Sourced from phpunit/phpunit's releases.

PHPUnit 12.2.9

Fixed

• #6097: The file attribute of <testClass> node of XML test list can be wrong

---

How to install or update PHPUnit

PHPUnit 12.2.8

Fixed

• #6274: Infinite recursion when code coverage report in OpenClover XML format is configured in XML configuration file

---

How to install or update PHPUnit

PHPUnit 12.2.7

Fixed

• #6254: defects,randomconfiguration is supported by implementation, but it is not allowed by the XML configuration file schema
• #6259: Order of tests which use data from data providers is not affected by test sorting
• #6266: Superfluous whitespace in TestDox output when test method name has a number after the test prefix

---

How to install or update PHPUnit

PHPUnit 12.2.6

Fixed

• #6104: Test with dependencies and data provider fails
• #6163: @no-named-arguments leads to static analysis errors for variadic arguments

---

How to install or update PHPUnit

PHPUnit 12.2.5

Fixed

• #6249: No meaningful error when <testsuite> element is missing required name attribute

---

How to install or update PHPUnit

PHPUnit 12.2.4

Changed

• Including information about the Git repository (such as the commit hash and branch name) in the Open Test Reporting XML format is now an opt-in feature that can be enabled via the --include-git-information CLI option or the includeGitInformation attribute in the XML configuration file

---

How to install or update PHPUnit

PHPUnit 12.2.3

Added

• #6236: failOnPhpunitWarning attribute on the <phpunit> element of the XML configuration file and --fail-on-phpunit-warning CLI option for controlling whether PHPUnit should fail on PHPUnit warnings (default: true)
• #6239: --do-not-fail-on-deprecation, --do-not-fail-on-phpunit-warning, --do-not-fail-on-phpunit-deprecation, --do-not-fail-on-empty-test-suite, --do-not-fail-on-incomplete, --do-not-fail-on-notice, --do-not-fail-on-risky, --do-not-fail-on-skipped, and --do-not-fail-on-warning CLI options

... (truncated)

Sourced from phpunit/phpunit's changelog.

[12.2.9] - 2025-07-31

Fixed

• #6097: The file attribute of <testClass> node of XML test list can be wrong

[12.2.8] - 2025-07-30

Fixed

• #6274: Infinite recursion when code coverage report in OpenClover XML format is configured in XML configuration file

[12.2.7] - 2025-07-11

Fixed

• #6254: defects,randomconfiguration is supported by implementation, but it is not allowed by the XML configuration file schema
• #6259: Order of tests which use data from data providers is not affected by test sorting
• #6266: Superfluous whitespace in TestDox output when test method name has a number after the test prefix

[12.2.6] - 2025-07-04

Fixed

• #6104: Test with dependencies and data provider fails
• #6163: @no-named-arguments leads to static analysis errors for variadic arguments

[12.2.5] - 2025-06-27

Fixed

• #6249: No meaningful error when <testsuite> element is missing required name attribute

[12.2.4] - 2025-06-26

Changed

• Including information about the Git repository (such as the commit hash and branch name) in the Open Test Reporting XML format is now an opt-in feature that can be enabled via the --include-git-information CLI option or the includeGitInformation attribute in the XML configuration file

Fixed

• If Git information is included in the Open Test Reporting XML format (see above), any credentials that may be configured as part the remote.origin.url setting in Git were written to the originUrl attribute of <git:repository> elements. For example, when cloning a GitHub repository using a URL like https://username:password@github.com/organization/repository.git both username and password were included in the XML report. Since this report may be shared, published, or archived (for example, on a CI server) while including this information, this was reported as a potential security vulnerability (CVE-2025-53103). Any credentials are now removed before writing them to the XML report.

[12.2.3] - 2025-06-20

Added

• #6236: failOnPhpunitWarning attribute on the <phpunit> element of the XML configuration file and --fail-on-phpunit-warning CLI option for controlling whether PHPUnit should fail on PHPUnit warnings (default: true)
• #6239: --do-not-fail-on-deprecation, --do-not-fail-on-phpunit-warning, --do-not-fail-on-phpunit-deprecation, --do-not-fail-on-empty-test-suite, --do-not-fail-on-incomplete, --do-not-fail-on-notice, --do-not-fail-on-risky, --do-not-fail-on-skipped, and --do-not-fail-on-warning CLI options
• --do-not-report-useless-tests CLI option as a replacement for --dont-report-useless-tests

... (truncated)

• 442c06d Prepare release
• af00d4f Merge branch '11.5' into 12.2
• 93f30aa Prepare release
• c641605 Merge branch '11.5' into 12.2
• 34d08c0 Merge branch '10.5' into 11.5
• 807a55a Add test
• 0f2c5d3 Merge branch '11.5' into 12.2
• 220f988 Revert "Update expectations"
• 85e33ba Merge branch '11.5' into 12.2
• c3c2eee Closes #6097 (using proposed changes from #6278)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)