Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Bump phpunit/phpunit from 11.5.25 to 12.2.7

Closed
Number: #336
Type: Pull Request
State: Closed
Author: dependabot[bot] dependabot[bot]
Association: Contributor
Comments: 1
Created: July 11, 2025 at 06:36 AM UTC
(5 months ago)
Updated: August 01, 2025 at 06:02 AM UTC
(4 months ago)
Closed: August 01, 2025 at 06:02 AM UTC
(4 months ago)
Time to Close: 21 days
Labels:
dependencies php
Description:

Bumps phpunit/phpunit from 11.5.25 to 12.2.7.

Release notes

Sourced from phpunit/phpunit's releases.

PHPUnit 12.2.7

Fixed

  • #6254: defects,randomconfiguration is supported by implementation, but it is not allowed by the XML configuration file schema
  • #6259: Order of tests which use data from data providers is not affected by test sorting
  • #6266: Superfluous whitespace in TestDox output when test method name has a number after the test prefix

How to install or update PHPUnit

PHPUnit 12.2.6

Fixed

  • #6104: Test with dependencies and data provider fails
  • #6163: @no-named-arguments leads to static analysis errors for variadic arguments

How to install or update PHPUnit

PHPUnit 12.2.5

Fixed

  • #6249: No meaningful error when <testsuite> element is missing required name attribute

How to install or update PHPUnit

PHPUnit 12.2.4

Changed

  • Including information about the Git repository (such as the commit hash and branch name) in the Open Test Reporting XML format is now an opt-in feature that can be enabled via the --include-git-information CLI option or the includeGitInformation attribute in the XML configuration file

How to install or update PHPUnit

PHPUnit 12.2.3

Added

  • #6236: failOnPhpunitWarning attribute on the <phpunit> element of the XML configuration file and --fail-on-phpunit-warning CLI option for controlling whether PHPUnit should fail on PHPUnit warnings (default: true)
  • #6239: --do-not-fail-on-deprecation, --do-not-fail-on-phpunit-warning, --do-not-fail-on-phpunit-deprecation, --do-not-fail-on-empty-test-suite, --do-not-fail-on-incomplete, --do-not-fail-on-notice, --do-not-fail-on-risky, --do-not-fail-on-skipped, and --do-not-fail-on-warning CLI options
  • --do-not-report-useless-tests CLI option as a replacement for --dont-report-useless-tests

Deprecated

  • --dont-report-useless-tests CLI option (use --do-not-report-useless-tests instead)

Fixed

  • #6243: Constraints cannot be implemented without using internal class ExpectationFailedException

How to install or update PHPUnit

PHPUnit 12.2.2

Fixed

... (truncated)

Changelog

Sourced from phpunit/phpunit's changelog.

[12.2.7] - 2025-07-11

Fixed

  • #6254: defects,randomconfiguration is supported by implementation, but it is not allowed by the XML configuration file schema
  • #6259: Order of tests which use data from data providers is not affected by test sorting
  • #6266: Superfluous whitespace in TestDox output when test method name has a number after the test prefix

[12.2.6] - 2025-07-04

Fixed

  • #6104: Test with dependencies and data provider fails
  • #6163: @no-named-arguments leads to static analysis errors for variadic arguments

[12.2.5] - 2025-06-27

Fixed

  • #6249: No meaningful error when <testsuite> element is missing required name attribute

[12.2.4] - 2025-06-26

Changed

  • Including information about the Git repository (such as the commit hash and branch name) in the Open Test Reporting XML format is now an opt-in feature that can be enabled via the --include-git-information CLI option or the includeGitInformation attribute in the XML configuration file

Fixed

  • If Git information is included in the Open Test Reporting XML format (see above), any credentials that may be configured as part the remote.origin.url setting in Git were written to the originUrl attribute of <git:repository> elements. For example, when cloning a GitHub repository using a URL like https://username:password@github.com/organization/repository.git both username and password were included in the XML report. Since this report may be shared, published, or archived (for example, on a CI server) while including this information, this was reported as a potential security vulnerability (CVE-2025-53103). Any credentials are now removed before writing them to the XML report.

[12.2.3] - 2025-06-20

Added

  • #6236: failOnPhpunitWarning attribute on the <phpunit> element of the XML configuration file and --fail-on-phpunit-warning CLI option for controlling whether PHPUnit should fail on PHPUnit warnings (default: true)
  • #6239: --do-not-fail-on-deprecation, --do-not-fail-on-phpunit-warning, --do-not-fail-on-phpunit-deprecation, --do-not-fail-on-empty-test-suite, --do-not-fail-on-incomplete, --do-not-fail-on-notice, --do-not-fail-on-risky, --do-not-fail-on-skipped, and --do-not-fail-on-warning CLI options
  • --do-not-report-useless-tests CLI option as a replacement for --dont-report-useless-tests

Deprecated

  • #6240: --dont-report-useless-tests CLI option (use --do-not-report-useless-tests instead)

Fixed

  • #6243: Constraints cannot be implemented without using internal class ExpectationFailedException

[12.2.2] - 2025-06-13

Fixed

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Pull Request Statistics
Commits:
0
Files Changed:
0
Additions:
+0
Deletions:
-0
Package Dependencies
Package:
phpunit/phpunit
Ecosystem:
packagist
Version Change:
11.5.25 → 12.2.7
Update Type:
Major
Security Advisories
junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener
GHSA-m43g-m425-p68x CVE-2025-53103 MODERATE
### Summary This vulnerability affects JUnit's support for writing Open Test Reporting XML files which is an opt-in feature of `junit-platform-reporting`. If a repository is cloned using a GitHub...
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 4407571
UUID: 3221742636
Node ID: PR_kwDOBNPhPs6ebzA6
Host: GitHub
Repository: laravelio/paste.laravel.io