Skip to content

chore(deps): update all patch versions#574

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-patch-versions
Open

chore(deps): update all patch versions#574
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-patch-versions

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 11, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
confluentinc/cp-kafka patch 7.9.67.9.7
github/codeql-action action patch v3.35.3v3.35.5
shivammathur/setup-php action patch 2.37.02.37.1

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

github/codeql-action (github/codeql-action)

v3.35.5

Compare Source

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #​3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #​3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #​3892
  • Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #​3880

v3.35.4

Compare Source

shivammathur/setup-php (shivammathur/setup-php)

v2.37.1

Compare Source

Changelog
Security Updates

[!NOTE]
This can affect workflows that pass values from users or pull requests to setup-php, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as .php-version and composer.json.
Be especially careful with pull_request_target workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to 2.37.1 is recommended.

[!NOTE]
This only affects workflows where the composer version is pinned like composer:2.9.7, workflows that do not pin the version or use composer:v2 are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.

Fixes and Improvements

  • Fixed support for phalcon on Windows.

  • Fixed restoring tools when using cached using previous runs.

  • Improved enabling gearman extension on Linux.

  • Fixed fallback when installing PhpManager and VcRedist modules on Windows.

  • Fixed parsing extension inputs with backslash line continuation.

  • Improved workflow examples

    • Added workflow examples for Drupal 11 composer-managed projects and WordPress plugins.
    • Added workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.
    • Updated workflow examples to use currently supported PHP versions.

  • Updated OS release mappings for newer Ubuntu releases.

  • Updated internal workflows for Codecov v6 and NPM trusted publishing.

  • Updated Node.js dependencies.

  • Fixed composer version in README. (#​1081)

Thanks @​Pyker for the contribution

For the complete list of changes, please refer to the Full Changelog

Follow for updates

setup-php reddit setup-php twitter setup-php status

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "before 8am every weekday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from a team as a code owner May 11, 2026 00:29
@renovate renovate Bot changed the title chore(deps): update github/codeql-action action to v3.35.4 chore(deps): update all patch versions May 14, 2026
@renovate renovate Bot force-pushed the renovate/all-patch-versions branch 2 times, most recently from cf4b5ef to 496a482 Compare May 15, 2026 12:34
@renovate renovate Bot force-pushed the renovate/all-patch-versions branch from 496a482 to 9d69877 Compare May 15, 2026 16:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants