Skip to content

build(deps): bump cweagans/composer-patches from 1.7.3 to 2.0.0 #5121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sreichel merged 15 commits into from
Jan 1, 2026
Merged

build(deps): bump cweagans/composer-patches from 1.7.3 to 2.0.0 #5121

sreichel merged 15 commits into from
Jan 1, 2026

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 1, 2025
edited
Loading

Bumps cweagans/composer-patches from 1.7.3 to 2.0.0.

Release notes

Sourced from cweagans/composer-patches's releases.

2.0.0

What's Changed

... (truncated)

Commits
  • bfa6018 Merge pull request #637 from darrenoh/patch-1
  • 8e89df2 Bump php-coveralls/php-coveralls from 2.7.0 to 2.8.0 (#629)
  • 2ab6fbf Merge branch 'main' into patch-1
  • f8b1a49 Merge pull request #601 from raphaelstolt/update-gitattributes
  • 34a4680 Bump composer/composer from 2.8.11 to 2.8.12 (#644)
  • c1cf768 Bump squizlabs/php_codesniffer from 3.13.4 to 4.0.0 (#643)
  • e0b7c17 Bump actions/github-script from 7 to 8 (#642)
  • 8b3b6a4 Bump squizlabs/php_codesniffer from 3.13.3 to 3.13.4 (#641)
  • 9097e91 Bump squizlabs/php_codesniffer from 3.13.2 to 3.13.3 (#640)
  • f4a4865 Bump composer/composer from 2.8.10 to 2.8.11 (#639)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
build(deps): bump cweagans/composer-patches from 1.7.3 to 2.0.0
61c07c2 
Bumps [cweagans/composer-patches](https://github.com/cweagans/composer-patches) from 1.7.3 to 2.0.0.
- [Release notes](https://github.com/cweagans/composer-patches/releases)
- [Commits](cweagans/composer-patches@1.7.3...2.0.0)

---
updated-dependencies:
- dependency-name: cweagans/composer-patches
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file MAJOR This PR is intended to be treated as a MAJOR update according to RFC-0002 php Pull requests that update Php code labels Dec 1, 2025
@github-actions github-actions bot added the composer Relates to composer.json label Dec 1, 2025
@sreichel
Copy link
Contributor

sreichel commented Dec 5, 2025

@dependabot rebase

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 5, 2025

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@sreichel
Copy link
Contributor

sreichel commented Dec 5, 2025

@dependabot recreate

@dependabot
build(deps): bump cweagans/composer-patches from 1.7.3 to 2.0.0
39f3119 
Bumps [cweagans/composer-patches](https://github.com/cweagans/composer-patches) from 1.7.3 to 2.0.0.
- [Release notes](https://github.com/cweagans/composer-patches/releases)
- [Commits](cweagans/composer-patches@1.7.3...2.0.0)

---
updated-dependencies:
- dependency-name: cweagans/composer-patches
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/composer/cweagans/composer-patches-2.0.0 branch from 9c37dd4 to 39f3119 Compare December 5, 2025 22:36
@github-actions github-actions bot added the ddev label Dec 5, 2025
@sreichel
Merge remote-tracking branch 'lts/dependabot/composer/cweagans/compos…
ebe9ca6 
…er-patches-2.0.0' into dependabot/composer/cweagans/composer-patches-2.0.0

# Conflicts:
#	composer.lock
@sreichel sreichel force-pushed the dependabot/composer/cweagans/composer-patches-2.0.0 branch from f2be913 to ebe9ca6 Compare December 5, 2025 22:41
addison74
addison74 previously approved these changes Dec 6, 2025
View reviewed changes
@sreichel
Copy link
Contributor

sreichel commented Dec 31, 2025

@dependabot recreate

@dependabot
build(deps): bump cweagans/composer-patches from 1.7.3 to 2.0.0
3af7fc1 
Bumps [cweagans/composer-patches](https://github.com/cweagans/composer-patches) from 1.7.3 to 2.0.0.
- [Release notes](https://github.com/cweagans/composer-patches/releases)
- [Commits](cweagans/composer-patches@1.7.3...2.0.0)

---
updated-dependencies:
- dependency-name: cweagans/composer-patches
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/composer/cweagans/composer-patches-2.0.0 branch from ebe9ca6 to 3af7fc1 Compare December 31, 2025 13:39
@github-actions github-actions bot removed the ddev label Dec 31, 2025
@M-arcus M-arcus mentioned this pull request Dec 31, 2025
Merged
@M-arcus
Copy link
Contributor

M-arcus commented Dec 31, 2025
edited
Loading

@sreichel I have adjusted the patches for version 2 in #5198, but found another error for patches OM918 and OM-2047, where the correct location in the file can't be found. Looks like they need to be regenerated.

@sreichel
Copy link
Contributor

sreichel commented Dec 31, 2025
edited
Loading

@M-arcus thanks for taking time ❤️

ref: symplify/vendor-patches#44

@M-arcus
Copy link
Contributor

M-arcus commented Dec 31, 2025

@sreichel there is also a new lock file called patches.lock.json, that should be added/ignored, too

@M-arcus
Copy link
Contributor

M-arcus commented Dec 31, 2025

@sreichel Why are the patches linked to GitHub and not to the local folder? I don't mean this as criticism, just want to understand so I can implement a PR fix better

@sreichel
Copy link
Contributor

sreichel commented Dec 31, 2025
edited
Loading

@sreichel Why are the patches linked to GitHub and not to the local folder? I don't mean this as criticism, just want to understand so I can implement a PR fix better

local paths dont work whem OM is used as dependency in another composer project.

@sreichel
Copy link
Contributor

sreichel commented Dec 31, 2025

Seems not to solve it?

@M-arcus
Copy link
Contributor

M-arcus commented Dec 31, 2025

@sreichel the composer.json still references the old github links

@sreichel
Merge remote-tracking branch 'lts/dependabot/composer/cweagans/compos…
e76ad6f 
…er-patches-2.0.0' into dependabot/composer/cweagans/composer-patches-2.0.0

# Conflicts:
#	composer.json
#	composer.lock
@sreichel
update OM-2047
5479577
@sreichel
update OM-918
f28ab75
@sreichel
add patches.lock.json
0ea46e9
@sreichel
back to local paths
05139ed
@github-actions github-actions bot added the ddev label Dec 31, 2025
@sreichel
Copy link
Contributor

sreichel commented Dec 31, 2025
edited
Loading

Works. Updated OM-918/2047.

@M-arcus would be great if you can check local paths issue.

And created patches still use --- /dev/null

@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 31, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions
Copy link
Contributor

github-actions bot commented Dec 31, 2025
edited
Loading

Test Results

966 tests  ±0   958 ✅ ±0   16s ⏱️ ±0s
213 suites ±0     8 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit a03b507. ± Comparison against base commit 99758fe.

♻️ This comment has been updated with latest results.

@sreichel sreichel merged commit 48fdc57 into main Jan 1, 2026
43 checks passed
@dependabot dependabot bot deleted the dependabot/composer/cweagans/composer-patches-2.0.0 branch January 1, 2026 06:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@addison74 addison74 addison74 left review comments

Assignees

No one assigned

Labels

composer Relates to composer.json ddev dependencies Pull requests that update a dependency file MAJOR This PR is intended to be treated as a MAJOR update according to RFC-0002 php Pull requests that update Php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sreichel @M-arcus @addison74