[automatic composer updates]

[github-actions]

composer update log:

Loading composer repositories with package information
Info from https://repo.packagist.org: #StandWithUkraine
Updating dependencies
Lock file operations: 0 installs, 2 updates, 0 removals
  - Upgrading matomo/referrer-spam-list (dev-master 4caf208 => dev-master c486d23)
  - Upgrading twig/twig (v3.6.1 => v3.7.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 2 updates, 0 removals
  - Downloading matomo/referrer-spam-list (dev-master c486d23)
  - Downloading twig/twig (v3.7.0)
  - Upgrading matomo/referrer-spam-list (dev-master 4caf208 => dev-master c486d23): Extracting archive
  - Upgrading twig/twig (v3.6.1 => v3.7.0): Extracting archive
Package lox/xhprof is abandoned, you should avoid using it. No replacement was suggested.
Package phpunit/php-token-stream is abandoned, you should avoid using it. No replacement was suggested.
Generating autoload files
49 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
No security vulnerability advisories found

[michalkleiner]

Do we need to do some more testing with the minor version update of Twig?
Is there perhaps a way how to run UI tests for these automated PRs?

[sgiehl]

We would need to run the update action with a own github token to allow running other actions. Otherwise pushing a commit or rebasing the branch when something else was merged will also trigger the test actions here.

Otherwise I often look in the changelogs or code diffs of the updated packages to check if there is anything important.

[michalkleiner]

Triggered the action "Matomo Tests" manually for the branch — https://github.com/matomo-org/matomo/actions/runs/5690779143

[michalkleiner]

Looks safe from my perspective
twigphp/Twig@v3.6.1...v3.7.0