Skip to content

Update GitHub Actions and set PHP platform constraint#6

Merged
raigu merged 1 commit intomainfrom
claude/fix-ordered-list-sync-security-O8O8I
Feb 17, 2026
Merged

Update GitHub Actions and set PHP platform constraint#6
raigu merged 1 commit intomainfrom
claude/fix-ordered-list-sync-security-O8O8I

Conversation

@raigu
Copy link
Copy Markdown
Owner

@raigu raigu commented Feb 17, 2026

Summary

This PR updates GitHub Actions to their latest versions and adds a PHP platform constraint to the Composer configuration.

Key Changes

  • GitHub Actions Updates:

    • actions/checkout: masterv4 (latest stable version)
    • github/codeql-action/upload-sarif: v1v3 (latest stable version)
    • codecov/codecov-action: v2v4 (latest stable version)

  • Composer Configuration:

    • Added config.platform.php constraint set to 7.4.33 to ensure consistent dependency resolution across environments

Implementation Details

The platform constraint in composer.json ensures that Composer resolves dependencies as if running on PHP 7.4.33, providing consistency in the lock file and preventing unexpected dependency version changes when developers use different PHP versions locally.

https://claude.ai/code/session_01Evnp1w6hKUeU8wU3ewBPj1

@claude
Fix CI security vulnerabilities in GitHub Actions workflow
1b18fc1 
- Pin actions/checkout to @v4 (was @master, vulnerable to supply chain attacks)
- Upgrade github/codeql-action/upload-sarif from @v1 to @V3 (v1 deprecated since Dec 2022)
- Upgrade codecov/codecov-action from @v2 to @v4 (v2 had supply chain concerns)
- Update dev dependencies: PHPUnit 9.6.6 -> 9.6.34, and related packages
- Add platform.php config to ensure dependency resolution stays PHP 7.4 compatible

https://claude.ai/code/session_01Evnp1w6hKUeU8wU3ewBPj1
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security bot commented Feb 17, 2026

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@codecov
Copy link
Copy Markdown

codecov bot commented Feb 17, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (541bba2) to head (1b18fc1).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files 
@@             Coverage Diff             @@
##                main        #6   +/-   ##
===========================================
  Coverage     100.00%   100.00%           
  Complexity         9         9           
===========================================
  Files              1         1           
  Lines             26        26           
===========================================
  Hits              26        26

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@raigu raigu merged commit d2aedfd into main Feb 17, 2026
15 checks passed
@raigu raigu deleted the claude/fix-ordered-list-sync-security-O8O8I branch February 17, 2026 19:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@raigu @claude