⬆️ Bump the composer group with 5 updates

[dependabot]

Bumps the composer group with 5 updates:

Package	From	To
nikic/php-parser	5.6.0	5.6.1
symfony/console	7.3.2	7.3.3
phpstan/phpstan	2.1.21	2.1.22
phpunit/phpunit	12.3.0	12.3.8
squizlabs/php_codesniffer	3.13.2	3.13.4

Updates nikic/php-parser from 5.6.0 to 5.6.1

Release notes

Sourced from nikic/php-parser's releases.

PHP-Parser 5.6.1

Fixed

• Fixed Param::isPublic() for parameters with asymmetric visibility keyword.
• Fixed PHP 8.5 deprecation warnings for SplObjectStorage methods.

Added

• Added cast kind attributes to Cast\Int_, Cast\Bool_ and Cast\String_. These allow distinguishing the deprecated versions of these casts.

Changelog

Sourced from nikic/php-parser's changelog.

Version 5.6.1 (2025-08-13)

Fixed

• Fixed Param::isPublic() for parameters with asymmetric visibility keyword.
• Fixed PHP 8.5 deprecation warnings for SplObjectStorage methods.

Added

• Added cast kind attributes to Cast\Int_, Cast\Bool_ and Cast\String_. These allow distinguishing the deprecated versions of these casts.

Commits

• f103601 Release PHP-Parser 5.6.1
• f4097dd Fix branch-alias for dev-master (#1101)
• 02dcdd7 Avoid deprecated SplObjectStorage::attach/detach
• f7d2856 Add PHP 8.5 to CI
• 4369a74 Update phpstan baseline
• 5ad295a Add cast kinds for bool, int, string (#1098)
• 63114fe Fix Param::isPublic() for param with asymmetric visibility
• See full diff in compare view

Updates symfony/console from 7.3.2 to 7.3.3

Release notes

Sourced from symfony/console's releases.

v7.3.3

Changelog (symfony/console@v7.3.2...v7.3.3)

• bug symfony/symfony#61033 [Console] Restore SHELL_VERBOSITY after a command is ran (@​lyrixx)
• bug symfony/symfony#61501 [Console] Fix testing multiline question (@​MatTheCat)
• bug symfony/symfony#61319 [Console] [Table] Don't split grapheme clusters (@​schlndh)

Commits

• cb0102a Merge branch '6.4' into 7.3
• 53a8528 bug #61033 [Console] Restore SHELL_VERBOSITY after a command is ran (lyrixx)
• 273fd29 [Console] Fix testing multiline question
• a1e23cf Merge branch '6.4' into 7.3
• ad2f59f [Console] Restore SHELL_VERBOSITY after a command is ran
• 01edfba Merge branch '6.4' into 7.3
• 0ca45ae [Console][Table] Don't split grapheme clusters
• See full diff in compare view

Updates phpstan/phpstan from 2.1.21 to 2.1.22

Release notes

Sourced from phpstan/phpstan's releases.

2.1.22

Improvements 🔧

• Allow PHP 8.5 as max version (#4188, #4192), thanks @​kubawerlos!
• Use authoritative Attribute stub (#4192)

Bugfixes 🐛

• Fix args are mistakenly handled as immediately-invoked (#4145), #13288, #13311, #13331, #13307, #12119, thanks @​staabm!
• Fixed HasOffsetValueType accessory missing main type (#4162, phpstan/phpstan-src@56a30c2), #13270, thanks @​staabm!
• Fix missing detection of dead code in arrow functions (#4147), thanks @​staabm!
• Fix missing detection of dead code in closures (#4148) (#4148), thanks @​staabm!
• Fix array_key_exists narrows $key too much (#4151), #11724, thanks @​staabm!

Function signature fixes 🤖

• Remove couchbase from functionmap (#4185), #5642, thanks @​VincentLanglet!
• Use benevolent union for stream_get_contents() return type (#4146) (#4146), #13289, thanks @​staabm!

Internals 🔍

• Remove unnecessary new Name() (#4193), thanks @​takaram!

Commits

• 41600c8 PHPStan 2.1.22
• 6b2473a Updated PHPStan to commit 6b2473a801bcde83c014530ba5a702577cdc8478
• 6d4e429 Update baselines
• 9bde094 Updated PHPStan to commit 9bde0940c93c3f7d63fe88ae8f55435aeb19fa15
• 252390f Updated PHPStan to commit 252390ffd16aaa51fba866a3f8e1b833eedb6071
• a817abf Updated PHPStan to commit a817abfc2b58ca351b19b2516215702f28102330
• ebd55c3 Update BACKERS.md
• 9dbff97 Updated PHPStan to commit 9dbff97c175250fec9dae1ab12cf0052991ce485
• e6c14f1 Updated PHPStan to commit e6c14f18ea949048f2f257a0769978fc3b3c5a27
• 7b66f55 removing eloquent/phpstan-phony link
• Additional commits viewable in compare view

Updates phpunit/phpunit from 12.3.0 to 12.3.8

Release notes

Sourced from phpunit/phpunit's releases.

PHPUnit 12.3.8

Fixed

• #6340: Implicitly enabled display of deprecation details is not disabled when it should be

---

Learn how to install or update PHPUnit 12.3 in the documentation.

Keep up to date with PHPUnit:

• You can follow @​[email protected] to stay up to date with PHPUnit's development.
• You can subscribe to the PHPUnit Updates newsletter to receive updates about and tips for PHPUnit.

PHPUnit 12.3.7

Changed

• #[IgnorePhpunitDeprecations] is now considered for test runner deprecations (where applicable)

---

Learn how to install or update PHPUnit 12.3 in the documentation.

Keep up to date with PHPUnit:

• You can follow @​[email protected] to stay up to date with PHPUnit's development.
• You can subscribe to the PHPUnit Updates newsletter to receive updates about and tips for PHPUnit.

PHPUnit 12.3.5

Changed

• #6319: Detect premature end of PHPUnit's main PHP process
• #6321: Allow error_reporting=E_ALL for --check-php-configuration

Fixed

• #5863: TestDox printer does not show previous exception
• #6102: expectUserDeprecationMessage*() fails when test is run in separate process

---

Learn how to install or update PHPUnit 12.3 in the documentation.

Keep up to date with PHPUnit:

• You can follow @​[email protected] to stay up to date with PHPUnit's development.
• You can subscribe to the PHPUnit Updates newsletter to receive updates about and tips for PHPUnit.

PHPUnit 12.3.4

Changed

... (truncated)

Changelog

Sourced from phpunit/phpunit's changelog.

[12.3.8] - 2025-09-03

Fixed

• #6340: Implicitly enabled display of deprecation details is not disabled when it should be

[12.3.7] - 2025-08-28

Changed

• #[IgnorePhpunitDeprecations] is now considered for test runner deprecations (where applicable)

[12.3.6] - 2025-08-20

Changed

• Do not configure report_memleaks setting (which will be deprecated in PHP 8.5) for PHPT processes

[12.3.5] - 2025-08-16

Changed

• #6319: Detect premature end of PHPUnit's main PHP process
• #6321: Allow error_reporting=E_ALL for --check-php-configuration

Fixed

• #5863: TestDox printer does not show previous exception
• #6102: expectUserDeprecationMessage*() fails when test is run in separate process

[12.3.4] - 2025-08-12

Changed

• #6308: Improve output of --check-php-configuration
• The version number for the test result cache file has been incremented to reflect that its structure for PHPUnit 12.3 is not compatible with its structure for PHPUnit 8.5 and PHPUnit 9.6

Fixed

• #6197: ini_set('error_log') sets filepath outside open_basedir
• #6279: Deprecation triggered in data provider method affects all test methods using that data provider method
• #6281: Exceptions raised in after-test method are not reported for skipped tests

[12.3.3] - 2025-08-11

Fixed

• #6304: PHPUnit 11.5.29 hangs when a test runner deprecation is triggered and process isolation is used (this reverts "#[IgnorePhpunitDeprecations] is now considered for test runner deprecations" from PHPUnit 12.3.1)

[12.3.2] - 2025-08-10

... (truncated)

Commits

• 9d68c1b Prepare release
• 4beb7f8 Merge branch '11.5' into 12.3
• 264a87c Prepare release
• 45bf34d Merge branch '11.5' into 12.3
• 5470bdb Merge branch '10.5' into 11.5
• 15d0472 Also trigger a warning for a data provider method that has a #[Test] attribute
• e9ae90c Move method
• e9071b4 Merge branch '11.5' into 12.3
• b595dcc Merge branch '10.5' into 11.5
• 60d0349 Merge branch '9.6' into 10.5
• Additional commits viewable in compare view

Updates squizlabs/php_codesniffer from 3.13.2 to 3.13.4

Release notes

Sourced from squizlabs/php_codesniffer's releases.

3.13.4 - 2025-09-05

Fixed

• Fixed bug #1213: ability to run tests for external standards using the PHPCS native test framework was broken.
  • Thanks to Juliette Reinders Folmer for the patch.
• Fixed bug #1214: PHP 8.5 "Using null as an array offset" deprecation notices.
  • Thanks to Juliette Reinders Folmer for the patch.

Statistics

Closed: 0 issues Merged: 3 pull requests

If you like to stay informed about releases and more, follow @​phpcs on Mastodon or @​PHP_CodeSniffer on X.

Please consider funding the PHP_CodeSniffer project. If you already do so: thank you!

3.13.3 - 2025-09-04

Added

• Tokenizer support for PHP 8.4 dereferencing of new expressions without wrapping parentheses. #1160
  • Thanks to Juliette Reinders Folmer for the patch.
• Tokenizer support for PHP 8.4 abstract properties. #1183
  • The File::getMemberProperties() method now also supports abstract properties through a new is_abstract array index in the return value. #1184
  • Additionally, the following sniffs have been updated to support abstract properties:
    • Generic.PHP.LowerCaseConstant #1185
    • Generic.PHP.UpperCaseConstant #1185
    • PSR2.Classes.PropertyDeclaration #1188
    • Squiz.Commenting.VariableComment #1186
    • Squiz.WhiteSpace.MemberVarSpacing #1187
  • Thanks to Juliette Reinders Folmer for the patches
• Tokenizer support for the PHP 8.4 "exit as a function call" change. #1201
  • When exit/die is used as a fully qualified "function call", it will now be tokenized as T_NS_SEPARATOR + T_EXIT.
  • Additionally, the following sniff has been updated to handle fully qualified exit/die correctly:
    • Squiz.PHP.NonExecutableCode
  • Thanks to Juliette Reinders Folmer for the patches

Changed

• Tokenizer/PHP: fully qualified true/false/null will now be tokenized as T_NS_SEPARATOR + T_TRUE/T_FALSE/T_NULL. #1201
  • Previously, these were tokenized as T_NS_SEPARATOR + T_STRING.
  • Additionally, the following sniffs have been updated to handle fully qualified true/false/null correctly:
    • Generic.CodeAnalysis.UnconditionalIfStatement
    • Generic.ControlStructures.DisallowYodaConditions
    • PEAR.Functions.ValidDefaultValue
  • Thanks to Juliette Reinders Folmer for the patches.
• Generic.PHP.Syntax: the sniff is now able to scan input provided via STDIN on non-Windows OSes. #915
  • Thanks to Rodrigo Primo for the patch.
• PSR2.ControlStructures.SwitchDeclaration: the WrongOpener* error code is now auto-fixable if the identified "wrong opener" is a semi-colon. #1161
  • Thanks to Juliette Reinders Folmer for the patch.
• The PSR2.Classes.PropertyDeclaration will now check that the abstract modifier keyword is placed before a visibility keyword. #1188
  • Errors will be reported via a new AbstractAfterVisibility error code.
  • Thanks to Juliette Reinders Folmer for the patch.

... (truncated)

Changelog

Sourced from squizlabs/php_codesniffer's changelog.

[3.13.4] - 2025-09-05

Fixed

• Fixed bug #1213: ability to run tests for external standards using the PHPCS native test framework was broken.
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch.
• Fixed bug #1214: PHP 8.5 "Using null as an array offset" deprecation notices.
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch.

#1213: PHPCSStandards/PHP_CodeSniffer#1213 #1214: PHPCSStandards/PHP_CodeSniffer#1214

[3.13.3] - 2025-09-04

Added

• Tokenizer support for PHP 8.4 dereferencing of new expressions without wrapping parentheses. #1160
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch.
• Tokenizer support for PHP 8.4 abstract properties. #1183
  • The File::getMemberProperties() method now also supports abstract properties through a new is_abstract array index in the return value. #1184
  • Additionally, the following sniffs have been updated to support abstract properties:
    • Generic.PHP.LowerCaseConstant #1185
    • Generic.PHP.UpperCaseConstant #1185
    • PSR2.Classes.PropertyDeclaration #1188
    • Squiz.Commenting.VariableComment #1186
    • Squiz.WhiteSpace.MemberVarSpacing #1187
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patches
• Tokenizer support for the PHP 8.4 "exit as a function call" change. #1201
  • When exit/die is used as a fully qualified "function call", it will now be tokenized as T_NS_SEPARATOR + T_EXIT.
  • Additionally, the following sniff has been updated to handle fully qualified exit/die correctly:
    • Squiz.PHP.NonExecutableCode
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patches

Changed

• Tokenizer/PHP: fully qualified true/false/null will now be tokenized as T_NS_SEPARATOR + T_TRUE/T_FALSE/T_NULL. #1201
  • Previously, these were tokenized as T_NS_SEPARATOR + T_STRING.
  • Additionally, the following sniffs have been updated to handle fully qualified true/false/null correctly:
    • Generic.CodeAnalysis.UnconditionalIfStatement
    • Generic.ControlStructures.DisallowYodaConditions
    • PEAR.Functions.ValidDefaultValue
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patches.
• Generic.PHP.Syntax: the sniff is now able to scan input provided via STDIN on non-Windows OSes. #915
  • Thanks to [Rodrigo Primo][@​rodrigoprimo] for the patch.
• PSR2.ControlStructures.SwitchDeclaration: the WrongOpener* error code is now auto-fixable if the identified "wrong opener" is a semi-colon. #1161
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch.
• The PSR2.Classes.PropertyDeclaration will now check that the abstract modifier keyword is placed before a visibility keyword. #1188
  • Errors will be reported via a new AbstractAfterVisibility error code.
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch.
• Various housekeeping, including improvements to the tests and documentation.
  • Thanks to [Bernhard Zwein][@​benno5020], [Rick Kerkhof][@​NanoSector], [Rodrigo Primo][@​rodrigoprimo] and [Juliette Reinders Folmer][@​jrfnl] for their contributions.

... (truncated)

Commits

• ad545ea Merge pull request #1217 from PHPCSStandards/feature/changelog-3.13.4
• 905603e Changelog for the 3.13.4 release
• 288a2a9 Merge pull request #1215 from PHPCSStandards/php-8.5/fix-null-as-array-offset...
• d9b3e66 Merge pull request #1213 from PHPCSStandards/feature/remove-filelist-tests
• 6b82a86 PHP 8.5 | Tokenizer/PHP: temporarily silence "Using null as an array offset" ...
• acf2a54 PHP 8.5 | Tokenizer/PHP: fix "Using null as an array offset" deprecation
• c019c75 PHP 8.5 | File::getMemberProperties(): fix "Using null as an array offset" de...
• def8714 🔥 Hot Fix: remove FileList tests
• f1c9394 Config: update version nr to next
• 5be16e1 Merge pull request #1211 from PHPCSStandards/feature/changelog-3.13.3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[homersimpsons]

I ran the upgrade manually (not sure why dependabot did not run it as it is a monthl check usually).

About the infection report, in fact it looks like the PHP-Parser pretty-printing code does not handle the aliases. To me we should at least keep the tests to ensure this behavior remain in the future. But about the normalization code I'm okay to keep or remove it, what do you think about this @mk-mxp ?

[mk-mxp]

I don't know more than you do 😄 I'd use XDebug to inspect the object tree in each test case and most likely one will see the non-deprecated form being pretty-printed in every case. Maybe it depends on some PHP target version setting?

Edit: I would keep the normalization code, for documentation. Maybe also mark the false positives so infection ignores them?

[mk-mxp]

Yes, indeed, the pretty printer does not produce aliases for int or bool.

[homersimpsons]

Edit: I would keep the normalization code, for documentation. Maybe also mark the false positives so infection ignores them?

Thanks for your input, after reflection:

1. I will let them for documentation
2. I won't mark them as false positive (this would require adding ignore comments on the function calls + the attribute set), this was a good idea but I feel like this would bloat the code more than necessary without clear improvements.

[mk-mxp]

2. I won't mark them as false positive (this would require adding ignore comments on the function calls + the attribute set), this was a good idea but I feel like this would bloat the code more than necessary without clear improvements.

I've been thinking of excluding them by infection configuration, which would not "bloat" the code.