencies_parsed_at":"2023-05-30T17:41:39.963Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.2/manifests"},{"name":"1.5.1","sha":"1eb8e8f5cdaa0301dcaa2f3de301734b0a37e990","kind":"commit","published_at":"2019-11-13T01:32:47.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.5.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.5.1","dependencies_parsed_at":"2023-05-30T17:41:41.513Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.1/manifests"},{"name":"1.5.0","sha":"77bc79bd22217b745e4a63ae728431a0ee94bbe1","kind":"commit","published_at":"2019-11-08T10:46:49.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.5.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.5.0","dependencies_parsed_at":"2023-05-30T17:41:43.041Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.5.0/manifests"},{"name":"1.4.6","sha":"47d1da04768540620ad31631b6fceffb68424065","kind":"commit","published_at":"2019-11-02T14:22:52.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.4.6","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.4.6","dependencies_parsed_at":"2023-05-30T17:41:44.709Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.4.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.4.6/manifests"},{"name":"1.4.5","sha":"cb5e07baffd97091da0532fb8e212858de8c08b7","kind":"commit","published_at":"2019-10-29T01:40:37.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.4.5","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.4.5","dependencies_parsed_at":"2023-05-30T17:41:46.553Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.4.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.4.5/manifests"},{"name":"1.4.4","sha":"16267e1982d42ca3aa1555364422e0dba41f5aa2","kind":"commit","published_at":"2019-10-24T23:41:14.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.4.4","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.4.4","dependencies_parsed_at":"2023-05-30T17:41:49.280Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.4.4/manifests"},{"name":"1.4.3","sha":"ffc5b0249daf22c3b2f49eaceea5df8c0ba5c52c","kind":"commit","published_at":"2019-10-17T16:42:11.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.4.3","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.4.3","dependencies_parsed_at":"2023-05-30T17:41:49.760Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.4.3/manifests"},{"name":"1.4.2","sha":"62beed29e3cf71f0c2e98822f94c73fac47a03c7","kind":"commit","published_at":"2019-10-14T03:25:35.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.4.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.4.2","dependencies_parsed_at":"2023-05-30T17:41:51.432Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.4.2/manifests"},{"name":"1.4.1","sha":"3087ceb81157b0b55c116a1dfd0768c96d6913fc","kind":"commit","published_at":"2019-10-10T16:40:37.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.4.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.4.1","dependencies_parsed_at":"2023-05-30T17:41:53.142Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.4.1/manifests"},{"name":"1.4.0","sha":"409e0559313c451641cfc7f7dd02dc73800cbafd","kind":"commit","published_at":"2019-10-08T14:11:46.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.4.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.4.0","dependencies_parsed_at":"2023-05-30T17:41:55.840Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.4.0/manifests"},{"name":"1.3.9","sha":"7e81c058fb960568aa646adac1529290ed767b17","kind":"commit","published_at":"2019-10-05T10:02:11.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.3.9","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.3.9","dependencies_parsed_at":"2023-05-30T17:41:56.466Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.9/manifests"},{"name":"1.3.8","sha":"c0e0d9d98e3c029a718b0e38ca58fa61506fd4a7","kind":"commit","published_at":"2019-10-04T16:18:41.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.3.8","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.3.8","dependencies_parsed_at":"2023-05-30T17:41:58.084Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.8/manifests"},{"name":"1.3.7","sha":"06929bdf4cc47f9919e3f3c38da168085ed97697","kind":"commit","published_at":"2019-10-03T15:27:14.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.3.7","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.3.7","dependencies_parsed_at":"2023-05-30T17:41:59.727Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.7/manifests"},{"name":"1.3.6","sha":"eaf140ca8b6453db70443a45973d1f6ed24c512a","kind":"commit","published_at":"2019-09-28T11:10:37.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.3.6","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.3.6","dependencies_parsed_at":"2023-05-30T17:42:01.292Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.6/manifests"},{"name":"1.3.5","sha":"91348678220a0a7fd409b86ff37b299aa3647e6b","kind":"commit","published_at":"2019-09-26T14:54:24.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.3.5","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.3.5","dependencies_parsed_at":"2023-05-30T17:42:02.956Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.5/manifests"},{"name":"1.3.4","sha":"83cc9a4bcf6f9445eefd77d91a1f6a7b67153244","kind":"commit","published_at":"2019-09-24T16:19:53.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.3.4","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.3.4","dependencies_parsed_at":"2023-05-30T17:42:04.567Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.4/manifests"},{"name":"1.3.3","sha":"9cfe4e665e79c0a640c5076478583a94b19d8832","kind":"commit","published_at":"2019-09-21T19:00:44.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.3.3","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.3.3","dependencies_parsed_at":"2023-05-30T17:42:06.195Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.3/manifests"},{"name":"1.3.2","sha":"43178a725421fc4425bb3e29fc4bf3753a324bea","kind":"commit","published_at":"2019-09-20T16:24:46.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.3.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.3.2","dependencies_parsed_at":"2023-05-30T17:42:07.764Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.2/manifests"},{"name":"1.3.1","sha":"db44db4b9755b14d6d40214f0a63f85496ca3f6f","kind":"commit","published_at":"2019-09-19T12:35:40.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.3.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.3.1","dependencies_parsed_at":"2023-05-30T17:42:08.289Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.1/manifests"},{"name":"1.3.0","sha":"e4a37d0f163a754dd1c6267e9b83fa346491c94d","kind":"commit","published_at":"2019-09-18T10:49:52.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.3.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.3.0","dependencies_parsed_at":"2023-05-30T17:42:09.852Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.3.0/manifests"},{"name":"1.2.1","sha":"69f9b777e1ec5db05e5eaec1fde6692679e57356","kind":"commit","published_at":"2019-09-13T08:17:34.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.2.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.2.1","dependencies_parsed_at":"2023-05-30T17:42:11.337Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.2.1/manifests"},{"name":"1.2.0","sha":"201e8c8d98995b8a881324216409f1a4e9928087","kind":"commit","published_at":"2019-09-13T07:40:07.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.2.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.2.0","dependencies_parsed_at":"2023-05-30T17:42:13.721Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.2.0/manifests"},{"name":"1.1.2","sha":"35b07885565c4aacd40cb670dc93eca352a5ee32","kind":"commit","published_at":"2019-09-08T23:25:53.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.1.2","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.1.2","dependencies_parsed_at":"2023-05-30T17:42:15.485Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.1.2/manifests"},{"name":"1.1.1","sha":"b45c80e26a91e439932d392020cf842ba4b55503","kind":"commit","published_at":"2019-09-08T04:19:23.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.1.1","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.1.1","dependencies_parsed_at":"2023-05-30T17:42:16.920Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.1.1/manifests"},{"name":"1.1.0","sha":"764f8c84534bcf462eb2f40b6dfffef2b4cbbdfa","kind":"commit","published_at":"2019-09-07T13:04:56.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.1.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.1.0","dependencies_parsed_at":"2023-05-30T17:42:18.005Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.1.0/manifests"},{"name":"1.0.0","sha":"202f1bbec101767690fe929a3ae571c4d19a6b00","kind":"commit","published_at":"2019-09-06T02:07:46.000Z","download_url":"https://codeload.github.com/shivammathur/setup-php/tar.gz/1.0.0","html_url":"https://github.com/shivammathur/setup-php/releases/tag/1.0.0","dependencies_parsed_at":"2023-05-30T17:42:19.079Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shivammathur%2Fsetup-php/tags/1.0.0/manifests"}]},"repo_metadata_updated_at":"2025-06-04T21:26:06.021Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":58.51358846367166,"stargazers_count":0.8689221667591053,"forks_count":0.5731188759474949,"average":14.988907376594565},"purl":"pkg:deno/setupphp","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/deno/setupphp","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/deno/setupphp","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/deno/setupphp/dependencies","status":null,"funding_links":["https://github.com/sponsors/shivammathur"],"critical":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/deno.land/packages/setupphp/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/deno.land/packages/setupphp/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/deno.land/packages/setupphp/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/deno.land/packages/setupphp/related_packages","maintainers":[],"registry":{"name":"deno.land","url":"https://deno.land","ecosystem":"deno","default":true,"packages_count":5909,"maintainers_count":0,"namespaces_count":0,"keywords_count":4061,"github":"denoland","metadata":{"funded_packages_count":852},"icon_url":"https://github.com/denoland.png","created_at":"2022-04-20T15:35:43.723Z","updated_at":"2025-06-06T05:59:45.719Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/deno.land/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/deno.land/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/deno.land/namespaces"}},"unique_repositories_count":662,"unique_repositories_count_past_30_days":26,"recent_issues":[{"uuid":"4519041215","node_id":"PR_kwDOAAF-d87fJVF7","number":48,"state":"open","title":"Bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T19:13:19.000Z","updated_at":"2026-05-25T19:13:20.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/kpumuk/codecolorer/pull/48","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpumuk%2Fcodecolorer/issues/48","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/48/packages"},{"uuid":"4506945023","node_id":"PR_kwDOG3fBdM7ej1o9","number":181,"state":"open","title":"Bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T05:22:36.000Z","updated_at":"2026-05-23T05:22:39.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/SPPRAGUE/composer/pull/181","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SPPRAGUE%2Fcomposer/issues/181","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/181/packages"},{"uuid":"4498713160","node_id":"PR_kwDOQm3CRs7eJaME","number":30,"state":"open","title":"chore(deps): Bump the actions group with 13 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T00:02:03.000Z","updated_at":"2026-05-22T01:08:16.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"actions","update_count":13,"packages":[{"name":"actions/checkout","old_version":"4.1.7","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"haskell-actions/setup","old_version":"2.10.3","new_version":"2.11.0","repository_url":"https://github.com/haskell-actions/setup"},{"name":"actions/cache","old_version":"5.0.4","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"},{"name":"dependabot/fetch-metadata","old_version":"2.2.0","new_version":"3.1.0","repository_url":"https://github.com/dependabot/fetch-metadata"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"dtolnay/rust-toolchain","old_version":"efa25f7f19611383d5b0ccf2d1c8914531636bf9","new_version":"3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9","repository_url":"https://github.com/dtolnay/rust-toolchain"},{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"},{"name":"trufflesecurity/trufflehog","old_version":"3.93.8","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 13 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.1.7` | `6.0.2` |\n| [haskell-actions/setup](https://github.com/haskell-actions/setup) | `2.10.3` | `2.11.0` |\n| [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `4.0.0` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.35.5` |\n| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.2.0` | `3.1.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `efa25f7f19611383d5b0ccf2d1c8914531636bf9` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` |\n| [shivammathur/setup-php](https://github.com/shivammathur/setup-php) | `2.37.0` | `2.37.1` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` |\n\nUpdates `actions/checkout` from 4.1.7 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.1.7...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `haskell-actions/setup` from 2.10.3 to 2.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/haskell-actions/setup/releases\"\u003ehaskell-actions/setup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.11.0\u003c/h2\u003e\n\u003cp\u003eGHC: try ghcup first, choco only as fallback\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump softprops/action-gh-release from 2 to 3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/143\"\u003ehaskell-actions/setup#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHC: try ghcup first, choco only as fallback by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/144\"\u003ehaskell-actions/setup#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.4\u003c/h2\u003e\n\u003cp\u003eAdd GHC 9.12.4 and Stack 3.9.3\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003e\u003ccode\u003ecd0d9bd\u003c/code\u003e\u003c/a\u003e GHC: try ghcup first, choco only as fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/4568e6457136c6847fb753cd5ae28b2ba3b42798\"\u003e\u003ccode\u003e4568e64\u003c/code\u003e\u003c/a\u003e Bump softprops/action-gh-release from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/de26526e12bc780fb9d384c1fb61c0bf02e3a40d\"\u003e\u003ccode\u003ede26526\u003c/code\u003e\u003c/a\u003e Add GHC 9.12.4 and Stack 3.9.3\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/haskell-actions/setup/compare/f9150cb1d140e9a9271700670baa38991e6fa25c...cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5.0.4 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 4.0.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003e\u003ccode\u003efc324d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e from Tom-van-Woudenberg/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3\"\u003e\u003ccode\u003efe9d4b7\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980\"\u003e\u003ccode\u003e0ca1617\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e from jonchurch/include-hidden-files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b\"\u003e\u003ccode\u003e57f0e84\u003c/code\u003e\u003c/a\u003e Update action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d\"\u003e\u003ccode\u003e4a90348\u003c/code\u003e\u003c/a\u003e v7 --\u0026gt; hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569\"\u003e\u003ccode\u003e56f665a\u003c/code\u003e\u003c/a\u003e Update upload-artifact action to version 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414\"\u003e\u003ccode\u003ef7615f5\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/7b1f4a764d45c48632c6b24a0339c27f5614fb0b...fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/deploy-pages` from 4.0.5 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/deploy-pages/releases\"\u003eactions/deploy-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version to 24.x \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the rebuild dist workflow work nicer with Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group across 1 directory with 3 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDelete repeated sentence \u003ca href=\"https://github.com/garethsb\"\u003e\u003ccode\u003e@​garethsb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate README.md \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/348\"\u003e#348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group with 4 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove error message for file permissions \u003ca href=\"https://github.com/TooManyBees\"\u003e\u003ccode\u003e@​TooManyBees\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003cp\u003e:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the \u003ca href=\"https://github.com/actions/deploy-pages/#compatibility\"\u003ecompatibility table\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003e\u003ccode\u003ecd2ce8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5\"\u003e\u003ccode\u003ebbe2a95\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a\"\u003e\u003ccode\u003e854d7aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc\"\u003e\u003ccode\u003e306bb81\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9\"\u003e\u003ccode\u003eb742728\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e from actions/dependabot/npm_and_yarn/npm_and_yarn-513...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027\"\u003e\u003ccode\u003e7273294\u003c/code\u003e\u003c/a\u003e Bump braces in the npm_and_yarn group across 1 directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87\"\u003e\u003ccode\u003e963791f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e from actions/dependabot-friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727\"\u003e\u003ccode\u003e51bb29d\u003c/code\u003e\u003c/a\u003e Make the rebuild dist workflow safer for Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5\"\u003e\u003ccode\u003e89f3d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e from actions/dependabot/npm_and_yarn/non-breaking-cha...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c\"\u003e\u003ccode\u003ebce7355\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.35.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003e\u003ccode\u003e9e0d7b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3905\"\u003e#3905\u003c/a\u003e from github/update-v4.35.5-d4b485515\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6d7d59927c0c7336c1d1247c7e159e79edbf7684\"\u003e\u003ccode\u003e6d7d599\u003c/code\u003e\u003c/a\u003e Add changelog entry for \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/51f7e38c69d3cd7966375fe0ffff19669f22bd14\"\u003e\u003ccode\u003e51f7e38\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d4b485515e8531d7071a39d526213eb5b2e74a11\"\u003e\u003ccode\u003ed4b4855\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e from github/mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/127de8117f134e8809c127d53e940b3ffc1db8e9\"\u003e\u003ccode\u003e127de81\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7fde13f26ad3f7008e8fe6755cb997b54f7a2f3b\"\u003e\u003ccode\u003e7fde13f\u003c/code\u003e\u003c/a\u003e Use src + basename in header to avoid issues on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dfa61e7305ed28b74dcc2c68bd665b36751ad933\"\u003e\u003ccode\u003edfa61e7\u003c/code\u003e\u003c/a\u003e Improve pattern matching and error handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/52aafec07347933a26e670390c3f894c5c05e64a\"\u003e\u003ccode\u003e52aafec\u003c/code\u003e\u003c/a\u003e Import and call \u003ccode\u003erunWrapper\u003c/code\u003e normally in \u003ccode\u003eanalyze\u003c/code\u003e tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0d08c01f7874da2f932e4d4e4d42b1c43be88111\"\u003e\u003ccode\u003e0d08c01\u003c/code\u003e\u003c/a\u003e Auto-generate shared bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/14085a675cb6d8cddc805b946cc1d51e3232a204\"\u003e\u003ccode\u003e14085a6\u003c/code\u003e\u003c/a\u003e Auto-generate entry points\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.32.6...9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dependabot/fetch-metadata` from 2.2.0 to 3.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dependabot/fetch-metadata/releases\"\u003edependabot/fetch-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd permissions to all workflows by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/687\"\u003edependabot/fetch-metadata#687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 16.0.0 to 17.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/690\"\u003edependabot/fetch-metadata#690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/693\"\u003edependabot/fetch-metadata#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump \u003ccode\u003e@​hono/node-server\u003c/code\u003e from 1.19.10 to 1.19.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/694\"\u003edependabot/fetch-metadata#694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.7 to 4.12.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/695\"\u003edependabot/fetch-metadata#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDynamically update the tracking tag in action by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/696\"\u003edependabot/fetch-metadata#696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle duplicate dependency names in parseMetadataLinks by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/700\"\u003edependabot/fetch-metadata#700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove $ anchor from updateFragment regex to handle pip directory suffixes by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/698\"\u003edependabot/fetch-metadata#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates to README for permissions clarification by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/697\"\u003edependabot/fetch-metadata#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve update-type null for Python, Composer, and Terraform PRs by \u003ca href=\"https://github.com/vitorsdcs\"\u003e\u003ccode\u003e@​vitorsdcs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/704\"\u003edependabot/fetch-metadata#704\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 17.4.0 to 17.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/703\"\u003edependabot/fetch-metadata#703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/701\"\u003edependabot/fetch-metadata#701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump \u003ccode\u003e@​actions/github\u003c/code\u003e from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/702\"\u003edependabot/fetch-metadata#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.12 to 4.12.14 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/705\"\u003edependabot/fetch-metadata#705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev3.1.0 by \u003ca href=\"https://github.com/fetch-metadata-action-automation\"\u003e\u003ccode\u003e@​fetch-metadata-action-automation\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/692\"\u003edependabot/fetch-metadata#692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/700\"\u003edependabot/fetch-metadata#700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitorsdcs\"\u003e\u003ccode\u003e@​vitorsdcs\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/704\"\u003edependabot/fetch-metadata#704\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/dependabot/fetch-metadata/compare/v3...v3.1.0\"\u003ehttps://github.com/dependabot/fetch-metadata/compare/v3...v3.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cp\u003eThe breaking change is requiring Node.js version v24 as the Actions runtime.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: Parse versions from metadata links by \u003ca href=\"https://github.com/ppkarwasz\"\u003e\u003ccode\u003e@​ppkarwasz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/632\"\u003edependabot/fetch-metadata#632\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions core and actions github packages by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/649\"\u003edependabot/fetch-metadata#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Add notes for using \u003ccode\u003ealert-lookup\u003c/code\u003e with App Token by \u003ca href=\"https://github.com/sue445\"\u003e\u003ccode\u003e@​sue445\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/656\"\u003edependabot/fetch-metadata#656\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: update Node.js version to v24 by \u003ca href=\"https://github.com/sturman\"\u003e\u003ccode\u003e@​sturman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/671\"\u003edependabot/fetch-metadata#671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch build tooling from ncc to esbuild by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/676\"\u003edependabot/fetch-metadata#676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd --legal-comments=none to esbuild build commands by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/679\"\u003edependabot/fetch-metadata#679\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tsconfig target from es2022 to es2024 by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/680\"\u003edependabot/fetch-metadata#680\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove vestigial outDir from tsconfig.json by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/681\"\u003edependabot/fetch-metadata#681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch tsconfig module resolution to bundler by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/682\"\u003edependabot/fetch-metadata#682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove skipLibCheck from tsconfig.json by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/683\"\u003edependabot/fetch-metadata#683\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typecheck step to CI by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/685\"\u003edependabot/fetch-metadata#685\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable noImplicitAny in tsconfig.json by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/684\"\u003edependabot/fetch-metadata#684\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/core\u003c/code\u003e to ^3.0.0 by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/677\"\u003edependabot/fetch-metadata#677\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/github\u003c/code\u003e to ^9.0.0 and \u003ccode\u003e@​octokit/request-error\u003c/code\u003e to ^7.1.0 by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/678\"\u003edependabot/fetch-metadata#678\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump qs from 6.14.0 to 6.14.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/651\"\u003edependabot/fetch-metadata#651\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump hono from 4.11.1 to 4.11.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/652\"\u003edependabot/fetch-metadata#652\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump hono from 4.11.4 to 4.11.7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/653\"\u003edependabot/fetch-metadata#653\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump hono from 4.11.7 to 4.12.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/657\"\u003edependabot/fetch-metadata#657\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump qs from 6.14.1 to 6.14.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/655\"\u003edependabot/fetch-metadata#655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e from 1.25.1 to 1.26.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/654\"\u003edependabot/fetch-metadata#654\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​hono/node-server\u003c/code\u003e from 1.19.9 to 1.19.10 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/665\"\u003edependabot/fetch-metadata#665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump hono from 4.12.2 to 4.12.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/664\"\u003edependabot/fetch-metadata#664\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/25dd0e34f4fe68f24cc83900b1fe3fe149efef98\"\u003e\u003ccode\u003e25dd0e3\u003c/code\u003e\u003c/a\u003e v3.1.0 (\u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/e073f50d732cb48d48fb80afedb4fa61361626e9\"\u003e\u003ccode\u003ee073f50\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/issues/705\"\u003e#705\u003c/a\u003e from dependabot/dependabot/npm_and_yarn/hono-4.12.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/0670e167df1fbee1b0d07121de6a182ddebdd674\"\u003e\u003ccode\u003e0670e16\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump hono from 4.12.12 to 4.12.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/7a7fe10a42310e65df80af6c771e9aa5d59842d1\"\u003e\u003ccode\u003e7a7fe10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/issues/702\"\u003e#702\u003c/a\u003e from dependabot/dependabot/npm_and_y...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/php-aegis/pull/30","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Fphp-aegis/issues/30","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/30/packages"},{"uuid":"4494790089","node_id":"PR_kwDOA5gKcM7d8i9l","number":3749,"state":"open","title":"build(deps): Bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["dependencies","Skip-Changelog","patch"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T13:09:47.000Z","updated_at":"2026-05-21T13:15:44.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/nextcloud/news/pull/3749","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/nextcloud%2Fnews/issues/3749","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3749/packages"},{"uuid":"4490813340","node_id":"PR_kwDODDM_C87dvqKN","number":112,"state":"open","title":"GH Actions: Bump the action-runners group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["Type: chores/QA/automation","Status: triage"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T00:37:10.000Z","updated_at":"2026-05-21T00:38:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"GH Actions: Bump","group_name":"action-runners","update_count":2,"packages":[{"name":"mshick/add-pr-comment","old_version":"3.10.0","new_version":"3.11.0","repository_url":"https://github.com/mshick/add-pr-comment"},{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps the action-runners group with 2 updates in the / directory: [mshick/add-pr-comment](https://github.com/mshick/add-pr-comment) and [shivammathur/setup-php](https://github.com/shivammathur/setup-php).\n\nUpdates `mshick/add-pr-comment` from 3.10.0 to 3.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mshick/add-pr-comment/releases\"\u003emshick/add-pr-comment's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.11.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.10.1...v3.11.0\"\u003e3.11.0\u003c/a\u003e (2026-04-23)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd NOW template variable with configurable date format (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/193\"\u003e#193\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/87fe9efa28693e539af6dd6bdaa304fad69dcff5\"\u003e87fe9ef\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.10.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.10.0...v3.10.1\"\u003e3.10.1\u003c/a\u003e (2026-04-23)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip comment creation when \u003ccode\u003edeleteOnStatus\u003c/code\u003e matches \u003ccode\u003estatus\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/187\"\u003e#187\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/f160ebae327be580d3cc32f820fd2001edb08c64\"\u003ef160eba\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mshick/add-pr-comment/blob/main/CHANGELOG.md\"\u003emshick/add-pr-comment's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.10.1...v3.11.0\"\u003e3.11.0\u003c/a\u003e (2026-04-23)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd NOW template variable with configurable date format (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/193\"\u003e#193\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/87fe9efa28693e539af6dd6bdaa304fad69dcff5\"\u003e87fe9ef\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.10.0...v3.10.1\"\u003e3.10.1\u003c/a\u003e (2026-04-23)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip comment creation when \u003ccode\u003edeleteOnStatus\u003c/code\u003e matches \u003ccode\u003estatus\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/187\"\u003e#187\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/f160ebae327be580d3cc32f820fd2001edb08c64\"\u003ef160eba\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.9.1...v3.10.0\"\u003e3.10.0\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd truncate-separator input and markdown termination (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/184\"\u003e#184\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/6bd445f69b339d90b46389596c77466e3aeae755\"\u003e6bd445f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.9.0...v3.9.1\"\u003e3.9.1\u003c/a\u003e (2026-03-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einput \u003ccode\u003edelete-on-status\u003c/code\u003e not declared (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/175\"\u003e#175\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/108eeca085f6dfe103fbe745a5b402fa225cfdbe\"\u003e108eeca\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.8.0...v3.9.0\"\u003e3.9.0\u003c/a\u003e (2026-03-14)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd library exports for programmatic usage (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/169\"\u003e#169\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/277cebd817f74153d8c88986b77f0e75976e00af\"\u003e277cebd\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.7.0...v3.8.0\"\u003e3.8.0\u003c/a\u003e (2026-03-14)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eautomatic message truncation for oversized comments (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/167\"\u003e#167\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/38989f396057a576bf9584d56295f40c6e4bd1df\"\u003e38989f3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.6.0...v3.7.0\"\u003e3.7.0\u003c/a\u003e (2026-03-14)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd file attachments via artifacts (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/165\"\u003e#165\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/678e3402d584de30a0fd466ffaf959f48b20cedc\"\u003e678e340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/8e4927817251f1ff60c001f04568532b38e0b4a0\"\u003e\u003ccode\u003e8e49278\u003c/code\u003e\u003c/a\u003e chore(main): release 3.11.0 (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/194\"\u003e#194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/87fe9efa28693e539af6dd6bdaa304fad69dcff5\"\u003e\u003ccode\u003e87fe9ef\u003c/code\u003e\u003c/a\u003e feat: add NOW template variable with configurable date format (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/193\"\u003e#193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/be5d48d9b695983ee841f45434104a1419ba6231\"\u003e\u003ccode\u003ebe5d48d\u003c/code\u003e\u003c/a\u003e chore(main): release 3.10.1 (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/191\"\u003e#191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/14d916e523501b486377efc8f89db80ab94fc1e3\"\u003e\u003ccode\u003e14d916e\u003c/code\u003e\u003c/a\u003e chore(deps): bump fast-xml-parser from 5.5.9 to 5.7.1 in the npm_and_yarn gro...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/f160ebae327be580d3cc32f820fd2001edb08c64\"\u003e\u003ccode\u003ef160eba\u003c/code\u003e\u003c/a\u003e fix: skip comment creation when \u003ccode\u003edeleteOnStatus\u003c/code\u003e matches \u003ccode\u003estatus\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/187\"\u003e#187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/9302b90c1c7d26c4aebe20b7846b4a8a434bee94\"\u003e\u003ccode\u003e9302b90\u003c/code\u003e\u003c/a\u003e chore(deps): bump vite from 8.0.0 to 8.0.7 in the npm_and_yarn group across 1...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/4191f5ba05cb34640cd71d6ba5b2949f60249c3d\"\u003e\u003ccode\u003e4191f5b\u003c/code\u003e\u003c/a\u003e chore(deps): bump lodash from 4.17.23 to 4.18.1 in the npm_and_yarn group acr...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mshick/add-pr-comment/compare/64b8e914979889d746c99dea15a76e77ef64580a...8e4927817251f1ff60c001f04568532b38e0b4a0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shivammathur/setup-php` from 2.37.0 to 2.37.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/PHPCSStandards/PHP_CodeSniffer-documentation/pull/112","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/PHPCSStandards%2FPHP_CodeSniffer-documentation/issues/112","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/112/packages"},{"uuid":"4484465502","node_id":"PR_kwDOFigblM7dbIWc","number":122,"state":"open","title":"Bump the github-actions group with 2 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-20T08:09:36.000Z","updated_at":"2026-05-20T08:09:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"github-actions","update_count":2,"packages":[{"name":"ruby/setup-ruby","old_version":"1.307.0","new_version":"1.308.0","repository_url":"https://github.com/ruby/setup-ruby"},{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [shivammathur/setup-php](https://github.com/shivammathur/setup-php).\n\nUpdates `ruby/setup-ruby` from 1.307.0 to 1.308.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/setup-ruby/releases\"\u003eruby/setup-ruby's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.308.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CRuby releases on Windows by \u003ca href=\"https://github.com/ruby-builder-bot\"\u003e\u003ccode\u003e@​ruby-builder-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/setup-ruby/pull/912\"\u003eruby/setup-ruby#912\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/setup-ruby/compare/v1.307.0...v1.308.0\"\u003ehttps://github.com/ruby/setup-ruby/compare/v1.307.0...v1.308.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/setup-ruby/commit/97ecb7b512899eb71ab1bf2310a624c6f1589ac6\"\u003e\u003ccode\u003e97ecb7b\u003c/code\u003e\u003c/a\u003e Update CRuby releases on Windows\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/setup-ruby/compare/6aaa311d81eba98ae12eaffbcb63296ace0efcde...97ecb7b512899eb71ab1bf2310a624c6f1589ac6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shivammathur/setup-php` from 2.37.0 to 2.37.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/eviltester/grid-table-editor/pull/122","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/eviltester%2Fgrid-table-editor/issues/122","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/122/packages"},{"uuid":"4483566265","node_id":"PR_kwDOSioXTM7dYNyl","number":1,"state":"open","title":"Bump the github-actions group across 2 directories with 12 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-20T05:52:33.000Z","updated_at":"2026-05-20T05:52:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"github-actions","update_count":12,"packages":[{"name":"actions/setup-node","old_version":"4.4.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-node"},{"name":"actions/cache","old_version":"4.2.3","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/upload-artifact","old_version":"4","new_version":"7","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/checkout","old_version":"4.2.2","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"actions/download-artifact","old_version":"4.3.0","new_version":"8.0.1","repository_url":"https://github.com/actions/download-artifact"},{"name":"preactjs/compressed-size-action","old_version":"2.8.0","new_version":"2.9.1","repository_url":"https://github.com/preactjs/compressed-size-action"},{"name":"actions/github-script","old_version":"7.0.1","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"actions/stale","old_version":"9.1.0","new_version":"10.2.0","repository_url":"https://github.com/actions/stale"},{"name":"peaceiris/actions-gh-pages","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/peaceiris/actions-gh-pages"},{"name":"SimenB/github-actions-cpu-cores","old_version":"2.0.0","new_version":"3.0.0","repository_url":"https://github.com/simenb/github-actions-cpu-cores"},{"name":"shivammathur/setup-php","old_version":"2.35.2","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"},{"name":"ramsey/composer-install","old_version":"3.1.1","new_version":"4.0.0","repository_url":"https://github.com/ramsey/composer-install"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 3 updates in the /.github/setup-node directory: [actions/setup-node](https://github.com/actions/setup-node), [actions/cache](https://github.com/actions/cache) and [actions/upload-artifact](https://github.com/actions/upload-artifact).\nBumps the github-actions group with 12 updates in the /.github/workflows directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0` | `6.4.0` |\n| [actions/cache](https://github.com/actions/cache) | `4.2.3` | `5.0.5` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` |\n| [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.2` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` |\n| [preactjs/compressed-size-action](https://github.com/preactjs/compressed-size-action) | `2.8.0` | `2.9.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `7.0.1` | `9.0.0` |\n| [actions/stale](https://github.com/actions/stale) | `9.1.0` | `10.2.0` |\n| [peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages) | `4.0.0` | `4.1.0` |\n| [SimenB/github-actions-cpu-cores](https://github.com/simenb/github-actions-cpu-cores) | `2.0.0` | `3.0.0` |\n| [shivammathur/setup-php](https://github.com/shivammathur/setup-php) | `2.35.2` | `2.37.1` |\n| [ramsey/composer-install](https://github.com/ramsey/composer-install) | `3.1.1` | `4.0.0` |\n\n\nUpdates `actions/setup-node` from 4.4.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport parsing \u003ccode\u003edevEngines\u003c/code\u003e field by \u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWhen using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix npm audit issues by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1491\"\u003eactions/setup-node#1491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace uuid with crypto.randomUUID() by \u003ca href=\"https://github.com/trivikr\"\u003e\u003ccode\u003e@​trivikr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1378\"\u003eactions/setup-node#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade minimatch from 3.1.2 to 3.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1498\"\u003eactions/setup-node#1498\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove hardcoded bearer for mirror-url \u003ca href=\"https://github.com/marco-ippolito\"\u003e\u003ccode\u003e@​marco-ippolito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1467\"\u003eactions/setup-node#1467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eScope test lockfiles by package manager and update cache tests by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1495\"\u003eactions/setup-node#1495\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.3.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocumentation update related to absence of Lockfile by \u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrect mirror option typos by \u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme update on checkout version v6 by \u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme typo fixes \u003ca href=\"https://github.com/munyari\"\u003e\u003ccode\u003e@​munyari\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1226\"\u003eactions/setup-node#1226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdvanced document update on checkout version v6 by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e  in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1468\"\u003eactions/setup-node#1468\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5.0.1 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1449\"\u003eactions/setup-node#1449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/53b83947a5a98c8d113130e565377fae1a50d02f\"\u003e\u003ccode\u003e53b8394\u003c/code\u003e\u003c/a\u003e Bump minimatch from 3.1.2 to 3.1.5 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1498\"\u003e#1498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/54045abd5dcd3b0fee9ca02fa24c57545834c9cc\"\u003e\u003ccode\u003e54045ab\u003c/code\u003e\u003c/a\u003e Scope test lockfiles by package manager and update cache tests (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1495\"\u003e#1495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/c882bffdbd4df51ace6b940023952e8669c9932a\"\u003e\u003ccode\u003ec882bff\u003c/code\u003e\u003c/a\u003e Replace uuid with crypto.randomUUID() (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/774c1d62961e73038a114d59c8847023c003194d\"\u003e\u003ccode\u003e774c1d6\u003c/code\u003e\u003c/a\u003e feat(node-version-file): support parsing \u003ccode\u003edevEngines\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1283\"\u003e#1283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/efcb663fc60e97218a2b2d6d827f7830f164739e\"\u003e\u003ccode\u003eefcb663\u003c/code\u003e\u003c/a\u003e fix: remove hardcoded bearer (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1467\"\u003e#1467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/d02c89dce7e1ba9ef629ce0680989b3a1cc72edb\"\u003e\u003ccode\u003ed02c89d\u003c/code\u003e\u003c/a\u003e Fix npm audit issues (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1491\"\u003e#1491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/6044e13b5dc448c55e2357c09f80417699197238\"\u003e\u003ccode\u003e6044e13\u003c/code\u003e\u003c/a\u003e Docs: bump actions/checkout from v5 to v6 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1468\"\u003e#1468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/8e494633d082d609d1e9ff931be32f8a44f1f657\"\u003e\u003ccode\u003e8e49463\u003c/code\u003e\u003c/a\u003e Fix README typo (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1226\"\u003e#1226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/setup-node/compare/49933ea5288caeca8642d1e84afbd3f7d6820020...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.2.3 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/5a3ec84eff668545956fd18022155c47e93e2684...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 4.4.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport parsing \u003ccode\u003edevEngines\u003c/code\u003e field by \u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWhen using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix npm audit issues by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1491\"\u003eactions/setup-node#1491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace uuid with crypto.randomUUID() by \u003ca href=\"https://github.com/trivikr\"\u003e\u003ccode\u003e@​trivikr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1378\"\u003eactions/setup-node#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade minimatch from 3.1.2 to 3.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1498\"\u003eactions/setup-node#1498\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove hardcoded bearer for mirror-url \u003ca href=\"https://github.com/marco-ippolito\"\u003e\u003ccode\u003e@​marco-ippolito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1467\"\u003eactions/setup-node#1467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eScope test lockfiles by package manager and update cache tests by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1495\"\u003eactions/setup-node#1495\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.3.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocumentation update related to absence of Lockfile by \u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrect mirror option typos by \u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme update on checkout version v6 by \u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme typo fixes \u003ca href=\"https://github.com/munyari\"\u003e\u003ccode\u003e@​munyari\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1226\"\u003eactions/setup-node#1226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdvanced document update on checkout version v6 by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e  in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1468\"\u003eactions/setup-node#1468\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5.0.1 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1449\"\u003eactions/setup-node#1449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/53b83947a5a98c8d113130e565377fae1a50d02f\"\u003e\u003ccode\u003e53b8394\u003c/code\u003e\u003c/a\u003e Bump minimatch from 3.1.2 to 3.1.5 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1498\"\u003e#1498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/54045abd5dcd3b0fee9ca02fa24c57545834c9cc\"\u003e\u003ccode\u003e54045ab\u003c/code\u003e\u003c/a\u003e Scope test lockfiles by package manager and update cache tests (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1495\"\u003e#1495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/c882bffdbd4df51ace6b940023952e8669c9932a\"\u003e\u003ccode\u003ec882bff\u003c/code\u003e\u003c/a\u003e Replace uuid with crypto.randomUUID() (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/774c1d62961e73038a114d59c8847023c003194d\"\u003e\u003ccode\u003e774c1d6\u003c/code\u003e\u003c/a\u003e feat(node-version-file): support parsing \u003ccode\u003edevEngines\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1283\"\u003e#1283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/efcb663fc60e97218a2b2d6d827f7830f164739e\"\u003e\u003ccode\u003eefcb663\u003c/code\u003e\u003c/a\u003e fix: remove hardcoded bearer (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1467\"\u003e#1467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/d02c89dce7e1ba9ef629ce0680989b3a1cc72edb\"\u003e\u003ccode\u003ed02c89d\u003c/code\u003e\u003c/a\u003e Fix npm audit issues (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1491\"\u003e#1491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/6044e13b5dc448c55e2357c09f80417699197238\"\u003e\u003ccode\u003e6044e13\u003c/code\u003e\u003c/a\u003e Docs: bump actions/checkout from v5 to v6 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1468\"\u003e#1468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/8e494633d082d609d1e9ff931be32f8a44f1f657\"\u003e\u003ccode\u003e8e49463\u003c/code\u003e\u003c/a\u003e Fix README typo (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1226\"\u003e#1226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/setup-node/compare/49933ea5288caeca8642d1e84afbd3f7d6820020...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.2.3 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/5a3ec84eff668545956fd18022155c47e93e2684...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 4.2.2 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/download-artifact` from 4.3.0 to 8.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/download-artifact/releases\"\u003eactions/download-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for CJK characters in the artifact name by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/471\"\u003eactions/download-artifact#471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a regression test for artifact name + content-type mismatches by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/472\"\u003eactions/download-artifact#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v8...v8.0.1\"\u003ehttps://github.com/actions/download-artifact/compare/v8...v8.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003ev8 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nHash mismatches will now error by default. Users can override this behavior with a setting change (see below).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDirect downloads\u003c/h3\u003e\n\u003cp\u003eTo support direct uploads in \u003ccode\u003eactions/upload-artifact\u003c/code\u003e, the action will no longer attempt to unzip all downlo...\n\n_Description has been truncated_","html_url":"https://github.com/cco1790/gutenberg-fork/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cco1790%2Fgutenberg-fork/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4475693629","node_id":"PR_kwDOKt9yac7c-xEr","number":1064,"state":"open","title":"Bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["size/XS","☑️ auto-merge","🤖 bot"],"assignees":["guibranco"],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T08:23:54.000Z","updated_at":"2026-05-19T08:26:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/guibranco/gstraccini-bot-service/pull/1064","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/guibranco%2Fgstraccini-bot-service/issues/1064","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1064/packages"},{"uuid":"4475026538","node_id":"PR_kwDORP1mDc7c8oKE","number":288,"state":"open","title":"chore(deps): bump shivammathur/setup-php from 8358ee0e2e8afe63c2fb8253d1d52085811ab1e5 to 7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T06:40:24.000Z","updated_at":"2026-05-20T04:58:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"shivammathur/setup-php","old_version":"8358ee0e2e8afe63c2fb8253d1d52085811ab1e5","new_version":"7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 8358ee0e2e8afe63c2fb8253d1d52085811ab1e5 to 7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/8358ee0e2e8afe63c2fb8253d1d52085811ab1e5...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/fraiseql/fraiseql/pull/288","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fraiseql%2Ffraiseql/issues/288","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/288/packages"},{"uuid":"4474488120","node_id":"PR_kwDOAfaerc7c66UQ","number":6966,"state":"open","title":"chore(deps): Bump shivammathur/setup-php from 2.37.0 to 2.37.1 in /.github/actions/run-wp-tests","user":"dependabot[bot]","labels":["[Status] Needs Review","[Type] Maintenance","[Status] No files to Deploy"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T04:48:13.000Z","updated_at":"2026-05-19T04:51:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":"/.github/actions/run-wp-tests","ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Automattic/vip-go-mu-plugins/pull/6966","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Automattic%2Fvip-go-mu-plugins/issues/6966","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6966/packages"},{"uuid":"4474093545","node_id":"PR_kwDOJ2e9ss7c5pOQ","number":23,"state":"open","title":"chore(deps): bump shivammathur/setup-php from 2.35.5 to 2.37.1","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T03:08:07.000Z","updated_at":"2026-05-19T03:08:08.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"shivammathur/setup-php","old_version":"2.35.5","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.5 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.35.5...2.37.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.35.5\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/wandesnet/mercadopago-laravel/pull/23","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wandesnet%2Fmercadopago-laravel/issues/23","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/23/packages"},{"uuid":"4473215852","node_id":"PR_kwDOIZAnJ87c23Uu","number":18,"state":"closed","title":"chore(deps): bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T23:15:53.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T23:15:42.000Z","updated_at":"2026-05-18T23:15:55.000Z","time_to_close":11,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/okaufmann/laravel-horizon-doctor/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/okaufmann%2Flaravel-horizon-doctor/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"},{"uuid":"4469290782","node_id":"PR_kwDOBWp-W87cqFrx","number":578,"state":"closed","title":"Bump the github-actions group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-21T20:03:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T12:57:50.000Z","updated_at":"2026-05-21T20:03:50.000Z","time_to_close":284758,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"github-actions","update_count":6,"packages":[{"name":"actions/upload-artifact","old_version":"7.0.0","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"},{"name":"actions/setup-node","old_version":"6.3.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-node"},{"name":"actions/cache","old_version":"5.0.4","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"github/codeql-action","old_version":"4.33.0","new_version":"4.35.4","repository_url":"https://github.com/github/codeql-action"},{"name":"slackapi/slack-github-action","old_version":"3.0.1","new_version":"3.0.3","repository_url":"https://github.com/slackapi/slack-github-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |\n| [shivammathur/setup-php](https://github.com/shivammathur/setup-php) | `2.37.0` | `2.37.1` |\n| [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` |\n| [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.33.0` | `4.35.4` |\n| [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) | `3.0.1` | `3.0.3` |\n\n\nUpdates `actions/upload-artifact` from 7.0.0 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shivammathur/setup-php` from 2.37.0 to 2.37.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 6.3.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5.0.4 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.33.0 to 4.35.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/68bde559dea0fdcac2102bfdf6230c5f70eb485e\"\u003e\u003ccode\u003e68bde55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3885\"\u003e#3885\u003c/a\u003e from github/update-v4.35.4-803d9e8c3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9739ad2d182c072da0d01a6887f7f39620f71b1e\"\u003e\u003ccode\u003e9739ad2\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/803d9e8c3ca8b0dd2029a1da3b541a18b6bfb076\"\u003e\u003ccode\u003e803d9e8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3883\"\u003e#3883\u003c/a\u003e from github/mbg/test/macro-wrapper\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0fd9c7d1358a7404e46ed8165f12262f56bd1434\"\u003e\u003ccode\u003e0fd9c7d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3882\"\u003e#3882\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/922d6fb888d665134eb982b150b8912dbd48e21a\"\u003e\u003ccode\u003e922d6fb\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003emakeMacro\u003c/code\u003e instead of \u003ccode\u003etest.macro\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/df77e87896689b5c736433984c5df14d86c63d56\"\u003e\u003ccode\u003edf77e87\u003c/code\u003e\u003c/a\u003e Update test macro snippet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6e3f985e4fc409a188c7701b68c4dec158c9ced3\"\u003e\u003ccode\u003e6e3f985\u003c/code\u003e\u003c/a\u003e Add wrapper for \u003ccode\u003etest.macro\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/e7a347dfb1bfb7a858347623fcb4f650effca6b5\"\u003e\u003ccode\u003ee7a347d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3881\"\u003e#3881\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/17eabb2500031486a71e00ecbcb72c73804a6c9f\"\u003e\u003ccode\u003e17eabb2\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/aaef09c48db2dd7f0100363de1785963a34cd706\"\u003e\u003ccode\u003eaaef09c\u003c/code\u003e\u003c/a\u003e Bump ruby/setup-ruby\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/b1bff81932f5cdfc8695c7752dcee935dcd061c8...68bde559dea0fdcac2102bfdf6230c5f70eb485e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `slackapi/slack-github-action` from 3.0.1 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/slackapi/slack-github-action/releases\"\u003eslackapi/slack-github-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eSlack GitHub Action v3.0.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e66834e4: feat: add instrumentation to address error rates\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSlack GitHub Action v3.0.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e79529d7: fix: resolve url.parse deprecation warning for webhook techniques\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/slackapi/slack-github-action/blob/main/CHANGELOG.md\"\u003eslackapi/slack-github-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eslack-github-action\u003c/h1\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e66834e4: feat: add instrumentation to address error rates\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e79529d7: fix: resolve url.parse deprecation warning for webhook techniques\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/45a88b9581bfab2566dc881e2cd66d334e621e2c\"\u003e\u003ccode\u003e45a88b9\u003c/code\u003e\u003c/a\u003e chore: release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/1c0bcf08feaa559a9bcfcc249184e13b136ffa55\"\u003e\u003ccode\u003e1c0bcf0\u003c/code\u003e\u003c/a\u003e chore: release (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/606\"\u003e#606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/66834e4b0cad4cbf09ca680587ad8af71d615d4b\"\u003e\u003ccode\u003e66834e4\u003c/code\u003e\u003c/a\u003e feat: add instrumentation to address error rates (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/600\"\u003e#600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/0fe0f902b9f8da107ca0e1314a388c0f57e20d48\"\u003e\u003ccode\u003e0fe0f90\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/github\u003c/code\u003e from 9.0.0 to 9.1.1 (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/605\"\u003e#605\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/c5e70597945c255539c5218d4178ed3c7d8188be\"\u003e\u003ccode\u003ec5e7059\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​slack/web-api\u003c/code\u003e from 7.15.0 to 7.15.1 (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/0325526875571a27abcfd2b302453a90871abbff\"\u003e\u003ccode\u003e0325526\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump \u003ccode\u003e@​biomejs/biome\u003c/code\u003e from 2.4.10 to 2.4.13 (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/601\"\u003e#601\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/900cd3e6fa9d6eacd8a5512ecff230d08e65aec7\"\u003e\u003ccode\u003e900cd3e\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump \u003ccode\u003e@​types/node\u003c/code\u003e from 24.12.0 to 24.12.2 (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/603\"\u003e#603\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/53fdcffeb6e4d34cbdf3276f7beadb0ecc7c9fcd\"\u003e\u003ccode\u003e53fdcff\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/602\"\u003e#602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/26856cc7fb2c1c2951483645f5fdc3643dbe96eb\"\u003e\u003ccode\u003e26856cc\u003c/code\u003e\u003c/a\u003e build(deps): bump slackapi/slack-github-action from 3.0.1 to 3.0.2 (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/596\"\u003e#596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/feba1e29702383a5a3cd5136af0559ba10859b04\"\u003e\u003ccode\u003efeba1e2\u003c/code\u003e\u003c/a\u003e ci: skip publish step if no release is needed (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/599\"\u003e#599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/slackapi/slack-github-action/compare/af78098f536edbc4de71162a307590698245be95...45a88b9581bfab2566dc881e2cd66d334e621e2c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/desrosj/wordpress-develop/pull/578","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/desrosj%2Fwordpress-develop/issues/578","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/578/packages"},{"uuid":"4468021324","node_id":"PR_kwDOO6YpHM7cl-Fp","number":496,"state":"open","title":"chore(deps): bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":6,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T09:43:44.000Z","updated_at":"2026-05-31T02:06:41.707Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/AI-Stats/AI-Stats/pull/496","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AI-Stats%2FAI-Stats/issues/496","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/496/packages"},{"uuid":"4465514401","node_id":"PR_kwDOHGtOIM7ceAC-","number":555,"state":"open","title":"GitHub Actions(deps): Bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["dependencies","workflows"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T00:50:52.000Z","updated_at":"2026-05-18T00:52:36.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"GitHub Actions(deps): Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/newfold-labs/wp-module-performance/pull/555","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/newfold-labs%2Fwp-module-performance/issues/555","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/555/packages"},{"uuid":"4462599550","node_id":"PR_kwDOBkJHuc7cVUZ6","number":1717,"state":"open","title":"Chore(deps): Bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-17T07:03:00.000Z","updated_at":"2026-05-17T07:04:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Chore(deps): Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/nextcloud/end_to_end_encryption/pull/1717","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/nextcloud%2Fend_to_end_encryption/issues/1717","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1717/packages"},{"uuid":"4461867392","node_id":"PR_kwDORoutKc7cTMxO","number":1240,"state":"open","title":"chore(deps): bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-17T01:12:53.000Z","updated_at":"2026-05-17T01:12:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/seanmousseau/Simple-PHP-IPAM/pull/1240","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/seanmousseau%2FSimple-PHP-IPAM/issues/1240","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1240/packages"},{"uuid":"4459304106","node_id":"PR_kwDORZCGgs7cLrDv","number":93,"state":"open","title":"chore(deps): bump shivammathur/setup-php from 2.37.0 to 2.37.1 in the github-actions group across 1 directory","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-16T08:44:17.000Z","updated_at":"2026-05-16T08:44:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":"the github-actions group across 1 directory","ecosystem":"actions"},"body":"Bumps the github-actions group with 1 update in the / directory: [shivammathur/setup-php](https://github.com/shivammathur/setup-php).\n\nUpdates `shivammathur/setup-php` from 2.37.0 to 2.37.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/netresearch/typo3-ci-workflows/pull/93","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/netresearch%2Ftypo3-ci-workflows/issues/93","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/93/packages"},{"uuid":"4457976524","node_id":"PR_kwDOJmDzd87cHqjw","number":881,"state":"closed","title":"chore(deps): Bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-16T10:14:41.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-16T01:03:33.000Z","updated_at":"2026-05-16T10:14:43.000Z","time_to_close":33068,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/nextcloud/app_api/pull/881","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/nextcloud%2Fapp_api/issues/881","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/881/packages"},{"uuid":"4457035050","node_id":"PR_kwDOEasgXs7cEoQf","number":292,"state":"open","title":"chore: Bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-15T21:21:26.000Z","updated_at":"2026-05-15T21:23:53.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore: Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ramsey/composer-install/pull/292","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ramsey%2Fcomposer-install/issues/292","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/292/packages"}],"issue_packages":[{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":null,"pr_created_at":"2026-05-25T19:13:19.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4519041215","node_id":"PR_kwDOAAF-d87fJVF7","number":48,"state":"open","title":"Bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T19:13:19.000Z","updated_at":"2026-05-25T19:13:20.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/kpumuk/codecolorer/pull/48","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpumuk%2Fcodecolorer/issues/48","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/48/packages"}},{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":null,"pr_created_at":"2026-05-23T05:22:36.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4506945023","node_id":"PR_kwDOG3fBdM7ej1o9","number":181,"state":"open","title":"Bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T05:22:36.000Z","updated_at":"2026-05-23T05:22:39.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/SPPRAGUE/composer/pull/181","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SPPRAGUE%2Fcomposer/issues/181","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/181/packages"}},{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":null,"pr_created_at":"2026-05-22T00:02:03.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4498713160","node_id":"PR_kwDOQm3CRs7eJaME","number":30,"state":"open","title":"chore(deps): Bump the actions group with 13 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T00:02:03.000Z","updated_at":"2026-05-22T01:08:16.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"actions","update_count":13,"packages":[{"name":"actions/checkout","old_version":"4.1.7","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"haskell-actions/setup","old_version":"2.10.3","new_version":"2.11.0","repository_url":"https://github.com/haskell-actions/setup"},{"name":"actions/cache","old_version":"5.0.4","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"},{"name":"dependabot/fetch-metadata","old_version":"2.2.0","new_version":"3.1.0","repository_url":"https://github.com/dependabot/fetch-metadata"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"dtolnay/rust-toolchain","old_version":"efa25f7f19611383d5b0ccf2d1c8914531636bf9","new_version":"3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9","repository_url":"https://github.com/dtolnay/rust-toolchain"},{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"},{"name":"trufflesecurity/trufflehog","old_version":"3.93.8","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 13 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.1.7` | `6.0.2` |\n| [haskell-actions/setup](https://github.com/haskell-actions/setup) | `2.10.3` | `2.11.0` |\n| [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `4.0.0` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.35.5` |\n| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.2.0` | `3.1.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `efa25f7f19611383d5b0ccf2d1c8914531636bf9` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` |\n| [shivammathur/setup-php](https://github.com/shivammathur/setup-php) | `2.37.0` | `2.37.1` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` |\n\nUpdates `actions/checkout` from 4.1.7 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.1.7...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `haskell-actions/setup` from 2.10.3 to 2.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/haskell-actions/setup/releases\"\u003ehaskell-actions/setup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.11.0\u003c/h2\u003e\n\u003cp\u003eGHC: try ghcup first, choco only as fallback\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump softprops/action-gh-release from 2 to 3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/143\"\u003ehaskell-actions/setup#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHC: try ghcup first, choco only as fallback by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/144\"\u003ehaskell-actions/setup#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.4\u003c/h2\u003e\n\u003cp\u003eAdd GHC 9.12.4 and Stack 3.9.3\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003e\u003ccode\u003ecd0d9bd\u003c/code\u003e\u003c/a\u003e GHC: try ghcup first, choco only as fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/4568e6457136c6847fb753cd5ae28b2ba3b42798\"\u003e\u003ccode\u003e4568e64\u003c/code\u003e\u003c/a\u003e Bump softprops/action-gh-release from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/de26526e12bc780fb9d384c1fb61c0bf02e3a40d\"\u003e\u003ccode\u003ede26526\u003c/code\u003e\u003c/a\u003e Add GHC 9.12.4 and Stack 3.9.3\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/haskell-actions/setup/compare/f9150cb1d140e9a9271700670baa38991e6fa25c...cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5.0.4 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 4.0.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003e\u003ccode\u003efc324d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e from Tom-van-Woudenberg/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3\"\u003e\u003ccode\u003efe9d4b7\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980\"\u003e\u003ccode\u003e0ca1617\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e from jonchurch/include-hidden-files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b\"\u003e\u003ccode\u003e57f0e84\u003c/code\u003e\u003c/a\u003e Update action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d\"\u003e\u003ccode\u003e4a90348\u003c/code\u003e\u003c/a\u003e v7 --\u0026gt; hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569\"\u003e\u003ccode\u003e56f665a\u003c/code\u003e\u003c/a\u003e Update upload-artifact action to version 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414\"\u003e\u003ccode\u003ef7615f5\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/7b1f4a764d45c48632c6b24a0339c27f5614fb0b...fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/deploy-pages` from 4.0.5 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/deploy-pages/releases\"\u003eactions/deploy-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version to 24.x \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the rebuild dist workflow work nicer with Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group across 1 directory with 3 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDelete repeated sentence \u003ca href=\"https://github.com/garethsb\"\u003e\u003ccode\u003e@​garethsb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate README.md \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/348\"\u003e#348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group with 4 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove error message for file permissions \u003ca href=\"https://github.com/TooManyBees\"\u003e\u003ccode\u003e@​TooManyBees\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003cp\u003e:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the \u003ca href=\"https://github.com/actions/deploy-pages/#compatibility\"\u003ecompatibility table\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003e\u003ccode\u003ecd2ce8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5\"\u003e\u003ccode\u003ebbe2a95\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a\"\u003e\u003ccode\u003e854d7aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc\"\u003e\u003ccode\u003e306bb81\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9\"\u003e\u003ccode\u003eb742728\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e from actions/dependabot/npm_and_yarn/npm_and_yarn-513...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027\"\u003e\u003ccode\u003e7273294\u003c/code\u003e\u003c/a\u003e Bump braces in the npm_and_yarn group across 1 directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87\"\u003e\u003ccode\u003e963791f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e from actions/dependabot-friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727\"\u003e\u003ccode\u003e51bb29d\u003c/code\u003e\u003c/a\u003e Make the rebuild dist workflow safer for Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5\"\u003e\u003ccode\u003e89f3d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e from actions/dependabot/npm_and_yarn/non-breaking-cha...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c\"\u003e\u003ccode\u003ebce7355\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.35.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003e\u003ccode\u003e9e0d7b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3905\"\u003e#3905\u003c/a\u003e from github/update-v4.35.5-d4b485515\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6d7d59927c0c7336c1d1247c7e159e79edbf7684\"\u003e\u003ccode\u003e6d7d599\u003c/code\u003e\u003c/a\u003e Add changelog entry for \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/51f7e38c69d3cd7966375fe0ffff19669f22bd14\"\u003e\u003ccode\u003e51f7e38\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d4b485515e8531d7071a39d526213eb5b2e74a11\"\u003e\u003ccode\u003ed4b4855\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e from github/mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/127de8117f134e8809c127d53e940b3ffc1db8e9\"\u003e\u003ccode\u003e127de81\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7fde13f26ad3f7008e8fe6755cb997b54f7a2f3b\"\u003e\u003ccode\u003e7fde13f\u003c/code\u003e\u003c/a\u003e Use src + basename in header to avoid issues on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dfa61e7305ed28b74dcc2c68bd665b36751ad933\"\u003e\u003ccode\u003edfa61e7\u003c/code\u003e\u003c/a\u003e Improve pattern matching and error handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/52aafec07347933a26e670390c3f894c5c05e64a\"\u003e\u003ccode\u003e52aafec\u003c/code\u003e\u003c/a\u003e Import and call \u003ccode\u003erunWrapper\u003c/code\u003e normally in \u003ccode\u003eanalyze\u003c/code\u003e tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0d08c01f7874da2f932e4d4e4d42b1c43be88111\"\u003e\u003ccode\u003e0d08c01\u003c/code\u003e\u003c/a\u003e Auto-generate shared bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/14085a675cb6d8cddc805b946cc1d51e3232a204\"\u003e\u003ccode\u003e14085a6\u003c/code\u003e\u003c/a\u003e Auto-generate entry points\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.32.6...9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dependabot/fetch-metadata` from 2.2.0 to 3.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dependabot/fetch-metadata/releases\"\u003edependabot/fetch-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd permissions to all workflows by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/687\"\u003edependabot/fetch-metadata#687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 16.0.0 to 17.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/690\"\u003edependabot/fetch-metadata#690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/693\"\u003edependabot/fetch-metadata#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump \u003ccode\u003e@​hono/node-server\u003c/code\u003e from 1.19.10 to 1.19.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/694\"\u003edependabot/fetch-metadata#694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.7 to 4.12.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/695\"\u003edependabot/fetch-metadata#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDynamically update the tracking tag in action by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/696\"\u003edependabot/fetch-metadata#696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle duplicate dependency names in parseMetadataLinks by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/700\"\u003edependabot/fetch-metadata#700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove $ anchor from updateFragment regex to handle pip directory suffixes by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/698\"\u003edependabot/fetch-metadata#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates to README for permissions clarification by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/697\"\u003edependabot/fetch-metadata#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve update-type null for Python, Composer, and Terraform PRs by \u003ca href=\"https://github.com/vitorsdcs\"\u003e\u003ccode\u003e@​vitorsdcs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/704\"\u003edependabot/fetch-metadata#704\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 17.4.0 to 17.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/703\"\u003edependabot/fetch-metadata#703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/701\"\u003edependabot/fetch-metadata#701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump \u003ccode\u003e@​actions/github\u003c/code\u003e from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/702\"\u003edependabot/fetch-metadata#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.12 to 4.12.14 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/705\"\u003edependabot/fetch-metadata#705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev3.1.0 by \u003ca href=\"https://github.com/fetch-metadata-action-automation\"\u003e\u003ccode\u003e@​fetch-metadata-action-automation\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/692\"\u003edependabot/fetch-metadata#692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/700\"\u003edependabot/fetch-metadata#700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitorsdcs\"\u003e\u003ccode\u003e@​vitorsdcs\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/704\"\u003edependabot/fetch-metadata#704\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/dependabot/fetch-metadata/compare/v3...v3.1.0\"\u003ehttps://github.com/dependabot/fetch-metadata/compare/v3...v3.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cp\u003eThe breaking change is requiring Node.js version v24 as the Actions runtime.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: Parse versions from metadata links by \u003ca href=\"https://github.com/ppkarwasz\"\u003e\u003ccode\u003e@​ppkarwasz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/632\"\u003edependabot/fetch-metadata#632\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions core and actions github packages by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/649\"\u003edependabot/fetch-metadata#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Add notes for using \u003ccode\u003ealert-lookup\u003c/code\u003e with App Token by \u003ca href=\"https://github.com/sue445\"\u003e\u003ccode\u003e@​sue445\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/656\"\u003edependabot/fetch-metadata#656\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: update Node.js version to v24 by \u003ca href=\"https://github.com/sturman\"\u003e\u003ccode\u003e@​sturman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/671\"\u003edependabot/fetch-metadata#671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch build tooling from ncc to esbuild by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/676\"\u003edependabot/fetch-metadata#676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd --legal-comments=none to esbuild build commands by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/679\"\u003edependabot/fetch-metadata#679\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tsconfig target from es2022 to es2024 by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/680\"\u003edependabot/fetch-metadata#680\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove vestigial outDir from tsconfig.json by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/681\"\u003edependabot/fetch-metadata#681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch tsconfig module resolution to bundler by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/682\"\u003edependabot/fetch-metadata#682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove skipLibCheck from tsconfig.json by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/683\"\u003edependabot/fetch-metadata#683\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typecheck step to CI by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/685\"\u003edependabot/fetch-metadata#685\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable noImplicitAny in tsconfig.json by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/684\"\u003edependabot/fetch-metadata#684\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/core\u003c/code\u003e to ^3.0.0 by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/677\"\u003edependabot/fetch-metadata#677\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/github\u003c/code\u003e to ^9.0.0 and \u003ccode\u003e@​octokit/request-error\u003c/code\u003e to ^7.1.0 by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/678\"\u003edependabot/fetch-metadata#678\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump qs from 6.14.0 to 6.14.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/651\"\u003edependabot/fetch-metadata#651\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump hono from 4.11.1 to 4.11.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/652\"\u003edependabot/fetch-metadata#652\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump hono from 4.11.4 to 4.11.7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/653\"\u003edependabot/fetch-metadata#653\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump hono from 4.11.7 to 4.12.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/657\"\u003edependabot/fetch-metadata#657\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump qs from 6.14.1 to 6.14.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/655\"\u003edependabot/fetch-metadata#655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e from 1.25.1 to 1.26.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/654\"\u003edependabot/fetch-metadata#654\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​hono/node-server\u003c/code\u003e from 1.19.9 to 1.19.10 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/665\"\u003edependabot/fetch-metadata#665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump hono from 4.12.2 to 4.12.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/664\"\u003edependabot/fetch-metadata#664\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/25dd0e34f4fe68f24cc83900b1fe3fe149efef98\"\u003e\u003ccode\u003e25dd0e3\u003c/code\u003e\u003c/a\u003e v3.1.0 (\u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/e073f50d732cb48d48fb80afedb4fa61361626e9\"\u003e\u003ccode\u003ee073f50\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/issues/705\"\u003e#705\u003c/a\u003e from dependabot/dependabot/npm_and_yarn/hono-4.12.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/0670e167df1fbee1b0d07121de6a182ddebdd674\"\u003e\u003ccode\u003e0670e16\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump hono from 4.12.12 to 4.12.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/7a7fe10a42310e65df80af6c771e9aa5d59842d1\"\u003e\u003ccode\u003e7a7fe10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/issues/702\"\u003e#702\u003c/a\u003e from dependabot/dependabot/npm_and_y...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/php-aegis/pull/30","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Fphp-aegis/issues/30","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/30/packages"}},{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":null,"pr_created_at":"2026-05-21T13:09:47.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4494790089","node_id":"PR_kwDOA5gKcM7d8i9l","number":3749,"state":"open","title":"build(deps): Bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["dependencies","Skip-Changelog","patch"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T13:09:47.000Z","updated_at":"2026-05-21T13:15:44.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/nextcloud/news/pull/3749","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/nextcloud%2Fnews/issues/3749","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3749/packages"}},{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":null,"pr_created_at":"2026-05-21T00:37:10.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4490813340","node_id":"PR_kwDODDM_C87dvqKN","number":112,"state":"open","title":"GH Actions: Bump the action-runners group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["Type: chores/QA/automation","Status: triage"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T00:37:10.000Z","updated_at":"2026-05-21T00:38:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"GH Actions: Bump","group_name":"action-runners","update_count":2,"packages":[{"name":"mshick/add-pr-comment","old_version":"3.10.0","new_version":"3.11.0","repository_url":"https://github.com/mshick/add-pr-comment"},{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps the action-runners group with 2 updates in the / directory: [mshick/add-pr-comment](https://github.com/mshick/add-pr-comment) and [shivammathur/setup-php](https://github.com/shivammathur/setup-php).\n\nUpdates `mshick/add-pr-comment` from 3.10.0 to 3.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mshick/add-pr-comment/releases\"\u003emshick/add-pr-comment's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.11.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.10.1...v3.11.0\"\u003e3.11.0\u003c/a\u003e (2026-04-23)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd NOW template variable with configurable date format (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/193\"\u003e#193\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/87fe9efa28693e539af6dd6bdaa304fad69dcff5\"\u003e87fe9ef\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.10.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.10.0...v3.10.1\"\u003e3.10.1\u003c/a\u003e (2026-04-23)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip comment creation when \u003ccode\u003edeleteOnStatus\u003c/code\u003e matches \u003ccode\u003estatus\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/187\"\u003e#187\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/f160ebae327be580d3cc32f820fd2001edb08c64\"\u003ef160eba\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mshick/add-pr-comment/blob/main/CHANGELOG.md\"\u003emshick/add-pr-comment's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.10.1...v3.11.0\"\u003e3.11.0\u003c/a\u003e (2026-04-23)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd NOW template variable with configurable date format (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/193\"\u003e#193\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/87fe9efa28693e539af6dd6bdaa304fad69dcff5\"\u003e87fe9ef\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.10.0...v3.10.1\"\u003e3.10.1\u003c/a\u003e (2026-04-23)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip comment creation when \u003ccode\u003edeleteOnStatus\u003c/code\u003e matches \u003ccode\u003estatus\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/187\"\u003e#187\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/f160ebae327be580d3cc32f820fd2001edb08c64\"\u003ef160eba\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.9.1...v3.10.0\"\u003e3.10.0\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd truncate-separator input and markdown termination (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/184\"\u003e#184\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/6bd445f69b339d90b46389596c77466e3aeae755\"\u003e6bd445f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.9.0...v3.9.1\"\u003e3.9.1\u003c/a\u003e (2026-03-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einput \u003ccode\u003edelete-on-status\u003c/code\u003e not declared (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/175\"\u003e#175\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/108eeca085f6dfe103fbe745a5b402fa225cfdbe\"\u003e108eeca\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.8.0...v3.9.0\"\u003e3.9.0\u003c/a\u003e (2026-03-14)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd library exports for programmatic usage (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/169\"\u003e#169\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/277cebd817f74153d8c88986b77f0e75976e00af\"\u003e277cebd\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.7.0...v3.8.0\"\u003e3.8.0\u003c/a\u003e (2026-03-14)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eautomatic message truncation for oversized comments (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/167\"\u003e#167\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/38989f396057a576bf9584d56295f40c6e4bd1df\"\u003e38989f3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/compare/v3.6.0...v3.7.0\"\u003e3.7.0\u003c/a\u003e (2026-03-14)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd file attachments via artifacts (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/165\"\u003e#165\u003c/a\u003e) (\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/678e3402d584de30a0fd466ffaf959f48b20cedc\"\u003e678e340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/8e4927817251f1ff60c001f04568532b38e0b4a0\"\u003e\u003ccode\u003e8e49278\u003c/code\u003e\u003c/a\u003e chore(main): release 3.11.0 (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/194\"\u003e#194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/87fe9efa28693e539af6dd6bdaa304fad69dcff5\"\u003e\u003ccode\u003e87fe9ef\u003c/code\u003e\u003c/a\u003e feat: add NOW template variable with configurable date format (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/193\"\u003e#193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/be5d48d9b695983ee841f45434104a1419ba6231\"\u003e\u003ccode\u003ebe5d48d\u003c/code\u003e\u003c/a\u003e chore(main): release 3.10.1 (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/191\"\u003e#191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/14d916e523501b486377efc8f89db80ab94fc1e3\"\u003e\u003ccode\u003e14d916e\u003c/code\u003e\u003c/a\u003e chore(deps): bump fast-xml-parser from 5.5.9 to 5.7.1 in the npm_and_yarn gro...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/f160ebae327be580d3cc32f820fd2001edb08c64\"\u003e\u003ccode\u003ef160eba\u003c/code\u003e\u003c/a\u003e fix: skip comment creation when \u003ccode\u003edeleteOnStatus\u003c/code\u003e matches \u003ccode\u003estatus\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/mshick/add-pr-comment/issues/187\"\u003e#187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/9302b90c1c7d26c4aebe20b7846b4a8a434bee94\"\u003e\u003ccode\u003e9302b90\u003c/code\u003e\u003c/a\u003e chore(deps): bump vite from 8.0.0 to 8.0.7 in the npm_and_yarn group across 1...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mshick/add-pr-comment/commit/4191f5ba05cb34640cd71d6ba5b2949f60249c3d\"\u003e\u003ccode\u003e4191f5b\u003c/code\u003e\u003c/a\u003e chore(deps): bump lodash from 4.17.23 to 4.18.1 in the npm_and_yarn group acr...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mshick/add-pr-comment/compare/64b8e914979889d746c99dea15a76e77ef64580a...8e4927817251f1ff60c001f04568532b38e0b4a0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shivammathur/setup-php` from 2.37.0 to 2.37.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/PHPCSStandards/PHP_CodeSniffer-documentation/pull/112","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/PHPCSStandards%2FPHP_CodeSniffer-documentation/issues/112","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/112/packages"}},{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":null,"pr_created_at":"2026-05-20T08:09:36.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4484465502","node_id":"PR_kwDOFigblM7dbIWc","number":122,"state":"open","title":"Bump the github-actions group with 2 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-20T08:09:36.000Z","updated_at":"2026-05-20T08:09:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"github-actions","update_count":2,"packages":[{"name":"ruby/setup-ruby","old_version":"1.307.0","new_version":"1.308.0","repository_url":"https://github.com/ruby/setup-ruby"},{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [shivammathur/setup-php](https://github.com/shivammathur/setup-php).\n\nUpdates `ruby/setup-ruby` from 1.307.0 to 1.308.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/setup-ruby/releases\"\u003eruby/setup-ruby's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.308.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CRuby releases on Windows by \u003ca href=\"https://github.com/ruby-builder-bot\"\u003e\u003ccode\u003e@​ruby-builder-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/setup-ruby/pull/912\"\u003eruby/setup-ruby#912\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/setup-ruby/compare/v1.307.0...v1.308.0\"\u003ehttps://github.com/ruby/setup-ruby/compare/v1.307.0...v1.308.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/setup-ruby/commit/97ecb7b512899eb71ab1bf2310a624c6f1589ac6\"\u003e\u003ccode\u003e97ecb7b\u003c/code\u003e\u003c/a\u003e Update CRuby releases on Windows\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/setup-ruby/compare/6aaa311d81eba98ae12eaffbcb63296ace0efcde...97ecb7b512899eb71ab1bf2310a624c6f1589ac6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shivammathur/setup-php` from 2.37.0 to 2.37.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/eviltester/grid-table-editor/pull/122","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/eviltester%2Fgrid-table-editor/issues/122","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/122/packages"}},{"old_version":"2.35.2","new_version":"2.37.1","update_type":"minor","path":null,"pr_created_at":"2026-05-20T05:52:33.000Z","version_change":"2.35.2 → 2.37.1","issue":{"uuid":"4483566265","node_id":"PR_kwDOSioXTM7dYNyl","number":1,"state":"open","title":"Bump the github-actions group across 2 directories with 12 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-20T05:52:33.000Z","updated_at":"2026-05-20T05:52:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"github-actions","update_count":12,"packages":[{"name":"actions/setup-node","old_version":"4.4.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-node"},{"name":"actions/cache","old_version":"4.2.3","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/upload-artifact","old_version":"4","new_version":"7","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/checkout","old_version":"4.2.2","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"actions/download-artifact","old_version":"4.3.0","new_version":"8.0.1","repository_url":"https://github.com/actions/download-artifact"},{"name":"preactjs/compressed-size-action","old_version":"2.8.0","new_version":"2.9.1","repository_url":"https://github.com/preactjs/compressed-size-action"},{"name":"actions/github-script","old_version":"7.0.1","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"actions/stale","old_version":"9.1.0","new_version":"10.2.0","repository_url":"https://github.com/actions/stale"},{"name":"peaceiris/actions-gh-pages","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/peaceiris/actions-gh-pages"},{"name":"SimenB/github-actions-cpu-cores","old_version":"2.0.0","new_version":"3.0.0","repository_url":"https://github.com/simenb/github-actions-cpu-cores"},{"name":"shivammathur/setup-php","old_version":"2.35.2","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"},{"name":"ramsey/composer-install","old_version":"3.1.1","new_version":"4.0.0","repository_url":"https://github.com/ramsey/composer-install"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 3 updates in the /.github/setup-node directory: [actions/setup-node](https://github.com/actions/setup-node), [actions/cache](https://github.com/actions/cache) and [actions/upload-artifact](https://github.com/actions/upload-artifact).\nBumps the github-actions group with 12 updates in the /.github/workflows directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0` | `6.4.0` |\n| [actions/cache](https://github.com/actions/cache) | `4.2.3` | `5.0.5` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` |\n| [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.2` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` |\n| [preactjs/compressed-size-action](https://github.com/preactjs/compressed-size-action) | `2.8.0` | `2.9.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `7.0.1` | `9.0.0` |\n| [actions/stale](https://github.com/actions/stale) | `9.1.0` | `10.2.0` |\n| [peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages) | `4.0.0` | `4.1.0` |\n| [SimenB/github-actions-cpu-cores](https://github.com/simenb/github-actions-cpu-cores) | `2.0.0` | `3.0.0` |\n| [shivammathur/setup-php](https://github.com/shivammathur/setup-php) | `2.35.2` | `2.37.1` |\n| [ramsey/composer-install](https://github.com/ramsey/composer-install) | `3.1.1` | `4.0.0` |\n\n\nUpdates `actions/setup-node` from 4.4.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport parsing \u003ccode\u003edevEngines\u003c/code\u003e field by \u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWhen using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix npm audit issues by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1491\"\u003eactions/setup-node#1491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace uuid with crypto.randomUUID() by \u003ca href=\"https://github.com/trivikr\"\u003e\u003ccode\u003e@​trivikr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1378\"\u003eactions/setup-node#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade minimatch from 3.1.2 to 3.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1498\"\u003eactions/setup-node#1498\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove hardcoded bearer for mirror-url \u003ca href=\"https://github.com/marco-ippolito\"\u003e\u003ccode\u003e@​marco-ippolito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1467\"\u003eactions/setup-node#1467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eScope test lockfiles by package manager and update cache tests by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1495\"\u003eactions/setup-node#1495\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.3.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocumentation update related to absence of Lockfile by \u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrect mirror option typos by \u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme update on checkout version v6 by \u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme typo fixes \u003ca href=\"https://github.com/munyari\"\u003e\u003ccode\u003e@​munyari\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1226\"\u003eactions/setup-node#1226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdvanced document update on checkout version v6 by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e  in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1468\"\u003eactions/setup-node#1468\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5.0.1 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1449\"\u003eactions/setup-node#1449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/53b83947a5a98c8d113130e565377fae1a50d02f\"\u003e\u003ccode\u003e53b8394\u003c/code\u003e\u003c/a\u003e Bump minimatch from 3.1.2 to 3.1.5 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1498\"\u003e#1498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/54045abd5dcd3b0fee9ca02fa24c57545834c9cc\"\u003e\u003ccode\u003e54045ab\u003c/code\u003e\u003c/a\u003e Scope test lockfiles by package manager and update cache tests (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1495\"\u003e#1495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/c882bffdbd4df51ace6b940023952e8669c9932a\"\u003e\u003ccode\u003ec882bff\u003c/code\u003e\u003c/a\u003e Replace uuid with crypto.randomUUID() (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/774c1d62961e73038a114d59c8847023c003194d\"\u003e\u003ccode\u003e774c1d6\u003c/code\u003e\u003c/a\u003e feat(node-version-file): support parsing \u003ccode\u003edevEngines\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1283\"\u003e#1283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/efcb663fc60e97218a2b2d6d827f7830f164739e\"\u003e\u003ccode\u003eefcb663\u003c/code\u003e\u003c/a\u003e fix: remove hardcoded bearer (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1467\"\u003e#1467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/d02c89dce7e1ba9ef629ce0680989b3a1cc72edb\"\u003e\u003ccode\u003ed02c89d\u003c/code\u003e\u003c/a\u003e Fix npm audit issues (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1491\"\u003e#1491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/6044e13b5dc448c55e2357c09f80417699197238\"\u003e\u003ccode\u003e6044e13\u003c/code\u003e\u003c/a\u003e Docs: bump actions/checkout from v5 to v6 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1468\"\u003e#1468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/8e494633d082d609d1e9ff931be32f8a44f1f657\"\u003e\u003ccode\u003e8e49463\u003c/code\u003e\u003c/a\u003e Fix README typo (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1226\"\u003e#1226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/setup-node/compare/49933ea5288caeca8642d1e84afbd3f7d6820020...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.2.3 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/5a3ec84eff668545956fd18022155c47e93e2684...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 4.4.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport parsing \u003ccode\u003edevEngines\u003c/code\u003e field by \u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWhen using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix npm audit issues by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1491\"\u003eactions/setup-node#1491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace uuid with crypto.randomUUID() by \u003ca href=\"https://github.com/trivikr\"\u003e\u003ccode\u003e@​trivikr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1378\"\u003eactions/setup-node#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade minimatch from 3.1.2 to 3.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1498\"\u003eactions/setup-node#1498\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove hardcoded bearer for mirror-url \u003ca href=\"https://github.com/marco-ippolito\"\u003e\u003ccode\u003e@​marco-ippolito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1467\"\u003eactions/setup-node#1467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eScope test lockfiles by package manager and update cache tests by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1495\"\u003eactions/setup-node#1495\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.3.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocumentation update related to absence of Lockfile by \u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrect mirror option typos by \u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme update on checkout version v6 by \u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme typo fixes \u003ca href=\"https://github.com/munyari\"\u003e\u003ccode\u003e@​munyari\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1226\"\u003eactions/setup-node#1226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdvanced document update on checkout version v6 by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e  in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1468\"\u003eactions/setup-node#1468\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5.0.1 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1449\"\u003eactions/setup-node#1449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/53b83947a5a98c8d113130e565377fae1a50d02f\"\u003e\u003ccode\u003e53b8394\u003c/code\u003e\u003c/a\u003e Bump minimatch from 3.1.2 to 3.1.5 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1498\"\u003e#1498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/54045abd5dcd3b0fee9ca02fa24c57545834c9cc\"\u003e\u003ccode\u003e54045ab\u003c/code\u003e\u003c/a\u003e Scope test lockfiles by package manager and update cache tests (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1495\"\u003e#1495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/c882bffdbd4df51ace6b940023952e8669c9932a\"\u003e\u003ccode\u003ec882bff\u003c/code\u003e\u003c/a\u003e Replace uuid with crypto.randomUUID() (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/774c1d62961e73038a114d59c8847023c003194d\"\u003e\u003ccode\u003e774c1d6\u003c/code\u003e\u003c/a\u003e feat(node-version-file): support parsing \u003ccode\u003edevEngines\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1283\"\u003e#1283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/efcb663fc60e97218a2b2d6d827f7830f164739e\"\u003e\u003ccode\u003eefcb663\u003c/code\u003e\u003c/a\u003e fix: remove hardcoded bearer (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1467\"\u003e#1467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/d02c89dce7e1ba9ef629ce0680989b3a1cc72edb\"\u003e\u003ccode\u003ed02c89d\u003c/code\u003e\u003c/a\u003e Fix npm audit issues (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1491\"\u003e#1491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/6044e13b5dc448c55e2357c09f80417699197238\"\u003e\u003ccode\u003e6044e13\u003c/code\u003e\u003c/a\u003e Docs: bump actions/checkout from v5 to v6 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1468\"\u003e#1468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/8e494633d082d609d1e9ff931be32f8a44f1f657\"\u003e\u003ccode\u003e8e49463\u003c/code\u003e\u003c/a\u003e Fix README typo (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1226\"\u003e#1226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/setup-node/compare/49933ea5288caeca8642d1e84afbd3f7d6820020...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.2.3 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/5a3ec84eff668545956fd18022155c47e93e2684...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 4.2.2 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/download-artifact` from 4.3.0 to 8.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/download-artifact/releases\"\u003eactions/download-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for CJK characters in the artifact name by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/471\"\u003eactions/download-artifact#471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a regression test for artifact name + content-type mismatches by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/472\"\u003eactions/download-artifact#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v8...v8.0.1\"\u003ehttps://github.com/actions/download-artifact/compare/v8...v8.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003ev8 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nHash mismatches will now error by default. Users can override this behavior with a setting change (see below).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDirect downloads\u003c/h3\u003e\n\u003cp\u003eTo support direct uploads in \u003ccode\u003eactions/upload-artifact\u003c/code\u003e, the action will no longer attempt to unzip all downlo...\n\n_Description has been truncated_","html_url":"https://github.com/cco1790/gutenberg-fork/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cco1790%2Fgutenberg-fork/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":null,"pr_created_at":"2026-05-19T08:23:54.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4475693629","node_id":"PR_kwDOKt9yac7c-xEr","number":1064,"state":"open","title":"Bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["size/XS","☑️ auto-merge","🤖 bot"],"assignees":["guibranco"],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T08:23:54.000Z","updated_at":"2026-05-19T08:26:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/guibranco/gstraccini-bot-service/pull/1064","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/guibranco%2Fgstraccini-bot-service/issues/1064","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1064/packages"}},{"old_version":"8358ee0e2e8afe63c2fb8253d1d52085811ab1e5","new_version":"7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc","update_type":null,"path":null,"pr_created_at":"2026-05-19T06:40:24.000Z","version_change":"8358ee0e2e8afe63c2fb8253d1d52085811ab1e5 → 7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc","issue":{"uuid":"4475026538","node_id":"PR_kwDORP1mDc7c8oKE","number":288,"state":"open","title":"chore(deps): bump shivammathur/setup-php from 8358ee0e2e8afe63c2fb8253d1d52085811ab1e5 to 7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T06:40:24.000Z","updated_at":"2026-05-20T04:58:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"shivammathur/setup-php","old_version":"8358ee0e2e8afe63c2fb8253d1d52085811ab1e5","new_version":"7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 8358ee0e2e8afe63c2fb8253d1d52085811ab1e5 to 7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/8358ee0e2e8afe63c2fb8253d1d52085811ab1e5...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/fraiseql/fraiseql/pull/288","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fraiseql%2Ffraiseql/issues/288","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/288/packages"}},{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":"/.github/actions/run-wp-tests","pr_created_at":"2026-05-19T04:48:13.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4474488120","node_id":"PR_kwDOAfaerc7c66UQ","number":6966,"state":"open","title":"chore(deps): Bump shivammathur/setup-php from 2.37.0 to 2.37.1 in /.github/actions/run-wp-tests","user":"dependabot[bot]","labels":["[Status] Needs Review","[Type] Maintenance","[Status] No files to Deploy"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T04:48:13.000Z","updated_at":"2026-05-19T04:51:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":"/.github/actions/run-wp-tests","ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Automattic/vip-go-mu-plugins/pull/6966","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Automattic%2Fvip-go-mu-plugins/issues/6966","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6966/packages"}},{"old_version":"2.35.5","new_version":"2.37.1","update_type":"minor","path":null,"pr_created_at":"2026-05-19T03:08:07.000Z","version_change":"2.35.5 → 2.37.1","issue":{"uuid":"4474093545","node_id":"PR_kwDOJ2e9ss7c5pOQ","number":23,"state":"open","title":"chore(deps): bump shivammathur/setup-php from 2.35.5 to 2.37.1","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T03:08:07.000Z","updated_at":"2026-05-19T03:08:08.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"shivammathur/setup-php","old_version":"2.35.5","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.5 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.35.5...2.37.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.35.5\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/wandesnet/mercadopago-laravel/pull/23","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wandesnet%2Fmercadopago-laravel/issues/23","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/23/packages"}},{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":null,"pr_created_at":"2026-05-18T23:15:42.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4473215852","node_id":"PR_kwDOIZAnJ87c23Uu","number":18,"state":"closed","title":"chore(deps): bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T23:15:53.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T23:15:42.000Z","updated_at":"2026-05-18T23:15:55.000Z","time_to_close":11,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/okaufmann/laravel-horizon-doctor/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/okaufmann%2Flaravel-horizon-doctor/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"}},{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":null,"pr_created_at":"2026-05-18T12:57:50.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4469290782","node_id":"PR_kwDOBWp-W87cqFrx","number":578,"state":"closed","title":"Bump the github-actions group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-21T20:03:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T12:57:50.000Z","updated_at":"2026-05-21T20:03:50.000Z","time_to_close":284758,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"github-actions","update_count":6,"packages":[{"name":"actions/upload-artifact","old_version":"7.0.0","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"},{"name":"actions/setup-node","old_version":"6.3.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-node"},{"name":"actions/cache","old_version":"5.0.4","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"github/codeql-action","old_version":"4.33.0","new_version":"4.35.4","repository_url":"https://github.com/github/codeql-action"},{"name":"slackapi/slack-github-action","old_version":"3.0.1","new_version":"3.0.3","repository_url":"https://github.com/slackapi/slack-github-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |\n| [shivammathur/setup-php](https://github.com/shivammathur/setup-php) | `2.37.0` | `2.37.1` |\n| [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` |\n| [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.33.0` | `4.35.4` |\n| [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) | `3.0.1` | `3.0.3` |\n\n\nUpdates `actions/upload-artifact` from 7.0.0 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shivammathur/setup-php` from 2.37.0 to 2.37.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 6.3.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5.0.4 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.33.0 to 4.35.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/68bde559dea0fdcac2102bfdf6230c5f70eb485e\"\u003e\u003ccode\u003e68bde55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3885\"\u003e#3885\u003c/a\u003e from github/update-v4.35.4-803d9e8c3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9739ad2d182c072da0d01a6887f7f39620f71b1e\"\u003e\u003ccode\u003e9739ad2\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/803d9e8c3ca8b0dd2029a1da3b541a18b6bfb076\"\u003e\u003ccode\u003e803d9e8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3883\"\u003e#3883\u003c/a\u003e from github/mbg/test/macro-wrapper\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0fd9c7d1358a7404e46ed8165f12262f56bd1434\"\u003e\u003ccode\u003e0fd9c7d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3882\"\u003e#3882\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/922d6fb888d665134eb982b150b8912dbd48e21a\"\u003e\u003ccode\u003e922d6fb\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003emakeMacro\u003c/code\u003e instead of \u003ccode\u003etest.macro\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/df77e87896689b5c736433984c5df14d86c63d56\"\u003e\u003ccode\u003edf77e87\u003c/code\u003e\u003c/a\u003e Update test macro snippet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6e3f985e4fc409a188c7701b68c4dec158c9ced3\"\u003e\u003ccode\u003e6e3f985\u003c/code\u003e\u003c/a\u003e Add wrapper for \u003ccode\u003etest.macro\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/e7a347dfb1bfb7a858347623fcb4f650effca6b5\"\u003e\u003ccode\u003ee7a347d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3881\"\u003e#3881\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/17eabb2500031486a71e00ecbcb72c73804a6c9f\"\u003e\u003ccode\u003e17eabb2\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/aaef09c48db2dd7f0100363de1785963a34cd706\"\u003e\u003ccode\u003eaaef09c\u003c/code\u003e\u003c/a\u003e Bump ruby/setup-ruby\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/b1bff81932f5cdfc8695c7752dcee935dcd061c8...68bde559dea0fdcac2102bfdf6230c5f70eb485e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `slackapi/slack-github-action` from 3.0.1 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/slackapi/slack-github-action/releases\"\u003eslackapi/slack-github-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eSlack GitHub Action v3.0.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e66834e4: feat: add instrumentation to address error rates\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSlack GitHub Action v3.0.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e79529d7: fix: resolve url.parse deprecation warning for webhook techniques\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/slackapi/slack-github-action/blob/main/CHANGELOG.md\"\u003eslackapi/slack-github-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eslack-github-action\u003c/h1\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e66834e4: feat: add instrumentation to address error rates\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e79529d7: fix: resolve url.parse deprecation warning for webhook techniques\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/45a88b9581bfab2566dc881e2cd66d334e621e2c\"\u003e\u003ccode\u003e45a88b9\u003c/code\u003e\u003c/a\u003e chore: release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/1c0bcf08feaa559a9bcfcc249184e13b136ffa55\"\u003e\u003ccode\u003e1c0bcf0\u003c/code\u003e\u003c/a\u003e chore: release (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/606\"\u003e#606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/66834e4b0cad4cbf09ca680587ad8af71d615d4b\"\u003e\u003ccode\u003e66834e4\u003c/code\u003e\u003c/a\u003e feat: add instrumentation to address error rates (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/600\"\u003e#600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/0fe0f902b9f8da107ca0e1314a388c0f57e20d48\"\u003e\u003ccode\u003e0fe0f90\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/github\u003c/code\u003e from 9.0.0 to 9.1.1 (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/605\"\u003e#605\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/c5e70597945c255539c5218d4178ed3c7d8188be\"\u003e\u003ccode\u003ec5e7059\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​slack/web-api\u003c/code\u003e from 7.15.0 to 7.15.1 (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/0325526875571a27abcfd2b302453a90871abbff\"\u003e\u003ccode\u003e0325526\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump \u003ccode\u003e@​biomejs/biome\u003c/code\u003e from 2.4.10 to 2.4.13 (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/601\"\u003e#601\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/900cd3e6fa9d6eacd8a5512ecff230d08e65aec7\"\u003e\u003ccode\u003e900cd3e\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump \u003ccode\u003e@​types/node\u003c/code\u003e from 24.12.0 to 24.12.2 (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/603\"\u003e#603\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/53fdcffeb6e4d34cbdf3276f7beadb0ecc7c9fcd\"\u003e\u003ccode\u003e53fdcff\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/602\"\u003e#602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/26856cc7fb2c1c2951483645f5fdc3643dbe96eb\"\u003e\u003ccode\u003e26856cc\u003c/code\u003e\u003c/a\u003e build(deps): bump slackapi/slack-github-action from 3.0.1 to 3.0.2 (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/596\"\u003e#596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slackapi/slack-github-action/commit/feba1e29702383a5a3cd5136af0559ba10859b04\"\u003e\u003ccode\u003efeba1e2\u003c/code\u003e\u003c/a\u003e ci: skip publish step if no release is needed (\u003ca href=\"https://redirect.github.com/slackapi/slack-github-action/issues/599\"\u003e#599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/slackapi/slack-github-action/compare/af78098f536edbc4de71162a307590698245be95...45a88b9581bfab2566dc881e2cd66d334e621e2c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/desrosj/wordpress-develop/pull/578","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/desrosj%2Fwordpress-develop/issues/578","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/578/packages"}},{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":null,"pr_created_at":"2026-05-18T09:43:44.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4468021324","node_id":"PR_kwDOO6YpHM7cl-Fp","number":496,"state":"open","title":"chore(deps): bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":6,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T09:43:44.000Z","updated_at":"2026-05-31T02:06:41.707Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/AI-Stats/AI-Stats/pull/496","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AI-Stats%2FAI-Stats/issues/496","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/496/packages"}},{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":null,"pr_created_at":"2026-05-18T00:50:52.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4465514401","node_id":"PR_kwDOHGtOIM7ceAC-","number":555,"state":"open","title":"GitHub Actions(deps): Bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["dependencies","workflows"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T00:50:52.000Z","updated_at":"2026-05-18T00:52:36.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"GitHub Actions(deps): Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/newfold-labs/wp-module-performance/pull/555","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/newfold-labs%2Fwp-module-performance/issues/555","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/555/packages"}},{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":null,"pr_created_at":"2026-05-17T07:03:00.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4462599550","node_id":"PR_kwDOBkJHuc7cVUZ6","number":1717,"state":"open","title":"Chore(deps): Bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-17T07:03:00.000Z","updated_at":"2026-05-17T07:04:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Chore(deps): Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/nextcloud/end_to_end_encryption/pull/1717","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/nextcloud%2Fend_to_end_encryption/issues/1717","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1717/packages"}},{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":null,"pr_created_at":"2026-05-17T01:12:53.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4461867392","node_id":"PR_kwDORoutKc7cTMxO","number":1240,"state":"open","title":"chore(deps): bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-17T01:12:53.000Z","updated_at":"2026-05-17T01:12:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/seanmousseau/Simple-PHP-IPAM/pull/1240","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/seanmousseau%2FSimple-PHP-IPAM/issues/1240","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1240/packages"}},{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":"the github-actions group across 1 directory","pr_created_at":"2026-05-16T08:44:17.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4459304106","node_id":"PR_kwDORZCGgs7cLrDv","number":93,"state":"open","title":"chore(deps): bump shivammathur/setup-php from 2.37.0 to 2.37.1 in the github-actions group across 1 directory","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-16T08:44:17.000Z","updated_at":"2026-05-16T08:44:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":"the github-actions group across 1 directory","ecosystem":"actions"},"body":"Bumps the github-actions group with 1 update in the / directory: [shivammathur/setup-php](https://github.com/shivammathur/setup-php).\n\nUpdates `shivammathur/setup-php` from 2.37.0 to 2.37.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/netresearch/typo3-ci-workflows/pull/93","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/netresearch%2Ftypo3-ci-workflows/issues/93","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/93/packages"}},{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":null,"pr_created_at":"2026-05-16T01:03:33.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4457976524","node_id":"PR_kwDOJmDzd87cHqjw","number":881,"state":"closed","title":"chore(deps): Bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-16T10:14:41.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-16T01:03:33.000Z","updated_at":"2026-05-16T10:14:43.000Z","time_to_close":33068,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/nextcloud/app_api/pull/881","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/nextcloud%2Fapp_api/issues/881","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/881/packages"}},{"old_version":"2.37.0","new_version":"2.37.1","update_type":"patch","path":null,"pr_created_at":"2026-05-15T21:21:26.000Z","version_change":"2.37.0 → 2.37.1","issue":{"uuid":"4457035050","node_id":"PR_kwDOEasgXs7cEoQf","number":292,"state":"open","title":"chore: Bump shivammathur/setup-php from 2.37.0 to 2.37.1","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-15T21:21:26.000Z","updated_at":"2026-05-15T21:23:53.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore: Bump","packages":[{"name":"shivammathur/setup-php","old_version":"2.37.0","new_version":"2.37.1","repository_url":"https://github.com/shivammathur/setup-php"}],"path":null,"ecosystem":"actions"},"body":"Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.37.0 to 2.37.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shivammathur/setup-php/releases\"\u003eshivammathur/setup-php's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eSecurity Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed shell command escaping and PHP version input validation. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-pqwm-q9pv-ph8r\"\u003eGHSA-pqwm-q9pv-ph8r\u003c/a\u003e / CVE-2026-46420)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis can affect workflows that pass values from users or pull requests to \u003ccode\u003esetup-php\u003c/code\u003e, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as \u003ccode\u003e.php-version\u003c/code\u003e and \u003ccode\u003ecomposer.json\u003c/code\u003e.\nBe especially careful with \u003ccode\u003epull_request_target\u003c/code\u003e workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to \u003ccode\u003e2.37.1\u003c/code\u003e is recommended.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFixed GitHub auth handling for Composer versions affected by GHSA-f9f8-rm49-7jv2. It should now skip configuring GitHub OAuth if affected Composer versions are installed and show a warning to upgrade. (\u003ca href=\"https://github.com/shivammathur/setup-php/security/advisories/GHSA-5wxr-w449-57cm\"\u003eGHSA-5wxr-w449-57cm\u003c/a\u003e / CVE-2026-45793)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nThis only affects workflows where the composer version is pinned like \u003ccode\u003ecomposer:2.9.7\u003c/code\u003e, workflows that do not pin the version or use \u003ccode\u003ecomposer:v2\u003c/code\u003e are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixes and Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed support for \u003ccode\u003ephalcon\u003c/code\u003e on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed restoring tools when using cached using previous runs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved enabling \u003ccode\u003egearman\u003c/code\u003e extension on Linux.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed fallback when installing \u003ccode\u003ePhpManager\u003c/code\u003e and \u003ccode\u003eVcRedist\u003c/code\u003e modules on Windows.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed parsing extension inputs with backslash line continuation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImproved workflow examples\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded workflow examples for Drupal 11 composer-managed projects and WordPress plugins.\u003c/li\u003e\n\u003cli\u003eAdded workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.\u003c/li\u003e\n\u003cli\u003eUpdated workflow examples to use currently supported PHP versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated OS release mappings for newer Ubuntu releases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated internal workflows for Codecov v6 and NPM trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated Node.js dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed composer version in README. (\u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/Pyker\"\u003e\u003ccode\u003e@​Pyker\u003c/code\u003e\u003c/a\u003e for the contribution\u003c/p\u003e\n\u003cp\u003eFor the complete list of changes, please refer to the \u003ca href=\"https://github.com/shivammathur/setup-php/compare/2.37.0...2.37.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003e\u003ccode\u003e7c071df\u003c/code\u003e\u003c/a\u003e Bump version to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/eeef37e059fb5368a5bc8ed8ce45ff54bd39b80b\"\u003e\u003ccode\u003eeeef37e\u003c/code\u003e\u003c/a\u003e GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/0dc33069a3efc2221a413ce8386b2035b8ee4a00\"\u003e\u003ccode\u003e0dc3306\u003c/code\u003e\u003c/a\u003e Fix phalcon5 support on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/680a983990d3f58082465b9c69f6754c28a110a1\"\u003e\u003ccode\u003e680a983\u003c/code\u003e\u003c/a\u003e Fix phalcon version for PHP 8.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/694649a4a3e0faa1c3e5b41dfcc0591a6eb84453\"\u003e\u003ccode\u003e694649a\u003c/code\u003e\u003c/a\u003e Fix mutable tool cache restore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/46a991b6aa0ad5cd08f52a3dcfd0fcb7e354d82d\"\u003e\u003ccode\u003e46a991b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shivammathur/setup-php/issues/1081\"\u003e#1081\u003c/a\u003e from Pyker/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7748c243803a56671412f9f7c745769e9573c6d4\"\u003e\u003ccode\u003e7748c24\u003c/code\u003e\u003c/a\u003e GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/ac9c95323431b7286870e5aa2bf9b61e8d335e71\"\u003e\u003ccode\u003eac9c953\u003c/code\u003e\u003c/a\u003e Fix composer v2 version in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/7729e411ecfb7faae003a4d831236c0e012f1aa3\"\u003e\u003ccode\u003e7729e41\u003c/code\u003e\u003c/a\u003e Improve enabling gearman [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shivammathur/setup-php/commit/af2322b95c2e36d5287c7c25c4c29c8ccaacbb63\"\u003e\u003ccode\u003eaf2322b\u003c/code\u003e\u003c/a\u003e Fix fallback in Install-PSPackage on Windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shivammathur/setup-php/compare/accd6127cb78bee3e8082180cb391013d204ef9f...7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=shivammathur/setup-php\u0026package-manager=github_actions\u0026previous-version=2.37.0\u0026new-version=2.37.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ramsey/composer-install/pull/292","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ramsey%2Fcomposer-install/issues/292","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/292/packages"}}]}