[SEC-580] Bump drupal/coder from 8.3.15 to 8.3.22

[dependabot]

Bumps drupal/coder from 8.3.15 to 8.3.22.

Commits

• ba6e623 fix(VariableComment): Allow intersection types in @​var comment (#3392423)
• c3f8e28 test(github): Add Drupal core regression testing (#3374864)
• 0b7f9af feat(Array): Allow array definition lines up to 120 characters for better rea...
• 7a35274 feat(enums): Add support for enums (#3283741 by chfoidl, claudiu.cristea, pfr...
• a0b76c6 Revert "feat(FunctionT): Allow passing constants to t() (#3326197 by Murz)"
• e79554b fix(ConstantName): Fix constant name detection with define() calls (#3369978 ...
• 88055e4 style(FunctionT): Fix coding standard spacing in test (#3326197)
• 1c4a092 feat(FunctionT): Allow passing constants to t() (#3326197 by Murz)
• e4e2e22 fix(FunctionComment): Fix regression in 8.3.19 for variadic function paramete...
• bae4c1f test(github): Remove phpstan install workaround for removed PHP 7.1 (#203)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[private-packagist]

composer.lock

Package changes

Package	Operation	From	To	About
symfony/deprecation-contracts	add	-	v2.5.2	view code - License: MIT License
drupal/coder	upgrade	8.3.15	8.3.22	view code
phpstan/phpdoc-parser	upgrade	1.6.4	1.25.0	diff
sirbrillig/phpcs-variable-analysis	upgrade	v2.11.3	v2.11.17	diff
slevomat/coding-standard	upgrade	7.2.1	8.14.1	diff
squizlabs/php_codesniffer	upgrade	3.7.1	3.8.0	diff
symfony/polyfill-ctype	upgrade	v1.26.0	v1.28.0	diff
symfony/yaml	downgrade	v6.1.2	v5.4.31	diff

Important Metadata Changes

Package	Version	Metadata	From	To
drupal/coder	8.3.22	dist url		https://api.github.com/repos/pfrenssen/coder/zipball/ba6e62303d567863275fb086941f50a06dc7d08f
drupal/coder	8.3.22	source url	https://git.drupalcode.org/project/coder.git	https://github.com/pfrenssen/coder.git
squizlabs/php_codesniffer	3.8.0	dist url	https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/1359e176e9307e906dc3d890bcc9603ff6d90619	https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/5805f7a4e4958dbb5e944ef1e6edae0a303765e7
squizlabs/php_codesniffer	3.8.0	source url	https://github.com/squizlabs/PHP_CodeSniffer.git	https://github.com/PHPCSStandards/PHP_CodeSniffer.git

---

Settings · Docs · Powered by Private Packagist

[JojoVes]

Given errors in the ticket creation automation, pretty sure

CodeSniffer/.github/workflows/dependabot.yml

Lines 9 to 22 in 16fe706

	steps:
	- name: Create Issue
	uses: discoverygarden/create-issue@v1
	with:
	project: SEC
	summary: "[${{ github.repository }}] Workflow version update"
	description: |
	Update to github actions workflow.
	transition: "Request QA Review"
	deployment-instructions: "N/A"
	jira-url: ${{ secrets.JIRA_BASE_URL }}
	jira-user: ${{ secrets.JIRA_USER_EMAIL }}
	jira-token: ${{ secrets.JIRA_API_TOKEN }}
	slack-webhook: ${{ secrets.FEED_WORKFLOW_WEBHOOK }}

needs to be updated with stuff similar to https://github.com/discoverygarden/dgi-starter/blob/d1c552cbe535f9973e07f9a36eec555c871d5d85/.github/workflows/violinist.yml#L13-L26 ...specifically the secrets vs vars for jira details.

[JojoVes]

Regressing a major version seems...not good?

[adam-vessey]

Do we really care? It fits whatever given specs, that's all that really matters, yeah?

[adam-vessey]

$ composer why --tree symfony/yaml
symfony/yaml v5.4.31 Loads and dumps YAML files
└──drupal/coder 8.3.22 (requires symfony/yaml >=3.4.0)
   └──__root__ dev-main (requires drupal/coder ^8.3)

drupal/coder is the only thing requiring it, and appears to be rather (excessively?) permissive in what it accepts.

[dependabot]

Superseded by #33.