Update all patch versions

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
libunwind	requires	patch	1.8.1 → 1.8.3
magic_enum	requires	patch	0.9.6 → 0.9.7
ossf/scorecard-action	action	patch	v2.4.2 → v2.4.3
phpstan/phpstan	require-dev	patch	2.1.31 → 2.1.50
phpstan/phpstan-phpunit	require-dev	patch	2.0.7 → 2.0.16
squizlabs/php_codesniffer	require-dev	patch	3.13.2 → 3.13.5

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

ossf/scorecard-action (ossf/scorecard-action)

v2.4.3

Compare Source

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

• docs: clarify GITHUB_TOKEN permissions needed for private repos by @​pankajtaneja5 in #​1574
• 📖 Fix recommended command to test the image in development by @​deivid-rodriguez in #​1583

Other

• add missing top-level token permissions to workflows by @​timothyklee in #​1566
• setup codeowners for requesting reviews by @​spencerschrock in #​1576
• 🌱 Improve printing options by @​deivid-rodriguez in #​1584

New Contributors

• @​timothyklee made their first contribution in #​1566
• @​pankajtaneja5 made their first contribution in #​1574
• @​deivid-rodriguez made their first contribution in #​1584

Full Changelog: ossf/scorecard-action@v2.4.2...v2.4.3

phpstan/phpstan-phar-composer-source (phpstan/phpstan)

v2.1.50

Compare Source

v2.1.49

Compare Source

v2.1.48

Compare Source

v2.1.47

Compare Source

v2.1.46

Compare Source

v2.1.45

Compare Source

v2.1.44

Compare Source

v2.1.43

Compare Source

v2.1.42

Compare Source

v2.1.41

Compare Source

v2.1.40

Compare Source

v2.1.39

Compare Source

v2.1.38

Compare Source

v2.1.37

Compare Source

v2.1.36

Compare Source

v2.1.35

Compare Source

v2.1.34

Compare Source

v2.1.33

Compare Source

v2.1.32

Compare Source

phpstan/phpstan-phpunit (phpstan/phpstan-phpunit)

v2.0.16

Compare Source

• 6ab598e - DataProviderDataRule: Optimize hot path

v2.0.15

Compare Source

• 0f6ba8e - DataProviderReturnTypeIgnoreExtension - ignore Iterator, Generator, IteratorAggregate too

v2.0.14

Compare Source

• f7553d6 - Add support for createMockForIntersectionOfInterfaces

v2.0.13

Compare Source

• 45bc1ad - Implement DynamicCallToAssertionIgnoreExtension
• 590b84d - chore(deps): update wyrihaximus/github-action-get-previous-tag action to v2
• 4d1d776 - Add keywords for static analysis in composer.json

v2.0.12

Compare Source

• e4c5a22 - TestMethodsHelper - class methods cache
• 80091f9 - TestMethodsHelper - speed-up by asking for immediate methods only

v2.0.11

Compare Source

• 5e30669 - Perf: Refactor PHPUnitVersionDetector to use runtime reflection
• 202afe9 - chore(deps): update github-actions

v2.0.10

Compare Source

• 8d61a58 - Remove checkDataProviderData and introduce reportMissingDataProviderReturnType

v2.0.9

Compare Source

• cda423c - Implement AttributeRequiresPhpVersionRule
• 83b717d - ci: Add tests for PHP 8.5
• 75ba948 - chore(deps): update actions/checkout action to v6

v2.0.8

Compare Source

• 2fe9fbe - Fix AssertSameWithCountRule for recursive count()
• d935297 - Fix "Unexpected input(s) 'extensions', valid inputs are ['php-version', 'php-extensions', 'build-infection-path']"
• 8532ceb - Make AssertSameNullExpectedRule auto-fixable
• a4abfc1 - Use TypeSystem in AssertSameBooleanExpectedRule
• 36cb9a6 - Make AssertSameBooleanExpectedRule auto-fixable
• 450bfc0 - Added assertArrayHasKey() expectations
• 033f690 - PHPUnit 9.x/10.x does not at all support named arguments from data-providers
• 758d343 - Refactor PHPUnitVersionDetector to ease different major version checks
• dd87f2e - Assert*Rules: Do cheap checks first (#​247)
• 5c89d74 - Ignore missingType.iterableValue for data-providers
• 1fbc321 - move analyse-paths into phpstan.neon
• 11f3ada - Fix mutation testing on dev branch (#​244)
• 53e33fc - Setup mutation testing
• 12676a7 - One more test
• c81e395 - Fix memory consumption in DataProviderDataRule
• 61860a6 - Implement DataProviderDataRule
• 39950c7 - Preparational refactoring for DataProviderDataRule
• c54a269 - Narrow too wide return type
• 9ec3fa9 - Modernize code examples in README.md
• b1df1f5 - chore(deps): update actions/checkout action to v5
• 1d7eb7e - chore(deps): update eomm/why-don-t-you-tweet action to v2

PHPCSStandards/PHP_CodeSniffer (squizlabs/php_codesniffer)

v3.13.5: - 2025-11-04

Compare Source

Added

• Runtime support for PHP 8.5. All known PHP 8.5 deprecation notices have been fixed.
  • Syntax support for new PHP 8.5 features will follow in a future release.
  • If you find any PHP 8.5 deprecation notices which were missed, please report them.

Changed

• Various housekeeping, including improvements to the tests and documentation.
  • Thanks to Rodrigo Primo and Juliette Reinders Folmer for their contributions.

Fixed

• Fixed bug #​1216: Tokenizer/PHP: added more defensive coding to prevent PHP 8.5 "Using null as an array offset" deprecation notices.
  • Thanks to Andrew Lyons for the patch.
• Fixed bug #​1279: Tokenizer/PHP: on PHP < 8.0, an unclosed attribute (parse error) could end up removing some tokens from the token stream.
  • This could lead to false positives and false negative from sniffs, but could also lead to incorrect fixes being made mangling the file under scan.
  • Thanks to Juliette Reinders Folmer for the patch.

Other

• Please be aware that the master branch has been renamed to 3.x and the default branch has changed to the 4.x branch.
  • If you contribute to PHP_CodeSniffer, you will need to update your local git clone.
  • If you develop against PHP_CodeSniffer and run your tests against dev branches of PHPCS, you will need to update your workflows.

---

New Contributors

The PHP_CodeSniffer project is happy to welcome the following new contributors:
@​andrewnicols

Statistics

Closed: 2 issues
Merged: 36 pull requests

Follow @​phpcs on Mastodon or @​PHP_CodeSniffer on X to stay informed.

Please consider funding the PHP_CodeSniffer project. If you already do so: thank you!

v3.13.4: - 2025-09-05

Compare Source

Fixed

• Fixed bug #​1213: ability to run tests for external standards using the PHPCS native test framework was broken.
  • Thanks to Juliette Reinders Folmer for the patch.
• Fixed bug #​1215: PHP 8.5 "Using null as an array offset" deprecation notices.
  • Thanks to Juliette Reinders Folmer for the patch.

Statistics

Closed: 0 issues
Merged: 3 pull requests

If you like to stay informed about releases and more, follow @​phpcs on Mastodon or @​PHP_CodeSniffer on X.

Please consider funding the PHP_CodeSniffer project. If you already do so: thank you!

v3.13.3: - 2025-09-04

Compare Source

Added

• Tokenizer support for PHP 8.4 dereferencing of new expressions without wrapping parentheses. #​1160
  • Thanks to Juliette Reinders Folmer for the patch.
• Tokenizer support for PHP 8.4 abstract properties. #​1183
  • The File::getMemberProperties() method now also supports abstract properties through a new is_abstract array index in the return value. #​1184
  • Additionally, the following sniffs have been updated to support abstract properties:
    • Generic.PHP.LowerCaseConstant #​1185
    • Generic.PHP.UpperCaseConstant #​1185
    • PSR2.Classes.PropertyDeclaration #​1188
    • Squiz.Commenting.VariableComment #​1186
    • Squiz.WhiteSpace.MemberVarSpacing #​1187
  • Thanks to Juliette Reinders Folmer for the patches
• Tokenizer support for the PHP 8.4 "exit as a function call" change. #​1201
  • When exit/die is used as a fully qualified "function call", it will now be tokenized as T_NS_SEPARATOR + T_EXIT.
  • Additionally, the following sniff has been updated to handle fully qualified exit/die correctly:
    • Squiz.PHP.NonExecutableCode
  • Thanks to Juliette Reinders Folmer for the patches

Changed

• Tokenizer/PHP: fully qualified true/false/null will now be tokenized as T_NS_SEPARATOR + T_TRUE/T_FALSE/T_NULL. #​1201
  • Previously, these were tokenized as T_NS_SEPARATOR + T_STRING.
  • Additionally, the following sniffs have been updated to handle fully qualified true/false/null correctly:
    • Generic.CodeAnalysis.UnconditionalIfStatement
    • Generic.ControlStructures.DisallowYodaConditions
    • PEAR.Functions.ValidDefaultValue
  • Thanks to Juliette Reinders Folmer for the patches.
• Generic.PHP.Syntax: the sniff is now able to scan input provided via STDIN on non-Windows OSes. #​915
  • Thanks to Rodrigo Primo for the patch.
• PSR2.ControlStructures.SwitchDeclaration: the WrongOpener* error code is now auto-fixable if the identified "wrong opener" is a semi-colon. #​1161
  • Thanks to Juliette Reinders Folmer for the patch.
• The PSR2.Classes.PropertyDeclaration will now check that the abstract modifier keyword is placed before a visibility keyword. #​1188
  • Errors will be reported via a new AbstractAfterVisibility error code.
  • Thanks to Juliette Reinders Folmer for the patch.
• Various housekeeping, including improvements to the tests and documentation.
  • Thanks to Bernhard Zwein, Rick Kerkhof, Rodrigo Primo and Juliette Reinders Folmer for their contributions.

Fixed

• Fixed bug #​1112 : --parallel option fails if PHP_CodeSniffer is invoked via bash and the invokation creates a non-PHPCS-managed process.
  • Thanks to Rick Kerkhof for the patch.
• Fixed bug #​1113 : fatal error when the specified "files to scan" would result in the same file being added multiple times to the queue.
  • This error only occured when --parallel scanning was enabled.
  • Thanks to Rodrigo Primo for the patch.
• Fixed bug #​1154 : PEAR.WhiteSpace.ObjectOperatorIndent: false positive when checking multiple chained method calls in a multidimensional array.
  • Thanks to Rodrigo Primo for the patch.
• Fixed bug #​1193 : edge case inconsistency in how empty string array keys for sniff properties are handled.
  • Thanks to Rodrigo Primo and Juliette Reinders Folmer for the patch.
• Fixed bug #​1197 : Squiz.Commenting.FunctionComment: return types containing a class name with underscores would be truncated leading to incorrect results.
  • Thanks to Juliette Reinders Folmer for the patch.

Other

• The Wiki documentation is now publicly editable. 🎉
  • Update proposals can be submittted by opening a pull request in the PHPCSStandards/PHP_CodeSniffer-documentation repository.
    Contributions welcome !
  • Thanks to Anna Filina, Dan Wallis and Juliette Reinders Folmer for their work on getting this set up.
• The Phar website has had a facelift. #​107
  • Thanks to Bernhard Zwein for making this happen!

---

New Contributors

The PHP_CodeSniffer project is happy to welcome the following new contributors:
@​benno5020, @​NanoSector

Statistics

Closed: 11 issues
Merged: 40 pull requests

Follow @​phpcs on Mastodon or @​PHP_CodeSniffer on X to stay informed.

Please consider funding the PHP_CodeSniffer project. If you already do so: thank you!

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 8am every weekday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.