Bump the github-actions group with 6 updates

[dependabot]

Bumps the github-actions group with 6 updates:

Package	From	To
shivammathur/setup-php	2.32.0	2.34.1
actions/setup-node	4.3.0	4.4.0
ramsey/composer-install	3.1.0	3.1.1
actions/download-artifact	4.2.1	4.3.0
codecov/codecov-action	5.4.0	5.4.3
slackapi/slack-github-action	2.0.0	2.1.0

Updates shivammathur/setup-php from 2.32.0 to 2.34.1

Release notes

Sourced from shivammathur/setup-php's releases.

2.34.1

Changelog

• Fixed tool-cache directory on self-hosted runners.

• Fixed generating lock path in unix.sh on verbose branch.

• Updated Node.js dependencies.

For the complete list of changes, please refer to the Full Changelog

2.34.0

Changelog

• Added support for pie. (#948)

- name: Setup PHP
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.4'
    tools: pie

• Added support to allow composer plugins by specifying the list of plugins in COMPOSER_ALLOW_PLUGINS env.

- name: Setup PHP
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.4'
  env:
    COMPOSER_ALLOW_PLUGINS: composer/installers, composer/satis

• Added fallback for fetching the manifest for PHP versions. (#952)

• Added support to specify tools directory using SETUP_PHP_TOOLS_DIR env. (#943, #945)

- name: Setup PHP
  uses: shivammathur/setup-php@v2
  with:
</tr></table> 

... (truncated)

Commits

• 0f7f1d0 Upgrade to Jest 30
• 433bdee Bump version to 2.34.1
• 1c53783 Update node.js dependencies
• c251c79 Fix pipe in get_sha256
• 36fada6 Fix tool-cache directory on self-hosted runners
• 27853eb Cleanup up PPA fallback mirror
• 18b776e Update ppa filename to match apt-add-repository
• 2ec652d Fix locking permissions in get function
• 8d8f975 Pin hiredis version to 1.1 for relay [skip ci]
• 12b910a Add support for COMPOSER_ALLOW_PLUGINS
• Additional commits viewable in compare view

Updates actions/setup-node from 4.3.0 to 4.4.0

Release notes

Sourced from actions/setup-node's releases.

v4.4.0

What's Changed

Bug fixes:

• Make eslint-compact matcher compatible with Stylelint by @​FloEdelmann in actions/setup-node#98
• Add support for indented eslint output by @​fregante in actions/setup-node#1245

Enhancement:

• Support private mirrors by @​marco-ippolito in actions/setup-node#1240

Dependency update:

• Upgrade @​action/cache from 4.0.2 to 4.0.3 by @​aparnajyothi-y in actions/setup-node#1262

New Contributors

• @​FloEdelmann made their first contribution in actions/setup-node#98
• @​fregante made their first contribution in actions/setup-node#1245
• @​marco-ippolito made their first contribution in actions/setup-node#1240

Full Changelog: actions/setup-node@v4...v4.4.0

Commits

• 49933ea Bump @​action/cache from 4.0.2 to 4.0.3 (#1262)
• e3ce749 feat: support private mirrors (#1240)
• 40337cb Add support for indented eslint output (#1245)
• 1ccdddc Make eslint-compact matcher compatible with Stylelint (#98)
• See full diff in compare view

Updates ramsey/composer-install from 3.1.0 to 3.1.1

Release notes

Sourced from ramsey/composer-install's releases.

3.1.1

What's Changed

• Use the value of the COMPOSER environment variable if it exists; fixes ramsey/composer-install#264

Full Changelog: ramsey/composer-install@3.1.0...3.1.1

Commits

• 3cf229d Update branch for codecov badge
• 8c24b23 Update branch for build badge
• d7e1308 Protect against unbound variables
• 3561d3d Use the value of COMPOSER env var, if it exists
• 705380e Use a .shellcheckrc file
• 0211e1b Use latest PHP when running composer normalize
• e527794 docs: fix misspelled parameter name in README
• See full diff in compare view

Updates actions/download-artifact from 4.2.1 to 4.3.0

Release notes

Sourced from actions/download-artifact's releases.

v4.3.0

What's Changed

• feat: implement new artifact-ids input by @​GrantBirki in actions/download-artifact#401
• Fix workflow example for downloading by artifact ID by @​joshmgross in actions/download-artifact#402
• Prep for v4.3.0 release by @​robherley in actions/download-artifact#404

New Contributors

• @​GrantBirki made their first contribution in actions/download-artifact#401

Full Changelog: actions/download-artifact@v4.2.1...v4.3.0

Commits

• d3f86a1 Merge pull request #404 from actions/robherley/v4.3.0
• fc02353 prep for v4.3.0 release
• 7745437 Merge pull request #402 from actions/joshmgross/download-by-id-example
• 84fc7a0 Remove path filters from Check dist workflow
• 67f2bc3 Fix workflow example for downloading by artifact ID
• 8ea3c2c Merge pull request #401 from actions/download-by-id
• d219c63 add supporting unit tests for artifact downloads with ids
• 54124fb revert getArtifact() changes - for now we have to list and filter by artifa...
• b83057b bundle
• 171183c use the same artifactClient.getArtifact structure as seen above in `isSingl...
• Additional commits viewable in compare view

Updates codecov/codecov-action from 5.4.0 to 5.4.3

Release notes

Sourced from codecov/codecov-action's releases.

v5.4.3

What's Changed

• fix: OIDC on forks by @​joseph-sentry in codecov/codecov-action#1823
• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​dependabot in codecov/codecov-action#1822
• chore(release): 5.4.3 by @​thomasrockhu-codecov in codecov/codecov-action#1827

Full Changelog: codecov/codecov-action@v5.4.2...v5.4.3

v5.4.2

What's Changed

• fix: hotfix oidc by @​thomasrockhu-codecov in codecov/codecov-action#1813

Full Changelog: codecov/codecov-action@v5.4.1...v5.4.2

v5.4.1

What's Changed

• build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @​dependabot in codecov/codecov-action#1786
• chore(release): wrapper -0.2.1 by @​codecov-releaser-app in codecov/codecov-action#1788
• build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @​dependabot in codecov/codecov-action#1798
• build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by @​dependabot in codecov/codecov-action#1797
• build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by @​dependabot in codecov/codecov-action#1803
• fix: use the github core methods by @​thomasrockhu-codecov in codecov/codecov-action#1807
• chore(release): 5.4.1 by @​thomasrockhu-codecov in codecov/codecov-action#1810

Full Changelog: codecov/codecov-action@v5.4.0...v5.4.1

v5.4.1-beta

What's Changed

• build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @​dependabot in codecov/codecov-action#1786
• chore(release): wrapper -0.2.1 by @​codecov-releaser-app in codecov/codecov-action#1788
• build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @​dependabot in codecov/codecov-action#1798
• build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by @​dependabot in codecov/codecov-action#1797
• build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by @​dependabot in codecov/codecov-action#1803

Full Changelog: codecov/codecov-action@v5.4.0...v5.4.1-beta

Changelog

Sourced from codecov/codecov-action's changelog.

v5.4.3

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in codecov/codecov-action#1822
• fix: OIDC on forks by @​joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2

v5.4.1

What's Changed

• fix: use the github core methods by @​thomasrockhu-codecov in codecov/codecov-action#1807
• build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by @​app/dependabot in codecov/codecov-action#1803
• build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by @​app/dependabot in codecov/codecov-action#1797
• build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @​app/dependabot in codecov/codecov-action#1798
• chore(release): wrapper -0.2.1 by @​app/codecov-releaser-app in codecov/codecov-action#1788
• build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @​app/dependabot in codecov/codecov-action#1786

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.0..v5.4.1

v5.4.0

What's Changed

• update wrapper submodule to 0.2.0, add recurse_submodules arg by @​matt-codecov in codecov/codecov-action#1780
• build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @​app/dependabot in codecov/codecov-action#1775
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​app/dependabot in codecov/codecov-action#1776
• build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by @​app/dependabot in codecov/codecov-action#1777
• Clarify in README that use_pypi bypasses integrity checks too by @​webknjaz in codecov/codecov-action#1773
• Fix use of safe.directory inside containers by @​Flamefire in codecov/codecov-action#1768
• Fix description for report_type input by @​craigscott-crascit in codecov/codecov-action#1770
• build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @​app/dependabot in codecov/codecov-action#1765
• Fix a typo in the example by @​miranska in codecov/codecov-action#1758
• build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 by @​app/dependabot in codecov/codecov-action#1757
• build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 by @​app/dependabot in codecov/codecov-action#1753

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0

... (truncated)

Commits

• 18283e0 chore(release): 5.4.3 (#1827)
• 525fcbf build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 (#1822)
• b203f00 fix: OIDC on forks (#1823)
• ad3126e fix: hotfix oidc (#1813)
• cf3f51a chore(release): 5.4.1 (#1810)
• e4cdaba fix: use the github core methods (#1807)
• f95a404 build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 (#1803)
• ea99328 build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 (#1797)
• 13d0469 build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 (#1798)
• 3440e5e chore(release): wrapper -0.2.1 (#1788)
• Additional commits viewable in compare view

Updates slackapi/slack-github-action from 2.0.0 to 2.1.0

Release notes

Sourced from slackapi/slack-github-action's releases.

Slack Send v2.1.0

What's changed

This release improves error messages from odd payload parsings. An api option is now also available in inputs to change the destination of data with the method technique.

Read more on the new site for documentation: https://tools.slack.dev/slack-github-action/

👾 Enhancements

• feat: include an 'api' option to customize the slack api method url in slackapi/slack-github-action#409 - Thanks @​zimeg!

🐛 Bug fixes

• fix: avoid erroring if conflicting techniques are set from environment variables in slackapi/slack-github-action#374 - Thanks @​zimeg!
• fix: require a custom 'api' url to send to instead of absolute urls as a 'method' in slackapi/slack-github-action#420 - Thanks @​zimeg!
• fix: include cause of parsing errors in action output logs in slackapi/slack-github-action#431 - Thanks @​zimeg!

📚 Documentation

• docs: fix incorrect parameter name in uploadV2 (channel -> channel_id) in slackapi/slack-github-action#371 - Thanks @​topkim993!
• docs: showcase updated use cases in example workflows in slackapi/slack-github-action#376 - Thanks @​zimeg!
• docs: include versioning details and migration guides in the readme in slackapi/slack-github-action#410 - Thanks @​zimeg!
• docs: organize documentation as markdown files to match web pages in slackapi/slack-github-action#422 - Thanks @​slackapi!
• docs: shortens readme due to new tools site docs in slackapi/slack-github-action#424 - Thanks @​lukegalbraithrussell!
• docs: pulls out variables into separate page in slackapi/slack-github-action#425 - Thanks @​lukegalbraithrussell!
• ci: synchronize documentation pages on the tools.slack.dev site after changes in slackapi/slack-github-action#423 - Thanks @​lukegalbraithrussell!
• docs: update links to go to new api docs site in slackapi/slack-github-action#428 - Thanks @​slackapi!
• docs: update casing of Github to GitHub in slackapi/slack-github-action#430 - Thanks @​slackapi!

🤖 Dependencies

• build(deps): bump axios from 1.7.7 to 1.7.8 in slackapi/slack-github-action#369 - Thanks @​dependabot!
• build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.7 in slackapi/slack-github-action#365 - Thanks @​dependabot!
• build(deps): bump https-proxy-agent from 7.0.5 to 7.0.6 in slackapi/slack-github-action#379 - Thanks @​dependabot!
• build(deps): bump axios from 1.7.8 to 1.7.9 in slackapi/slack-github-action#382 - Thanks @​dependabot!
• build(deps): bump codecov/codecov-action from 5.0.7 to 5.1.2 in slackapi/slack-github-action#384 - Thanks @​dependabot!
• build(deps): bump @​slack/web-api from 7.7.0 to 7.8.0 in slackapi/slack-github-action#392 - Thanks @​dependabot!
• build(deps): bump codecov/codecov-action from 5.1.2 to 5.3.1 in slackapi/slack-github-action#394 - Thanks @​dependabot!
• build(deps): bump undici from 5.28.4 to 5.28.5 in slackapi/slack-github-action#396 - Thanks @​dependabot!
• build(deps): bump axios from 1.7.9 to 1.8.1 in slackapi/slack-github-action#399 - Thanks @​dependabot!
• build(deps): bump codecov/codecov-action from 5.3.1 to 5.4.0 in slackapi/slack-github-action#403 - Thanks @​dependabot!
• build(deps): bump @​octokit/request-error from 5.0.1 to 5.1.1 in slackapi/slack-github-action#404 - Thanks @​dependabot!
• build(deps): bump @​octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 in slackapi/slack-github-action#405 - Thanks @​dependabot!
• build(deps): bump @​octokit/request from 8.1.6 to 8.4.1 in slackapi/slack-github-action#406 - Thanks @​dependabot!
• build(deps): bump axios from 1.8.1 to 1.8.2 to address CVE-2025-27152 in slackapi/slack-github-action#407 - Thanks @​dependabot!
• build(deps): bump cross-spawn from 7.0.3 to 7.0.6 in slackapi/slack-github-action#415 - Thanks @​zimeg!
• build(deps): bump @​slack/web-api from 7.8.0 to 7.9.1 in slackapi/slack-github-action#419 - Thanks @​dependabot!
• build(deps): bump axios from 1.8.4 to 1.9.0 in slackapi/slack-github-action#435 - Thanks @​dependabot!
• build(deps): bump actions/create-github-app-token from 1 to 2 in slackapi/slack-github-action#436 - Thanks @​dependabot!
• build(deps): bump codecov/codecov-action from 5.4.0 to 5.4.2 in slackapi/slack-github-action#437 - Thanks @​dependabot!

... (truncated)

Commits

• b0fa283 Release
• 47b1876 chore(release): tag version 2.1.0 (#438)
• ab965e5 fix: include cause of parsing errors in action output logs (#431)
• c7dafcf fix: require a custom 'api' url to send to instead of absolute urls as a 'met...
• 4fc20be build(deps): bump codecov/codecov-action from 5.4.0 to 5.4.2 (#437)
• 54c2553 build(deps): bump actions/create-github-app-token from 1 to 2 (#436)
• 9472fc6 build(deps): bump axios from 1.8.4 to 1.9.0 (#435)
• c34c4e8 build(deps-dev): bump typescript from 5.8.2 to 5.8.3 (#434)
• f473c97 build(deps-dev): bump @​types/node from 22.13.14 to 22.15.3 (#433)
• aef4dbb docs: update casing of Github to GitHub (#430)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[desrosj]

@dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[github-actions]

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Core Committers: Use this line as a base for the props when committing in SVN:

Props desrosj.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.