Skip to content

Bump the github-actions-patching group with 3 updates#23

Merged
lewisgoddard merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-patching-8dd83bd940
Jul 1, 2026
Merged

Bump the github-actions-patching group with 3 updates#23
lewisgoddard merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-patching-8dd83bd940

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions-patching group with 3 updates: qltysh/qlty-action/install, shivammathur/setup-php and qltysh/qlty-action/coverage.

Updates qltysh/qlty-action/install from 2.2.0 to 2.2.1

Release notes

Sourced from qltysh/qlty-action/install's releases.

v2.2.1

  • Bump action runtime to node24
Changelog

Sourced from qltysh/qlty-action/install's changelog.

Changelog

v2.2.1 (2026-06-02)

  • Bump action runtime to node24

v2.2.0 (2025-08-11)

  • Testing release process (no changes)

v2.1.0 (2025-08-08)

New

  • support "dry-run" option for command complete

Improved

  • Use log level "error" instead of "warning" when a catastrophic error occurs but "skip-errors" is true

Fixed

  • Ignore "validate" option when command is "complete" (otherwise errors with invalid option)

v2.0.0 (2025-08-05)

This release mirrors the breaking change we introduced in the qlty CLI proper: we now validate coverage data by default instead of uploading coverage data to qlty that qlty cannot use. Now you must opt out of this behavior whereas previously opt in.

What This Means for You:

  • If coverage reporting is working as expected, you'll experience no impact. If you're uploading valid reports and seeing directory and file-level coverage metrics in Qlty, you don't need to do anything. (If your reports include mismatched paths, you'll see specific path errors listed within your CI output)
  • Potential CI Build Failures: Once this change is implemented, if your current CI/CD pipeline uploads a report with mismatched paths, your builds will begin to fail when executing qlty coverage publish.
  • Quick Fix for Build Failures: If your builds start failing and you need to get them passing immediately, you can temporarily add validate: false to the GitHub Action configuration. This will disable validation and allow your CI build to pass (though your coverage data will remain broken until you've uploaded a valid report).

We believe this change will significantly improve the accuracy and usability of your coverage data within Qlty. If you have any questions or require assistance, please don't hesitate to contact our support team.

v1.2.0 (2025-08-04)

Fixed

  • Ensure correct commit sha provided from PRs for 'complete' action (#125)
  • More robust error output in face of unknown errors (#121)
  • Set output directory to RUNNER_TEMP (#110)

Thank you, @​enell for your contribution!

v1.1.1 (2025-06-25)

Improved

... (truncated)

Commits
  • fd52dc8 Release v2.2.1 - Update fmt package.json
  • 59f98da Release v2.2.1 - Update coverage package.json
  • 2ae1ab3 Update changelog for 2.2.1 release
  • 2898852 chore: bump action runtime to node24 (#177)
  • 141b881 Fix Dependabot alerts: minimatch (#172)
  • 7d2645a feat: Add Claude Code hook to auto-package dist/ on source edits (#171)
  • 0814173 feat: Add sigstore attestation verification and extract shared installer pack...
  • 781c27d Bump node version to 22.22 (#169)
  • ea1f343 Upgrade js yaml (#168)
  • ea1eaf4 Add "dotcover" and "xccov-json" to list of supported formats (#167)
  • Additional commits viewable in compare view

Updates shivammathur/setup-php from 2.37.1 to 2.37.2

Release notes

Sourced from shivammathur/setup-php's releases.

2.37.2

Changelog

  • Fixed macOS setup by marking shivammathur/php and shivammathur/extensions as trusted taps.

  • Switched to Visual Studio 18 (vs18) builds for PHP 8.6 on Windows.

  • Improved looking up environment variables.

  • Tightened security in internal GitHub action workflows.

  • Updated Node.js dependencies.

For the complete list of changes, please refer to the Full Changelog

Commits

Updates qltysh/qlty-action/coverage from 2.2.0 to 2.2.1

Release notes

Sourced from qltysh/qlty-action/coverage's releases.

v2.2.1

  • Bump action runtime to node24
Changelog

Sourced from qltysh/qlty-action/coverage's changelog.

Changelog

v2.2.1 (2026-06-02)

  • Bump action runtime to node24

v2.2.0 (2025-08-11)

  • Testing release process (no changes)

v2.1.0 (2025-08-08)

New

  • support "dry-run" option for command complete

Improved

  • Use log level "error" instead of "warning" when a catastrophic error occurs but "skip-errors" is true

Fixed

  • Ignore "validate" option when command is "complete" (otherwise errors with invalid option)

v2.0.0 (2025-08-05)

This release mirrors the breaking change we introduced in the qlty CLI proper: we now validate coverage data by default instead of uploading coverage data to qlty that qlty cannot use. Now you must opt out of this behavior whereas previously opt in.

What This Means for You:

  • If coverage reporting is working as expected, you'll experience no impact. If you're uploading valid reports and seeing directory and file-level coverage metrics in Qlty, you don't need to do anything. (If your reports include mismatched paths, you'll see specific path errors listed within your CI output)
  • Potential CI Build Failures: Once this change is implemented, if your current CI/CD pipeline uploads a report with mismatched paths, your builds will begin to fail when executing qlty coverage publish.
  • Quick Fix for Build Failures: If your builds start failing and you need to get them passing immediately, you can temporarily add validate: false to the GitHub Action configuration. This will disable validation and allow your CI build to pass (though your coverage data will remain broken until you've uploaded a valid report).

We believe this change will significantly improve the accuracy and usability of your coverage data within Qlty. If you have any questions or require assistance, please don't hesitate to contact our support team.

v1.2.0 (2025-08-04)

Fixed

  • Ensure correct commit sha provided from PRs for 'complete' action (#125)
  • More robust error output in face of unknown errors (#121)
  • Set output directory to RUNNER_TEMP (#110)

Thank you, @​enell for your contribution!

v1.1.1 (2025-06-25)

Improved

... (truncated)

Commits
  • fd52dc8 Release v2.2.1 - Update fmt package.json
  • 59f98da Release v2.2.1 - Update coverage package.json
  • 2ae1ab3 Update changelog for 2.2.1 release
  • 2898852 chore: bump action runtime to node24 (#177)
  • 141b881 Fix Dependabot alerts: minimatch (#172)
  • 7d2645a feat: Add Claude Code hook to auto-package dist/ on source edits (#171)
  • 0814173 feat: Add sigstore attestation verification and extract shared installer pack...
  • 781c27d Bump node version to 22.22 (#169)
  • ea1f343 Upgrade js yaml (#168)
  • ea1eaf4 Add "dotcover" and "xccov-json" to list of supported formats (#167)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions-patching group with 3 updates: [qltysh/qlty-action/install](https://github.com/qltysh/qlty-action), [shivammathur/setup-php](https://github.com/shivammathur/setup-php) and [qltysh/qlty-action/coverage](https://github.com/qltysh/qlty-action).


Updates `qltysh/qlty-action/install` from 2.2.0 to 2.2.1
- [Release notes](https://github.com/qltysh/qlty-action/releases)
- [Changelog](https://github.com/qltysh/qlty-action/blob/main/CHANGELOG.md)
- [Commits](qltysh/qlty-action@a192421...fd52dc8)

Updates `shivammathur/setup-php` from 2.37.1 to 2.37.2
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](shivammathur/setup-php@7c071df...f3e473d)

Updates `qltysh/qlty-action/coverage` from 2.2.0 to 2.2.1
- [Release notes](https://github.com/qltysh/qlty-action/releases)
- [Changelog](https://github.com/qltysh/qlty-action/blob/main/CHANGELOG.md)
- [Commits](qltysh/qlty-action@a192421...fd52dc8)

---
updated-dependencies:
- dependency-name: qltysh/qlty-action/install
  dependency-version: 2.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-patching
- dependency-name: shivammathur/setup-php
  dependency-version: 2.37.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-patching
- dependency-name: qltysh/qlty-action/coverage
  dependency-version: 2.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-patching
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 1, 2026
@lewisgoddard lewisgoddard merged commit 2e7ce30 into main Jul 1, 2026
2 checks passed
@lewisgoddard lewisgoddard deleted the dependabot/github_actions/github-actions-patching-8dd83bd940 branch July 1, 2026 18:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant