Run composer audits only once
The pipeline "Check 4 Updates" runs composer update followed by a security audit and the verification that no outdated components are being used.
If all that is green, the changes get pushed up to the develop branch where another full pipeline with builds and tests get triggered. In that pipeline, composer doesn't update anymore, it only installs according to the lock file.
However, it also checks for outdated and security issues as part of that, which can be a period of time after the original composer update in the first pipeline. That delay is a problem, since there could have been an update of one of the components in the meantime, and then the pipeline fails.
This should be resolved such that the two checks (outdated and security) only run once: if check 4 updates ran first, run the check there but not again in develop. However, if a developer pushes to develop, the tests should then still be executed.
This can be achieved by adding a flag to the commit message in "Check 4 Updates" which then skips the tests in the subsequent pipeline.