Skip to content

chore(deps-dev): bump phpunit/phpunit from 9.6.23 to 9.6.33#2020

Closed
dependabot[bot] wants to merge 1 commit intotrunkfrom
dependabot/composer/phpunit/phpunit-9.6.33
Closed

chore(deps-dev): bump phpunit/phpunit from 9.6.23 to 9.6.33#2020
dependabot[bot] wants to merge 1 commit intotrunkfrom
dependabot/composer/phpunit/phpunit-9.6.33

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jan 28, 2026
edited
Loading

Bumps phpunit/phpunit from 9.6.23 to 9.6.33.

Release notes

Sourced from phpunit/phpunit's releases.

PHPUnit 9.6.33

Changed

  • To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs

Learn how to install or update PHPUnit 9.6 in the documentation.

Keep up to date with PHPUnit:

PHPUnit 9.6.32

Changed

  • PHPUnit\Framework\MockObject exceptions are now subtypes of PHPUnit\Exception

Learn how to install or update PHPUnit 9.6 in the documentation.

Keep up to date with PHPUnit:

PHPUnit 9.6.31

  • No changes; phpunit.phar rebuilt with PHP 8.4 to work around PHP-Scoper issue #1139

Learn how to install or update PHPUnit 9.6 in the documentation.

Keep up to date with PHPUnit:

PHPUnit 9.6.30

Changed

  • Updated list of deprecated PHP configuration settings for PHP 8.4, PHP 8.5, and PHP 8.6

Learn how to install or update PHPUnit 9.6 in the documentation.

Keep up to date with PHPUnit:

... (truncated)

Changelog

Sourced from phpunit/phpunit's changelog.

[9.6.33] - 2026-01-27

Changed

  • To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs

[9.6.32] - 2026-01-24

Changed

  • PHPUnit\Framework\MockObject exceptions are now subtypes of PHPUnit\Exception

[9.6.31] - 2025-12-06

  • No changes; phpunit.phar rebuilt with PHP 8.4 to work around PHP-Scoper issue #1139

[9.6.30] - 2025-12-01

Changed

  • Updated list of deprecated PHP configuration settings for PHP 8.4, PHP 8.5, and PHP 8.6

[9.6.29] - 2025-09-24

  • No changes; phpunit.phar rebuilt with updated dependencies

[9.6.28] - 2025-09-23

  • No changes; phpunit.phar rebuilt with updated dependencies

[9.6.27] - 2025-09-14

Changed

  • #6366: Exclude __sleep() and __wakeup() from test double code generation on PHP >= 8.5

[9.6.26] - 2025-09-11

Changed

  • Implement __serialize() in addition to __sleep() (which will be deprecated in PHP 8.5)

[9.6.25] - 2025-08-20

Changed

  • Do not configure report_memleaks setting (which will be deprecated in PHP 8.5) for PHPT processes

[9.6.24] - 2025-08-10

... (truncated)

Commits
  • fea0625 Prepare release
  • 1a677f6 Merge branch '8.5' into 9.6
  • 1015741 Prepare release
  • 1cce5f3 Merge branch '8.5' into 9.6
  • 3141742 Do not run PHPT test when its temporary file for code coverage information ex...
  • 0b3170a We do not need to unserialize() objects here
  • 261086a Extract method
  • fdd6b86 Fix CS/WS issue
  • 492ee10 Prepare release
  • 81edce2 Merge branch '8.5' into 9.6
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels Jan 28, 2026
@dependabot dependabot Bot requested a review from a team as a code owner January 28, 2026 01:10
matticbot
matticbot approved these changes Jan 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@matticbot matticbot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

matticbot
matticbot approved these changes Jan 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@matticbot matticbot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Jan 28, 2026

Beginning January 27, 2026, Dependabot will no longer support the @dependabot merge command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details.

1 similar comment
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Jan 28, 2026

Beginning January 27, 2026, Dependabot will no longer support the @dependabot merge command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details.

@github-actions github-actions Bot added the [Status] Approved Ready to merge label Jan 28, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented Jan 28, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 24.71%. Comparing base (4cdae19) to head (3bffe7f).
⚠️ Report is 1 commits behind head on trunk.

Additional details and impacted files 
@@            Coverage Diff            @@
##              trunk    #2020   +/-   ##
=========================================
  Coverage     24.71%   24.71%           
  Complexity     2933     2933           
=========================================
  Files            51       51           
  Lines         10394    10394           
=========================================
  Hits           2569     2569           
  Misses         7825     7825

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@miguelpeixe
Copy link
Copy Markdown
Member

miguelpeixe commented Mar 2, 2026

@dependabot rebase

@dependabot
chore(deps-dev): bump phpunit/phpunit from 9.6.23 to 9.6.33
53f329a 
Bumps [phpunit/phpunit](https://github.com/sebastianbergmann/phpunit) from 9.6.23 to 9.6.33.
- [Release notes](https://github.com/sebastianbergmann/phpunit/releases)
- [Changelog](https://github.com/sebastianbergmann/phpunit/blob/9.6.33/ChangeLog-9.6.md)
- [Commits](sebastianbergmann/phpunit@9.6.23...9.6.33)

---
updated-dependencies:
- dependency-name: phpunit/phpunit
  dependency-version: 9.6.33
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/composer/phpunit/phpunit-9.6.33 branch from 3bffe7f to 53f329a Compare March 2, 2026 14:20
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 18, 2026

Superseded by #2083.

@dependabot dependabot Bot closed this Apr 18, 2026
@dependabot dependabot Bot deleted the dependabot/composer/phpunit/phpunit-9.6.33 branch April 18, 2026 19:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matticbot matticbot matticbot approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file php Pull requests that update Php code [Status] Approved Ready to merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@miguelpeixe @matticbot