chore(deps): bump ramsey/composer-install from 3.1.1 to 4.0.0

[dependabot]

Bumps ramsey/composer-install from 3.1.1 to 4.0.0.

Release notes

Sourced from ramsey/composer-install's releases.

4.0.0

What's Changed

• chore: Bump actions/cache from 4.2.4 to 5.0.3 by @​dependabot[bot] in ramsey/composer-install#278

  This necessitates a new major version because actions/cache v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. This is a breaking change for anyone using self-hosted runners.

Full Changelog: ramsey/composer-install@3.2.1...4.0.0

3.2.1

What's Changed

• Fix missing cache key hash of composer.json (and composer.lock), as reported in ramsey/composer-install#277.

Full Changelog: ramsey/composer-install@3.2.0...3.2.1

3.2.0

What's Changed

• Pin cache action version by @​saibotk in ramsey/composer-install#271

New Contributors

• @​saibotk made their first contribution in ramsey/composer-install#271

Full Changelog: ramsey/composer-install@3.1.1...3.2.0

Commits

• 65e4f84 docs: update badges for v4 branch
• 853e7d7 chore: Bump actions/cache from 4.2.4 to 5.0.3 (#278)
• a8d0d95 docs: change example OS name to match reality
• e8b962c docs: use pinned hash in all examples
• 822ffe8 fix: use format() to construct file names for hashFiles()
• 261fbb7 chore: pin actions used in CI workflow
• a35c6eb chore: Bump actions/checkout from 4 to 6 (#274)
• 1413e47 Pin cache action version (#271)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA f6b2614.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
actions/ramsey/composer-install	4.0.0	🟢 4.5	Details Check Score Reason Code-Review ⚠️ 2 Found 5/24 approved changesets -- score normalized to 2 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Maintained 🟢 10 12 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow ⚠️ -1 no workflows found Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• .github/workflows/phpcs.yaml