From 809ee19e7435eb0cd23f222f10d9f70438424c9a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 8 Jun 2024 01:53:02 +0000
Subject: [PATCH 1/2] composer(deps-dev): bump the minor-patch-dependencies
 group with 2 updates

Updates the requirements on [phpstan/extension-installer](https://github.com/phpstan/extension-installer) and [phpstan/phpstan](https://github.com/phpstan/phpstan) to permit the latest version.

Updates `phpstan/extension-installer` to 1.4.0
- [Release notes](https://github.com/phpstan/extension-installer/releases)
- [Commits](https://github.com/phpstan/extension-installer/compare/1.3.1...1.4.0)

Updates `phpstan/phpstan` to 1.11.4
- [Release notes](https://github.com/phpstan/phpstan/releases)
- [Changelog](https://github.com/phpstan/phpstan/blob/1.11.x/CHANGELOG.md)
- [Commits](https://github.com/phpstan/phpstan/compare/1.11.3...1.11.4)

---
updated-dependencies:
- dependency-name: phpstan/extension-installer
  dependency-type: direct:development
  dependency-group: minor-patch-dependencies
- dependency-name: phpstan/phpstan
  dependency-type: direct:development
  dependency-group: minor-patch-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 composer.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/composer.json b/composer.json
index 0d7ab8f..64b79c4 100644
--- a/composer.json
+++ b/composer.json
@@ -38,8 +38,8 @@
     "laminas/laminas-servicemanager": "^3.22.1",
     "mimmi20/coding-standard": "^5.2.33",
     "nikic/php-parser": "^4.19.1 || ^5.0.2",
-    "phpstan/extension-installer": "^1.3.1",
-    "phpstan/phpstan": "^1.11.3",
+    "phpstan/extension-installer": "^1.4.0",
+    "phpstan/phpstan": "^1.11.4",
     "phpstan/phpstan-deprecation-rules": "^1.2.0",
     "phpstan/phpstan-phpunit": "^1.4.0",
     "phpunit/phpunit": "^10.5.20",

From 488f22b3285d9ca24b8f8fcfdcae0cb6a64f869c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20M=C3=BCller?= <mimmi20@live.de>
Date: Sun, 9 Jun 2024 13:57:44 +0200
Subject: [PATCH 2/2] add new workflows

---
 .github/renovate.json5                        | 83 ++++++-------------
 .github/workflows/lint-workflow-files.yml     | 27 ++++++
 .../workflows/renovate-config-validator.yml   | 20 +++++
 3 files changed, 73 insertions(+), 57 deletions(-)
 create mode 100644 .github/workflows/lint-workflow-files.yml
 create mode 100644 .github/workflows/renovate-config-validator.yml

diff --git a/.github/renovate.json5 b/.github/renovate.json5
index baab4dc..39f5cee 100644
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -1,32 +1,33 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
 
-  "extends": ["mergeConfidence:all-badges"],
-
-  "enabled": true,
-
-  "assignees": [
-    "mimmi20"
+  "extends": [
+    ":assignAndReview(mimmi20)",
+    ":automergeDisabled",
+    ":combinePatchMinorReleases",
+    ":disableDependencyDashboard",
+    ":disableRateLimiting",
+    ":enableRenovate",
+    ":enableVulnerabilityAlertsWithLabel(security)",
+    ":gitSignOff",
+    ":ignoreUnstable",
+    ":label(dependencies)",
+    ":maintainLockFilesDisabled",
+    ":prImmediately",
+    ":rebaseStalePrs",
+    ":semanticCommitsDisabled",
+    ":separateMajorReleases",
+    ":timezone(Europe/Berlin)",
+    ":updateNotScheduled",
+    "group:allDigest",
+    "group:allNonMajor",
+    "security:openssf-scorecard",
+    "mergeConfidence:all-badges"
   ],
-  "automerge": false,
-  "branchConcurrentLimit": 0,
-  "commitBody": "Signed-off-by: {{{gitAuthor}}}",
+
   "commitBodyTable": true,
   "configMigration": true,
-  "configWarningReuseIssue": false,
-  "dependencyDashboard": false,
-  "dependencyDashboardApproval": false,
-  "dependencyDashboardOSVVulnerabilitySummary": "all",
-  // "enabledManagers": ["composer", "github-actions", "npm"],
-  "ignoreTests": false,
-  "ignoreUnstable": true,
-  "internalChecksFilter": "strict",
-  "labels": [
-    "dependencies"
-  ],
-  "lockFileMaintenance": {
-    "enabled": false
-  },
+  "ignorePaths": ["**/node_modules/**", "**/vendor/**"],
   "osvVulnerabilityAlerts": true,
   "platformAutomerge": false,
   "prBodyColumns": [
@@ -41,39 +42,11 @@
     "Update": "{{{updateType}}}",
     "Change": "[{{#if displayFrom}}`{{{displayFrom}}}` -> {{else}}{{#if currentValue}}`{{{currentValue}}}` -> {{/if}}{{/if}}{{#if displayTo}}`{{{displayTo}}}`{{else}}`{{{newValue}}}`{{/if}}]({{#if depName}}https://renovatebot.com/diffs/npm/{{replace '/' '%2f' depName}}/{{{currentVersion}}}/{{{newVersion}}}{{/if}})"
   },
-  "prConcurrentLimit": 0,
-  "prCreation": "immediate",
-  "prHourlyLimit": 0,
   "rangeStrategy": "bump",
-  "rebaseWhen": "behind-base-branch",
-  "reviewers": [
-    "mimmi20"
-  ],
   "rollbackPrs": true,
-  "schedule": ["at 4:00 am on Saturday"],
-  "semanticCommits": "disabled",
-  "separateMajorMinor": true,
-  "separateMinorPatch": false,
-  "timezone": "Europe/Berlin",
-  "updateLockFiles": false,
-  "updateNotScheduled": false,
+  "schedule": ["before 4am on Saturday"],
   "packageRules": [
     {
-      "groupName": "PHP",
-      "matchDepNames": ["php"],
-      "allowedVersions": "~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0",
-      "ignoreUnstable": false,
-      "rangeStrategy": "widen"
-    },
-    {
-      "groupName": "Node",
-      "matchDepNames": ["node"],
-      "allowedVersions": "~19.5.0 || ~20.0.0 || ~21.0.0 || ~22.0.0",
-      "ignoreUnstable": false,
-      "rangeStrategy": "widen"
-    },
-    {
-      "groupName": "devDependencies",
       "matchDepTypes": ["devDependencies", "peerDependencies"],
       "rangeStrategy": "widen"
     },
@@ -89,9 +62,5 @@
         "patch"
       ]
     }
-  ],
-  "vulnerabilityAlerts": {
-    "enabled": true,
-    "labels": ["security"]
-  }
+  ]
 }
diff --git a/.github/workflows/lint-workflow-files.yml b/.github/workflows/lint-workflow-files.yml
new file mode 100644
index 0000000..0ff71c6
--- /dev/null
+++ b/.github/workflows/lint-workflow-files.yml
@@ -0,0 +1,27 @@
+name: "Lint GitHub Actions workflows"
+
+on:
+  pull_request:
+    paths:
+      - ".github/**"
+
+jobs:
+  actionlint:
+    runs-on: "ubuntu-22.04"
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v4"
+        with:
+          # Disabling shallow clone is recommended for improving relevancy of reporting
+          fetch-depth: 0
+          lfs: false
+          persist-credentials: false
+
+      - name: "Check workflow files"
+        uses: "raven-actions/actionlint@v1"
+        with:
+          matcher: true
+          cache: true
+          fail-on-error: false
+          flags: "-ignore SC2086"
diff --git a/.github/workflows/renovate-config-validator.yml b/.github/workflows/renovate-config-validator.yml
new file mode 100644
index 0000000..04889b8
--- /dev/null
+++ b/.github/workflows/renovate-config-validator.yml
@@ -0,0 +1,20 @@
+name: "Validate Config for Renovate"
+
+on:
+  - pull_request
+  - push
+
+jobs:
+  validate:
+    runs-on: "ubuntu-22.04"
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v4"
+        with:
+          # Disabling shallow clone is recommended for improving relevancy of reporting
+          fetch-depth: 0
+          lfs: false
+          persist-credentials: false
+
+      - uses: "suzuki-shunsuke/github-action-renovate-config-validator@v1.0.1"