Bump the "maintenance" group with 1 updates across multiple ecosystems

[dependabot]

Bumps the maintenance group with 2 updates: lion/exceptions and infection/infection.

Updates lion/exceptions from 2.8.0 to 3.0.0

Release notes

Sourced from lion/exceptions's releases.

v3.0.0

What's Changed

• chore: Support for PHP 8.5 has been added by @​Sleon4 in lion-packages/exceptions#37
• Update dependabot.yml by @​Sleon4 in lion-packages/exceptions#38
• Update README.md by @​Sleon4 in lion-packages/exceptions#39
• Bump the "maintenance" group with 1 updates across multiple ecosystems by @​dependabot[bot] in lion-packages/exceptions#40

New Contributors

• @​dependabot[bot] made their first contribution in lion-packages/exceptions#40

Full Changelog: lion-packages/exceptions@v2.8.0...v3.0.0

Commits

• 5bf4efb Merge pull request #40 from lion-packages/dependabot/maintenance-ce55b4997e
• ed3ce4c build(deps-dev): bump the maintenance group with 3 updates
• c20e2ec Merge pull request #39 from lion-packages/Sleon4-patch-1
• 1b0dc50 Update README.md
• 2cc4e61 Merge pull request #38 from lion-packages/Sleon4-patch-1
• a1c1e26 Update dependabot.yml
• e1c7b53 Merge pull request #37 from lion-packages/php-support
• 9f9f261 chore: Support for PHP 8.5 has been added
• See full diff in compare view

Updates infection/infection from 0.31.9 to 0.32.0

Release notes

Sourced from infection/infection's releases.

Format-presering pretty printing; new GitHub loggers with collapsable sections; Symfony 8 support

Added:

• Support --exclude-source-from-xml-coverage fast path for PHPUnit 12.5+ by @​staabm in infection/infection#2604
• Implement GitHubActionsLogTextFileLogger to improve DX of text file logger with GA by @​staabm in infection/infection#2552
• Add support for Symfony 8 by @​Kocal in infection/infection#2551

Changed:

• Format-preserving pretty-printing for Mutants by @​maks-rafalko in infection/infection#2448

Internal:

• Replace deprecated SplObjectStorage methods with alternatives by @​romm in infection/infection#2447
• chore: Remove redundant RequiresOperatingSystem by @​sanmai in infection/infection#2466
• Support PHPStan dev-versions by @​staabm in infection/infection#2492
• refactor(ParallelProcessRunner): Refactor ParallelProcessRunner for clarity by @​sanmai in infection/infection#2560
• refactor(ParallelProcessRunner): extract a decorator of SplQueue by @​sanmai in infection/infection#2562
• refactor: Declare native property types by @​staabm in infection/infection#2571
• Update shipmonk/dead-code-detector to 0.14.0 by @​staabm in infection/infection#2670
• Bump to Rector ^2.2.4 by @​samsonasik in infection/infection#2479
• Prevent use of deprecated PHPUnit $this->isType('string') by @​staabm in infection/infection#2605
• Enable failOnDeprecation="true" in PHPUnit configuration by @​staabm in infection/infection#2606

and a huge work (around ~210 PRs) by @​theofidry, updating Infection architecture to bring more features in the future that were impossible to implement before. You can track them here:

• Rework the source & filtering API #2595 by @​theofidry
• Consolidate the Git API #2622 by @​theofidry
• RFC: Source Collection #2380 by @​theofidry
• RFC: Tracer #2751 by @​theofidry

New Contributors

• @​samsonasik made their first contribution in infection/infection#2479
• @​wickedOne made their first contribution in infection/infection#2587
• @​Kocal made their first contribution in infection/infection#2551
• @​VincentLanglet made their first contribution in infection/infection#2732

Full Changelog: infection/infection@0.31.9...0.32.0

Changelog

Sourced from infection/infection's changelog.

[0.32.0]

Fixed:

• [BC BREAK!] The relative paths of the sources (source.directories in the Infection configuration file) are no longer relative to the current working directory but instead to the location of the configuration file.

0.31.0 (2025-07-28)

Changed:

• [BR BREAK!] Remove --only-covered; Introduce --with-uncovered instead by @​staabm in infection/infection#2336
• Directly enqueue follow-up processes by @​sanmai in infection/infection#2322
• Use executionOrder="defects,random" for phpunit.xml by @​staabm in infection/infection#2328

Fixed:

• Fix CLI output rendering for diffs which contain symfony-style like text by @​staabm in infection/infection#2338

Internal:

• Update the pipeline library to version 7 by @​sanmai in infection/infection#2342
• Switch to sanmai/di-container by @​sanmai in infection/infection#2343

Backward Compatibility Break

This version introduces BC Break. Do the following:

1. If you used Infection for all the code, including uncovered, like bin/infection, now you need to add --with-uncovered, because by default, Infection doesn't mutate uncovered code anymore

- bin/infection
+ bin/infection --with-uncovered

2. If you used Infection for the only code covered by tests, like bin/infection --only-covered, you need to remove this option because now this is a default behavior and this options has been removed

- bin/infection --only-covered
+ bin/infection

3. If you used Infection for all the code, including uncovered, but now you want to mutated only covered code, do nothing (default behavior has been changed)

# continue using
bin/infection

Full Changelog: infection/infection@0.30.3...0.31.0

... (truncated)

Commits

• 71d4a12 test: Rework the PHPUnit end-to-end tests (#2624)
• a5bbdad test: Rename the PHPUnit tests (#2752)
• 35dfda6 feat(git): Add git commands (#2669)
• a955b1f refactor: Rename the console options to be more consistent (#2750)
• b4079bc docs(git): Update some pieces of documentation (#2749)
• 588133a [Conductor] Update phpunit/php-code-coverage to 11.0.12 (#2748)
• de1cf6b feat(SourceCollector): Add a command to list all the sources (#2706)
• c551eeb refactor: Move the parsing of the config file option into a single place (#2747)
• 2bfca87 refactor: Use the Symfony command constants (#2746)
• 96bc39b feat(SourceCollector): Fail earlier when no source file is found (#2703)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

composer.json

Package	Version	License	Issue Type
php	>= 8.5	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
composer/php	>= 8.5	🟢 4.4	Details Check Score Reason Code-Review ⚠️ 0 Found 2/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 29 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected License 🟢 9 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
composer/infection/infection	0.32.0	🟢 5.5	Details Check Score Reason Dangerous-Workflow ⚠️ -1 no workflows found Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 4/25 approved changesets -- score normalized to 1 Token-Permissions ⚠️ -1 No tokens found Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ -1 no dependencies found Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
composer/justinrainbow/json-schema	6.6.3	Unknown	Unknown
composer/lion/exceptions	3.0.0	Unknown	Unknown
composer/nikic/php-parser	5.7.0	🟢 5	Details Check Score Reason Maintained 🟢 10 13 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ -1 no dependencies found Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
composer/overtrue/phplint	9.7.1	🟢 4.3	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 10 14 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 no SAST tool detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected
composer/phpstan/phpstan	2.1.33	🟢 5.5	Details Check Score Reason Code-Review ⚠️ 0 Found 0/28 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ -1 no dependencies found
composer/phpunit/php-code-coverage	12.5.1	🟢 5.2	Details Check Score Reason Code-Review ⚠️ 0 Found 2/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
composer/phpunit/phpunit	12.5.4	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow ⚠️ -1 no workflows found Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ -1 No tokens found Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
composer/sanmai/duoclock	0.1.3	Unknown	Unknown
composer/sanmai/pipeline	7.6	Unknown	Unknown
composer/squizlabs/php_codesniffer	4.0.1	Unknown	Unknown
composer/symfony/cache	8.0.0	🟢 5.2	Details Check Score Reason Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 SAST ⚠️ 0 no SAST tool detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected
composer/symfony/console	8.0.3	🟢 5.1	Details Check Score Reason Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 24 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found SAST ⚠️ 0 no SAST tool detected Pinned-Dependencies ⚠️ -1 no dependencies found Binary-Artifacts 🟢 9 binaries present in source code CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected
composer/symfony/event-dispatcher	8.0.0	🟢 3.9	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found SAST ⚠️ 0 no SAST tool detected Pinned-Dependencies ⚠️ -1 no dependencies found Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected
composer/symfony/filesystem	8.0.1	🟢 4.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected
composer/symfony/finder	8.0.3	🟢 4.3	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Maintained 🟢 3 4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Pinned-Dependencies ⚠️ -1 no dependencies found SAST ⚠️ 0 no SAST tool detected Dangerous-Workflow ⚠️ -1 no workflows found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
composer/symfony/options-resolver	8.0.0	🟢 4.2	Details Check Score Reason Dangerous-Workflow ⚠️ -1 no workflows found Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found Maintained ⚠️ 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected SAST ⚠️ 0 no SAST tool detected Pinned-Dependencies ⚠️ -1 no dependencies found Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected
composer/symfony/polyfill-php85	1.33.0	Unknown	Unknown
composer/symfony/process	8.0.3	🟢 4	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 SAST ⚠️ 0 no SAST tool detected Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Token-Permissions ⚠️ -1 No tokens found Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected
composer/symfony/service-contracts	3.6.1	🟢 3.9	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found SAST ⚠️ 0 no SAST tool detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected
composer/symfony/string	8.0.1	🟢 4	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found SAST ⚠️ 0 no SAST tool detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected
composer/symfony/var-exporter	8.0.0	🟢 3.9	Details Check Score Reason Dangerous-Workflow ⚠️ -1 no workflows found Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found Pinned-Dependencies ⚠️ -1 no dependencies found Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected SAST ⚠️ 0 no SAST tool detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected
composer/symfony/yaml	8.0.0	🟢 4.6	Details Check Score Reason SAST ⚠️ 0 no SAST tool detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ -1 no dependencies found Maintained 🟢 5 6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Dangerous-Workflow ⚠️ -1 no workflows found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected
composer/theseer/tokenizer	2.0.1	🟢 4.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found Pinned-Dependencies ⚠️ -1 no dependencies found Code-Review ⚠️ 1 Found 4/21 approved changesets -- score normalized to 1 Maintained 🟢 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
composer/webmozart/assert	2.0.0	🟢 5.5	Details Check Score Reason Dangerous-Workflow ⚠️ -1 no workflows found Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ -1 No tokens found Code-Review 🟢 3 Found 8/21 approved changesets -- score normalized to 3 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• composer.json
• composer.lock