Bump the github_actions_dependencies group across 1 directory with 4 updates

dependabot[bot] · web-flow · commit 7a4007d226a2 · 2025-07-21T06:36:37.000Z
Bumps the github_actions_dependencies group with 4 updates in the / directory: [shivammathur/setup-php](https://github.com/shivammathur/setup-php), [actions/cache](https://github.com/actions/cache), [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `shivammathur/setup-php` from 2.32.0 to 2.33.0 - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](shivammathur/setup-php@2.32.0...2.33.0) Updates `actions/cache` from 4.2.1 to 4.2.3 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v4.2.1...v4.2.3) Updates `SonarSource/sonarqube-scan-action` from 5.0.0 to 5.1.0 - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](SonarSource/sonarqube-scan-action@v5.0.0...v5.1.0) Updates `aquasecurity/trivy-action` from 0.29.0 to 0.30.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.29.0...0.30.0) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-version: 2.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github_actions_dependencies - dependency-name: actions/cache dependency-version: 4.2.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github_actions_dependencies - dependency-name: SonarSource/sonarqube-scan-action dependency-version: 5.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github_actions_dependencies - dependency-name: aquasecurity/trivy-action dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github_actions_dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -30,7 +30,7 @@ jobs:
           fetch-depth: '0'
 
       - name: Setup PHP, with composer and extensions
-        uses: shivammathur/setup-php@2.32.0
+        uses: shivammathur/setup-php@2.34.1
         with:
           php-version: '8.4'
           tools: composer:v2
@@ -40,7 +40,7 @@ jobs:
         run: echo "CACHE_DIR=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache composer dependencies
-        uses: actions/cache@v4.2.1
+        uses: actions/cache@v4.2.3
         with:
           path: ${{ steps.composer-cache.outputs.CACHE_DIR }}
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
@@ -75,7 +75,7 @@ jobs:
           fetch-depth: '0'
 
       - name: Setup PHP, with composer and extensions
-        uses: shivammathur/setup-php@2.32.0
+        uses: shivammathur/setup-php@2.34.1
         with:
           php-version: '8.4'
           tools: composer:v2
@@ -85,7 +85,7 @@ jobs:
         run: echo "CACHE_DIR=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache composer dependencies
-        uses: actions/cache@v4.2.1
+        uses: actions/cache@v4.2.3
         with:
           path: ${{ steps.composer-cache.outputs.CACHE_DIR }}
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
@@ -130,7 +130,7 @@ jobs:
           fetch-depth: '0'
 
       - name: Setup PHP, with composer and extensions
-        uses: shivammathur/setup-php@2.32.0
+        uses: shivammathur/setup-php@2.34.1
         with:
           php-version: '8.4'
           tools: composer:v2
@@ -140,7 +140,7 @@ jobs:
         run: echo "CACHE_DIR=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache composer dependencies
-        uses: actions/cache@v4.2.1
+        uses: actions/cache@v4.2.3
         with:
           path: ${{ steps.composer-cache.outputs.CACHE_DIR }}
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
@@ -221,7 +221,7 @@ jobs:
           fetch-depth: '0'
 
       - name: Setup PHP, with composer and extensions
-        uses: shivammathur/setup-php@2.32.0
+        uses: shivammathur/setup-php@2.34.1
         with:
           php-version: '8.4'
           extensions: pdo_mysql, mysql
@@ -233,7 +233,7 @@ jobs:
         run: echo "CACHE_DIR=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache composer dependencies
-        uses: actions/cache@v4.2.1
+        uses: actions/cache@v4.2.3
         with:
           path: ${{ steps.composer-cache.outputs.CACHE_DIR }}
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
@@ -288,7 +288,7 @@ jobs:
           COVERALLS_RUN_LOCALLY: 1
 
       - name: SonarQube Scan (https://sonarcloud.io/dashboard?id=git.colasdn.top.tarlepp.symfony-flex-backend)
-        uses: SonarSource/sonarqube-scan-action@v5.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # https://github.com/SonarSource/sonarqube-scan-action?tab=readme-ov-file#environment-variables
@@ -369,7 +369,7 @@ jobs:
         run: docker build . --file Dockerfile --tag symfony-flex-backend:${{ steps.vars.outputs.DOCKER_TAG }}
 
       - name: Scan Docker image with Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.29.0
+        uses: aquasecurity/trivy-action@0.32.0
         with:
           image-ref: 'symfony-flex-backend:${{ steps.vars.outputs.DOCKER_TAG }}'
           format: 'table'
diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
@@ -21,7 +21,7 @@ jobs:
         run: docker build . --file Dockerfile --tag symfony-flex-backend:master
 
       - name: Scan image with Trivy
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.32.0
         with:
           image-ref: symfony-flex-backend:master
           ignore-unfixed: 'true'
