Skip to content

Unpushed commits (local main ahead of origin/main)#1

Merged
StanBarrows merged 4 commits into
mainfrom
feature-dependency-bump-2026-03-20
Mar 20, 2026
Merged

Unpushed commits (local main ahead of origin/main)#1
StanBarrows merged 4 commits into
mainfrom
feature-dependency-bump-2026-03-20

Conversation

@StanBarrows

Copy link
Copy Markdown
Contributor

Local main was 4 commit(s) ahead of origin/main. Opened from update-opensource-active.sh for review.

Copilot AI review requested due to automatic review settings March 20, 2026 07:09

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR brings the local main branch back in sync with origin/main by applying accumulated dependency updates and repository hygiene changes (GitHub automation + OSS meta docs), plus a few test cleanups.

Changes:

  • Update PHP dependencies (notably Laravel/framework and related packages) via composer.lock.
  • Add OSS/project meta files and GitHub automation (Dependabot config, dependency review, auto-merge workflow, issue templates).
  • Minor test refactors to use imported class names instead of fully-qualified references.

Reviewed changes

Copilot reviewed 15 out of 16 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
tests/Unit/MicrosoftOAuthServiceTest.php Use imported Request type in Http::assertSent callback.
tests/Unit/MicrosoftGraphServiceTest.php Use imported RequestException in throws(...).
tests/TestCase.php Use imported Route facade for test routes.
tests/Feature/RedirectTest.php Replace FQCN usages with imports/short names (introduces a missing import issue).
tests/Feature/ControllerEdgeCasesTest.php Use imported User::class instead of FQCN.
tests/Feature/CallbackTest.php Use imported Request type in Http::assertSent callback.
src/Facades/MicrosoftEntraSSO.php Update @see to short class name and add import (currently conflicts with Pint’s unused-import rule).
config/microsoft-entra-sso.php Import App\Models\User and reference User::class in default guard config.
composer.lock Dependency updates / lock refresh.
SECURITY.md Add security policy contact instructions.
CONTRIBUTING.md Add contribution guidelines (needs alignment with repo lint tooling).
.github/workflows/dependency-review.yml Add dependency review workflow (uses actions/checkout@v6, inconsistent with repo).
.github/workflows/dependabot-auto-merge.yml Add Dependabot PR auto-merge workflow.
.github/dependabot.yml Add Dependabot configuration (includes npm ecosystem without a root manifest).
.github/ISSUE_TEMPLATE/feature_request.yml Add feature request template.
.github/ISSUE_TEMPLATE/bug_report.yml Add bug report template (currently invalid YAML and contains a typo).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v6

Copilot AI Mar 20, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This workflow uses actions/checkout@v6, while the other workflows in this repo use actions/checkout@v4. To reduce the chance of CI breakage and keep versions consistent, consider pinning to the same major version as the rest of the repo (or verify that @v6 is available and intended).

Suggested change
uses: actions/checkout@v6
uses: actions/checkout@v4

Copilot uses AI. Check for mistakes.
Comment thread CONTRIBUTING.md
Comment on lines +43 to +45
- **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](https://pear.php.net/package/PHP_CodeSniffer).

- **Add tests!** - Your patch won't be accepted if it doesn't have tests.

Copilot AI Mar 20, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The contributing guide requires PSR-2 and points contributors to PHP_CodeSniffer, but this repo’s CI runs composer lint which executes Laravel Pint (vendor/bin/pint --test) with the laravel preset. Update the guide to match the actual formatting/linting toolchain (Pint) so contributors follow the same rules as CI.

Copilot uses AI. Check for mistakes.
Comment on lines +8 to +9
value: "|
We're sorry to hear you have a problem. Can you help us solve it by providing the following details."

Copilot AI Mar 20, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The issue template YAML is invalid: value is started as a quoted string ("|) and the following line is not indented under it. GitHub will likely fail to load this template. Use YAML block scalar syntax (value: |) and indent the markdown content under value.

Suggested change
value: "|
We're sorry to hear you have a problem. Can you help us solve it by providing the following details."
value: |
We're sorry to hear you have a problem. Can you help us solve it by providing the following details.

Copilot uses AI. Check for mistakes.
- type: dropdown
id: operating-systems
attributes:
label: Which operating systems does with happen with?

Copilot AI Mar 20, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo/grammar in the label: "Which operating systems does with happen with?" should be corrected (e.g., "Which operating systems does this happen on?") for clarity in the issue template UI.

Suggested change
label: Which operating systems does with happen with?
label: Which operating systems does this happen on?

Copilot uses AI. Check for mistakes.
Comment thread .github/dependabot.yml
Comment on lines +14 to +26
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
allow:
- dependency-type: "direct"
ignore:
- dependency-name: "*"
update-types: [ "version-update:semver-major" ]
groups:
minor-and-patch:
update-types: [ "minor", "patch" ]

Copilot AI Mar 20, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Dependabot config enables the npm ecosystem for directory: "/", but this repository doesn't contain a package.json/lockfile in the root. This will cause Dependabot runs to error/no-op and generate noise. Either remove the npm entry or add the appropriate Node manifest files if npm dependencies are intended.

Suggested change
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
allow:
- dependency-type: "direct"
ignore:
- dependency-name: "*"
update-types: [ "version-update:semver-major" ]
groups:
minor-and-patch:
update-types: [ "minor", "patch" ]

Copilot uses AI. Check for mistakes.
@StanBarrows StanBarrows merged commit c837b99 into main Mar 20, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants