Bump laminas/laminas-ldap from 2.19.0 to 2.20.0#837
Open
dependabot[bot] wants to merge 1 commit into
Open
Conversation
Bumps [laminas/laminas-ldap](https://github.com/laminas/laminas-ldap) from 2.19.0 to 2.20.0. - [Release notes](https://github.com/laminas/laminas-ldap/releases) - [Commits](laminas/laminas-ldap@2.19.0...2.20.0) --- updated-dependencies: - dependency-name: laminas/laminas-ldap dependency-version: 2.20.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dj4oC
reviewed
Jul 8, 2026
dj4oC
left a comment
There was a problem hiding this comment.
Dependabot PR (laminas/laminas-ldap 2.19.0 → 2.20.0).
- Security: no findings — this is a version bump of the LDAP client library itself; recommend a maintainer skim the laminas-ldap 2.20.0 changelog for any bind/auth-relevant behavior change before merge, since this app is Tier-2/never-auto-merge for LDAP-adjacent changes, but the bump itself introduces no code here.
- Stability: no findings from the diff.
- Performance: no findings.
- Test coverage: n/a (dependency bump only).
- TODOs found: none.
- Dependency touched: yes — confirmed covered by
dependabot.yml. - CI status: failing —
Commits / Validate semantic commitsandlintboth failing. Same systemic root cause flagged on other Dependabot PRs across this org right now: Dependabot's default commit message doesn't satisfy this repo's conventional-commit lint. Repo-level fix (dependabot.ymlcommit-message.prefixor a lint exception for bot commits) needed, not a per-PR patch. The separatelintfailure should be checked independently — worth confirming it isn't a real code-lint issue introduced by the composer.lock diff. - Stale review: no.
Verdict
Commenting — not approving while CI is red.
🤖 Automated review by Claude Code (security · stability · performance · coverage)
Generated by Claude Code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps laminas/laminas-ldap from 2.19.0 to 2.20.0.
Release notes
Sourced from laminas/laminas-ldap's releases.
Commits
0af21edMerge pull request #63 from caseyamcl/2.20.xcc1e636fix phpunit/phpunit lowest depdbe516dfix phpunit/phpunit lowest depa511285fix amphp/socket lowest dep04e843afix amp/dns on lowest depbb37d47regenerate psalm baseline183f223regenerate psalm baseline59fa61cexplicitly set symfony/console/filesystem/string versions in require-dev8fcb325Bumpphp-mock/php-mock-phpunitdependency up to 2.14.0 to hopefully elimina...79adc2dRevert platform in composer.jsonDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)