Update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
carthage-software/mago	^1.14.0 → ^1.18.1
php-standard-library/phpstan-extension	^2.0.3 → ^2.1.0
phpstan/phpstan	^2.1.40 → ^2.1.46
phpunit/phpunit (source)	^11.5.50 → ^11.5.55

---

Release Notes

carthage-software/mago (carthage-software/mago)

v1.18.1: Mago 1.18.1

Compare Source

Mago 1.18.1

Patch release fixing a CI failure that prevented 1.18.0 binaries from being built for aarch64-unknown-linux-gnu and aarch64-unknown-linux-musl targets.

🐛 Bug Fixes

Tests

• Skip stdin_input integration tests when cross-compiling: The --stdin-input integration tests spawn the built mago binary as a subprocess. When cross-compiling (e.g., aarch64 target on an x86_64 CI runner), the binary can't execute, causing all 5 tests to fail. These tests now detect cross-compilation and skip gracefully.

Full Changelog: carthage-software/mago@1.18.0...1.18.1

v1.18.0: Mago 1.18.0

Compare Source

Mago 1.18.0

Mago 1.18.0 is a packed release with 5 new features, 17 bug fixes across all tools, and improvements to the docblock parser. Highlights include full callable-string type support with function_exists/is_callable narrowing, --stdin-input for editor integrations on analyze/lint/guard, precise range() return types, a Psl\Dict\select_keys type provider, and numerous false positive fixes in the analyzer, linter, and formatter.

✨ Features

Analyzer

• callable-string type support: Added callable-string, lowercase-callable-string, and uppercase-callable-string types. function_exists() narrows strings to callable-string (#​1532)
• range() return type provider: Infers precise return types based on argument values - range(1, 5) returns non-empty-list<int<1, 5>>, range(0, 5.0) returns non-empty-list<float>, range('a', 'z') returns non-empty-list<non-empty-string> (#​1510)
• Psl\Dict\select_keys return type provider: Narrows the return type to a shaped array when called with literal keys, handling keyed arrays, generic arrays, and union/iterable types (#​1357)
• Detect redundant identity comparisons in loops: $v === false where $v is int is now flagged as redundant even inside foreach/for/while loops, when the types are from fundamentally incompatible categories (#​1555)

CLI

• --stdin-input for analyze, lint, and guard: Pipe unsaved buffer content from editors and use the real file path for baseline matching and issue locations. Supports path normalization for consistent baseline behavior (#​1253)
• Auto-detect reporting format: Automatically uses GitHub or GitLab reporting format when running in CI environments (#​1550)
• Auto-detect editor URL: Detects terminal editor from environment variables for clickable file paths in issue output
• Helpful --only error for analyze: Instead of a confusing clap suggestion, mago analyze --only now explains that the analyzer is not rule-based and suggests --retain-code (#​774)

🐛 Bug Fixes

Analyzer

• Fixed callable-string false positives: Resolved too-many-arguments when calling dynamic callable strings, never narrowing after function_exists false branch, and unreachable-else-clause for function_exists checks. The scalar comparator now properly checks is_callable during assertion contexts, and cast_atomic_to_callable uses a mixed signature (#​1561)
• Fixed isset narrowing lost with post-increment index: $arr[$i++] inside an isset($arr[$i]) block now preserves the narrowed type by saving it before the increment side-effect invalidates it (#​1556)
• Fixed !empty not removing false/null from unions: When !empty($row['key']) proves a key exists, non-array types like false and null are now removed from the parent union (#​1565)
• Fixed count() not generating NonEmptyCountable assertion: count($arr) in truthy context now properly narrows the array to non-empty
• Fixed match arm conditions affected by loop flag: Cleared the inside_loop flag when analyzing match arm conditions to fix false non-exhaustive match errors
• Fixed array_merge with unpacked arguments: array_merge(...$lists) where $lists is list<list<int>> now correctly returns list<int> instead of array<non-negative-int, int> (#​1548)
• Fixed net_get_interfaces return type: Corrected the prelude stub to match PHP documentation (#​1550)

Linter

• Fixed Pest ->not leaking across ->and() boundaries: The use-specific-expectations rule no longer carries the ->not modifier past ->and() calls, which reset the expectation context in Pest chains (#​1511)
• Fixed halstead rule emitting multiple issues per node: Volume, difficulty, and effort violations are now consolidated into a single issue, so // @​mago-expect lint:halstead suppresses all of them (#​1452)
• Fixed kan-defect score in issue title breaking baseline: Removed the metric value from the issue title so baseline matching remains stable when the score improves (#​1320)
• Fixed first-class callable suggestion for spread arguments: fn(array $nums) => Calculator::sum(...$nums) is no longer incorrectly suggested to be replaced with Calculator::sum(...) (#​1246)

Formatter

• Fixed unnecessary chain breaking on short chains: Raised the force-break threshold for $this-> and static method chains from 3 to 5 accesses, so chains like $this->tokenStorage->getToken()->getUser()->getFoo() stay on one line when they fit within print-width (#​1451)
• Fixed @mago-format-ignore-next corrupting code in sub-expressions: The ignore marker inside match arms, arrays, or function parameters no longer leaks to the next class member, which previously duplicated raw source content (#​1513)
• Fixed line break before comparison operator in parenthesized logical chain: Non-logical operators like > inside && chains now get their own group, preventing unwanted line breaks (#​1562)
• Fixed JSON schema enum values: BraceStyle, MethodChainBreakingStyle, EndOfLine, and NullTypeHint now use snake_case in the generated schema, with PascalCase preserved as aliases for backwards compatibility (#​1530)

Docblock

• Support multi-line inline tags: {@​internal ...} and other inline tags can now span multiple lines in PHPDoc comments (#​1257)

Codex

• Skip private properties inheritance: Private properties from parent classes are no longer inherited by child classes (#​1559)

Database

• Fixed glob metacharacters in file paths: Files with [], *, ?, or {} in their path are now treated as literal paths when they exist on disk, instead of being interpreted as glob patterns (#​1459)

🏗️ Internal

• Added regression test for @psalm-assert template narrowing (#​1517)
• Added types_share_category helper for loop-aware redundant comparison detection
• Added is_gap_insignificant helper for robust ignore-next marker validation

🙏 Thank You

Contributors

A huge thank you to everyone who contributed code to this release:

• @​WalterWoshid - #​1253
• @​edsrzf - #​1559

Issue Reporters

Thank you to everyone who reported issues that shaped this release:

• @​UweOhse - #​1532, #​1555, #​1556, #​1561, #​1565
• @​innocenzi - #​1451, #​1452
• @​RafaelKr - #​774, #​1513, #​1517
• @​bendavies - #​1246, #​1357
• @​mathroc - #​1320, #​1548
• @​ulrichsg - #​1562
• @​benfreke - #​1511
• @​KorvinSzanto - #​1510
• @​kv-codec - #​1530
• @​steffans - #​1459
• @​Soean - #​1257

Full Changelog: carthage-software/mago@1.17.0...1.18.0

v1.17.0: Mago 1.17.0

Compare Source

Mago 1.17.0

Mago 1.17.0 continues the focus on analyzer accuracy with 20+ bug fixes and several new features. Highlights include detection of array access on non-array types (false, scalars), support for PHP 8.4's #[\Deprecated] attribute, literal float arithmetic tracking, a new @suspends-fiber annotation for async code, and invalidation of memoized $this properties on self-method calls. The linter gains new rules for fully-qualified global imports and ambiguous constant access, plus an auto-fixer for redundant parentheses.

✨ Features

Analyzer

• Detect array access on non-array types: New false-array-access, possibly-false-array-access, possibly-invalid-array-access, and invalid-array-access issue codes report when array access is performed on false, scalars, or other non-array types, including assignment contexts (#​1542)
• Support #[\Deprecated] PHP attribute: Functions, methods, classes, constants, and enums with the #[\Deprecated] attribute are now recognized as deprecated (#​1541)
• @suspends-fiber annotation: A new docblock tag @suspends-fiber marks methods that suspend fibers. Calls to these methods invalidate all memoized $this property narrowings, preventing false positives in async code. Revolt\EventLoop\Suspension::suspend() is recognized automatically (#​1536)
• Invalidate memoized properties on self-method calls: Non-pure $this->method() calls now clear memoized $this-> property types, fixing false positives where property narrowings survived across method calls that could modify them (#​1536)
• Extend min/max/abs providers to Psl\Math functions: Psl\Math\max, Psl\Math\maxva, Psl\Math\min, Psl\Math\minva, and Psl\Math\abs now use the same precise integer range providers as the built-in functions
• Check reference constraints on array modifications: Array append ($arr[] = $val) and indexed assignment ($arr[$k] = $val) on by-reference parameters now validate against the parameter's type constraint (#​1539)

Linter

• no-fully-qualified-global-function, no-fully-qualified-global-constant, no-fully-qualified-global-class rules: New rules that flag fully-qualified references (#​1494)
• ambiguous-constant-access rule: Detects ambiguous constant access patterns (#​1508)
• Auto-fixer for redundant parentheses: The redundant-parentheses rule now has an auto-fixer (#​1549)

🐛 Bug Fixes

Analyzer

• Fixed false positives from truthy/falsy-mixed absorbing literals: The type combiner no longer absorbs falsy literal strings like string('') into truthy-mixed, which caused false redundant-condition warnings (#​1534)
• Fixed false positive for isset on string offsets: isset($s[0]) on a generic string no longer returns true unconditionally - empty strings have no characters, so the result is correctly bool (#​1537)
• Fixed parse_url component return types: parse_url() with a component argument now correctly includes false in the return type, since malformed URLs return false regardless of the component (#​1546)
• Fixed empty array variants lost in loops with break: Infinite loops with break no longer drop the pre-loop empty array variant, fixing false positives where count($arr) was always truthy after a while(true) loop (#​1535)
• Fixed empty array variants not removed after isset check: When if (!isset($arr[$key])) { throw; } exits, empty array variants are now removed from the base variable since isset proves the array is non-empty
• Fixed switch fall-through after never-returning call: Cases after a never-returning call (like exit()) without break are no longer incorrectly marked as unreachable - the switch can still jump directly to those cases (#​1531)
• Fixed if-body clauses leaking to post-if context: Clauses from non-exiting if-bodies (e.g., if ($m === 0) { echo; }) no longer leak to subsequent code, preventing incorrect type narrowing (#​1509)
• Fixed by-reference argument types not propagated through &&: Variables passed by reference in function calls on the left side of && now correctly update their type for the right side evaluation (#​1524)
• Fixed dynamic key array assignment overwriting known items: $arr[$dynamic] = value no longer replaces the value types of existing known keys in the array (#​1527)
• Fixed isset/empty checks on union types with lists: The impossible-isset check now considers TArray::List variants in union types, and non-empty arrays with literal key types no longer produce false possibly-undefined warnings (#​1512)
• Fixed nested array keys not marked definite after loops: The post-loop key-definiteness fix now recurses into nested arrays (#​1522)
• Fixed integer type unions in min/max/abs providers: Multi-integer unions like int|int(0) are now properly handled by computing combined bounds (#​1526)
• Fixed literal float arithmetic: Operations between literal ints and floats (e.g., 1000 * 0.5) now compute the actual result (float(500.0)) instead of returning unspecified float (#​1540)
• Fixed non-empty array with literal key type access: Accessing a non-empty generic array with its exact literal key type no longer produces possibly-undefined warnings (#​1512)

Formatter

• Fixed fits() handling of LineSuffix: Corrected line-suffix width calculation in the formatter (#​1516)

Prelude

• Fixed getimagesize/getimagesizefromstring param-out: Added @param-out ?array annotation matching the nullable parameter type (#​1523)

Codex

• Fixed truthy/falsy-mixed containment: truthy-mixed no longer contains falsy values and falsy-mixed no longer contains truthy values in type comparisons (#​1534)
• Recognized #[\Deprecated] attribute: The codex scanner now sets the deprecated flag from PHP attributes in addition to @deprecated docblock tags (#​1541)

Composer

• Fixed race condition in binary download: Concurrent Composer installations no longer corrupt the binary (#​1544)
• Formatted internal binary download code: Cleaned up the Composer wrapper's download logic (#​1545)

🏗️ Internal

• Ignored analyzer test files from typos check

🙏 Thank You

Contributors

A huge thank you to everyone who contributed code to this release:

• @​dotdash - #​1549
• @​kzmshx - #​1516
• @​MidnightDesign - #​1494, #​1508
• @​veewee - #​1544, #​1545

Issue Reporters

Thank you to everyone who reported issues that shaped this release:

• @​UweOhse - #​1512, #​1522, #​1523, #​1524, #​1526, #​1527, #​1528, #​1531, #​1534, #​1535, #​1536, #​1537, #​1539, #​1540, #​1541, #​1542, #​1546
• @​regnerisch - #​1518
• @​laylatichy - #​1525

---

Full Changelog: carthage-software/mago@1.16.0...1.17.0

v1.16.0: Mago 1.16.0

Compare Source

Mago 1.16.0

Mago 1.16.0 is a significant release focused on analyzer accuracy. This release fixes over 20 false positives across loop analysis, type narrowing, integer range tracking, switch fall-through handling, and comparison assertions. It also adds new features including duplicate enum value detection, argument validation hooks for setcookie, session_set_save_handler, and session_set_cookie_params, and improved return type inference for min, max, abs, and array_reverse.

✨ Features

Analyzer

• Detect duplicate enum values: The analyzer now reports an error when a backed enum has multiple cases with the same value (#​1475, #​1478)
• Argument validation for setcookie / setrawcookie: When the 3rd argument is an array (options form), additional positional arguments are now flagged as errors (#​1467, #​1492)
• Argument validation for session_set_save_handler: Validates both the object form (1-2 args) and callable form (6-9 args), reporting errors for mismatched argument counts (#​1468)
• Argument validation for session_set_cookie_params: When the 1st argument is an array, extra arguments are now flagged as errors (#​1468)
• Improved min / max / abs return types: Multi-argument min and max calls now return precise integer range types, and a new abs provider returns non-negative ranges (#​1477, #​1480)

🐛 Bug Fixes

Analyzer

• Fixed false positives in loop analysis: Resolved multiple issues where the analyzer incorrectly flagged conditions inside loops as impossible, including accumulative operations like $total += $delta (#​1491, #​1493, #​1499)
• Fixed condition side effects lost in if-statements: Post-increment expressions like $n++ inside if-conditions had their side effects discarded when the if-body always exited, causing false "impossible condition" reports (#​1504)
• Fixed non-comparison loop conditions: Assignment-based loop conditions like while ($row = func()) were incorrectly treated as always-true, causing variables modified inside the loop to lose their pre-loop values (#​1505)
• Fixed switch fall-through type tracking: Variables modified in fall-through switch cases now correctly preserve types from both direct-entry and fall-through paths (#​1490)
• Fixed switch cases after default treated as unreachable: Cases placed after the default clause are no longer incorrectly flagged (#​1484, #​1485)
• Fixed integer range narrowing in comparisons: Range bounds from non-literal types (e.g., non-negative-int) on the secondary variable in less-than comparisons no longer produce incorrect type narrowing when negated (#​1503)
• Fixed count() === N not narrowing empty arrays: Empty arrays without generic parameters are now correctly removed when reconciling exact count assertions (#​1506)
• Fixed loose equality narrowing to never: Loose equality (==) with strings no longer incorrectly narrows numeric types to never (#​1488)
• Fixed closure parameter null stripping: Inferred null types on closure parameters are no longer incorrectly removed when no explicit type hint is present (#​1489)
• Fixed instanceof self / instanceof static: These expressions are now properly resolved for type computation (#​1464)
• Fixed increment/decrement on never producing mixed: Operations on never types now correctly propagate never instead of falling back to mixed (#​1502)
• Fixed numeric in string concatenation: The numeric type is now accepted in string concatenation operations (#​1500)
• Fixed integer range precision in loops: Bitwise and shift operations inside loops no longer unnecessarily widen integer ranges (#​1499)
• Fixed isset return type: isset() now returns true instead of bool when all checked values are definitely set, and array keys are marked as definite after loops that always enter (#​1486, #​1493)
• Fixed loop integer widening: Variables with integer ranges that grow uniformly across loop iterations are now properly widened to prevent false impossible-condition reports (#​1493)

Formatter

• Fixed stdin formatting memory issue: The source database is no longer populated when formatting from stdin (#​1483)
• Fixed conditional expression comment placement: Comments in conditional (ternary) expressions are now placed correctly (#​1465)

Prelude

• Fixed array_reverse return type: Non-list arrays (e.g., array<string, int>) now correctly preserve their key type instead of being narrowed to list<V> (#​1466)
• Fixed non-positive-int type mapping: Was incorrectly mapped to positive-int due to a copy-paste error (#​1479)
• Removed false @deprecated on mb_scrub: The function is not deprecated in PHP (#​1476, #​1481)
• Fixed getrusage function signature: Corrected the return type to match PHP documentation (#​1501)
• Fixed iconv mode parameter: Corrected the mode parameter type to int<0, 3> (#​1497)
• Fixed openssl_pkey_get_details return type: Made all keys optional since algorithm-specific keys are only present for their key type
• Consolidated session_set_save_handler stub: Merged duplicate declarations into a single signature with union types (#​1468)
• Consolidated session_set_cookie_params stub: Merged duplicate declarations into a single signature (#​1468)

Codex

• Improved integer bitwise operations: Bitwise AND with a non-negative mask now correctly produces a bounded non-negative result (#​1499)

📖 Documentation

• Added Run On Save as alternative formatter: Documented the Run On Save VS Code extension as an alternative to format-on-save (#​1469)
• Removed outdated Docker limitations: The limitations section was removed from the Docker recipe page as the issues have been resolved (#​1438)

🏗️ Internal

• Updated dependencies
• Fixed clippy warnings
• Updated sponsors list

🙏 Thank You

Contributors

A huge thank you to everyone who contributed code to this release:

• @​dotdash - #​1483
• @​kzmshx - #​1465
• @​steffans - #​1469
• @​Zuruuh - #​1438

Issue Reporters

Thank you to everyone who reported issues that shaped this release:

• @​UweOhse - #​1484, #​1485, #​1486, #​1488, #​1490, #​1491, #​1493, #​1497, #​1498, #​1499, #​1500, #​1501, #​1502, #​1503, #​1504, #​1505, #​1506, #​1507
• @​zip-fa - #​1489
• @​KorvinSzanto - #​1477
• @​giorgiopogliani - #​1474, #​1475
• @​karoun - #​1470
• @​mytskine - #​1466, #​1467, #​1468
• @​dotdash - #​1464

---

Full Changelog: carthage-software/mago@1.15.3...1.16.0

v1.15.3: Mago 1.15.3

Compare Source

Mago 1.15.3

Mago 1.15.3 is a patch release that fixes formatter idempotency issues with trailing closing tags and non-standard line endings, adds a comment placement infrastructure for stable binary expression formatting, fixes incorrect OpenSSL function signatures, and resolves a CPU spin-lock in the Composer wrapper.

✨ Features

Formatter

• Comment placement infrastructure for binary expressions: Added a structural comment placement phase that pre-assigns comments to AST nodes via DFS before formatting. This stabilizes should_break decisions in binary expressions and keeps comments inside parenthesized subexpressions, fixing formatting oscillation between passes (#​817, #​1456)

🐛 Bug Fixes

Formatter

• Fixed idempotency when trailing ?> is removed: The opening tag formatting decision used source_text.contains("?>") to detect inline PHP templates. When remove_trailing_close_tag removed a trailing ?> on the first pass, the second pass saw no ?> and changed the formatting. Replaced with an AST walker that counts closing tags at any depth, excluding the trailing one that gets removed (#​1350, #​1457)
• Fixed bare \r not recognized as line terminator: Files with \r\r\n, bare \r (classic Mac OS), or other non-standard line endings caused the formatter to merge lines and crash on multi-line block comments. Fixed skip_newline, split_lines, replace_end_of_line, and print_comment to handle bare \r as a line terminator. Also fixed line_starts in the database crate which only scanned for \n, causing incorrect line numbering for bare-CR files (#​1460, #​1462)

Prelude

• Fixed OpenSSL function signatures: Several openssl_x509_* functions incorrectly accepted OpenSSLCertificate|false instead of the correct OpenSSLCertificate|string parameter type (#​1463)

Composer

• Fixed CPU spin-lock in Composer wrapper: The PHP wrapper process polled proc_get_status in a tight loop with no sleep, causing 100% CPU usage on one core during --watch mode. Added a 10ms sleep interval and fixed signal-based exit code propagation (#​1454, #​1455)

🏗️ Internal

• Migrated test corpus to php-standard-library and added api-platform (#​1458)

🙏 Thank You

Contributors

A huge thank you to everyone who contributed code to this release:

• @​chrisopperwall-qz — #​1454
• @​kzmshx — #​1456

Issue Reporters

Thank you to everyone who reported issues that shaped this release:

• @​dotdash — #​817, #​1350
• @​giorgiopogliani — #​1460

---

Full Changelog: carthage-software/mago@1.15.2...1.15.3

v1.15.2: Mago 1.15.2

Compare Source

Mago 1.15.2

Mago 1.15.2 is a re-release of 1.15.1 with corrected version metadata. The 1.15.1 release was tagged before the version bump was applied, causing binaries to report 1.15.0 in --version output and preventing publication to crates.io. This release contains no code changes beyond the version bump.

For the full list of changes since 1.15.0, see the 1.15.1 release notes.

---

Full Changelog: carthage-software/mago@1.15.1...1.15.2

v1.15.1: Mago 1.15.1

Compare Source

Mago 1.15.1

Mago 1.15.1 is a patch release that distinguishes $this from static return types, reverts a formatter regression with parenthesis removal in binary expressions, and restores glibc 2.17 compatibility for the Linux GNU build.

✨ Features

Codex

• Distinguish $this from static return types: Added a separate is_static flag to the type system to properly differentiate $this (same instance) from static (same class, possibly different instance). Returning new static() from a method declared as @return $this is now correctly flagged, while return $this remains valid. return new static() continues to be accepted for : static return types (#​1429)

🐛 Bug Fixes

Formatter

• Reverted excessive parenthesis removal in binary expressions: Reverted #​1407 which incorrectly removed parentheses from mixed-precedence binary expression chains, causing semantic changes in some expressions (#​1430, #​1432)

CI/CD

• Restored glibc 2.17 compatibility for Linux GNU builds: The x86_64-unknown-linux-gnu binary is now built with cross using the manylinux2014 container again, restoring compatibility with older Linux distributions. PGO optimization for this target has been removed as it was incompatible with the cross-compilation setup (#​1431, #​1433, #​1434)

🙏 Thank You

Contributors

A huge thank you to everyone who contributed code to this release:

• @​xHeaven — #​1432

Issue Reporters

Thank you to everyone who reported issues that shaped this release:

• @​dotdash — #​1429
• @​xHeaven — #​1430

---

Full Changelog: carthage-software/mago@1.15.0...1.15.1

v1.15.0: Mago 1.15.0

Compare Source

Mago 1.15.0

Mago 1.15.0 brings three new linter rules, configurable minimum-fail-level in TOML files, automatic watch mode restarts on config changes, PGO-optimized Linux x86 builds, and a wave of analyzer and codex bug fixes improving generics, intersection types, and type inference accuracy.

✨ Features

Analyzer

• PSL Psl\Type\nullish() return type provider: Added type narrowing support for Psl\Type\nullish(), complementing existing PSL type providers (#​1390, #​1391)
• PSL Psl\Async\all() and Psl\Async\concurrently() return type providers: Both functions now preserve sealed array shapes, list structure, and non-empty status. For example, Psl\Async\all(['foo' => $awaitableString, 'bar' => $awaitableInt]) correctly returns array{foo: string, bar: int} (#​1423)

Linter

• New no-alternative-syntax rule: Detects alternative control structure syntax (if/endif, while/endwhile, etc.) and suggests using brace-based syntax instead (#​1313)
• New no-short-bool-cast rule: Flags !!$expr double-negation casts and suggests using (bool) $expr for clarity (#​1312)
• New prefer-pre-increment rule: Suggests ++$i over $i++ and --$i over $i-- when the return value is unused, as pre-increment avoids an unnecessary copy (#​1311)
• Added fixer for no-alias-function rule: The no-alias-function rule now supports automatic fixing, replacing aliased PHP functions with their canonical equivalents (#​1297)

CLI

• minimum-fail-level configuration option: The minimum-fail-level setting can now be configured in mago.toml under [analyzer], [linter], and [guard] sections, removing the need to pass --minimum-fail-level on every invocation. The CLI flag still overrides the config value (#​1343, #​1384)
• Auto-restart watch mode on config changes: mago analyze --watch now monitors the configuration file, baseline file, composer.json, and composer.lock for changes and automatically restarts the analysis session when they are modified (#​1402)

🐛 Bug Fixes

Analyzer

• Fixed false positive ambiguous-object-method-access after method_exists narrowing: When method_exists($this, 'foo') adds a HasMethod intersection type, calling other methods on $this no longer falsely reports ambiguous access (#​1413, #​1426)
• Fixed properties not resolved from object shapes in intersection types: Accessing properties on intersection types like stdClass&object{tags: list<Tag>} now correctly resolves the property from the shaped object part (#​1387, #​1421)
• Fixed false positive for unimplemented-abstract-property-hook with traits: Concrete properties from used traits now correctly satisfy interface abstract property hooks (#​1415, #​1420)
• Fixed $this/static return type not enforced for non-final classes: Returning new self() from a method declared as @return $this or : static now correctly reports a type mismatch in non-final classes. Anonymous classes are treated as effectively final (#​1410, #​1411, #​1418)
• Fixed stale dynamic property cache across loops: Dynamic property types are no longer incorrectly cached between loop iterations (#​1416, #​1417)
• Fixed parent class template parameter resolution via @extends: Template parameters inherited through @extends annotations are now correctly resolved when accessing shaped array keys (#​1412, #​1414)
• Fixed negative numeric string increment/decrement sign: The sign is now preserved when incrementing or decrementing negative numeric strings (#​1404)
• Fixed integer literals exceeding i64::MAX treated as int instead of float: Very large integer literals are now correctly inferred as float (#​1405)

Codex

• Fixed empty array literals incorrectly marked as non_empty: Empty array [] used as a default parameter value is now correctly typed as non_empty=false, fixing false positive docblock-type-mismatch errors when using generic classes with default empty arrays (#​1422, #​1425)
• Fixed modulo type range inference: The modulo operator now correctly infers the result type range (#​1403)
• Fixed shift amount bounds checking in constant inference: Shift operations with out-of-range amounts no longer panic (#​1400)
• Fixed list identity comparison using wrong part: Fixed an incorrect comparison in list type identity checks (#​1396)

Linter

• Fixed variable-name rule for underscore-prefixed variables: Variables starting with _ (e.g., $_unused) are no longer flagged by the variable-name naming rule (#​1395, #​1398)
• Fixed memory leak in linter rule registry: Replaced Box::leak with owned storage for rule descriptions (#​1408)

Formatter

• Fixed parentheses added unnecessarily around mixed multiplicative operators: Parentheses are now only added when actually needed for operator precedence, not for same-precedence multiplicative operations (#​1407)
• Fixed backslash handling in quote selection: The formatter now correctly handles backslashes when choosing between single and double quotes (#​1401)

Type Syntax

• Fixed overflowing integers in shape keys: Shape keys with integer values exceeding i64::MAX are now rejected instead of silently overflowing (#​1406)

Syntax Core

• Fixed string escaping edge cases: Resolved edge cases in string escape sequence handling (#​1394)

Atom

• Fixed uppercase range in SIMD case folding: Corrected the [A-Z] range used in SIMD-accelerated case folding (#​1393)

Database

• Fixed file read after deletion: The database watcher no longer attempts to read files that have been deleted (#​1397)

📖 Documentation

• Fixed exit code and sort order documentation (#​1409)
• Updated analyzer, linter, and guard configuration references with minimum-fail-level option
• Added watch mode documentation with automatic restart behavior

🏗️ Internal

• Enabled PGO (Profile-Guided Optimization) for Linux x86_64 GNU and musl builds (#​1399)
• Added pointer-equality fast path in atomic type comparator (#​1236)
• Re-generated linter documentation for new rules (#​1424)

🙏 Thank You

Contributors

A huge thank you to everyone who contributed code to this release:

• @​edsrzf — #​1297
• @​npo-mmenke — #​1236
• @​ostark — #​1311, #​1312, #​1313
• @​veewee — #​1391
• @​xHeaven — #​1393, #​1394, #​1396, #​1397, #​1400, #​1401, #​1403, #​1404, #​1405, #​1406, #​1407, #​1408, [#​1409](https://redirect.github.com/carthage-software/mago/

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

Renovate Bot

[renovate]

automergeComment