Bump the phpstan group with 3 updates

[dependabot]

Updates the requirements on phpstan/phpstan-phpunit, spaze/phpstan-disallowed-calls and shipmonk/phpstan-rules to permit the latest version.
Updates phpstan/phpstan-phpunit to 2.0.8

Release notes

Sourced from phpstan/phpstan-phpunit's releases.

2.0.8

• 2fe9fbe - Fix AssertSameWithCountRule for recursive count()
• d935297 - Fix "Unexpected input(s) 'extensions', valid inputs are ['php-version', 'php-extensions', 'build-infection-path']"
• 8532ceb - Make AssertSameNullExpectedRule auto-fixable
• a4abfc1 - Use TypeSystem in AssertSameBooleanExpectedRule
• 36cb9a6 - Make AssertSameBooleanExpectedRule auto-fixable
• 450bfc0 - Added assertArrayHasKey() expectations
• 033f690 - PHPUnit 9.x/10.x does not at all support named arguments from data-providers
• 758d343 - Refactor PHPUnitVersionDetector to ease different major version checks
• dd87f2e - Assert*Rules: Do cheap checks first (#247)
• 5c89d74 - Ignore missingType.iterableValue for data-providers
• 1fbc321 - move analyse-paths into phpstan.neon
• 11f3ada - Fix mutation testing on dev branch (#244)
• 53e33fc - Setup mutation testing
• 12676a7 - One more test
• c81e395 - Fix memory consumption in DataProviderDataRule
• 61860a6 - Implement DataProviderDataRule
• 39950c7 - Preparational refactoring for DataProviderDataRule
• c54a269 - Narrow too wide return type
• 9ec3fa9 - Modernize code examples in README.md
• b1df1f5 - chore(deps): update actions/checkout action to v5
• 1d7eb7e - chore(deps): update eomm/why-don-t-you-tweet action to v2

Commits

• 2fe9fbe Fix AssertSameWithCountRule for recursive count()
• d935297 Fix "Unexpected input(s) 'extensions', valid inputs are ['php-version', 'php-...
• 8532ceb Make AssertSameNullExpectedRule auto-fixable
• a4abfc1 Use TypeSystem in AssertSameBooleanExpectedRule
• 36cb9a6 Make AssertSameBooleanExpectedRule auto-fixable
• 450bfc0 Added assertArrayHasKey() expectations
• 033f690 PHPUnit 9.x/10.x does not at all support named arguments from data-providers
• 758d343 Refactor PHPUnitVersionDetector to ease different major version checks
• dd87f2e Assert*Rules: Do cheap checks first (#247)
• 5c89d74 Ignore missingType.iterableValue for data-providers
• Additional commits viewable in compare view

Updates spaze/phpstan-disallowed-calls to 4.7.0

Release notes

Sourced from spaze/phpstan-disallowed-calls's releases.

PHP 8.5 support and some maintenance

What's Changed

• Start testing on PHP 8.5 (#349)
• Add a link to a new Symfony config package that has just dd() and dump() for now (#353)

Internal changes

• Update Dead Code Detector (#350)
• Remove nikic/php-parser as a direct dev dependency (#347)
• Support nikic/php-parser 5.6.1 in tests (#348)
• Bump actions/checkout from 4 to 5 (#345)
• Narrow the thrown type in docblock to void when no exception is thrown (#352)

Commits

• 0765102 Add a link to a new Symfony config that has just dd() and dump() for now ...
• 2e63d4c Add a link to a new Symfony config that has just dd() and dump() for now
• 0d8b003 Narrow the thrown type when no exception is thrown (#352)
• 3bf7701 Narrow the thrown type when no exception is thrown
• 73ea667 De-downgrade de Dead Code Detector dev dependency (#350)
• 0fc4f4e Detect dead enum cases
• f28489a De-downgrade de Dead Code Detector dev dependency
• b96123f Start testing on PHP 8.5 (#349)
• 6508c52 Start testing on PHP 8.5
• 471c55e Remove nikic/php-parser as a direct dev dependency (#347)
• Additional commits viewable in compare view

Updates shipmonk/phpstan-rules to 4.3.0

Release notes

Sourced from shipmonk/phpstan-rules's releases.

4.3.0

Improvements:

• enforceReadonlyPublicProperty support asymmetric visibility (#331, @​JanTvrdik)
• forbidArithmeticOperationOnNonNumber add support for BcMath\Number (#321, @​JokubasR)

Fixes:

• enforceNativeReturnTypehint fix false positive for unions with template type (#325, @​mspirkov)
• forbidPhpDocNullabilityMismatchWithNativeTypehint: ignore void methods (#328, @​mspirkov)

Dependencies:

• phpstan/phpstan now requires ^2.1.32 (#331)

Commits

• d8ef02e forbidArithmeticOperationOnNonNumber: add support for BcMath\Number (#321)
• 90aea84 enforceNativeReturnTypehint fix false positive for unions with template typ...
• d36092e Update CI actions to latest versions and add manual dispatch (#330)
• 057cf4b EnforceReadonlyPublicPropertyRule: support asymmetric visibility (#331)
• 5e29b47 Fix handling of the void type in `ForbidPhpDocNullabilityMismatchWithNative...
• b7b6029 composer.lock: update phpstan to 2.1.32 (#327)
• d1b70b1 Update shipmonk/coding-standard to ^0.2.0 (#326)
• 651492f Readme: mention throws LSP checks (#323)
• 5ff9975 Fix ignore after PHPStan update (#322)
• af834c5 README: Fix typo (#318)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @xificurk.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[xificurk]

@dependabot squash and merge

[dependabot]

Beginning January 27, 2026, Dependabot will no longer support the @dependabot squash and merge command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details.

[coveralls]

Pull Request Test Coverage Report for Build 19828123212

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 0.0%

---

Totals
Change from base Build 19827812064:	0.0%
Covered Lines:	0
Relevant Lines:	157

---

💛 - Coveralls