chore: bump carthage-software/mago from 1.26.0 to 1.27.1

[dependabot]

Bumps carthage-software/mago from 1.26.0 to 1.27.1.

Release notes

Sourced from carthage-software/mago's releases.

Mago 1.27.1

A patch release focused on false-positive cleanup: polyfills now widen builtin availability, ?? on static-local arrays no longer reports as redundant, and the array{} | list{T, ...} merge marks known positions as optional. The Composer package's src/ export-ignore is scoped to root only, and aarch64 Linux release jobs skip tests they can't execute.

🐛 Bug Fixes

Codex

• Polyfill availability merge: vendor polyfills now widen builtin version constraints when merging duplicate symbols. (#1841, a3cec7a4)
• array{} | list{T, ...} merge: known list positions become optional so $list[0] ?? null is no longer flagged redundant. (#1830, 5c0dc070)

Analyzer

• Static-local array ??=: redundant-null-coalesce no longer fires on $static[$key] ??= ... across persistent calls. (#1831, 873d9041)

CI

• aarch64 Linux release builds skip tests: cross-compiled binaries can't run on the x86_64 runner. (1d45d43c)

Composer

• src/ export-ignore scoped to root: only the repo's root src/ is excluded from Composer dist archives. (#1828, a6e2ed0d)

🏗️ Internal

• Nightly toolchain pin: bumped to nightly-2026-05-13. (#1829, 619a8ca4)

🙏 Thank You

Contributors

A huge thank you to everyone who contributed code to this release:

• @​mmodler: #1828

Issue Reporters

Thank you to everyone who reported issues that shaped this release:

• @​dotdash: #1841
• @​Tastaturberuf: #1831
• @​draphikas: #1830
• @​mmodler: #1827

Full Changelog: carthage-software/mago@1.27.0...1.27.1

Mago 1.27.0

A feature release built around Mago\Available* attributes for version-gating PHP symbols, several formatter additions for attribute ordering and multi-trait use splits under PER-CS/PSR-12, a hierarchy-aware Class::method form for class-initializers, and a namespaced mode for no-fully-qualified-global-function that imports the parent namespace instead of the function. The rest is a batch of analyzer narrowings, a mago lint --only CLI fix, the long-standing PHP 8.4 inline new X()->method() formatter fix, and docs work (playground contrast, version-switch keeping you on the same page).

... (truncated)

Commits

• f4c31bb release: 1.27.1
• 5c0dc07 fix(codex): mark list known-element entries optional when absorbing array{}
• 873d904 fix(analyzer): suppress redundant-null-coalesce on static-local array accesses
• a3cec7a fix(codex): union version constraints when merging duplicate symbol metadata
• 1d45d43 fix(ci): skip tests for aarch64 linux release builds
• a6e2ed0 fix: scope src/ export-ignore to root directory only (#1828)
• 619a8ca chore: update pinned nightly toolchain to nightly-2026-05-13 (#1829)
• ac8e262 release: 1.27.0
• a27851a fix(docs): improve playground selection, link, and sidebar contrast
• ef0b0e0 fix(docs): record per-version paths so version-switch keeps you on the same page
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)