build(deps): bump tedivm/jshrink from 1.7.0 to 1.8.0

Bumps [tedivm/jshrink](https://github.com/tedious/JShrink) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/tedious/JShrink/releases) - [Commits](https://github.com/tedious/JShrink/compare/v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: tedivm/jshrink dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot.yml: Fix udpate-types declaration
2025-07-31 01:24:23 +02:00 · 2025-07-29 09:16:26 +02:00 · 2025-07-25 15:31:48 +02:00 · 2025-07-25 15:13:13 +02:00 · 2025-07-17 08:52:18 +02:00 · 2025-07-17 08:39:57 +02:00
3 changed files with 316 additions and 317 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -2,5 +2,10 @@ version: 2
 updates:
  - package-ecosystem: "composer"
    directory: "/"
+    open-pull-requests-limit: 20 # Roughly half the number of dependencies
+    groups:
+      composer:
+        update-types:
+          - "patch"
    schedule:
      interval: "daily"
--- a/bin/make-snapshot.sh
+++ b/bin/make-snapshot.sh
@ -21,8 +21,8 @@ git checkout -b $BRANCH

 git mv composer.lock composer.lock.bak
 git commit -am "Backup composer.lock"
-git merge --no-ff -m "Merge latest tag, package pipelines require it" $LATEST_TAG
+git merge --no-ff -m "Merge latest tag, package pipelines require it" $LATEST_TAG || (git checkout --ours composer.lock.bak && git add composer.lock.bak && git commit --no-edit)
 git mv -f composer.lock.bak composer.lock
-git commit -am "Restore composer.lock"
+git commit -am "Restore composer.lock" || true # in case composer.lock was not modified

 bin/make-release.sh "$NEXT_VERSION-dev" --no-checkout
--- a/composer.lock
+++ b/composer.lock
Author	SHA1	Message	Date
dependabot[bot]	3ffc4e5833	build(deps): bump tedivm/jshrink from 1.7.0 to 1.8.0 Bumps [tedivm/jshrink](https://github.com/tedious/JShrink) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/tedious/JShrink/releases) - [Commits](https://github.com/tedious/JShrink/compare/v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: tedivm/jshrink dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-07-29 09:16:26 +02:00
Johannes Meyer	2d8baeafe4	dependabot.yml: Fix udpate-types declaration	2025-07-25 15:31:48 +02:00
dependabot[bot]	50f68d3fc3	build(deps): bump predis/predis from 3.0.1 to 3.1.0 Bumps [predis/predis](https://github.com/predis/predis) from 3.0.1 to 3.1.0. - [Release notes](https://github.com/predis/predis/releases) - [Changelog](https://github.com/predis/predis/blob/main/CHANGELOG.md) - [Commits](https://github.com/predis/predis/compare/v3.0.1...v3.1.0) --- updated-dependencies: - dependency-name: predis/predis dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-07-25 15:13:13 +02:00
Johannes Meyer	3bc4158c81	make-snapshot: …	2025-07-17 08:52:18 +02:00
Johannes Meyer	63e153614d	make-snapshot: Don't fail when composer.lock didn't change	2025-07-17 08:39:57 +02:00
Johannes Meyer	a3a9a0f9a8	bin/make-snapshot: Auto resolve composer.lock conflicts dependabot seems to use an older composer version, causing conflicts with the property `plugin-api-version`. Anyway, the merge leading to the conflict is only done to make a tag reachable. So the composer.lock of the main branch is always the right choice.	2025-07-09 10:45:14 +02:00
dependabot[bot]	6c862b2ab8	build(deps): bump ramsey/uuid from 4.8.1 to 4.9.0 Bumps [ramsey/uuid](https://github.com/ramsey/uuid) from 4.8.1 to 4.9.0. - [Release notes](https://github.com/ramsey/uuid/releases) - [Changelog](https://github.com/ramsey/uuid/blob/4.x/CHANGELOG.md) - [Commits](https://github.com/ramsey/uuid/compare/4.8.1...4.9.0) --- updated-dependencies: - dependency-name: ramsey/uuid dependency-version: 4.9.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-07-09 10:23:06 +02:00
Johannes Meyer	426e244015	depandabot: Optimize pull request handling	2025-07-09 10:20:13 +02:00
dependabot[bot]	a843109028	build(deps): bump shardj/zf1-future from 1.24.3 to 1.24.4 Bumps [shardj/zf1-future](https://github.com/Shardj/zf1-future) from 1.24.3 to 1.24.4. - [Release notes](https://github.com/Shardj/zf1-future/releases) - [Changelog](https://github.com/Shardj/zf1-future/blob/master/CHANGELOG.md) - [Commits](https://github.com/Shardj/zf1-future/compare/release-1.24.3...release-1.24.4) --- updated-dependencies: - dependency-name: shardj/zf1-future dependency-version: 1.24.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-07-08 16:37:54 +02:00
Johannes Meyer	3a4ac0eae4	Add composer.lock from stable/0.13.0	2025-06-18 10:14:17 +02:00