You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
While Codacy reports that the changes are up to standards, this PR should not be merged in its current state due to high-risk metadata inconsistencies in the composer.lock file. A future-dated package timestamp (2025-07-15) was detected, which suggests a compromised generation process. Additionally, the update includes a significant jump in the Composer plugin-api-version and a bump to symfony/deprecation-contracts that were not documented in the PR description. These side effects could break build pipelines that rely on older, stable versions of Composer or specific deprecation behaviors.
About this PR
The PR includes a bump for symfony/deprecation-contracts to v3.6.0 and an update to the Composer plugin-api-version from 2.6.0 to 2.9.0. These were not explicitly mentioned in the PR title or description and may have unintended side effects on the environment.
Test suggestions
Verify that service-related contracts and traits (e.g., ServiceMethodsSubscriberTrait) function correctly under version 3.6.1.
Verify that the application remains compatible with the bumped symfony/deprecation-contracts version 3.6.0.
Prompt proposal for missing tests
Consider implementing these tests if applicable:
1. Verify that service-related contracts and traits (e.g., ServiceMethodsSubscriberTrait) function correctly under version 3.6.1.
2. Verify that the application remains compatible with the bumped `symfony/deprecation-contracts` version 3.6.0.
The reason will be displayed to describe this comment to others. Learn more.
🔴 HIGH RISK
The package timestamp for symfony/service-contracts is set to a future date (2025-07-15). This indicates the composer.lock file might have been manually edited or generated on a system with an incorrect clock, which can compromise dependency integrity and lead to reproducible build issues.
Regenerate the lock file using the standard composer command to ensure metadata integrity: composer update symfony/service-contracts symfony/deprecation-contracts --no-scripts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dependenciesPull requests that update a dependency filephpPull requests that update php code
0 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
dependabot
Bot
added
dependencies
![codacy-production[bot]](https://avatars.githubusercontent.com/in/56611?s=60&v=4){kind=small}
Bumps symfony/service-contracts from 3.5.0 to 3.6.1.
Commits
4511256Merge branch '6.4' into 7.2f83f4d7Fix@varphpdocfd85490CS fixesf021b05Fix ServiceMethodsSubscriberTrait for nullable servicec744140Fix ServiceMethodsSubscriberTrait for nullable service5ad3869Merge branch '7.1' into 7.2e53260aMerge branch '6.4' into 7.1465bd9dMerge branch '5.4' into 6.4f37b419Add PR template and auto-close PR on subtree split repositories7a42641Remove calls to getExpectedException()Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)