Bump the "maintenance" group with 1 update across multiple ecosystems

[dependabot]

Bumps the maintenance group with 3 updates: lion/bundle, lion/mailer and phpunit/phpunit.

Updates lion/bundle from 19.2.1 to 19.2.2

Release notes

Sourced from lion/bundle's releases.

v19.2.2

What's Changed

• Update dependabot.yml by @​Sleon4 in lion-packages/bundle#290
• Bump the "maintenance" group with 1 update across multiple ecosystems by @​dependabot[bot] in lion-packages/bundle#291

Full Changelog: lion-packages/bundle@v19.2.1...v19.2.2

Commits

• f272aa0 Merge pull request #291 from lion-packages/dependabot/maintenance-e0e0e28fba
• 0f7659a build(deps): bump the maintenance group with 13 updates
• f725e4e Merge pull request #290 from lion-packages/Sleon4-patch-1
• 0efb5b6 Update dependabot.yml
• See full diff in compare view

Updates lion/mailer from 8.0.0 to 8.0.1

Release notes

Sourced from lion/mailer's releases.

v8.0.1

What's Changed

• Bump the "maintenance" group with 1 updates across multiple ecosystems by @​dependabot[bot] in lion-packages/mailer#70
• Bump the "maintenance" group with 1 updates across multiple ecosystems by @​dependabot[bot] in lion-packages/mailer#71
• Bump the "maintenance" group with 1 updates across multiple ecosystems by @​dependabot[bot] in lion-packages/mailer#72
• Bump the "maintenance" group with 1 update across multiple ecosystems by @​dependabot[bot] in lion-packages/mailer#73
• Update dependabot.yml by @​Sleon4 in lion-packages/mailer#74
• Bump the "maintenance" group with 1 update across multiple ecosystems by @​dependabot[bot] in lion-packages/mailer#75

Full Changelog: lion-packages/mailer@v8.0.0...v8.0.1

Commits

• f8c01b3 Merge pull request #75 from lion-packages/dependabot/maintenance-1e496c0919
• 24ea25b build(deps-dev): bump the maintenance group with 2 updates
• 7a81736 Merge pull request #74 from lion-packages/Sleon4-patch-1
• 3619424 Update dependabot.yml
• 7684410 Merge pull request #73 from lion-packages/dependabot/maintenance-cc81429f92
• 67f34c7 build(deps-dev): bump the maintenance group with 4 updates
• 6a2774e Merge pull request #72 from lion-packages/dependabot/maintenance-f4e48aa716
• badc8fd build(deps-dev): bump the maintenance group with 4 updates
• a61ec9a Merge pull request #71 from lion-packages/dependabot/maintenance-d7f1210f3b
• 8d71dcb build(deps-dev): bump the maintenance group with 7 updates
• Additional commits viewable in compare view

Updates phpunit/phpunit from 13.0.6 to 13.1.1

Release notes

Sourced from phpunit/phpunit's releases.

PHPUnit 13.1.1

Changed

• #3676: Include class/interface name in mock object expectation failure messages
• #4793: Exit with non-zero exit code when exit was called from some test

Fixed

• #5881: colors="true" in XML configuration file does not unconditionally enable colored output
• #6019: --migrate-configuration does not update schema location when XML content already validates against current schema
• #6372: Assertion failure inside willReturnCallback() is silently swallowed when code under test catches exceptions
• #6464: Process isolation template unconditionally calls set_include_path()
• #6571: Static analysis errors for TestDoubleBuilder method chaining

---

Learn how to install or update PHPUnit 13.1 in the documentation.

Keep up to date with PHPUnit:

• You can follow @​phpunit@phpc.social to stay up to date with PHPUnit's development.
• You can subscribe to the PHPUnit Updates newsletter to receive updates about and tips for PHPUnit.

PHPUnit 13.1.0

Added

• #6501: Include unexpected output in Open Test Reporting (OTR) XML logfile
• #6517: includeInCodeCoverage attribute for <directory> and <file> children of <source>
• #6523: Include #[Group] information in Open Test Reporting (OTR) XML logfile
• #6524: Report issues in Open Test Reporting (OTR) XML logfile
• #6526: Introduce #[DataProviderClosure] for static closures
• #6530: Support for custom issue trigger resolvers that can be configured using <issueTriggerResolvers> in the XML configuration file
• #6547: Support for %r...%r in EXPECTF section
• Support for configuring HTML code coverage report options (colors, thresholds, custom CSS) in XML configuration file without requiring an outputDirectory attribute, allowing the output directory to be specified later with the --coverage-html CLI option
• Support for configuring dark mode colors, progress bar colors, and breadcrumb colors for HTML code coverage reports in the XML configuration file

Changed

• #6557: Improve failure description for StringMatchesFormatDescription constraint which is used by assertFileMatchesFormat(), assertFileMatchesFormatFile(), assertStringMatchesFormat(), assertStringMatchesFormatFile(), and EXPECTF sections of PHPT test files
• The HTML code coverage report now uses a more colorblind-friendly blue/amber/orange palette by default
• Extracted PHPUnit\Runner\Extension\Facade from a concrete class to an interface and introduced an internal ExtensionFacade implementation, so that extensions only depend on the Facade interface while PHPUnit internally uses the ExtensionFacade class that also provides query methods

Deprecated

• #6515: Deprecate the --log-events-verbose-text <file> CLI option
• #6537: Soft-deprecate id() and after() for mock object expectations

Fixed

• #6025: FILE_EXTERNAL breaks __DIR__

... (truncated)

Changelog

Sourced from phpunit/phpunit's changelog.

13.1.1 - 2026-04-08

Changed

• #3676: Include class/interface name in mock object expectation failure messages
• #4793: Exit with non-zero exit code when exit was called from some test

Fixed

• #5881: colors="true" in XML configuration file does not unconditionally enable colored output
• #6019: --migrate-configuration does not update schema location when XML content already validates against current schema
• #6372: Assertion failure inside willReturnCallback() is silently swallowed when code under test catches exceptions
• #6464: Process isolation template unconditionally calls set_include_path()
• #6571: Static analysis errors for TestDoubleBuilder method chaining

13.1.0 - 2026-04-03

Added

• #6501: Include unexpected output in Open Test Reporting (OTR) XML logfile
• #6517: includeInCodeCoverage attribute for <directory> and <file> children of <source>
• #6523: Include #[Group] information in Open Test Reporting (OTR) XML logfile
• #6524: Report issues in Open Test Reporting (OTR) XML logfile
• #6526: Introduce #[DataProviderClosure] for static closures
• #6530: Support for custom issue trigger resolvers that can be configured using <issueTriggerResolvers> in the XML configuration file
• #6547: Support for %r...%r in EXPECTF section
• Support for configuring HTML code coverage report options (colors, thresholds, custom CSS) in XML configuration file without requiring an outputDirectory attribute, allowing the output directory to be specified later with the --coverage-html CLI option
• Support for configuring dark mode colors, progress bar colors, and breadcrumb colors for HTML code coverage reports in the XML configuration file

Changed

• #6557: Improve failure description for StringMatchesFormatDescription constraint which is used by assertFileMatchesFormat(), assertFileMatchesFormatFile(), assertStringMatchesFormat(), assertStringMatchesFormatFile(), and EXPECTF sections of PHPT test files
• The HTML code coverage report now uses a more colorblind-friendly blue/amber/orange palette by default
• Extracted PHPUnit\Runner\Extension\Facade from a concrete class to an interface and introduced an internal ExtensionFacade implementation, so that extensions only depend on the Facade interface while PHPUnit internally uses the ExtensionFacade class that also provides query methods

Deprecated

• #6515: Deprecate the --log-events-verbose-text <file> CLI option
• #6537: Soft-deprecate id() and after() for mock object expectations

Fixed

• #6025: FILE_EXTERNAL breaks __DIR__
• #6351: No warning when the same test runner extension is configured more than once
• #6433: Logic in TestSuiteLoader is brittle and causes "Class FooTest not found" even for valid tests in valid filenames
• #6463: Process Isolation fails on non-serializable globals and quietly ignore closures

Commits

• bf114c9 Prepare release
• 422f1bb Merge branch '12.5' into 13.1
• 85b62ad Prepare release
• a289de4 Add sebastian/git-state
• c2d419c Merge branch '12.5' into 13.1
• c9f7c8c Delete dead code for #3714
• 5b4c953 Merge branch '12.5' into 13.1
• c2b2836 Update ChangeLog
• b1c9c34 Fix TestDoubleBuilder return types
• dbace08 Update dependencies
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 9 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 2afa8b1.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

composer.lock

Package	Version	License	Issue Type
laravel/serializable-closure	2.0.11	Null	Unknown License
lion/bundle	19.2.2	Null	Unknown License
lion/command	6.2.1	Null	Unknown License
lion/database	12.1.1	Null	Unknown License
lion/exceptions	3.0.1	Null	Unknown License
lion/files	9.1.1	Null	Unknown License
lion/mailer	8.0.1	Null	Unknown License
lion/route	13.1.1	Null	Unknown License
nesbot/carbon	3.11.4	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
composer/laravel/serializable-closure	2.0.11	Unknown	Unknown
composer/lion/bundle	19.2.2	Unknown	Unknown
composer/lion/command	6.2.1	Unknown	Unknown
composer/lion/database	12.1.1	Unknown	Unknown
composer/lion/exceptions	3.0.1	Unknown	Unknown
composer/lion/files	9.1.1	Unknown	Unknown
composer/lion/mailer	8.0.1	Unknown	Unknown
composer/lion/route	13.1.1	Unknown	Unknown
composer/nesbot/carbon	3.11.4	Unknown	Unknown
composer/phpunit/php-code-coverage	14.0.0	Unknown	Unknown
composer/phpunit/phpunit	13.1.1	Unknown	Unknown
composer/sebastian/comparator	8.1.1	Unknown	Unknown
composer/sebastian/diff	8.1.0	Unknown	Unknown
composer/sebastian/environment	9.2.0	Unknown	Unknown
composer/sebastian/git-state	1.0.0	Unknown	Unknown

Scanned Files

• composer.lock