Bump the dev-dependencies group with 2 updates

[dependabot[bot]]

Bumps the dev-dependencies group with 2 updates: phpstan/phpstan and squizlabs/php_codesniffer.

Updates phpstan/phpstan from 1.10.66 to 1.10.67

Release notes

Sourced from phpstan/phpstan's releases.

1.10.67

This is the last release, or one of the last releases, in 1.10.x series. The next one is going to be PHPStan 1.11, and it's going to be released at some point in May 2024.

Improvements 🔧

• Forbid PHPUnitPHAR prefixed classes (#3002), thanks @​staabm!
• Improve error messages on unnamed parameters (#3010), #10814, thanks @​takaram!

Bugfixes 🐛

• Improve date() return types (#2888), #10468, #6613, thanks @​zonuexe!
• Default value null does not make promoted property type nullable (https://github.com/phpstan/phpstan-src/commit/b2177e350f79176a5d53eaf75e37e5dce0053f8a), #9839
• Fix socket_select array types after call (https://github.com/phpstan/phpstan-src/commit/24c52494be982429eb6782ad859fb6cbd6fb3dee), https://github.com/phpstan/phpstan/discussions/10285
• Fix conditional types in PHPDocs from stubs for native functions (https://github.com/phpstan/phpstan-src/commit/8ae0b28a5c1e6f4e2c692caff0cd99df07f2486e)
• Fix env int key problem (https://github.com/phpstan/phpstan-src/commit/e606fbedaea7e887456a771ce0dbb9572d16accf), #10833
• Fix false positives about uninitialized properties (#2897), #10523, #10822, thanks @​staabm!
• Incremented numeric-string should change to int/float (#2797), #10122, #10187, thanks @​staabm!
• Do not generalize big array when combined with empty array (#3003), #10834, thanks @​RobertMe!
• Fix string concatenation with benevolent union type (https://github.com/phpstan/phpstan-src/commit/4a4c739f9ff85b6c73659c21f8f3b8b7af8c82c9), #10863
• Treat get_defined_vars() as using constructor arguments (#3012), #10865, thanks @​rvanvelzen!
• Allow undefined variables passed into by-ref parameters only if the type is nullable (https://github.com/phpstan/phpstan-src/commit/7f8f9cce7f3903e505916c7afe04b7912570b5e2, https://github.com/phpstan/phpstan-src/commit/7961f7ae1fe815b0796e4d73717f1b117d4a7163), #1916

Function signature fixes 🤖

• More precise gc_status() signature for PHP8.3+ (#2996), thanks @​staabm!
• Add object shape for mysqli_result::fetch_fields (#3005), thanks @​schlndh!

Internals 🔍

• composer-dependency-analyser: update to 1.5.0 (support functions) (#3011), thanks @​janedbal!

Commits

• 16ddbe7 PHPStan 1.10.67
• 7961f7a Updated PHPStan to commit 7961f7ae1fe815b0796e4d73717f1b117d4a7163
• 7f8f9cc Updated PHPStan to commit 7f8f9cce7f3903e505916c7afe04b7912570b5e2
• f71da02 Updated PHPStan to commit f71da02958da0dd6b40193c64fcb6da12daf7227
• 074de75 Updated PHPStan to commit 074de75ff3bffd32e554e3ce8b0dbbde003e471e
• 1453c3f Updated PHPStan to commit 1453c3f160075f299dc4fc3b3098e8b0b3739b85
• 4a4c739 Updated PHPStan to commit 4a4c739f9ff85b6c73659c21f8f3b8b7af8c82c9
• 28c5729 Updated PHPStan to commit 28c57296288b78707902fdb4cdf9313a60eff363
• a80cd8a Update Larastan
• 336ab5c Update baselines
• Additional commits viewable in compare view

Updates squizlabs/php_codesniffer from 3.9.1 to 3.9.2

Release notes

Sourced from squizlabs/php_codesniffer's releases.

3.9.2 - 2024-04-24

Changed

• The Generic.ControlStructures.DisallowYodaConditions sniff no longer listens for the null coalesce operator. #458
  • Thanks to Rodrigo Primo for the patch.
• Various housekeeping, including improvements to the tests and documentation.
  • Thanks to Dan Wallis, Rodrigo Primo and Juliette Reinders Folmer for their contributions.

Fixed

• Fixed bug #381 : Squiz.Commenting.ClosingDeclarationComment could throw the wrong error when the close brace being examined is at the very end of a file.
  • Thanks to Rodrigo Primo for the patch.
• Fixed bug #385 : Generic.CodeAnalysis.JumbledIncrementer improved handling of parse errors/live coding.
  • Thanks to Rodrigo Primo for the patch.
• Fixed bug #394 : Generic.Functions.CallTimePassByReference was not flagging call-time pass-by-reference in anonymous class instantiations
  • Thanks to Rodrigo Primo for the patch.
• Fixed bug #420 : PEAR.Functions.FunctionDeclaration could run into a blocking PHP notice while fixing code containing a parse error.
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #421 : File::getMethodProperties() small performance improvement & more defensive coding.
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #423 : PEAR.WhiteSpace.ScopeClosingBrace would have a fixer conflict with itself when a close tag was preceded by non-empty inline HTML.
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #424 : PSR2.Classes.ClassDeclaration using namespace relative interface names in the extends/implements part of a class declaration would lead to a fixer conflict.
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #427 : Squiz.Operators.OperatorSpacing would have a fixer conflict with itself when an operator was preceeded by a new line and the previous line ended in a comment.
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #430 : Squiz.ControlStructures.ForLoopDeclaration: fixed potential undefined array index notice
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #431 : PSR2.Classes.ClassDeclaration will no longer try to auto-fix multi-line interface implements statements if these are interlaced with comments on their own line. This prevents a potential fixer conflict.
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #453 : Arrow function tokenization was broken when the return type was a stand-alone true or false; or contained true or false as part of a union type.
  • Thanks to Juliette Reinders Folmer for the patch

Other

• ESLint 9.0 has been released and changes the supported configuration file format. The (deprecated) Generic.Debug.ESLint sniff only supports the "old" configuration file formats and when using the sniff to run ESLint, the ESLINT_USE_FLAT_CONFIG=false environment variable will need to be set when using ESLint >= 9.0. For more information, see #436.

---

Statistics

Closed: 0 issues Merged: 22 pull requests

If you like to stay informed about releases and more, follow @​phpcs on Mastodon or @​PHP_CodeSniffer on X.

If you like what you see, please consider funding the PHP_CodeSniffer project. If you already do so: thank you!

Changelog

Sourced from squizlabs/php_codesniffer's changelog.

[3.9.2] - 2024-04-24

Changed

• The Generic.ControlStructures.DisallowYodaConditions sniff no longer listens for the null coalesce operator. #458
  • Thanks to [Rodrigo Primo][@​rodrigoprimo] for the patch.
• Various housekeeping, including improvements to the tests and documentation.
  • Thanks to [Dan Wallis][@​fredden], [Rodrigo Primo][@​rodrigoprimo] and [Juliette Reinders Folmer][@​jrfnl] for their contributions.

Fixed

• Fixed bug #381 : Squiz.Commenting.ClosingDeclarationComment could throw the wrong error when the close brace being examined is at the very end of a file.
  • Thanks to [Rodrigo Primo][@​rodrigoprimo] for the patch.
• Fixed bug #385 : Generic.CodeAnalysis.JumbledIncrementer improved handling of parse errors/live coding.
  • Thanks to [Rodrigo Primo][@​rodrigoprimo] for the patch.
• Fixed bug #394 : Generic.Functions.CallTimePassByReference was not flagging call-time pass-by-reference in anonymous class instantiations
  • Thanks to [Rodrigo Primo][@​rodrigoprimo] for the patch.
• Fixed bug #420 : PEAR.Functions.FunctionDeclaration could run into a blocking PHP notice while fixing code containing a parse error.
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch
• Fixed bug #421 : File::getMethodProperties() small performance improvement & more defensive coding.
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch
• Fixed bug #423 : PEAR.WhiteSpace.ScopeClosingBrace would have a fixer conflict with itself when a close tag was preceded by non-empty inline HTML.
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch
• Fixed bug #424 : PSR2.Classes.ClassDeclaration using namespace relative interface names in the extends/implements part of a class declaration would lead to a fixer conflict.
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch
• Fixed bug #427 : Squiz.Operators.OperatorSpacing would have a fixer conflict with itself when an operator was preceeded by a new line and the previous line ended in a comment.
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch
• Fixed bug #430 : Squiz.ControlStructures.ForLoopDeclaration: fixed potential undefined array index notice
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch
• Fixed bug #431 : PSR2.Classes.ClassDeclaration will no longer try to auto-fix multi-line interface implements statements if these are interlaced with comments on their own line. This prevents a potential fixer conflict.
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch
• Fixed bug #453 : Arrow function tokenization was broken when the return type was a stand-alone true or false; or contained true or false as part of a union type.
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch

Other

• ESLint 9.0 has been released and changes the supported configuration file format. The (deprecated) Generic.Debug.ESLint sniff only supports the "old" configuration file formats and when using the sniff to run ESLint, the ESLINT_USE_FLAT_CONFIG=false environment variable will need to be set when using ESLint >= 9.0. For more information, see #436.

#381: PHPCSStandards/PHP_CodeSniffer#381 #385: PHPCSStandards/PHP_CodeSniffer#385 #394: PHPCSStandards/PHP_CodeSniffer#394 #420: PHPCSStandards/PHP_CodeSniffer#420 #421: PHPCSStandards/PHP_CodeSniffer#421 #423: PHPCSStandards/PHP_CodeSniffer#423 #424: PHPCSStandards/PHP_CodeSniffer#424 #427: PHPCSStandards/PHP_CodeSniffer#427 #430: PHPCSStandards/PHP_CodeSniffer#430 #431: PHPCSStandards/PHP_CodeSniffer#431

... (truncated)

Commits

• aac1f6f Merge pull request #459 from PHPCSStandards/feature/changelog-3.9.2
• f076b63 Changelog for the 3.9.2 release
• 83f3859 Merge pull request #460 from PHPCSStandards/feature/tests-arrow-functions-vs-...
• 273959e Tokenizer/PHP: add tests for arrow functions with intersection types
• b0d2d61 Merge pull request #453 from PHPCSStandards/feature/tokenizer-php-fix-bug-arr...
• bd6356c Tokenizer/PHP: arrow function tokenization broken when true/false used in ret...
• 46b883d BackfillFnTokenTest: use data providers when appropriate
• 5f38ce0 Merge pull request #458 from rodrigoprimo/disallow-yoda-condition-drop-null-c...
• e4d3743 Generic/DisallowYodaConditions: ?? should not trigger the sniff
• 8d2363d Merge pull request #394 from rodrigoprimo/test-coverage-call-time-pass-by-ref...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions