Bump the github_actions_dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the github_actions_dependencies group with 4 updates in the / directory: shivammathur/setup-php, actions/cache, SonarSource/sonarqube-scan-action and aquasecurity/trivy-action.

Updates shivammathur/setup-php from 2.32.0 to 2.33.0

Release notes

Sourced from shivammathur/setup-php's releases.

2.33.0

Changelog

• Added support for Arm Ubuntu runners ubuntu-24.04-arm and ubuntu-22.04-arm. (#848)

jobs:
  run:
    runs-on: ubuntu-24.04-arm # or ubuntu-22.04-arm
    steps:
    - name: Setup PHP
      uses: shivammathur/setup-php@v2
      with:
        php-version: '8.4'

• Dropped support for Ubuntu 20.04 (ubuntu-20.04) for both GitHub hosted and self-hosted runners. Please migrate your workflows to ubuntu-22.04 or ubuntu-24.04. (#939) Ref: https://github.com/shivammathur/setup-php#github-hosted-runners

• Improved support for installing PHPUnit around new releases. Now setup-php will fallback to the previous release till new release is available on the phpunit.de website after it is tagged. (#913, #938)

- name: Setup PHP
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.4'
    tools: phpunit

• Switched to using https://ppa.launchpadcontent.net for launchpad PPAs instead of http://ppa.launchpad.net. (#927, #928)

• Added a fallback to calling launchpad's API for getting PPA signatures to reduce reported failures on self-hosted runners. (#935)

• Added support for specifying tools' directory using TOOLS_DIR env. (#937)

- name: Setup PHP
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.4'
  env:
    TOOLS_DIR: '/tmp/tools'

• Fixed cache support for openswoole. (#917, shivammathur/cache-extensions#47)

• Fixed the version of composer-normalize in the logs. (#899)

- name: Setup PHP
</tr></table> 

... (truncated)

Commits

• cf4cade Drop support for ubuntu-20.04 [skip ci]
• 316da6e Fix phalcon and zephir_parser support on Windows
• 34061fa Fix relay support on macOS
• b7bd9e4 Bump version to 2.33.0
• 78e1c95 feat: set this via an environment variable instead
• 310e481 feat: allow tools path directory to be set
• 42a9487 Fix pdo_oci
• f5d98d1 Improve support for phalcon5 and zephir_parser
• 1a94db5 Update dependencies
• 1489f57 Merge pull request #928 from jg-development/main
• Additional commits viewable in compare view

Updates actions/cache from 4.2.1 to 4.2.3

Release notes

Sourced from actions/cache's releases.

v4.2.3

What's Changed

• Update to use @​actions/cache 4.0.3 package & prepare for new release by @​salmanmkc in actions/cache#1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

• @​salmanmkc made their first contribution in actions/cache#1577

Full Changelog: actions/cache@v4.2.2...v4.2.3

v4.2.2

What's Changed

[!IMPORTANT] As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

• Bump @​actions/cache to v4.0.2 by @​robherley in actions/cache#1560

Full Changelog: actions/cache@v4.2.1...v4.2.2

Changelog

Sourced from actions/cache's changelog.

4.2.3

• Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

• Bump @actions/cache to v4.0.2

Commits

• 5a3ec84 Merge pull request #1577 from salmanmkc/salmanmkc/4-test
• 7de2102 Update releases.md
• 76d40dd Update to use the latest version of the cache package to obfuscate the SAS
• 76dd5eb update cache with main
• 8c80c27 new package
• 45cfd0e updates
• edd449b updated cache with latest changes
• 0576707 latest test before pr
• 3105dc9 update
• 9450d42 mask
• Additional commits viewable in compare view

Updates SonarSource/sonarqube-scan-action from 5.0.0 to 5.1.0

Release notes

Sourced from SonarSource/sonarqube-scan-action's releases.

v5.1.0

What's Changed

• Update SonarScanner CLI to 7.1.0.4889 to support sonar.region=us by @​github-actions in SonarSource/sonarqube-scan-action#183

Full Changelog: SonarSource/sonarqube-scan-action@v5.0.0...v5.1.0

Commits

• aa49445 SQSCANGHA-85 Update SonarScanner CLI to 7.1.0.4889 to support sonar.region=us
• 1474b34 SQSCANGHA-87 Fix the new version in version update (#182)
• 9616286 SQSCANGHA-86 Autoclose issues created by Jira integration (#179)
• f932b66 NO-JIRA docs(readme): use consistently vars.SONAR_HOST_URL
• 550777f NO-JIRA Remove superfluous space from action description
• See full diff in compare view

Updates aquasecurity/trivy-action from 0.29.0 to 0.30.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.30.0

What's Changed

• fix: Update default trivy version in README by @​derrix060 in aquasecurity/trivy-action#444
• fix: typo in description of an input for action.yaml by @​yutatokoi in aquasecurity/trivy-action#452
• Improve README/SBOM by @​AB-xdev in aquasecurity/trivy-action#439
• chore: bump trivy to v0.60.0 by @​nikpivkin in aquasecurity/trivy-action#453

New Contributors

• @​derrix060 made their first contribution in aquasecurity/trivy-action#444
• @​yutatokoi made their first contribution in aquasecurity/trivy-action#452
• @​AB-xdev made their first contribution in aquasecurity/trivy-action#439

Full Changelog: aquasecurity/trivy-action@0.29.0...0.30.0

Commits

• 6c175e9 chore: bump trivy to v0.60.0 (#453)
• 53e8848 Improve README/SBOM (#439)
• ef1b561 fix: typo in description of an input for action.yaml (#452)
• a11da62 fix: Update default trivy version in README (#444)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions