composer(deps-dev): bump the minor-patch-dependencies group with 5 updates

[dependabot]

Updates the requirements on laminas/laminas-modulemanager, mimmi20/coding-standard, phpstan/phpstan, symplify/phpstan-rules and tomasvotruba/type-coverage to permit the latest version.
Updates laminas/laminas-modulemanager to 2.16.0

Release notes

Sourced from laminas/laminas-modulemanager's releases.

2.16.0

Release Notes for 2.16.0

Feature release (minor)

2.16.0

• Total issues resolved: 0
• Total pull requests resolved: 1
• Total contributors: 1

Enhancement

• 51: Update minor dependencies, allow installation of brick/varexporter 0.5 thanks to @​slknijnenburg

Commits

• 8df7b23 Merge pull request #51 from slknijnenburg/2.16.x
• 3a51ab2 Lock file maintenance
• 2b68754 Address Psalm issues after update
• fb17b47 Update lock-file for psalm/plugin-phpunit update
• 2b4b13f Update all non-major dependencies
• 81c2192 Lock file maintenance
• See full diff in compare view

Updates mimmi20/coding-standard to 5.2.35

Commits

• b9b83e4 Merge pull request #521 from mimmi20/renovate/all-minor-patch-dependencies
• 442b99b Update dependency friendsofphp/php-cs-fixer to ^3.59.3
• 18b6c03 Merge pull request #520 from mimmi20/updates
• c497061 update docblock
• 3c15d3f add new stub
• 4d2a07c add new stub
• fd4b6fc Merge pull request #513 from mimmi20/renovate/all-minor-patch-dependencies
• fd9d326 Merge pull request #519 from mimmi20/dependabot/composer/master/friendsofphp/...
• 1b765e4 Update all non-major dependencies
• 01afc7c composer(deps): update friendsofphp/php-cs-fixer requirement
• Additional commits viewable in compare view

Updates phpstan/phpstan to 1.11.5

Release notes

Sourced from phpstan/phpstan's releases.

1.11.5

Bleeding edge 🔪

• Check array functions which require stringish values (#3132), #11141, #5848, #3694, #11111, thanks @​schlndh!

If you want to see the shape of things to come and adopt bleeding edge features early, you can include this config file in your project's phpstan.neon:

includes:
	- vendor/phpstan/phpstan/conf/bleedingEdge.neon

Of course, there are no backwards compatibility guarantees when you include this file. The behaviour and reported errors can change in minor versions with this file included. Learn more

Improvements 🔧

• When internal errors occur, do not show other reported errors (phpstan/phpstan-src@aa92113)
  • It's important to first solve internal errors before seeing other reported errors
  • Inspired by Result Cache work locally but not in CI phpstan/phpstan#11107 (ReviewDog was eating up important errors)
• Show internal errors nicely in PHPStan Pro

Bugfixes 🐛

• Fix bug in get_debug_type() DynamicFunctionReturnTypeExtension (#3128), thanks @​patrickkusebauch!
• Include path when counting errors ignored by identifier (#3154), #11177, thanks @​pilif!
• Implement bit shift operation on integers and unions (#3145), thanks @​thg2k!
• Fix division type result with even integer range (#3152), thanks @​thg2k!
• Solve identical comparison bug in call-site variance (#3153), #11161, #10697, thanks @​VincentLanglet!

Function signature fixes 🤖

• gnupg_init() options parameter is optional (#3129), thanks @​yphoenix!
• Update outdated RedisCluster::__construct signature (#3130), #11158, thanks @​wolfgangzwiauer!
• Improve image related functions signature (#3127), thanks @​thg2k!
• Update/fix ext-amqp signatures (#3139), thanks @​ben-challis!
• fix AMQPQueue::unbind() routingKey type (#3143), thanks @​ben-challis!
• Add parameter definitions to AMQPQueue::consume() callback (#3144), #9445, thanks @​ben-challis!
• Add int ranges to AMQP typings (#3146), thanks @​ben-challis!
• Various fixes to the return signature of IntlDateFormatter methods (#3149), thanks @​chosten!
• Fix Exception::getTrace() return type (phpstan/phpstan-src@492cd89)
• fix posix_getpwuid (#3157), thanks @​pistej!

Internals 🔍

• Regression test (#3136), thanks @​staabm!

... (truncated)

Commits

• 490f0ae PHPStan 1.11.5
• 2546955 Update errors identifiers
• 01e5828 Updated PHPStan to commit 01e5828ef4dd581732c087c3524073c469173069
• 7d9800c Updated PHPStan to commit 7d9800c2241344556731eb7f17fd6b8564dba43c
• 71534f1 Fix
• 98476c3 Update result-cache.md
• 1cb07bd Update errors identifiers
• 108277a Updated PHPStan to commit 108277a6348de38eaaeb6a5bdb89f83dd775fc9c
• 1711429 Updated PHPStan to commit 1711429c1ba2b30ce63ae6f8eff763758accc4c1
• c45cade Bump braces from 3.0.2 to 3.0.3 in /website
• Additional commits viewable in compare view

Updates symplify/phpstan-rules to 13.0.0

Release notes

Sourced from symplify/phpstan-rules's releases.

13.0.0

• Move type-declaration-related rules to type-perfect package by @​TomasVotruba in symplify/phpstan-rules#128
• See https://github.com/rectorphp/type-perfect/ and https://getrector.com/blog/introducing-type-perfect-for-extra-safety

Added Rules 🥳

• Add ForbiddenStaticClassConstFetchRule by @​TomasVotruba in symplify/phpstan-rules#131
• Add no global const rule, entity in its namespace and no single implementer by @​TomasVotruba in symplify/phpstan-rules#132

What's Changed 🔨

• Allow d in short names by @​TomasVotruba in symplify/phpstan-rules#116

• Skip attributes on setter rule by @​TomasVotruba in symplify/phpstan-rules#120

• Allow abstract classes to be implemented in NoSingleInterfaceImplementerRule by @​TomasVotruba in symplify/phpstan-rules#135

• Improve no single interface by @​TomasVotruba in symplify/phpstan-rules#136

Removed 💀

Few rules seemed like too pedantic in practice, I always ignored them in most projects. Time to let go to make this set more practical:

• Remove NoMissingDirPathRule, as often not clear if target file or required file path by @​TomasVotruba in symplify/phpstan-rules#129
• Remove NoAbstractMethodRule as way too opinionated by @​TomasVotruba in symplify/phpstan-rules#121
• Remove ForbiddenSameNamedNewInstanceRule as rarely a buggy spot by @​TomasVotruba in symplify/phpstan-rules#123
• Remove NoVoidGetterMethodRule as not that practical by @​TomasVotruba in symplify/phpstan-rules#125
• Remove NoEmptyClassRule, as rarely true and already coverd by class-leak by @​TomasVotruba in symplify/phpstan-rules#124
• Remove NoShortNameRule, as devs are educated and not a thing anymore by @​TomasVotruba in symplify/phpstan-rules#127
• Remove NoRelativeFilePathRule as more exceptoins by @​TomasVotruba in symplify/phpstan-rules#118
• Remove RequireEnumDocBlockOnConstantListPassRule as reports many false positive, better shift to native enums by @​TomasVotruba in symplify/phpstan-rules#119
• Remove NoDuplicatedShortClassNameRule as overly detailed by @​TomasVotruba in symplify/phpstan-rules#133
• Remove NoNullableArrayPropertyRule as depends on use-case, cached etc by @​TomasVotruba in symplify/phpstan-rules#134
• Remove BoolishClassMethodPrefixRule as very limited and often ignored by @​TomasVotruba in symplify/phpstan-rules#114
• Remove NoProtectedClassElementRule as overly strict by @​TomasVotruba in symplify/phpstan-rules#115

Full Changelog: symplify/phpstan-rules@12.5.0...13.0.0

Commits

• 94300a4 release PHP 7.2 downgraded
• 69e4d29 [docs] Show rules directly in README (#137)
• 51b5765 Improve no single interface (#136)
• 883c98d restore parseClassReflection()
• b22fabb Allow abstract classes to be implemented in NoSingleInterfaceImplementerRule ...
• 3c9b05f docs
• 8ee301e space
• 7fb4489 Remove NoNullableArrayPropertyRule as depends on use-case, cached etc (#134)
• d988393 Typo
• a82ea88 typo
• Additional commits viewable in compare view

Updates tomasvotruba/type-coverage to 0.3.1

Commits

• dd47f95 release PHP 7.2 downgraded
• cf8eb16 Tidy constant check (#42)
• 8527a16 Check for const types (#41)
• f7512af space
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/setup-node	4.*.*	🟢 5.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 9 binaries present in source code Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 9 security policy file detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 4 6 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/lint-workflow-files.yml

• actions/setup-node@4.*.*

composer.json

• laminas/laminas-modulemanager@>= 2.16.0, < 3.0.0
• mimmi20/coding-standard@>= 5.2.35, < 6.0.0
• phpstan/phpstan@>= 1.11.5, < 2.0.0
• rector/type-perfect@>= 0.1.6, < 0.2.0
• symplify/phpstan-rules@>= 13.0.0, < 14.0.0
• tomasvotruba/type-coverage@>= 0.3.1, < 0.4.0
• laminas/laminas-modulemanager@>= 2.15.0, < 3.0.0
• mimmi20/coding-standard@>= 5.2.33, < 6.0.0
• phpstan/phpstan@>= 1.11.4, < 2.0.0
• symplify/phpstan-rules@>= 12.7.0, < 13.0.0
• tomasvotruba/type-coverage@>= 0.3.0, < 0.4.0

[codeclimate]

Code Climate has analyzed commit 5cda10f and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 100.0% (0.0% change).

View more on Code Climate.