Bump the dependencies group with 3 updates

[dependabot]

Bumps the dependencies group with 3 updates: composer/composer, phpstan/phpstan and phpunit/phpunit.

Updates composer/composer from 2.5.8 to 2.6.3

Release notes

Sourced from composer/composer's releases.

2.6.3

• Added audit.abandoned config setting. Can be set to ignore, report (current default) or fail (future default in 2.7) to make the audit command report abandoned packages as a security problem (#11639)
• Added a warning when duplicates files autoload rules are detected (#11109)
• Fixed unhandled promise rejection regression (#11620)
• Fixed loading of root aliases on path repo packages when doing partial updates (#11632)
• Fixed archive command not producing the correct output if the temp dir is a symlink (#11636)
• Fixed some replaced packages being incorrectly missing when unlocked in a partial update (#11629)

2.6.2

• Reverted "Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562)" which caused a regression (#11617)
• Fixed non-zero exit code on failed audits to only apply to install --audit runs and not implicit audits with require, create-project or update commands (#11616)
• Fixed create-project infinite post-install loop in some circumstances (#11613)

2.6.1

• Reverted "Fixed executability of non-php binaries which are not marked executable (#11557)" which caused a regression (#11612)

2.6.0

• Added audit.ignore config setting to ignore security advisories by id or CVE id (#11556, #11605)
• Added rm alias to the remove command (#11367)
• Added runtime platform check to verify the php-64bit requirement is met (#11334)
• Added platform package detection for lib-pq-libpq and lib-rdkafka-librdkafka (#11418)
• Added --dry-run to dump-autoload command to allow running --strict-psr checks without modifying the filesystem (#11608)
• Added support for bumping patch level in ~1.2.3 constraints (#11590)
• Added prompt in require if the package name is not found but similar ones exist (#11284)
• Added support for env vars and ~ in repository paths for vcs and artifact repositories (#11453)
• Added support for local directory paths for repositories of type composer (#11526)
• Added links to package homepages in why/why-not command output (#11308)
• Added a security key to the support key of composer.json to set the URL to the vulnerability disclosure policy (#11271)
• Added support for gathering security advisories from multiple repositories for a single package (#11436)
• Fixed install exit code to be non-zero (5) if a requested security audit failed (#11362)
• Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562) (Reverted in 2.6.2)
• Fixed executability of non-php binaries which are not marked executable (#11557) (Reverted in 2.6.1)
• Fixed mtime modification of the vendor dir to only happen when packages are modified, and not require lock file modification to happen (#11593)
• Fixed create-project using the wrong composer.json file if one was set via the COMPOSER env var (#11493)
• Fixed json editing to preserve indentation when updating json files (#11390)
• Fixed handling of broken junctions on windows (#11550)
• Fixed parsing of lib-curl-openssl version with OSX SecureTransport (#11534)
• Fixed svn repo parsing in some edge cases (#11350)
• Fixed handling of archive URLs without file extension (#11520)
• Performance improvement in pool optimization step (#11449, #11450)

Changelog

Sourced from composer/composer's changelog.

[2.6.3] 2023-09-15

• Added audit.abandoned config setting. Can be set to ignore, report (current default) or fail (future default in 2.7) to make the audit command report abandoned packages as a security problem (#11639)
• Added a warning when duplicates files autoload rules are detected (#11109)
• Fixed unhandled promise rejection regression (#11620)
• Fixed loading of root aliases on path repo packages when doing partial updates (#11632)
• Fixed archive command not producing the correct output if the temp dir is a symlink (#11636)
• Fixed some replaced packages being incorrectly missing when unlocked in a partial update (#11629)

[2.6.2] 2023-09-03

• Reverted "Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562)" which caused a regression (#11617)
• Fixed non-zero exit code on failed audits to only apply to install --audit runs and not implicit audits with require, create-project or update commands (#11616)
• Fixed create-project infinite post-install loop in some circumstances (#11613)

[2.6.1] 2023-09-01

• Reverted "Fixed executability of non-php binaries which are not marked executable (#11557)" which caused a regression (#11612)

[2.6.0] 2023-09-01

• Added audit.ignore config setting to ignore security advisories by id or CVE id (#11556, #11605)
• Added rm alias to the remove command (#11367)
• Added runtime platform check to verify the php-64bit requirement is met (#11334)
• Added platform package detection for lib-pq-libpq and lib-rdkafka-librdkafka (#11418)
• Added --dry-run to dump-autoload command to allow running --strict-psr checks without modifying the filesystem (#11608)
• Added support for bumping patch level in ~1.2.3 constraints (#11590)
• Added prompt in require if the package name is not found but similar ones exist (#11284)
• Added support for env vars and ~ in repository paths for vcs and artifact repositories (#11453)
• Added support for local directory paths for repositories of type composer (#11526)
• Added links to package homepages in why/why-not command output (#11308)
• Added a security key to the support key of composer.json to set the URL to the vulnerability disclosure policy (#11271)
• Added support for gathering security advisories from multiple repositories for a single package (#11436)
• Fixed install exit code to be non-zero (5) if a requested security audit failed (#11362)
• Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562) (Reverted in 2.6.2)
• Fixed executability of non-php binaries which are not marked executable (#11557) (Reverted in 2.6.1)
• Fixed mtime modification of the vendor dir to only happen when packages are modified, and not require lock file modification to happen (#11593)
• Fixed create-project using the wrong composer.json file if one was set via the COMPOSER env var (#11493)
• Fixed json editing to preserve indentation when updating json files (#11390)
• Fixed handling of broken junctions on windows (#11550)
• Fixed parsing of lib-curl-openssl version with OSX SecureTransport (#11534)
• Fixed svn repo parsing in some edge cases (#11350)
• Fixed handling of archive URLs without file extension (#11520)
• Performance improvement in pool optimization step (#11449, #11450)

Commits

• ff47783 Release 2.6.3
• 14233f1 Update changelog
• af90590 Update baseline (1689, 92)
• 218b904 Test status command (#11522)
• e3484c8 Add audit.abandoned warnings for abandoned packages, fixes #11623 (#11639)
• 3bc72f7 Fix build, update deps
• e2f5afd Add warning when duplicate "files" autoload rules are detected (#11109)
• 5474dc9 Fixed replaced packages being incorrectly missing when unlocked by an old ver...
• 1e4966c Get realpath for ZipArchive (#11636)
• 7a7f364 Fix bitbucket redirect URLs failing old PHP builds which do not support long ...
• Additional commits viewable in compare view

Updates phpstan/phpstan from 1.10.32 to 1.10.35

Release notes

Sourced from phpstan/phpstan's releases.

1.10.35

Major new features 🚀

• Generics: Type projections aka call-site variance (#2485), thanks @​jiripudil!
  • Learn more: https://phpstan.org/blog/guide-to-call-site-generic-variance

Bugfixes 🐛

• Make value-of<...> lazier (phpstan/phpstan-src@234f77d), #9881
• Update BetterReflection, #9877
  • Fix ReflectionAttribute::newInstance() with nested class using named arguments (ondrejmirtes/BetterReflection@8d751dd), thanks @​enumag!
• Improve typing of filters that do not accept non-falsy strings (#2620), thanks @​zonuexe!

Internals 🔍

• name-collision-detector 2.0 (phpstan/phpstan-src@c3cb573)
• Remove phpstan/phpstan-php-parser (#2632), thanks @​staabm!

1.10.34

Improvements 🔧

• Add support and tests for $this type assertions (#2609), #8904, thanks @​ekisu!
• Update phpstan/phpdoc-parser to 1.24.0
  • Allow asserting the type of $this (phpstan/phpdoc-parser#209), thanks @​ekisu!
  • Avoid creating an Exception when it is not necessary (phpstan/phpdoc-parser#208), thanks @​mad-briller!
• Added --fail-without-result-cache CLI option (#2611), thanks @​staabm!
• Make result cache independent from configs include order (#2606), thanks @​staabm!
• Reduce unnecessary calls into reflection (#2614), thanks @​staabm!
• Micro-optimize with in_array() (#2618), thanks @​zonuexe!
• Cover ArgumentsNormalizer with BC promise (phpstan/phpstan-src@b87db62)
• LastConditionVisitor: condition followed by throw is marked as last (#2405), thanks @​JanTvrdik!

Function signature fixes 🤖

• fix incorrect doc for inotify_read (#2605), thanks @​taka-oyama!

Internals 🔍

• name-collision-detector (phpstan/phpstan-src@95cdbe5)

1.10.33

Improvements 🔧

... (truncated)

Commits

• e730e5f PHPStan 1.10.35
• 87ce9f2 Update baselines
• 3334735 Updated PHPStan to commit 3334735b2e156c43b48c315ab69bea225988ffd4
• e7eeee1 Update Rector
• c0cceb3 Update ReactPHP/promise
• e299da5 Updated PHPStan to commit e299da594c1e1ed160e686a3f6a4ac54cfd7228f
• e76e2bf Updated PHPStan to commit e76e2bf88c9689b8e33f29e466d7b0e03aeaa39f
• b8d819c Updated PHPStan to commit b8d819c28d1b684f9f9427e2a412d92d603812d6
• 1193a21 Improve docs for "@​phpstan-consistent-constructor"
• af2dd51 Updated PHPStan to commit af2dd51f045f233307c81944545ed236466d9176
• Additional commits viewable in compare view

Updates phpunit/phpunit from 9.6.11 to 9.6.13

Changelog

Sourced from phpunit/phpunit's changelog.

[9.6.13] - 2023-09-19

Changed

• The child processes used for process isolation now use temporary files to communicate their result to the parent process

[9.6.12] - 2023-09-12

Changed

• #5508: Generate code coverage report in PHP format as first in list to avoid serializing cache data

Commits

• f3d767f Prepare release
• 304c1dd Merge branch '8.5' into 9.6
• 622d018 Prepare release
• 7a2f24f Merge branch '8.5' into 9.6
• fb1b6fa Update tools
• 9b37b06 Merge branch '8.5' into 9.6
• 3291172 The child processes used for process isolation now use temporary files to com...
• 33bbe51 Skip test on PHP >= 8.3, see https://github.com/sebastianbergmann/phpunit/iss...
• 2ce78bb Remove superfluous parent method calls
• e64a9dd Fix CS/WS issues
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (e317dab) 91.76% compared to head (433952f) 91.76%.

Additional details and impacted files

@@            Coverage Diff            @@
##               main    #1596   +/-   ##
=========================================
  Coverage     91.76%   91.76%           
  Complexity     1809     1809           
=========================================
  Files           124      124           
  Lines          6471     6471           
=========================================
  Hits           5938     5938           
  Misses          533      533           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.