Bump the dependencies group with 3 updates

[dependabot]

Bumps the dependencies group with 3 updates: composer/composer, phpstan/phpstan and phpunit/phpunit.

Updates composer/composer from 2.5.8 to 2.6.3

Release notes

Sourced from composer/composer's releases.

2.6.3

• Added audit.abandoned config setting. Can be set to ignore, report (current default) or fail (future default in 2.7) to make the audit command report abandoned packages as a security problem (#11639)
• Added a warning when duplicates files autoload rules are detected (#11109)
• Fixed unhandled promise rejection regression (#11620)
• Fixed loading of root aliases on path repo packages when doing partial updates (#11632)
• Fixed archive command not producing the correct output if the temp dir is a symlink (#11636)
• Fixed some replaced packages being incorrectly missing when unlocked in a partial update (#11629)

2.6.2

• Reverted "Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562)" which caused a regression (#11617)
• Fixed non-zero exit code on failed audits to only apply to install --audit runs and not implicit audits with require, create-project or update commands (#11616)
• Fixed create-project infinite post-install loop in some circumstances (#11613)

2.6.1

• Reverted "Fixed executability of non-php binaries which are not marked executable (#11557)" which caused a regression (#11612)

2.6.0

• Added audit.ignore config setting to ignore security advisories by id or CVE id (#11556, #11605)
• Added rm alias to the remove command (#11367)
• Added runtime platform check to verify the php-64bit requirement is met (#11334)
• Added platform package detection for lib-pq-libpq and lib-rdkafka-librdkafka (#11418)
• Added --dry-run to dump-autoload command to allow running --strict-psr checks without modifying the filesystem (#11608)
• Added support for bumping patch level in ~1.2.3 constraints (#11590)
• Added prompt in require if the package name is not found but similar ones exist (#11284)
• Added support for env vars and ~ in repository paths for vcs and artifact repositories (#11453)
• Added support for local directory paths for repositories of type composer (#11526)
• Added links to package homepages in why/why-not command output (#11308)
• Added a security key to the support key of composer.json to set the URL to the vulnerability disclosure policy (#11271)
• Added support for gathering security advisories from multiple repositories for a single package (#11436)
• Fixed install exit code to be non-zero (5) if a requested security audit failed (#11362)
• Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562) (Reverted in 2.6.2)
• Fixed executability of non-php binaries which are not marked executable (#11557) (Reverted in 2.6.1)
• Fixed mtime modification of the vendor dir to only happen when packages are modified, and not require lock file modification to happen (#11593)
• Fixed create-project using the wrong composer.json file if one was set via the COMPOSER env var (#11493)
• Fixed json editing to preserve indentation when updating json files (#11390)
• Fixed handling of broken junctions on windows (#11550)
• Fixed parsing of lib-curl-openssl version with OSX SecureTransport (#11534)
• Fixed svn repo parsing in some edge cases (#11350)
• Fixed handling of archive URLs without file extension (#11520)
• Performance improvement in pool optimization step (#11449, #11450)

Changelog

Sourced from composer/composer's changelog.

[2.6.3] 2023-09-15

• Added audit.abandoned config setting. Can be set to ignore, report (current default) or fail (future default in 2.7) to make the audit command report abandoned packages as a security problem (#11639)
• Added a warning when duplicates files autoload rules are detected (#11109)
• Fixed unhandled promise rejection regression (#11620)
• Fixed loading of root aliases on path repo packages when doing partial updates (#11632)
• Fixed archive command not producing the correct output if the temp dir is a symlink (#11636)
• Fixed some replaced packages being incorrectly missing when unlocked in a partial update (#11629)

[2.6.2] 2023-09-03

• Reverted "Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562)" which caused a regression (#11617)
• Fixed non-zero exit code on failed audits to only apply to install --audit runs and not implicit audits with require, create-project or update commands (#11616)
• Fixed create-project infinite post-install loop in some circumstances (#11613)

[2.6.1] 2023-09-01

• Reverted "Fixed executability of non-php binaries which are not marked executable (#11557)" which caused a regression (#11612)

[2.6.0] 2023-09-01

• Added audit.ignore config setting to ignore security advisories by id or CVE id (#11556, #11605)
• Added rm alias to the remove command (#11367)
• Added runtime platform check to verify the php-64bit requirement is met (#11334)
• Added platform package detection for lib-pq-libpq and lib-rdkafka-librdkafka (#11418)
• Added --dry-run to dump-autoload command to allow running --strict-psr checks without modifying the filesystem (#11608)
• Added support for bumping patch level in ~1.2.3 constraints (#11590)
• Added prompt in require if the package name is not found but similar ones exist (#11284)
• Added support for env vars and ~ in repository paths for vcs and artifact repositories (#11453)
• Added support for local directory paths for repositories of type composer (#11526)
• Added links to package homepages in why/why-not command output (#11308)
• Added a security key to the support key of composer.json to set the URL to the vulnerability disclosure policy (#11271)
• Added support for gathering security advisories from multiple repositories for a single package (#11436)
• Fixed install exit code to be non-zero (5) if a requested security audit failed (#11362)
• Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562) (Reverted in 2.6.2)
• Fixed executability of non-php binaries which are not marked executable (#11557) (Reverted in 2.6.1)
• Fixed mtime modification of the vendor dir to only happen when packages are modified, and not require lock file modification to happen (#11593)
• Fixed create-project using the wrong composer.json file if one was set via the COMPOSER env var (#11493)
• Fixed json editing to preserve indentation when updating json files (#11390)
• Fixed handling of broken junctions on windows (#11550)
• Fixed parsing of lib-curl-openssl version with OSX SecureTransport (#11534)
• Fixed svn repo parsing in some edge cases (#11350)
• Fixed handling of archive URLs without file extension (#11520)
• Performance improvement in pool optimization step (#11449, #11450)

Commits

• ff47783 Release 2.6.3
• 14233f1 Update changelog
• af90590 Update baseline (1689, 92)
• 218b904 Test status command (#11522)
• e3484c8 Add audit.abandoned warnings for abandoned packages, fixes #11623 (#11639)
• 3bc72f7 Fix build, update deps
• e2f5afd Add warning when duplicate "files" autoload rules are detected (#11109)
• 5474dc9 Fixed replaced packages being incorrectly missing when unlocked by an old ver...
• 1e4966c Get realpath for ZipArchive (#11636)
• 7a7f364 Fix bitbucket redirect URLs failing old PHP builds which do not support long ...
• Additional commits viewable in compare view

Updates phpstan/phpstan from 1.10.32 to 1.10.34

Release notes

Sourced from phpstan/phpstan's releases.

1.10.34

Improvements 🔧

• Add support and tests for $this type assertions (#2609), #8904, thanks @​ekisu!
• Update phpstan/phpdoc-parser to 1.24.0
  • Allow asserting the type of $this (phpstan/phpdoc-parser#209), thanks @​ekisu!
  • Avoid creating an Exception when it is not necessary (phpstan/phpdoc-parser#208), thanks @​mad-briller!
• Added --fail-without-result-cache CLI option (#2611), thanks @​staabm!
• Make result cache independent from configs include order (#2606), thanks @​staabm!
• Reduce unnecessary calls into reflection (#2614), thanks @​staabm!
• Micro-optimize with in_array() (#2618), thanks @​zonuexe!
• Cover ArgumentsNormalizer with BC promise (phpstan/phpstan-src@b87db62)
• LastConditionVisitor: condition followed by throw is marked as last (#2405), thanks @​JanTvrdik!

Function signature fixes 🤖

• fix incorrect doc for inotify_read (#2605), thanks @​taka-oyama!

Internals 🔍

• name-collision-detector (phpstan/phpstan-src@95cdbe5)

1.10.33

Improvements 🔧

• Support for referencing environment variables in the config (#2559), #1918
• Made parent class reflection resolving lazier (#2584), thanks @​staabm!
• FileTypeMapper - optimization of type aliases (phpstan/phpstan-src@2be81ac)
• Use NonAcceptingNeverType in more places (phpstan/phpstan-src@3e03e9d)
• MethodCall: mark virtual nullsafe call with attribute (#2598), #9830, thanks @​janedbal!

Bugfixes 🐛

• Fix checkBenevolentUnionTypes: true along with @template with array-key bound (#2587), #9766, thanks @​VincentLanglet!
• Fix type inference of array_sum() (#2591), #9808, thanks @​zer0-star!
• Update Symfony polyfills (phpstan/phpstan-src@dfcaa30), #8538

Function signature fixes 🤖

• More precise inotify related function signatures (#2599), thanks @​thg2k!

Internals 🔍

... (truncated)

Commits

• 7f806b6 PHPStan 1.10.34
• 95cdbe5 Updated PHPStan to commit 95cdbe577513286c36dcf513fe76f269e8a32125
• fc7c028 Updated PHPStan to commit fc7c0283176e5dc3867ade26ac835ee7f52599a9
• 78c6477 Updated PHPStan to commit 78c64779f82b8ca54669b71eaaeef57a49574b56
• b87db62 Updated PHPStan to commit b87db6233f08414e176f02ba2dcf08414cb1d83d
• a1b17b7 Updated PHPStan to commit a1b17b7f4b2b0fbcecf89273df7637b9f8e3778e
• 3c22ef5 Updated PHPStan to commit 3c22ef5ff131c827626d19cfd0400cb26521ef7c
• 19801d9 Updated PHPStan to commit 19801d90c2927f2dc57719f9eb883d7e3ccd290a
• 4241667 Updated PHPStan to commit 42416674ac473738aa7d6bf9b50892ebe9754748
• 2cb2f07 Updated PHPStan to commit 2cb2f074f7cd30fba2ed7647e8122a1efc92793b
• Additional commits viewable in compare view

Updates phpunit/phpunit from 9.6.11 to 9.6.12

Changelog

Sourced from phpunit/phpunit's changelog.

[9.6.12] - 2023-09-12

Changed

• #5508: Generate code coverage report in PHP format as first in list to avoid serializing cache data

Commits

• a122c2e Prepare release
• 0f2594d Update ChangeLog
• a3ad9d1 CodeCoverage: process PHP report as first in list to avoid serializing cache ...
• 63d1346 Merge branch '8.5' into 9.6
• 187a9c4 Update tools
• bf8634b GH Actions: actually run the tests on Windows
• e4c3197 E2E/diff-colorized: add separate test for Windows
• f50f5b4 E2E/DiffTest: fix line endings
• c472292 E2E Tests: use OS agnostic directory separators
• 2552659 Merge branch '8.5' into 9.6
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (b2c6811) 91.76% compared to head (da8f0c6) 91.76%.

Additional details and impacted files

@@            Coverage Diff            @@
##               main    #1592   +/-   ##
=========================================
  Coverage     91.76%   91.76%           
  Complexity     1809     1809           
=========================================
  Files           124      124           
  Lines          6471     6471           
=========================================
  Hits           5938     5938           
  Misses          533      533           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[dependabot]

Superseded by #1596.