All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
0.2.9 - 2026-03-01
feat: prevent any composer.json file be used by super-linter
- linter.yml: temporary composer.json rename now covers every composer.json in the repository (even in subdirectories) and restores them after the run.
0.2.8 - 2026-02-14
fix: bump super-linter to v8.5.0
- fix
FIX_BIOME_*entry toenv
- bump super-linter to v8.5.0 due to High severity
CVE-2026-25761- Super-linter is vulnerable to command injection via crafted filenames in Super-linter Action
0.2.7 - 2025-10-22
fix: fix scheduled GitHub Actions by bumping super-linter::v.8.2.0 to v.8.2.1 (as super-linter::v8.2.0 failed on scheduled tasks with this error: /action/lib/functions/validation.sh: line 387: GIT_BEFORE_SHA_HEAD: unbound variable)
0.2.6 - 2025-10-04
chore(super-linter): Bumps super-linter/super-linter from 8.1.0 to 8.2.0.
validate-biome: trueoptional parameter enable Biome validation added to super-linter v8.2.0
- super-linter bumped to v8.2.0
0.2.5.2 - 2025-09-26
feat: phinx migration verbose (in php-composer-dependencies-reusable.yml)
0.2.5.1 - 2025-09-07
feat: If there's no .github/linters/zizmor.yaml present in the app repository, then this GitHub Action auto-generates such zizmor.yaml to disable unpinned-uses check. (Not to force all apps to create a one purpose zizmor.yaml.)
0.2.5 - 2025-08-28
feat: super-linter fixes can be downloaded as an artifact.
- feat: super-linter slim version (linter.yml) moved from v7.2.1 to v8.1.0
- zizmor.yaml disables the unpinned-uses check - i.e. allows refering to version instead of an exact hash
- many FIXes are applied automatically and their result can be downloaded as an artifact and then use locally with
git apply lint-fixes.patch - removed:
JAVASCRIPT_ES_CONFIG_FILE: .eslintrc.yml VALIDATE_JAVASCRIPT_ES: falselinter configuration because Prettier is applied anyway and I don't want to have.eslintrc.ymlconfiguredvalidate-css: falseoptional parameter disable CSS validationfilter-regex-exclude: ""optional parameter for regular expression to exclude certain files, e.g. third-party code, from being linted
- chore: bump actions/checkout@v4 to v5
- chore: Bash coding standard uses TAB and not SPACEs
- linter.yml: Temporarily rename composer.json (and then back) to prevent invoking composer within super-linter, as the environment PHP version (which might not be app relevant) is used and various libraries would be expected that are not part of super-linter environment.
0.2.4 - 2025-07-05
fix: git pull origin doesn't work with refs/pull/*
0.2.3 - 2025-03-09
fix: uses super-linter:v7.2.1 which doesn't invoke composer.
- Dump GitHub Variables for debugging
- linter.yml uses:
super-linter/super-linter/slim@v7.2.1(instead ofsuper-linter/super-linter@main) as v7.3.0 has a bug - composer expects PHP extensions that are not installed within super-linter environment
0.2.2 - 2025-02-21
chore: The cache name starts with phps- prefix. PHPCS-fix instead of old phpcbf.
- chain jobs example
- The cache name (key) is
phps-${{ runner.os }}-PHP${{ matrix.php-version }}-vendor-${{ hashFiles('**/composer.json') }}
- stop using phpcbf.yml and start using PHPCS-Fix
shell: bashadded where missing
0.2.1 - 2025-01-18
fix: Fetch the latest changes to allow job chaining.
- show PHPStan version before analyzing
- runs-on input can change the runner for reusable workflows linter.yml, overtrue-phplint.yml and php-composer-dependencies-reusable.yml
- the reusable workflows linter.yml, overtrue-phplint.yml and php-composer-dependencies-reusable.yml fetch the latest changes even by a previous job to allow for job chaining
0.2 - 2024-11-16
feat: Check PHP syntax and install PHPStan for each PHP version separately.
- Check PHP syntax for each PHP version separately
- php-composer-dependencies-reusable: phinx runs only after composer update (not just no-dev), so that phinx can be in require-dev section
- prettier-fix included to fix all those
VALIDATE_something_PRETTIERthat are now crucial part of super-linter - phpstan added with tools of shivammathur/setup-php@v2 is the latest one, which may not be supported (e.g. phpstan:2.0.1 fails php:7.2,7.3), so phpstan is now installed by
composer require --dev phpstan/phpstan-webmozart-assert
0.1.1 - 2024-05-29
fix: Super-linter adapts to the current branch. Phinx and dist config file paths can be modified.
- php-composer-dependencies-reusable: phinx and dist config file path can be modified
- linter.yml: DEFAULT_BRANCH adapts to the current branch.
actions/checkout with fetch-depth: 0to fetch all history for all branches and tags to provide history with pull_request.
0.1 - 2024-05-19
feat: Proven reusable workflows
- php-composer-dependencies-reusable.yml: Test composer dependencies, PHPUnit tests and PHPStan check
- overtrue-phplint.yml: Basic PHP linter
- linter.yml: Super-Linter of many formats
- Automatic PHP improvements: phpcbf.yml
- added .shfmt configuration for super-linter but VALIDATE_SHELL_SHFMT: false is the only solution, anyway