Bump the dev-dependencies group with 7 updates

[dependabot]

Updates the requirements on ergebnis/composer-normalize, phpstan/phpstan-phpunit, phpstan/phpstan-strict-rules, phpunit/phpunit, shipmonk/composer-dependency-analyser, shipmonk/dead-code-detector and shipmonk/phpstan-rules to permit the latest version.
Updates ergebnis/composer-normalize to 2.48.2

Release notes

Sourced from ergebnis/composer-normalize's releases.

2.48.2

What's Changed

• github-actions(deps): Bump ergebnis/.github from 1.9.3 to 1.10.0 by @​dependabot[bot] in ergebnis/composer-normalize#1497
• Fix: Update branch alias by @​localheinz in ergebnis/composer-normalize#1502

Full Changelog: ergebnis/composer-normalize@2.48.1...2.48.2

Changelog

Sourced from ergebnis/composer-normalize's changelog.

[2.48.2][2.48.2]

For a full diff see [2.48.1...2.48.2][2.48.1...2.48.2].

Fixed

• Updated branch alias (#1502), by [@​localheinz]

[2.48.1][2.48.1]

For a full diff see [2.48.0...2.48.1][2.48.0...2.48.1].

Fixed

• Adjusted release workflow to create a release in draft mode, upload release assets, and then publish the release (#1496), by [@​localheinz]

[2.48.0][2.48.0]

For a full diff see [2.47.0...2.48.0][2.47.0...2.48.0].

Changed

• Updated schema.json (#1454), by [@​ergebnis-bot]
• Allowed installation on PHP 8.5 (#1485), by [@​localheinz]
• Added support for PHP 8.5 (#1490), by [@​AlexSkrypnyk]
• Updated localheinz/diff (#1493), by [@​andrey-helldar]

[2.47.0][2.47.0]

For a full diff see [2.46.0...2.47.0][2.46.0...2.47.0].

Changed

• Updated schema.json (#1441), by [@​ergebnis-bot]

[2.46.0][2.46.0]

For a full diff see [2.45.0...2.46.0][2.45.0...2.46.0].

Changed

• Updated schema.json (#1419), by [@​ergebnis-bot]
• Updated ergerbnis/json-normalizer (#1440), by [@​localheinz]

[2.45.0][2.45.0]

For a full diff see [2.44.0...2.45.0][2.44.0...2.45.0].

Added

... (truncated)

Commits

• 86dc973 Enhancement: Prepare release
• b6912eb Merge pull request #1502 from ergebnis/fix/alias
• 85f6491 Fix: Reference
• dfaffe8 Fix: Update branch alias
• 7b56ae5 Merge pull request #1497 from ergebnis/dependabot/github_actions/ergebnis/dot...
• 40d5d91 Enhancement: Prepare release
• 56df814 Merge pull request #1496 from ergebnis/fix/immutable
• dc80d6e github-actions(deps): Bump ergebnis/.github from 1.9.3 to 1.10.0
• f10ed3c Fix: Create release in draft mode, upload assets, and then publish release
• b5e1262 Enhancement: Prepare release
• Additional commits viewable in compare view

Updates phpstan/phpstan-phpunit to 2.0.8

Release notes

Sourced from phpstan/phpstan-phpunit's releases.

2.0.8

• 2fe9fbe - Fix AssertSameWithCountRule for recursive count()
• d935297 - Fix "Unexpected input(s) 'extensions', valid inputs are ['php-version', 'php-extensions', 'build-infection-path']"
• 8532ceb - Make AssertSameNullExpectedRule auto-fixable
• a4abfc1 - Use TypeSystem in AssertSameBooleanExpectedRule
• 36cb9a6 - Make AssertSameBooleanExpectedRule auto-fixable
• 450bfc0 - Added assertArrayHasKey() expectations
• 033f690 - PHPUnit 9.x/10.x does not at all support named arguments from data-providers
• 758d343 - Refactor PHPUnitVersionDetector to ease different major version checks
• dd87f2e - Assert*Rules: Do cheap checks first (#247)
• 5c89d74 - Ignore missingType.iterableValue for data-providers
• 1fbc321 - move analyse-paths into phpstan.neon
• 11f3ada - Fix mutation testing on dev branch (#244)
• 53e33fc - Setup mutation testing
• 12676a7 - One more test
• c81e395 - Fix memory consumption in DataProviderDataRule
• 61860a6 - Implement DataProviderDataRule
• 39950c7 - Preparational refactoring for DataProviderDataRule
• c54a269 - Narrow too wide return type
• 9ec3fa9 - Modernize code examples in README.md
• b1df1f5 - chore(deps): update actions/checkout action to v5
• 1d7eb7e - chore(deps): update eomm/why-don-t-you-tweet action to v2

Commits

• 2fe9fbe Fix AssertSameWithCountRule for recursive count()
• d935297 Fix "Unexpected input(s) 'extensions', valid inputs are ['php-version', 'php-...
• 8532ceb Make AssertSameNullExpectedRule auto-fixable
• a4abfc1 Use TypeSystem in AssertSameBooleanExpectedRule
• 36cb9a6 Make AssertSameBooleanExpectedRule auto-fixable
• 450bfc0 Added assertArrayHasKey() expectations
• 033f690 PHPUnit 9.x/10.x does not at all support named arguments from data-providers
• 758d343 Refactor PHPUnitVersionDetector to ease different major version checks
• dd87f2e Assert*Rules: Do cheap checks first (#247)
• 5c89d74 Ignore missingType.iterableValue for data-providers
• Additional commits viewable in compare view

Updates phpstan/phpstan-strict-rules to 2.0.7

Release notes

Sourced from phpstan/phpstan-strict-rules's releases.

2.0.7

• d6211c4 - enable checkStrictPrintfPlaceholderTypes
• 6b78d53 - Update README.md
• 0435aeb - Consolidate overwriteVariablesWithLoop rule details
• e861638 - Simplify tests in which checkNullables is always true
• 11b6403 - Simplify tests in which treatPhpDocTypesAsCertain is always true
• b043bd8 - Simplify RequireParentConstructCallRule
• 9f76a17 - Update actions/checkout action to v5
• 2b69ec5 - Update Eomm/why-don-t-you-tweet action to v2

Commits

• d6211c4 enable checkStrictPrintfPlaceholderTypes
• 6b78d53 Update README.md
• 0435aeb Consolidate overwriteVariablesWithLoop rule details
• e861638 Simplify tests in which checkNullables is always true
• 11b6403 Simplify tests in which treatPhpDocTypesAsCertain is always true
• b043bd8 Simplify RequireParentConstructCallRule
• 9f76a17 Update actions/checkout action to v5
• 2b69ec5 Update Eomm/why-don-t-you-tweet action to v2
• f9f77ef Add numeric check on unary plus and unary minus
• 1f1358d UselessCastRule: do cheaper check first
• Additional commits viewable in compare view

Updates phpunit/phpunit to 10.5.59

Release notes

Sourced from phpunit/phpunit's releases.

PHPUnit 10.5.59

Changed

• #6338: Removed code from PHPUnit\Runner\TestSuiteSorter that was only used in the tests for this class
• Updated list of deprecated PHP configuration settings for PHP 8.4, PHP 8.5, and PHP 8.6

---

Learn how to install or update PHPUnit 10.5 in the documentation.

Keep up to date with PHPUnit:

• You can follow @​[email protected] to stay up to date with PHPUnit's development.
• You can subscribe to the PHPUnit Updates newsletter to receive updates about and tips for PHPUnit.

Changelog

Sourced from phpunit/phpunit's changelog.

[10.5.59] - 2025-01-12

Changed

• #6338: Removed code from PHPUnit\Runner\TestSuiteSorter that was only used in the tests for this class
• Updated list of deprecated PHP configuration settings for PHP 8.4, PHP 8.5, and PHP 8.6

[10.5.58] - 2025-09-28

Fixed

• #6368: failOnPhpunitWarning="false" has no effect

[10.5.57] - 2025-09-24

• No changes; phpunit.phar rebuilt with updated dependencies

[10.5.56] - 2025-09-23

• No changes; phpunit.phar rebuilt with updated dependencies

[10.5.55] - 2025-09-14

Changed

• #6366: Exclude __sleep() and __wakeup() from test double code generation on PHP >= 8.5

[10.5.54] - 2025-09-11

Changed

• Do not use __sleep() method (which will be deprecated in PHP 8.5)

[10.5.53] - 2025-08-20

Changed

• Do not configure report_memleaks setting (which will be deprecated in PHP 8.5) for PHPT processes

[10.5.52] - 2025-08-16

Changed

• #6321: Allow error_reporting=E_ALL for --check-php-configuration

[10.5.51] - 2025-08-12

Changed

• #6308: Improve output of --check-php-configuration

... (truncated)

Commits

• c47fe00 Prepare release
• 6ffc27f Merge branch '9.6' into 10.5
• b69489b Prepare release
• 2d34a01 Work around nikic/PHP-Parser#1133
• 96f8f10 Merge branch '8.5' into 9.6
• 2605ccb Prepare release
• 7e291df Merge branch '9.6' into 10.5
• 3984de9 Update ChangeLog
• 4179acc Update ChangeLog
• 85abf2f Merge branch '9.6' into 10.5
• Additional commits viewable in compare view

Updates shipmonk/composer-dependency-analyser to 1.8.4

Release notes

Sourced from shipmonk/composer-dependency-analyser's releases.

1.8.4

Fixes:

• Fix edgecase of classlike definitions being detected as function usages (#240)
• Fix detection of unqualified static access in global scope (#243)

Commits

• 975e587 Detect unqualified static access in global scope (#243)
• 735ee14 Fix classlike definitions being detected as function usages (#240)
• 7ad1bec CI: run also PHP 8.5 (#239)
• ff95a1d Adjust E2E tests (#242)
• 65307b9 E2E: no self composer install (#244)
• debd7cb Drop dependabot, update deps (#223)
• a62ecf4 readme: add ignoreErrorsOnExtension example (#234)
• c434180 Adjust E2E tests (#235)
• a4a259c tests: skip testPharSupport instead of hard failure (#225)
• See full diff in compare view

Updates shipmonk/dead-code-detector to 0.14.0

Release notes

Sourced from shipmonk/dead-code-detector's releases.

0.14.0

New features:

• Support PHP 8.5 features (#269)
• Support phpbench entrypoints (#262, @​simPod)
• Support behat entrypoints (#267, @​devbanana)
• Support stream_wrapper_register magic (#266)

Improvements

• All filepaths are now resolved relative to config file they reside (same as native PHPStan configs) (#219)
  • usageProviders.symfony.configDir
  • usageExcluders.tests.devPaths

Dependencies

• phpstan/phpstan now requires ^2.1.23 (was ^2.1.12) (#254)

Breaking changes

• All classes are final (#237)

Commits

• 56f9f3f Make all classes final (#237)
• 17036d8 Support clone with + test pipe operator (#269)
• 4ebdee6 Add Behat support (#267)
• 05b569e CI: forks to have some token for checkout (#268)
• df3d0d7 DoctrineUsageProvider: minor simplification (#232)
• 6f96c54 Utilize new expandRelativePaths (#219)
• d665917 CI: run also PHP 8.5 (#254)
• 3a32065 Support stream_wrapper_register (#266)
• 7cbc2b8 Introduce entrypoint provider for phpbench (#262)
• f68d1e2 SymfonyUsageProviderTest: add testAutodetectConfigDir (#260)
• Additional commits viewable in compare view

Updates shipmonk/phpstan-rules to 4.3.0

Release notes

Sourced from shipmonk/phpstan-rules's releases.

4.3.0

Improvements:

• enforceReadonlyPublicProperty support asymmetric visibility (#331, @​JanTvrdik)
• forbidArithmeticOperationOnNonNumber add support for BcMath\Number (#321, @​JokubasR)

Fixes:

• enforceNativeReturnTypehint fix false positive for unions with template type (#325, @​mspirkov)
• forbidPhpDocNullabilityMismatchWithNativeTypehint: ignore void methods (#328, @​mspirkov)

Dependencies:

• phpstan/phpstan now requires ^2.1.32 (#331)

Commits

• d8ef02e forbidArithmeticOperationOnNonNumber: add support for BcMath\Number (#321)
• 90aea84 enforceNativeReturnTypehint fix false positive for unions with template typ...
• d36092e Update CI actions to latest versions and add manual dispatch (#330)
• 057cf4b EnforceReadonlyPublicPropertyRule: support asymmetric visibility (#331)
• 5e29b47 Fix handling of the void type in `ForbidPhpDocNullabilityMismatchWithNative...
• b7b6029 composer.lock: update phpstan to 2.1.32 (#327)
• d1b70b1 Update shipmonk/coding-standard to ^0.2.0 (#326)
• 651492f Readme: mention throws LSP checks (#323)
• 5ff9975 Fix ignore after PHPStan update (#322)
• af834c5 README: Fix typo (#318)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions