Merge branch 'master' into chore(env)/php-update

Author: tarlepp

.github/workflows/main.yml

@@ -25,12 +25,12 @@ jobs:
       fail-fast: false
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: '0'
 
       - name: Setup PHP, with composer and extensions
-        uses: shivammathur/setup-php@v2 # https://github.com/shivammathur/setup-php
+        uses: shivammathur/setup-php@81cd5ae0920b34eef300e1775313071038a53429 # v2.27.0
         with:
           php-version: '8.2'
           tools: composer:v2
@@ -40,7 +40,7 @@ jobs:
         run: echo "CACHE_DIR=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache composer dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
         with:
           path: ${{ steps.composer-cache.outputs.CACHE_DIR }}
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
@@ -58,7 +58,7 @@ jobs:
           composer --version
 
       - name: PHP Security Checker
-        uses: symfonycorp/security-checker-action@v5
+        uses: symfonycorp/security-checker-action@258311ef7ac571f1310780ef3d79fc5abef642b5 # v5
 
       - name: Check that application doesn't have installed dependencies with known security vulnerabilities
         run: make check-security
@@ -70,12 +70,12 @@ jobs:
       fail-fast: false
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: '0'
 
       - name: Setup PHP, with composer and extensions
-        uses: shivammathur/setup-php@v2 # https://github.com/shivammathur/setup-php
+        uses: shivammathur/setup-php@81cd5ae0920b34eef300e1775313071038a53429 # v2.27.0
         with:
           php-version: '8.2'
           tools: composer:v2
@@ -85,7 +85,7 @@ jobs:
         run: echo "CACHE_DIR=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache composer dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
         with:
           path: ${{ steps.composer-cache.outputs.CACHE_DIR }}
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
@@ -121,12 +121,12 @@ jobs:
       fail-fast: false
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: '0'
 
       - name: Setup PHP, with composer and extensions
-        uses: shivammathur/setup-php@v2 # https://github.com/shivammathur/setup-php
+        uses: shivammathur/setup-php@81cd5ae0920b34eef300e1775313071038a53429 # v2.27.0
         with:
           php-version: '8.2'
           tools: composer:v2
@@ -136,7 +136,7 @@ jobs:
         run: echo "CACHE_DIR=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache composer dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
         with:
           path: ${{ steps.composer-cache.outputs.CACHE_DIR }}
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
@@ -179,13 +179,13 @@ jobs:
         run: make phpinsights
 
       - name: Archive Psalm results (psalm.json)
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: psalm.json
           path: ./build/psalm.json
 
       - name: Archive `phploc` results (phploc.json)
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: phploc.json
           path: ./build/phploc.json
@@ -210,12 +210,12 @@ jobs:
       fail-fast: false
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: '0'
 
       - name: Setup PHP, with composer and extensions
-        uses: shivammathur/setup-php@v2 # https://github.com/shivammathur/setup-php
+        uses: shivammathur/setup-php@81cd5ae0920b34eef300e1775313071038a53429 # v2.27.0
         with:
           php-version: '8.2'
           extensions: pdo_mysql, mysql
@@ -227,7 +227,7 @@ jobs:
         run: echo "CACHE_DIR=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache composer dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
         with:
           path: ${{ steps.composer-cache.outputs.CACHE_DIR }}
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
@@ -291,25 +291,25 @@ jobs:
         run: make phpmetrics
 
       - name: Archive code coverage results (clover.xml)
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: clover.xml
           path: ./build/logs/clover.xml
 
       - name: Archive code coverage results (junit.xml)
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: junit.xml
           path: ./build/logs/junit.xml
 
       - name: Archive Code Coverage
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: PhpMetrics
           path: ./build/report
 
       - name: Archive PhpMetrics results
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: PhpMetrics
           path: ./build/phpmetrics
@@ -320,28 +320,28 @@ jobs:
 
     steps:
       - name: Make checkout
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Lint `./README.md`
-        uses: avto-dev/markdown-lint@v1
+        uses: avto-dev/markdown-lint@04d43ee9191307b50935a753da3b775ab695eceb # v1.5.0
         with:
           config: './markdown-lint.yml'
           args: './README.md'
 
       - name: Lint all the resource docs under `./doc/` directory
-        uses: avto-dev/markdown-lint@v1
+        uses: avto-dev/markdown-lint@04d43ee9191307b50935a753da3b775ab695eceb # v1.5.0
         with:
           config: './markdown-lint.yml'
           args: './doc/*.md'
 
       - name: Lint all the docs under `./docker/` directory
-        uses: avto-dev/markdown-lint@v1
+        uses: avto-dev/markdown-lint@04d43ee9191307b50935a753da3b775ab695eceb # v1.5.0
         with:
           config: './markdown-lint.yml'
           args: './docker/*.md'
 
       - name: Lint all the docs under `./secrets/` directory
-        uses: avto-dev/markdown-lint@v1
+        uses: avto-dev/markdown-lint@04d43ee9191307b50935a753da3b775ab695eceb # v1.5.0
         with:
           config: './markdown-lint.yml'
           args: './secrets/*.md'
@@ -353,7 +353,7 @@ jobs:
       - test
 
     steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set tag var
         id: vars

.github/workflows/scorecard.yml

@@ -34,12 +34,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@v2.3.1
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # vv2.3.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -61,14 +61,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@v3.1.0
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v2.22.4
+        uses: github/codeql-action/upload-sarif@v2.22.5
         with:
           sarif_file: results.sarif

.github/workflows/vulnerability-scan.yml

@@ -14,13 +14,13 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Build the Docker image
         run: docker build . --file Dockerfile --tag symfony-flex-backend:master
 
       - name: Scan image with trivy
-        uses: lazy-actions/gitrivy@v3
+        uses: lazy-actions/gitrivy@sha356:6edf95fdc8b1fb841a974536316b209cd16f9000 # v3
         with:
           image-ref: symfony-flex-backend:master
           format: 'table'

composer.json

@@ -42,24 +42,24 @@
 		"symfony/asset": "6.3.0",
 		"symfony/config": "6.3.2",
 		"symfony/console": "6.3.4",
-		"symfony/dotenv": "6.3.0",
+		"symfony/dotenv": "6.3.7",
 		"symfony/expression-language": "6.3.0",
-		"symfony/flex": "2.4.0",
-		"symfony/form": "6.3.6",
-		"symfony/framework-bundle": "6.3.6",
+		"symfony/flex": "2.4.1",
+		"symfony/form": "6.3.7",
+		"symfony/framework-bundle": "6.3.7",
 		"symfony/monolog-bundle": "3.8.0",
 		"symfony/process": "6.3.4",
 		"symfony/property-access": "6.3.2",
 		"symfony/property-info": "6.3.0",
 		"symfony/routing": "6.3.5",
 		"symfony/runtime": "6.3.2",
-		"symfony/security-bundle": "6.3.6",
-		"symfony/serializer": "6.3.6",
+		"symfony/security-bundle": "6.3.7",
+		"symfony/serializer": "6.3.7",
 		"symfony/string": "6.3.5",
-		"symfony/translation": "6.3.6",
+		"symfony/translation": "6.3.7",
 		"symfony/twig-bundle": "6.3.0",
-		"symfony/validator": "6.3.6",
-		"symfony/yaml": "6.3.3"
+		"symfony/validator": "6.3.7",
+		"symfony/yaml": "6.3.7"
 	},
 	"conflict": {
 		"symfony/debug": "<3.3",