Bump the "maintenance" group with 1 updates across multiple ecosystems

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the maintenance group with 1 update: phpunit/phpunit.

Updates phpunit/phpunit from 12.5.8 to 13.0.1

Release notes

Sourced from phpunit/phpunit's releases.

PHPUnit 13.0.1

Fixed

• #6495: Source map for issue trigger identification is regenerated in process isolation child processes
• #6497: method() returns InvocationMocker instead of InvocationStubber for test stubs

---

Learn how to install or update PHPUnit 13.0 in the documentation.

Keep up to date with PHPUnit:

• You can follow @​phpunit@phpc.social to stay up to date with PHPUnit's development.
• You can subscribe to the PHPUnit Updates newsletter to receive updates about and tips for PHPUnit.

PHPUnit 13.0.0

Added

• #6450: TestCase::invokeTestMethod() method for customizing test method invocation
• #6455: withParameterSetsInOrder() and withParameterSetsInAnyOrder() for expecting calls to the same method of a mock object but with different arguments
• #6466: Sealed test doubles
• #6468: Configuration option to require sealed mock objects
• #6477: assertArraysAreIdentical(), assertArraysAreIdenticalIgnoringOrder(), assertArraysHaveIdenticalValues(), assertArraysHaveIdenticalValuesIgnoringOrder(), assertArraysAreEqual(), assertArraysAreEqualIgnoringOrder(), assertArraysHaveEqualValues(), and assertArraysHaveEqualValuesIgnoringOrder() assertions
• --test-files-file <file> CLI option to configure a file that contains the paths to the test files to be loaded (one file per line); use this when using CLI arguments is not an option due to argument length limitations

Deprecated

• #6461: any() matcher (hard deprecation)

Removed

• #6054: Assert::isType()
• #6057: assertContainsOnly() and assertNotContainsOnly()
• #6061: containsOnly()
• #6076: Support for PHP 8.3
• #6141: testClassName() method on event value objects for hook methods called for test methods
• #6230: Configuration::includeTestSuite() and Configuration::excludeTestSuite()
• #6241: --dont-report-useless-tests CLI option
• #6247: Support for using #[CoversNothing] on a test method
• #6285: #[RunClassInSeparateProcess] attribute
• #6356: Support for version constraint string argument without explicit version comparison operator

---

Learn how to install or update PHPUnit 13.0 in the documentation.

Keep up to date with PHPUnit:

• You can follow @​phpunit@phpc.social to stay up to date with PHPUnit's development.
• You can subscribe to the PHPUnit Updates newsletter to receive updates about and tips for PHPUnit.

... (truncated)

Changelog

Sourced from phpunit/phpunit's changelog.

13.0.1 - 2026-02-08

Fixed

• #6495: Source map for issue trigger identification is regenerated in process isolation child processes
• #6497: method() returns InvocationMocker instead of InvocationStubber for test stubs

13.0.0 - 2026-02-06

Added

• #6450: TestCase::invokeTestMethod() method for customizing test method invocation
• #6455: withParameterSetsInOrder() and withParameterSetsInAnyOrder() for expecting calls to the same method of a mock object but with different arguments
• #6466: Sealed test doubles
• #6468: Configuration option to require sealed mock objects
• #6477: assertArraysAreIdentical(), assertArraysAreIdenticalIgnoringOrder(), assertArraysHaveIdenticalValues(), assertArraysHaveIdenticalValuesIgnoringOrder(), assertArraysAreEqual(), assertArraysAreEqualIgnoringOrder(), assertArraysHaveEqualValues(), and assertArraysHaveEqualValuesIgnoringOrder() assertions
• --test-files-file <file> CLI option to configure a file that contains the paths to the test files to be loaded (one file per line); use this when using CLI arguments is not an option due to argument length limitations

Deprecated

• #6461: any() matcher (hard deprecation)

Removed

• #6054: Assert::isType()
• #6057: assertContainsOnly() and assertNotContainsOnly()
• #6061: containsOnly()
• #6076: Support for PHP 8.3
• #6141: testClassName() method on event value objects for hook methods called for test methods
• #6230: Configuration::includeTestSuite() and Configuration::excludeTestSuite()
• #6241: --dont-report-useless-tests CLI option
• #6247: Support for using #[CoversNothing] on a test method
• #6285: #[RunClassInSeparateProcess] attribute
• #6356: Support for version constraint string argument without explicit version comparison operator

Commits

• 35b8abc Prepare release
• a64659b Merge branch '12.5' into 13.0
• 1686e30 Prepare release
• f87ca23 Merge branch '11.5' into 12.5
• b287d32 Prepare release
• 9eac9f1 Closes #6497
• 99674e2 Merge branch '12.5' into 13.0
• d810b97 Merge branch '11.5' into 12.5
• 03cfcf5 Update ChangeLog
• 121effe Extract method
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
composer/phpunit/php-code-coverage	13.0.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ -1 No tokens found SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Pinned-Dependencies ⚠️ -1 no dependencies found Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
composer/phpunit/php-file-iterator	7.0.0	🟢 6	Details Check Score Reason SAST ⚠️ 0 no SAST tool detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow ⚠️ -1 no workflows found Pinned-Dependencies ⚠️ -1 no dependencies found Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
composer/phpunit/php-invoker	7.0.0	🟢 5.2	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Maintained 🟢 5 6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
composer/phpunit/php-text-template	6.0.0	🟢 4.4	Details Check Score Reason Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Pinned-Dependencies ⚠️ -1 no dependencies found Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 SAST ⚠️ 0 no SAST tool detected Token-Permissions ⚠️ -1 No tokens found Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
composer/phpunit/php-timer	9.0.0	🟢 4.6	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 no SAST tool detected Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Pinned-Dependencies ⚠️ -1 no dependencies found Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
composer/phpunit/phpunit	13.0.1	🟢 5.2	Details Check Score Reason Code-Review ⚠️ 0 Found 2/28 approved changesets -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Pinned-Dependencies ⚠️ -1 no dependencies found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
composer/sebastian/cli-parser	5.0.0	🟢 5.2	Details Check Score Reason Token-Permissions ⚠️ -1 No tokens found Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 16 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Pinned-Dependencies ⚠️ -1 no dependencies found Packaging ⚠️ -1 packaging workflow not detected SAST ⚠️ 0 no SAST tool detected Dangerous-Workflow ⚠️ -1 no workflows found Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
composer/sebastian/comparator	8.0.0	🟢 5.2	Details Check Score Reason Dangerous-Workflow ⚠️ -1 no workflows found Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 no SAST tool detected Token-Permissions ⚠️ -1 No tokens found Pinned-Dependencies ⚠️ -1 no dependencies found Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
composer/sebastian/complexity	6.0.0	🟢 4.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow ⚠️ -1 no workflows found Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 no SAST tool detected Pinned-Dependencies ⚠️ -1 no dependencies found Maintained 🟢 6 8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ -1 No tokens found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
composer/sebastian/diff	8.0.0	🟢 4.6	Details Check Score Reason Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Dangerous-Workflow ⚠️ -1 no workflows found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
composer/sebastian/environment	9.0.0	🟢 6	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ -1 no dependencies found Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 2/30 approved changesets -- score normalized to 0 Dangerous-Workflow ⚠️ -1 no workflows found Maintained 🟢 10 14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ -1 No tokens found Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
composer/sebastian/exporter	8.0.0	🟢 4.6	Details Check Score Reason Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Dangerous-Workflow ⚠️ -1 no workflows found SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Pinned-Dependencies ⚠️ -1 no dependencies found Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
composer/sebastian/global-state	9.0.0	🟢 4.6	Details Check Score Reason Pinned-Dependencies ⚠️ -1 no dependencies found Security-Policy 🟢 10 security policy file detected Code-Review ⚠️ 0 Found 2/30 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 5 6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Token-Permissions ⚠️ -1 No tokens found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
composer/sebastian/lines-of-code	5.0.0	🟢 4.4	Details Check Score Reason Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Pinned-Dependencies ⚠️ -1 no dependencies found Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found SAST ⚠️ 0 no SAST tool detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
composer/sebastian/object-enumerator	8.0.0	🟢 4.4	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ -1 no dependencies found Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 SAST ⚠️ 0 no SAST tool detected Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
composer/sebastian/object-reflector	6.0.0	🟢 5.1	Details Check Score Reason Dangerous-Workflow ⚠️ -1 no workflows found SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
composer/sebastian/recursion-context	8.0.0	🟢 4.4	Details Check Score Reason SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found Pinned-Dependencies ⚠️ -1 no dependencies found Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
composer/sebastian/type	7.0.0	🟢 4.6	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
composer/sebastian/version	7.0.0	🟢 5.1	Details Check Score Reason Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Pinned-Dependencies ⚠️ -1 no dependencies found Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• composer.lock