Skip to content

Bump phpunit/phpunit from 9.4.4 to 9.6.33 in the composer group across 1 directory#385

Merged
peterwilsoncc merged 2 commits intodevelopfrom
dependabot/composer/composer-73a4f1667a
Feb 9, 2026
Merged

Bump phpunit/phpunit from 9.4.4 to 9.6.33 in the composer group across 1 directory#385
peterwilsoncc merged 2 commits intodevelopfrom
dependabot/composer/composer-73a4f1667a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Feb 4, 2026

Bumps the composer group with 1 update in the / directory: phpunit/phpunit.

Updates phpunit/phpunit from 9.4.4 to 9.6.33

Release notes

Sourced from phpunit/phpunit's releases.

PHPUnit 9.6.33

Changed

  • To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs

Learn how to install or update PHPUnit 9.6 in the documentation.

Keep up to date with PHPUnit:

PHPUnit 9.6.32

Changed

  • PHPUnit\Framework\MockObject exceptions are now subtypes of PHPUnit\Exception

Learn how to install or update PHPUnit 9.6 in the documentation.

Keep up to date with PHPUnit:

PHPUnit 9.6.31

  • No changes; phpunit.phar rebuilt with PHP 8.4 to work around PHP-Scoper issue #1139

Learn how to install or update PHPUnit 9.6 in the documentation.

Keep up to date with PHPUnit:

PHPUnit 9.6.30

Changed

  • Updated list of deprecated PHP configuration settings for PHP 8.4, PHP 8.5, and PHP 8.6

Learn how to install or update PHPUnit 9.6 in the documentation.

Keep up to date with PHPUnit:

... (truncated)

Changelog

Sourced from phpunit/phpunit's changelog.

[9.6.33] - 2026-01-27

Changed

  • To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs

[9.6.32] - 2026-01-24

Changed

  • PHPUnit\Framework\MockObject exceptions are now subtypes of PHPUnit\Exception

[9.6.31] - 2025-12-06

  • No changes; phpunit.phar rebuilt with PHP 8.4 to work around PHP-Scoper issue #1139

[9.6.30] - 2025-12-01

Changed

  • Updated list of deprecated PHP configuration settings for PHP 8.4, PHP 8.5, and PHP 8.6

[9.6.29] - 2025-09-24

  • No changes; phpunit.phar rebuilt with updated dependencies

[9.6.28] - 2025-09-23

  • No changes; phpunit.phar rebuilt with updated dependencies

[9.6.27] - 2025-09-14

Changed

  • #6366: Exclude __sleep() and __wakeup() from test double code generation on PHP >= 8.5

[9.6.26] - 2025-09-11

Changed

  • Implement __serialize() in addition to __sleep() (which will be deprecated in PHP 8.5)

[9.6.25] - 2025-08-20

Changed

  • Do not configure report_memleaks setting (which will be deprecated in PHP 8.5) for PHPT processes

[9.6.24] - 2025-08-10

... (truncated)

Commits
  • fea0625 Prepare release
  • 1a677f6 Merge branch '8.5' into 9.6
  • 1015741 Prepare release
  • 1cce5f3 Merge branch '8.5' into 9.6
  • 3141742 Do not run PHPT test when its temporary file for code coverage information ex...
  • 0b3170a We do not need to unserialize() objects here
  • 261086a Extract method
  • fdd6b86 Fix CS/WS issue
  • 492ee10 Prepare release
  • 81edce2 Merge branch '8.5' into 9.6
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump phpunit/phpunit in the composer group across 1 directory
fdba3b5 
Bumps the composer group with 1 update in the / directory: [phpunit/phpunit](https://github.com/sebastianbergmann/phpunit).


Updates `phpunit/phpunit` from 9.4.4 to 9.6.33
- [Release notes](https://github.com/sebastianbergmann/phpunit/releases)
- [Changelog](https://github.com/sebastianbergmann/phpunit/blob/9.6.33/ChangeLog-9.6.md)
- [Commits](sebastianbergmann/phpunit@9.4.4...9.6.33)

---
updated-dependencies:
- dependency-name: phpunit/phpunit
  dependency-version: 9.6.33
  dependency-type: direct:development
  dependency-group: composer
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Feb 4, 2026
@dependabot dependabot bot requested a review from jeffpaul as a code owner February 4, 2026 19:34
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 4, 2026
@dependabot dependabot bot requested a review from dkotter as a code owner February 4, 2026 19:34
@dependabot dependabot bot added the php Pull requests that update php code label Feb 4, 2026
@github-actions github-actions bot added the needs:code-review This requires code review. label Feb 4, 2026
@jeffpaul jeffpaul added this to the 7.7.0 milestone Feb 4, 2026
@jeffpaul jeffpaul moved this to Code Review in Open Source Practice Feb 4, 2026
peterwilsoncc
peterwilsoncc reviewed Feb 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@peterwilsoncc peterwilsoncc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me.

I pushed a change so the phpunit tests run following configuration changes in composer files or the phpunit file. Following this the testsuite ran and passed as expected.

@jeffpaul It looks like there is a configuration error in the dependency license checker. As PHP Unit is known to be fine, I'm ignoring the action failure.

@github-project-automation github-project-automation bot moved this from Code Review to QA Testing in Open Source Practice Feb 9, 2026
@peterwilsoncc peterwilsoncc merged commit 8cfb990 into develop Feb 9, 2026
14 of 15 checks passed
@peterwilsoncc peterwilsoncc deleted the dependabot/composer/composer-73a4f1667a branch February 9, 2026 01:01
@github-project-automation github-project-automation bot moved this from QA Testing to Done in Open Source Practice Feb 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@peterwilsoncc peterwilsoncc peterwilsoncc approved these changes

@jeffpaul jeffpaul Awaiting requested review from jeffpaul jeffpaul is a code owner

@dkotter dkotter Awaiting requested review from dkotter dkotter is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file needs:code-review This requires code review. php Pull requests that update php code

Projects

Open Source Practice
Archived in project

Milestone

7.7.0

Development

Successfully merging this pull request may close these issues.

2 participants

@peterwilsoncc @jeffpaul