Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
composer/composer (source)	^2.7.2 -> ^2.8.3					require-dev	minor
infection/infection	^0.27.11 -> ^0.29.8					require-dev	minor
laminas/automatic-releases	1.24.0 -> 1.25.0					action	minor
ocramius/package-versions	^2.8.0 -> ^2.9.0					require	minor
phpunit/phpunit (source)	^10.5.15 -> ^10.5.38					require-dev	patch
shivammathur/setup-php	2.30.0 -> 2.31.1					action	minor
vimeo/psalm	^5.23.1 -> ^5.26.1					require	minor

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

composer/composer (composer/composer)

v2.8.3

Compare Source

• Fixed windows handling of process discovery (#​12180)
  • Fixed react/promise requirement to allow 2.x installs again (#​12188)
  • Fixed some issues when lock:false is set in require and bump commands

v2.8.2

Compare Source

• Fixed crash while suggesting providers if they have no description (#​12152)
  • Fixed issues creating lock files violating the schema in some circumstances (#​12149)
  • Fixed create-project regression in 2.8.1 when using path repos with relative paths (#​12150)
  • Fixed ctrl-C aborts not working inside text prompts (#​12106)
  • Fixed git failing silently when git cannot read a repo due to ownership violations (#​12178)
  • Fixed handling of signals in non-PHP binaries run via proxies (#​12176)

v2.8.1

Compare Source

• Fixed init command regression when no license is provided (#​12145)
  • Fixed --strict-ambiguous flag handling whereas it sometimes did not report all issues (#​12148)
  • Fixed create-project to inherit the target folder's permissions for installed project files (#​12146)
  • Fixed a few cases where the prompt for using a parent dir's composer.json fails to work correctly (#​8023)

v2.8.0

Compare Source

• BC Warning: Fixed https_proxy env var falling back to http_proxy's value. The fallback and warning have now been removed per the 2.7.3 release notes (#​11938, #​11915)
  • Added --patch-only flag to the update command to restrict updates to patch versions and make an update of all deps safer (#​12122)
  • Added --abandoned flag to the audit command to configure how abandoned packages should be treated, overriding the audit.abandoned config setting (#​12091)
  • Added --ignore-severity flag to the audit command to ignore one or more advisory severities (#​12132)
  • Added --bump-after-update flag to the update command to run bump after the update is done (#​11942)
  • Added a way to control which scripts receive additional CLI arguments and where they appear in the command, see the docs (#​12086)
  • Added allow-missing-requirements config setting to skip the error when the lock file is not fulfilling the composer.json's dependencies (#​11966)
  • Added a JSON schema for the composer.lock file (#​12123)
  • Added better support for Bitbucket app passwords when cloning repos / installing from source (#​12103)
  • Added --type flag to filter packages by type(s) in the reinstall command (#​12114)
  • Added --strict-ambiguous flag to the dump-autoload command to make it return with an error code if duplicate classes are found (#​12119)
  • Added warning in dump-autoload when vendor files have been deleted (#​12139)
  • Added warnings for each missing platform package when running create-project to avoid having to run it again and again (#​12120)
  • Added sorting of packages in allow-plugins when sort-packages is enabled (#​11348)
  • Added suggestion of provider packages / polyfills when an ext or lib package is missing (#​12113)
  • Improved interactive package update selection by first outputting all packages and their possible updates (#​11990)
  • Improved dependency resolution failure output by sorting the output in a deterministic and (often) more logical way (#​12111)
  • Fixed PHP 8.4 deprecation warnings about E_STRICT (#​12116)
  • Fixed init command to validate the given license identifier (#​12115)
  • Fixed version guessing to be more deterministic on feature branches if it appears that it could come from either of two mainline branches (#​12129)
  • Fixed COMPOSER_ROOT_VERSION env var handling to treat 1.2 the same as 1.2.x-dev and not 1.2.0 (#​12109)
  • Fixed require command skipping new stability flags from the lock file, causing invalid lock file diffs (#​12112)
  • Fixed php://stdin potentially being open several times when running Composer programmatically (#​12107)
  • Fixed handling of platform packages in why-not command and partial updates (#​12110)
  • Reverted "Fixed transport-options.ssl for local cert authorization being stored in lock file making them less portable (#​12019)" from 2.7.8 as it was broken

v2.7.9

Compare Source

• Fixed Docker detection breaking on constrained environments (#​12095)
  • Fixed upstream issue in bash completion script, it is recommended to update it using the completion command (#​12015)

v2.7.8

Compare Source

• Added release-age, release-date and latest-release-date in the JSON output of outdated (#​12053)
  • Fixed PHP 8.4 deprecation warnings
  • Fixed addressability of branches containing # signs (#​12042)
  • Fixed bump command not handling some ~ constraints correctly (#​12038)
  • Fixed COMPOSER_AUTH not taking precedence over ./auth.json (#​12084)
  • Fixed relative: true sometimes not being respected in path repo symlinks (#​12092)
  • Fixed copy from cache sometimes failing on VirtualBox shared folders (#​12057)
  • Fixed PSR-4 autoloading order regression in some edge case (#​12063)
  • Fixed duplicate lib-* packages causing issues when having pecl + core versions of the same PHP extension (#​12093)
  • Fixed transport-options.ssl for local cert authorization being stored in lock file making them less portable (#​12019)
  • Fixed memory issues when installing large binaries (#​12032)
  • Fixed archive command crashing when a path cannot be realpath'd on windows (#​11544)
  • API: Deprecated BasePackage::$stabilities in favor of BasePackage::STABILITIES (685add7)
  • Improved Docker detection (#​12062)

infection/infection (infection/infection)

v0.29.8: PHPUnit 11 compatibility, performance improvement thanks to stopOnDefect

Compare Source

Added:

• use $GLOBALS['_composer_autoload_path'] if possible by @​Kanti in https://github.com/infection/infection/pull/2002
• add stopOnDefect by @​Kanti in https://github.com/infection/infection/pull/2003

Changed:

• fix phpunit 11 config (cacheResultFile -> cacheDirectory) by @​Kanti in https://github.com/infection/infection/pull/2003

New Contributors

• @​Kanti made their first contribution in https://github.com/infection/infection/pull/2002

Full Changelog: infection/infection@0.29.7...0.29.8

v0.29.7: Diff colorizer fix for multiline cases, PHP 8.4 support in pipelines

Compare Source

What's Changed

Fixed:

• Fallback to the simple diff colorizer (previous implementation) for multiline diffs by @​maks-rafalko in https://github.com/infection/infection/pull/2000
• Fix PHP-Parser 5.0 and 5.1 compatibility in tests by @​sidz in https://github.com/infection/infection/pull/1994

Added:

• Add PHP 8.4 to the pipeline by @​sidz in https://github.com/infection/infection/pull/1992

Changed:

• Run e2e tests in parallel by @​maks-rafalko in https://github.com/infection/infection/pull/1990
• Redirect stderr to stdout for e2e tests by @​maks-rafalko in https://github.com/infection/infection/pull/1991
• Un-prophecyze in favor of phpunit mock by @​sidz in https://github.com/infection/infection/pull/1993
• Use Null Coalescing Assignment Operator by @​sidz in https://github.com/infection/infection/pull/1995

Full Changelog: infection/infection@0.29.6...0.29.7

v0.29.6: Ignore switch(bool) statements in TrueValue and FalseValue mutators

Compare Source

Changed:

• Ignore switch(bool) statements in TrueValue and FalseValue mutators. by @​shanept in https://github.com/infection/infection/pull/1986

New Contributors

• @​shanept made their first contribution in https://github.com/infection/infection/pull/1986

Full Changelog: infection/infection@0.29.5...0.29.6

v0.29.5

Compare Source

Full Changelog

Added:

• Update GitHub actions used by @​vincentchalamon in https://github.com/infection/infection/pull/1979
• Introduce GitHub Actions Concurrency used by @​vincentchalamon in https://github.com/infection/infection/pull/1979

v0.29.4

Compare Source

Full Changelog

Added:

• Introduce --logger-project-root-directory by @​vincentchalamon in https://github.com/infection/infection/pull/1978

v0.29.3: Add support for `colinodell/json5` v3

Compare Source

Changed:

• Add support for colinodell/json5 v3 by @​Slamdunk in https://github.com/infection/infection/pull/1976

Full Changelog: infection/infection@0.29.2...0.29.3

v0.29.2: Highlight inline differences in CLI

Compare Source

Added:

• [Logs] Highlight inline differences in CLI by @​Slamdunk in https://github.com/infection/infection/pull/1974

Full Changelog: infection/infection@0.29.1...0.29.2

v0.29.1: Fix usage of custom mutator with bootstrap file

Compare Source

Fixed:

• Fix usage of custom mutator with bootstrap file by @​maks-rafalko in https://github.com/infection/infection/pull/1973

Full Changelog: infection/infection@0.29.0...0.29.1

v0.29.0

Compare Source

Full Changelog

Added:

• Support custom mutators by @​vss414 in https://github.com/infection/infection/pull/1686
• Custom mutator generator by @​maks-rafalko in https://github.com/infection/infection/pull/1969

Read about how to create custom mutators: https://infection.github.io/guide/custom-mutators.html

Changed:

• Move Infection\Mutator\Mutator to a separate package by @​maks-rafalko in https://github.com/infection/infection/pull/1963
• Make Mutator::getDefinition return type non-nullable by @​maks-rafalko in https://github.com/infection/infection/pull/1958
• Enable Rector's AddCoversClassAttributeRector rule by @​maks-rafalko in https://github.com/infection/infection/pull/1962
• Mention Discord instead of Slack in issue github template by @​staabm in https://github.com/infection/infection/pull/1951
• test: Force mutators to include remedies by @​theofidry in https://github.com/infection/infection/pull/1954
• Use the latest composer 2 to prevent issue with incompatibility for Box and composer 2.1 by @​maks-rafalko in https://github.com/infection/infection/pull/1957
• Use the latest v1 test checker action by @​maks-rafalko in https://github.com/infection/infection/pull/1960
• Upgrade Rector and fix new issues by @​maks-rafalko in https://github.com/infection/infection/pull/1961
• Use new PHP-CS-Fixer with parallelization by @​maks-rafalko in https://github.com/infection/infection/pull/1964
• Remove our own custom FQCN visitor as we already use php-parser's NameResolver visitor by @​maks-rafalko in https://github.com/infection/infection/pull/1967
• Replace deprecated constant NodeTraverser::DONT_TRAVERSE_CURRENT_AND_CHILDREN with NodeVisitor::DONT_TRAVERSE_CURRENT_AND_CHILDREN by @​maks-rafalko in https://github.com/infection/infection/pull/1968
• Remove our own ParentConnectorVisitor and use nikic-phpparser's one by @​maks-rafalko in https://github.com/infection/infection/pull/1970

v0.28.1: Use CI (GitHub, GitLab) variable to detect project path

Compare Source

Changed:

• feat: use CI variables to detect project path by @​darthf1 in https://github.com/infection/infection/pull/1949

New Contributors

• @​darthf1 made their first contribution in https://github.com/infection/infection/pull/1949

Full Changelog: infection/infection@0.28.0...0.28.1

v0.28.0

Compare Source

Full Changelog

Added:

• Add PHP-Parser 5 support by @​sidz in https://github.com/infection/infection/pull/1909

laminas/automatic-releases (laminas/automatic-releases)

v1.25.0

Compare Source

Release Notes for 1.25.0

Feature release (minor)

1.25.0

• Total issues resolved: 0
• Total pull requests resolved: 11
• Total contributors: 2

Enhancement,dependencies,renovate

• 259: Update dependency azjezz/psl to v3 thanks to @​renovate[bot]

renovate

• 257: Update docker/build-push-action action to v6 thanks to @​renovate[bot]
• 253: Lock file maintenance thanks to @​renovate[bot]
• 250: Update docker/setup-qemu-action action to v3 thanks to @​renovate[bot]
• 249: Update docker/setup-buildx-action action to v3 thanks to @​renovate[bot]
• 246: Update docker/login-action action to v3 thanks to @​renovate[bot]
• 245: Update docker/build-push-action action to v5 thanks to @​renovate[bot]
• 244: Update actions/checkout action to v4 thanks to @​renovate[bot]
• 243: Update dependency doctrine/coding-standard to v12 thanks to @​renovate[bot]
• 234: Update dependency phpunit/phpunit to v10 - autoclosed thanks to @​renovate[bot]

Enhancement,dependencies

• 247: Ci fixes thanks to @​gsteel

Ocramius/PackageVersions (ocramius/package-versions)

v2.9.0

Compare Source

---

Release Notes for 2.9.0

Feature release (minor)

2.9.0

• Total issues resolved: 0
• Total pull requests resolved: 2
• Total contributors: 2

dependencies,enhancement

• 256: Allow PHP 8.4 thanks to @​fezfez

security

• 253: Update dependency composer/composer to ^2.7.0 [SECURITY] thanks to @​renovate[bot]

sebastianbergmann/phpunit (phpunit/phpunit)

v10.5.38: PHPUnit 10.5.38

Compare Source

Changed

• #​6012: Remove empty lines between TeamCity events

---

How to install or update PHPUnit

v10.5.37: PHPUnit 10.5.37

Compare Source

Fixed

• #​5982: Typo in exception message

---

How to install or update PHPUnit

v10.5.36: PHPUnit 10.5.36

Compare Source

Changed

• #​5957: Skip data provider build when requirements are not satisfied
• #​5969: Check for requirements before creating a separate process
• Updated regular expressions used by StringMatchesFormatDescription constraint to be consistent with PHP's run-tests.php

Fixed

• #​5965: PHPUnit\Framework\Exception does not handle string error codes (PDOException with error code 'HY000', for example)

---

How to install or update PHPUnit

v10.5.35

Compare Source

v10.5.34: PHPUnit 10.5.34

Compare Source

Fixed

• #​5931: Reverted addition of name property on <testsuites> element in JUnit XML logfile
• #​5946: Callback throws a TypeError when checking a callable has variadic parameters

---

How to install or update PHPUnit

v10.5.33: PHPUnit 10.5.33

Compare Source

Fixed

• #​4584: assertJsonStringEqualsJsonString() considers objects with sequential numeric keys equal to be arrays
• #​4625: Generator yielding keys that are neither integer or string leads to hard-to-understand error message when used as data provider
• #​4674: JSON assertions should treat objects as unordered
• #​5891: Callback constraint does not handle variadic arguments correctly when used for mock object expectations
• #​5929: TestDox output containing $ at the beginning gets truncated when used with a data provider

---

How to install or update PHPUnit

v10.5.32: PHPUnit 10.5.32

Compare Source

Added

• #​5937: failOnPhpunitDeprecation attribute on the <phpunit> element of the XML configuration file and --fail-on-phpunit-deprecation CLI option for controlling whether PHPUnit deprecations should be considered when determining the test runner's shell exit code (default: do not consider)
• displayDetailsOnPhpunitDeprecations attribute on the <phpunit> element of the XML configuration file and --display-phpunit-deprecations CLI option for controlling whether details on PHPUnit deprecations should be displayed (default: do not display)

Changed

• #​5937: PHPUnit deprecations will, by default, no longer affect the test runner's shell exit code. This can optionally be turned back on using the --fail-on-phpunit-deprecation CLI option or the failOnPhpunitDeprecation="true" attribute on the <phpunit> element of the XML configuration file.
• Details for PHPUnit deprecations will, by default, no longer be displayed. This can optionally be turned back on using the --display-phpunit-deprecations CLI option or the displayDetailsOnPhpunitDeprecations attribute on the <phpunit> element of the XML configuration file.

---

How to install or update PHPUnit

v10.5.31: PHPUnit 10.5.31

Compare Source

Changed

• #​5931: name property on <testsuites> element in JUnit XML logfile
• Removed .phpstorm.meta.php file as methods such as TestCase::createStub() use generics / template types for their return types and PhpStorm, for example, uses that information

Fixed

• #​5884: TestDox printer does not consider that issues can be suppressed by attribute, baseline, source location, or @ operator

---

How to install or update PHPUnit

v10.5.30: PHPUnit 10.5.30

Compare Source

Changed

• Improved error message when stubbed method is called more often than return values were configured for it

---

How to install or update PHPUnit

v10.5.29: PHPUnit 10.5.29

Compare Source

Fixed

• #​5887: Issue baseline generator does not correctly handle ignoring suppressed issues
• #​5908: --list-tests and --list-tests-xml CLI options do not report error when data provider method throws exception

---

How to install or update PHPUnit

v10.5.28

Compare Source

v10.5.27: PHPUnit 10.5.27

Compare Source

Changed

• Updated dependencies (so that users that install using Composer's --prefer-lowest CLI option also get recent versions)

Fixed

• #​5892: Errors during write of phpunit.xml are not handled correctly when --generate-configuration is used

---

How to install or update PHPUnit

shivammathur/setup-php (shivammathur/setup-php)

v2.31.1

Compare Source

Changelog

• Fix installing PECL extensions on Windows with a build version #​855

• Fix cache support for ioncube extension #​856

• Updated Node.js dependencies.

For the complete list of changes, please refer to the Full Changelog

Follow for updates

v2.31.0

Compare Source

Changelog

• Added support for a fallback mirror for ondrej/php PPA when launchpad is down (#​834).

• Fixed installing packages on self-hosted environments with existing conf files (#​852).

• Fixed support for oci8 and pdo_oci extensions on ubuntu-24.04.

• Fixed support for couchbase extension on ubuntu-24.04.

• Fixed support for ubuntu-24.04 after apt-fast was dropped from the GA images.

• Fixed support for firebird extension on macos-14

• Fixed support for blackfire extension on macos-14.

• Fixed support for relay extension.

• Fixed support for phalcon extension for PHP 7.4 on Ubuntu.

• Updated Node.js dependencies.

For the complete list of changes, please refer to the Full Changelog

Follow for updates

v2.30.5

Compare Source

Changelog

• Added support for Ubuntu 24.04.

• Added support for easy-coding-standard in tools (https://github.com/shivammathur/setup-php/pull/838)

• Added support for zephir_parser for PHP 8.3.

• Fixed installing zts PHP versions on macOS (https://github.com/shivammathur/setup-php/issues/847).

• Fixed installing ev extension (https://github.com/shivammathur/setup-php/issues/844).

• Fixed support for ioncube extension (https://github.com/shivammathur/setup-php/issues/840).

• Updated Node.js dependencies.

For the complete list of changes, please refer to the Full Changelog

Follow for updates

v2.30.4

Compare Source

Changelog

• Fixed support for sqlsrv and pro_sqlsrv on Windows (https://github.com/shivammathur/setup-php/discussions/835).

• Fixed a permissions issue for brew on macos-14 environments.

• Marked PHP 5.3 to PHP 5.5 as not supported on ARM64 macOS environments like macos-14.

For the complete list of changes, please refer to the Full Changelog

Follow for updates

v2.30.3

Compare Source

Changelog

• Fixed reading extension directory for PHP 8.4 on macOS.

For the complete list of changes, please refer to the Full Changelog

Follow for updates

v2.30.2

Compare Source

Changelog

• Added support for vld extension (https://github.com/shivammathur/homebrew-extensions/issues/3827).

• Added support to update brew along with the core tap on macOS to handle breaking changes in core tap formulae.

• Updated Node.js dependencies.

For the complete list of changes, please refer to the Full Changelog

Follow for updates

v2.30.1

Compare Source

Changelog

• Improved updating Homebrew core tap on macOS using a retry logic.

• Fixed support for phalcon on Windows.

• Fixed support for OCI extensions for PHP 8.4 on Linux and macOS.

• Fixed support for sqlsrv and pdo_sqlsrv on PHP 8.0.

• Fixed type error on Windows in Get-File function.

• Minified the release file dist/index.js file generated by vercel/ncc.

• Updated pre-installed PHP versions for GitHub runners in the README.

• Updated Node.js dependencies.

For the complete list of changes, please refer to the Full Changelog

Follow for updates

vimeo/psalm (vimeo/psalm)

v5.26.1

Compare Source

What's Changed

Fixes

• Fix JSON formatter crashes with invalid UTF in error messages by @​weirdan in https://github.com/vimeo/psalm/pull/11092

Full Changelog: vimeo/psalm@5.26.0...5.26.1

v5.26.0

Compare Source

What's Changed

Features

• Add mysqli.execute-query as sink for TaintedSql by @​cgocast in https://github.com/vimeo/psalm/pull/11021
• Add TaintedCallable sinks for 4 core generic functions by @​cgocast in https://github.com/vimeo/psalm/pull/11090
• Improve mysql fetch_field* return type by @​MoonE in https://github.com/vimeo/psalm/pull/11009
• Check for psalm.dist.xml as well by @​HypeMC in https://github.com/vimeo/psalm/pull/11031

Fixes

• Change ReflectionParameter::getName() result type to non-empty-string by @​vjik in https://github.com/vimeo/psalm/pull/11037
• Fix mysqli_real_escape_string stub by @​kamil-tekiela in https://github.com/vimeo/psalm/pull/11078
• Fix mysqli_get_client_version by @​kamil-tekiela in https://github.com/vimeo/psalm/pull/11074
• Up the minimum required version of nikic/php-parser to 4.17 by @​chesn0k in https://github.com/vimeo/psalm/pull/10968
• Fix callable/lowercase strings coercion by @​weirdan in https://github.com/vimeo/psalm/pull/11091
• Consistently emit issues for properties on classes with unknown mixins by @​issidorov in https://github.com/vimeo/psalm/pull/11081

New Contributors

• @​chesn0k made their first contribution in https://github.com/vimeo/psalm/pull/10968

Full Changelog: vimeo/psalm@5.25.0...5.26.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

Read more about the use of Renovate Bot within ocramius/* projects.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: composer.lock

Command failed: composer update composer/composer:2.7.6 infection/infection:0.28.1 phpunit/phpunit:10.5.20 symfony/process:7.0.7 vimeo/psalm:5.24.0 --with-dependencies --ignore-platform-req='ext-*' --ignore-platform-req='lib-*' --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires vimeo/psalm ^5.24.0 -> satisfiable by vimeo/psalm[5.24.0].
    - vimeo/psalm 5.24.0 requires nikic/php-parser ^4.16 -> satisfiable by nikic/php-parser[v4.16.0, ..., v4.19.1].
    - You can only install one version of a package, so only one of these can be installed: nikic/php-parser[v4.10.0, ..., v4.19.1, v5.0.0, v5.0.1, v5.0.2].
    - infection/infection 0.28.1 requires nikic/php-parser ^5.0 -> satisfiable by nikic/php-parser[v5.0.0, v5.0.1, v5.0.2].
    - vimeo/psalm 5.24.0 conflicts with nikic/php-parser v4.17.0.
    - Root composer.json requires infection/infection ^0.28.1 -> satisfiable by infection/infection[0.28.1].

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.