Skip to content

chore(deps): bump the minor-and-patch group across 1 directory with 4 updates#67

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/minor-and-patch-d1481c7d12
Open

chore(deps): bump the minor-and-patch group across 1 directory with 4 updates#67
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/minor-and-patch-d1481c7d12

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 17, 2026
edited
Loading

Bumps the minor-and-patch group with 4 updates in the / directory: shivammathur/setup-php, actionhippie/calens, actions/create-github-app-token and webiny/action-conventional-commits.

Updates shivammathur/setup-php from 2.37.0 to 2.37.1

Release notes

Sourced from shivammathur/setup-php's releases.

2.37.1

Changelog

Security Updates

[!NOTE] This can affect workflows that pass values from users or pull requests to setup-php, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as .php-version and composer.json. Be especially careful with pull_request_target workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to 2.37.1 is recommended.

[!NOTE]
This only affects workflows where the composer version is pinned like composer:2.9.7, workflows that do not pin the version or use composer:v2 are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.

Fixes and Improvements

  • Fixed support for phalcon on Windows.

  • Fixed restoring tools when using cached using previous runs.

  • Improved enabling gearman extension on Linux.

  • Fixed fallback when installing PhpManager and VcRedist modules on Windows.

  • Fixed parsing extension inputs with backslash line continuation.

  • Improved workflow examples

    • Added workflow examples for Drupal 11 composer-managed projects and WordPress plugins.
    • Added workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.
    • Updated workflow examples to use currently supported PHP versions.

  • Updated OS release mappings for newer Ubuntu releases.

  • Updated internal workflows for Codecov v6 and NPM trusted publishing.

  • Updated Node.js dependencies.

  • Fixed composer version in README. (#1081)

Thanks @​Pyker for the contribution

For the complete list of changes, please refer to the Full Changelog

Commits

Updates actionhippie/calens from 1.13.3 to 1.13.4

Release notes

Sourced from actionhippie/calens's releases.

v1.13.4

1.13.4 (2026-05-11)

Dependencies

  • patch: update golang:1.26-alpine docker digest to 91eda97 (#87) (4d39cd7)

Miscellaneous

  • flake: updated lockfile [skip ci] (980b19c)
  • flake: updated lockfile [skip ci] (3b744c4)
  • flake: updated lockfile [skip ci] (85183a9)
Changelog

Sourced from actionhippie/calens's changelog.

Changelog

1.13.4 (2026-05-11)

Dependencies

  • patch: update golang:1.26-alpine docker digest to 91eda97 (#87) (4d39cd7)

Miscellaneous

  • flake: updated lockfile [skip ci] (980b19c)
  • flake: updated lockfile [skip ci] (3b744c4)
  • flake: updated lockfile [skip ci] (85183a9)

1.13.3 (2026-04-20)

Dependencies

  • patch: update docker digests (#85) (014dc4c)
  • patch: update golang:1.26-alpine docker digest to f853308 (#86) (d9fa9db)

Miscellaneous

  • flake: updated lockfile [skip ci] (6259982)

1.13.2 (2026-04-13)

Dependencies

  • patch: update golang:1.26-alpine docker digest to c2a1f7b (#83) (afb3925)

Miscellaneous

  • flake: updated lockfile [skip ci] (81bd653)
  • flake: updated lockfile [skip ci] (3765c33)
  • flake: updated lockfile [skip ci] (6d2f45a)
  • flake: updated lockfile [skip ci] (b049f59)
  • flake: updated lockfile [skip ci] (e7c210b)

1.13.1 (2026-03-09)

Dependencies

  • patch: update golang:1.26-alpine docker digest to 2389ebf (#80) (17606ec)

Miscellaneous

  • flake: updated lockfile [skip ci] (f854295)
  • flake: updated lockfile [skip ci] (b7410ba)
  • flake: updated lockfile [skip ci] (1e1b789)

... (truncated)

Commits
  • 0b8ceba chore: release 1.13.4
  • 980b19c chore(flake): updated lockfile [skip ci]
  • 4d39cd7 deps(patch): update golang:1.26-alpine docker digest to 91eda97 (#87)
  • da7e0aa docs: automated release update [skip ci]
  • 3b744c4 chore(flake): updated lockfile [skip ci]
  • ab35086 docs: automated release update [skip ci]
  • 85183a9 chore(flake): updated lockfile [skip ci]
  • See full diff in compare view

Updates actions/create-github-app-token from 3.1.1 to 3.2.0

Release notes

Sourced from actions/create-github-app-token's releases.

v3.2.0

3.2.0 (2026-05-12)

Features

  • add support for enterprise-level GitHub Apps (#263) (952a2a7)
  • support full repository names in repositories input (#372) (85eb8dd)

Bug Fixes

  • deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#364) (43e5c34)
  • validate private-key input (#376) (f24bbd8)
Changelog

Sourced from actions/create-github-app-token's changelog.

Changelog

3.2.0 (2026-05-12)

Features

  • add support for enterprise-level GitHub Apps (#263) (952a2a7)
  • support full repository names in repositories input (#372) (85eb8dd)

Bug Fixes

  • deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#364) (43e5c34)
  • validate private-key input (#376) (f24bbd8)
Commits
  • bcd2ba4 chore(main): release 3.2.0 (#370)
  • f24bbd8 fix: validate private-key input (#376)
  • 363531b docs: capitalize Git as a proper noun in README (#374)
  • fd28011 docs: update procedure to configure Git (#287)
  • 85eb8dd feat: support full repository names in repositories input (#372)
  • c9aabb8 build(deps-dev): bump yaml from 2.8.3 to 2.8.4 in the development-dependencie...
  • e02e816 build(deps-dev): bump undici from 7.24.6 to 8.2.0 (#366)
  • 8d835bf build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 in the development-depend...
  • 952a2a7 feat: add support for enterprise-level GitHub Apps (#263)
  • 43e5c34 fix(deps): bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependenc...
  • Additional commits viewable in compare view

Updates webiny/action-conventional-commits from 1.3.1 to 1.4.2

Commits
  • 7f91b15 fix: allow 'improvement' prefix
  • 096eff5 fix: allow 'improvement' prefix
  • b6cc3cc docs: update latest version
  • 6a05e2b feat: use node24
  • b34f00b Merge remote-tracking branch 'origin/master'
  • 0fecf10 feat: refactor commit message validation to use exception list
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 17, 2026
@phil-davis
Copy link
Copy Markdown
Contributor

phil-davis commented May 18, 2026

https://github.com/owncloud/reusable-workflows/actions/runs/26004081539
The actions shivammathur/setup-php@7c071df and actionhippie/calens@0b8ceba are not allowed in owncloud/reusable-workflows because all actions must be from a repository owned by owncloud, created by GitHub, verified in the GitHub Marketplace, or match one of the patterns: ...

shivammathur/setup-php needs to be appropriately whitelisted "everywhere".
@DeepDiver1975

@DeepDiver1975
Copy link
Copy Markdown
Member

DeepDiver1975 commented May 18, 2026

shivammathur/setup-php needs to be appropriately whitelisted "everywhere".
@DeepDiver1975

taken care of

@DeepDiver1975
Copy link
Copy Markdown
Member

DeepDiver1975 commented May 18, 2026

@dependabot rebase

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 18, 2026

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@phil-davis
Copy link
Copy Markdown
Contributor

phil-davis commented May 18, 2026

@dependabot recreate

@dependabot
chore(deps): bump the minor-and-patch group across 1 directory with 4…
c7f15f2 
… updates

Bumps the minor-and-patch group with 4 updates in the / directory: [shivammathur/setup-php](https://github.com/shivammathur/setup-php), [actionhippie/calens](https://github.com/actionhippie/calens), [actions/create-github-app-token](https://github.com/actions/create-github-app-token) and [webiny/action-conventional-commits](https://github.com/webiny/action-conventional-commits).


Updates `shivammathur/setup-php` from 2.37.0 to 2.37.1
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](shivammathur/setup-php@accd612...7c071df)

Updates `actionhippie/calens` from 1.13.3 to 1.13.4
- [Release notes](https://github.com/actionhippie/calens/releases)
- [Changelog](https://github.com/actionhippie/calens/blob/master/CHANGELOG.md)
- [Commits](actionhippie/calens@47874e0...0b8ceba)

Updates `actions/create-github-app-token` from 3.1.1 to 3.2.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md)
- [Commits](actions/create-github-app-token@1b10c78...bcd2ba4)

Updates `webiny/action-conventional-commits` from 1.3.1 to 1.4.2
- [Release notes](https://github.com/webiny/action-conventional-commits/releases)
- [Commits](webiny/action-conventional-commits@faccb24...7f91b15)

---
updated-dependencies:
- dependency-name: actionhippie/calens
  dependency-version: 1.13.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: actions/create-github-app-token
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: shivammathur/setup-php
  dependency-version: 2.37.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: webiny/action-conventional-commits
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/minor-and-patch-d1481c7d12 branch from 0c44aa2 to c7f15f2 Compare May 18, 2026 10:47
@phil-davis
Copy link
Copy Markdown
Contributor

phil-davis commented May 18, 2026

https://github.com/owncloud/reusable-workflows/actions/runs/26028800571
The action actionhippie/calens@0b8ceba is not allowed in owncloud/reusable-workflows because all actions must be from a repository owned by owncloud, created by GitHub, verified in the GitHub Marketplace, or match one of the patterns...

Another one to decide if you whitelist it.
@DeepDiver1975

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@phil-davis @DeepDiver1975