Skip to content

Update all non-major dependencies#143

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/all-minor-patch
Open

Update all non-major dependencies#143
renovate[bot] wants to merge 1 commit intomainfrom
renovate/all-minor-patch

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jan 29, 2026
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
carthage-software/mago ^1.4.1^1.13.1 age adoption passing confidence
ergebnis/composer-normalize ^2.49.0^2.50.0 age adoption passing confidence
phpstan/phpstan ^2.1.38^2.1.40 age adoption passing confidence
phpstan/phpstan-deprecation-rules ^2.0.3^2.0.4 age adoption passing confidence
phpstan/phpstan-phpunit ^2.0.12^2.0.16 age adoption passing confidence
phpstan/phpstan-strict-rules ^2.0.8^2.0.10 age adoption passing confidence
phpstan/phpstan-symfony ^2.0.12^2.0.15 age adoption passing confidence
phpunit/phpunit (source) ^11.5.50^11.5.55 age adoption passing confidence

Release Notes

carthage-software/mago (carthage-software/mago)

v1.13.1: Mago 1.13.1

Compare Source

Mago 1.13.1

This is a patch release that adds official Docker container image support and documentation for using Mago in containerized environments.

✨ Features

Docker
  • Official container image: Mago is now published as a multi-arch container image (linux/amd64 and linux/arm64) to the GitHub Container Registry on every release. The image is built from scratch using statically-linked musl binaries, weighing only ~26 MB. Available tags include latest, exact versions (1.13.1), minor (1.13), and major (1) (#​1125)

📖 Documentation

  • Docker recipe: Added a comprehensive Docker usage guide covering quick start, CI/CD examples for GitHub Actions, GitLab CI, and Bitbucket Pipelines, shell alias setup, and known limitations
  • Installation page: Added Docker as an installation method
  • GitHub Actions recipe: Added an alternative workflow using the Docker container image

🙏 Thank You

Issue Reporters

Thank you to everyone who reported issues and requested features that shaped this release:

Full Changelog: carthage-software/mago@1.13.0...1.13.1

v1.13.0: Mago 1.13.0

Compare Source

Mago 1.13.0

This release adds a new no-inline linter rule, fixes a formatter idempotency bug with comments in ternary expressions, fixes missing type diagnostics for abstract methods, replaces the self_update dependency to unblock cargo install mago, and improves self-update error messages.

✨ Features

Linter
  • New no-inline rule: Disallows inline content (text outside of <?php tags) in source files. Most modern PHP applications are source-code only and do not use PHP as a templating language. Inline content before <?php, after ?>, or between PHP tags is typically unintentional and can cause issues such as unexpected output or "headers already sent" errors. This rule is disabled by default and is intended for codebases that do not use PHP templates (#​1220)

🐛 Bug Fixes

Analyzer
  • Missing type diagnostics for abstract methods: Fixed a bug where missing-parameter-type, missing-return-type, and imprecise type diagnostics were not reported for abstract methods in classes and interfaces (#​1223)
Formatter
  • Comment reordering in ternary expressions: Fixed an idempotency bug where line comments between ?/: and their operands in ternary expressions were reordered and merged on each formatting pass, requiring up to 4 passes before stabilizing. Comments after ? and : are now correctly preserved in their original order (#​1221)
CLI
  • Better self-update error messages: When a release does not include a binary for the current platform, the error message now lists the user's detected platform and the available assets, making it easier to diagnose the issue (#​1218)

🏗️ Internal

  • Replaced self_update crate with custom updater module: The self_update crate was pinned to a git ref, which blocked cargo publish and cargo install mago. It has been replaced with a minimal, purpose-built updater using ureq, self-replace, and direct archive handling
  • Fixed WASM playground cache: The playground now busts the WASM cache on every release, ensuring users always get the latest version (#​1219)

💛 Sponsors

Mago is developed and maintained as an independent open-source project. A special thank you to all of our sponsors whose support makes continued development possible:

Building and maintaining a tool like Mago takes a significant amount of time and effort. While we are incredibly grateful for the support we receive, it does not yet cover full-time development. If Mago is saving you time or improving your codebase, please consider supporting its development through GitHub Sponsors or an enterprise support contract with Carthage Software.

🙏 Thank You

Issue Reporters

Thank you to everyone who reported issues and requested features that shaped this release:

Full Changelog: carthage-software/mago@1.12.1...1.13.0

v1.12.1: Mago 1.12.1

Compare Source

Mago 1.12.1

This is a patch release with bug fixes for the analyzer and formatter.

🐛 Bug Fixes

Analyzer
  • False positive duplicate-array-key with spread operator: Fixed a false positive where explicit keys following a spread expression (e.g., [...self::DEFAULTS, 'title' => 'Override']) were incorrectly flagged as duplicate keys. Overriding spread keys with explicit entries is a common PHP pattern and is no longer reported (#​1215)
Formatter
  • Parentheses stripped from non-associative comparison chains: Fixed a bug where the formatter removed necessary parentheses from chained comparison expressions (e.g., ($a === 'b') === $c was flattened into the invalid $a === 'b' === $c). PHP declares comparison operators as non-associative, so chaining them without parentheses is a parse error (#​1216)
  • Attribute formatting for anonymous classes: Fixed inconsistent formatting of attributes on anonymous classes. Attributes are now correctly placed on the next line after the new keyword, aligning with the PER-CS specification (#​1115, #​1210)

🏗️ Internal

  • Specified Rust edition in .rustfmt.toml (#​1212)
  • Updated dependencies

🙏 Thank You

Contributors

A huge thank you to everyone who contributed code to this release:

Issue Reporters

Thank you to everyone who reported issues that shaped this release:

Full Changelog: carthage-software/mago@1.12.0...1.12.1

v1.12.0: Mago 1.12.0

Compare Source

Mago 1.12.0

This release adds clickable file paths in terminal output via OSC 8 hyperlinks, a --fail-on-remaining flag for CI workflows using --fix, improved --staged handling for partially staged files, and several bug fixes in the analyzer, linter, and configuration system.

✨ Features

Reporting
  • Clickable file paths via OSC 8 hyperlinks: File paths in diagnostic output are now clickable in terminals that support OSC 8 hyperlinks (iTerm2, Wezterm, Kitty, Windows Terminal, Ghostty, and others). Clicking a path opens the file directly in your editor at the correct line and column. Configure via editor-url in mago.toml or the MAGO_EDITOR_URL environment variable with %file%, %line%, and %column% placeholders. Supported in rich, medium, short, and emacs reporting formats. Hyperlinks are automatically disabled when output is piped or when --colors=never is used (#​1188)
CLI
  • --fail-on-remaining flag for lint and analyze: When using --fix, Mago now exits with code 0 even if some issues could not be auto-fixed. The new --fail-on-remaining flag restores a non-zero exit code when unfixed issues remain, making it easy to enforce that all issues are resolved in CI pipelines (#​1208)
  • Improved --staged --fix handling: When using --staged with --fix, Mago now detects partially staged files and only processes the staged content. Fixed files are automatically re-staged so that fixes are included in the commit without accidentally staging unstaged changes (#​1199)

🐛 Bug Fixes

Analyzer
  • Broad type subtraction with generic parameters in negated assertions: Fixed incorrect removal of broad types (e.g., object, iterable) when subtracting generic type parameters in negated assertion contexts, which could produce false redundant-condition diagnostics (#​1207)
  • Type narrowing from identity comparison with typed variables: The analyzer now correctly narrows variable types from identity comparisons (===) with other typed variables. Previously, the left-hand variable could remain typed as mixed after comparison with a more precisely typed value (#​1206)
Linter
  • Overlapping edit detection in TextEditor: Fixed a long-standing bug where adjacent non-empty text edit ranges were incorrectly rejected as overlapping, causing auto-fix failures in rules like array-style and str-starts-with when multiple fixes applied to nearby code (#​877)
Configuration
  • XDG_CONFIG_HOME fallback: When XDG_CONFIG_HOME is not set, Mago now correctly falls back to $HOME/.config before checking $HOME, matching the XDG Base Directory Specification. Previously, only $HOME was checked, causing global configuration files in ~/.config/mago.toml to be ignored (#​1211)

📖 Documentation

  • Configuration file discovery: Documented the full configuration file lookup order: workspace directory, $XDG_CONFIG_HOME, ~/.config, ~ (#​1211)
  • Editor integration guide: Added documentation for the editor-url configuration option with URL templates for VS Code, Cursor, Windsurf, PhpStorm/IntelliJ, Zed, Sublime Text, Emacs, and Atom (#​1188)
  • Default PHP version corrected: Fixed the documentation to accurately state that the default PHP version is release-dependent (latest stable supported by the Mago release), not a hardcoded value (#​1174)

🙏 Thank You

Issue Reporters

Thank you to everyone who reported issues and requested features that shaped this release:

Full Changelog: carthage-software/mago@1.11.0...1.12.0

v1.11.0: Mago 1.11.0

Compare Source

Mago 1.11.0

This release adds a --staged flag for seamless pre-commit hook integration, a new imprecise-type analyzer diagnostic for bare array/iterable type hints, support for class-like constants in array shape keys, and several bug fixes across the analyzer, formatter, and Composer installer.

✨ Features

CLI
  • --staged flag for lint and analyze: New --staged flag restricts linting and analysis to files currently staged in Git, making pre-commit hook setup straightforward. When combined with --fix, changed files are automatically re-staged so that fixes are included in the commit (#​1199)
Analyzer
  • imprecise-type diagnostic for bare array/iterable type hints: The analyzer now warns when parameters, returns, or properties use bare array or iterable type hints without a corresponding docblock annotation specifying the element types. This encourages more precise type documentation across your codebase (#​1191)
Type System
  • Class-like constants as array shape keys: PHPDoc array shapes now support class constants as keys (e.g., array{MyClass::FOO: string, MyEnum::Bar: int}), enabling more precise type definitions for constant-keyed arrays (#​1190)

🐛 Bug Fixes

Codex
  • Type aliases in class-string<T> generics: Fixed a bug where type aliases (e.g., @psalm-type, @phpstan-type) used as the generic parameter in class-string<T> annotations were not resolved, causing false positives (#​1202)
  • @inheritDoc across intermediate classes: Fixed false incompatible-parameter-type positives when a child class inherited docblock types from a grandparent through an intermediate class that didn't redeclare the method (#​1189)
Analyzer
  • Improved #[Override] error for trait methods: When #[Override] is used on a trait method that doesn't override any parent, the diagnostic now suggests adding a @require-implements annotation to the trait if the method is intended to override an interface method (#​1192)
Formatter
  • Parentheses around elvis/ternary in property access chains: The formatter no longer strips necessary parentheses from expressions like ($a ?: $b)->method() or ($a ? $b : $c)->prop, which would change the runtime semantics (#​1198)
Prelude (Type Stubs)
  • Incorrect @pure annotations removed: Removed incorrect @pure annotations from debug_zval_dump(), error_log(), phpinfo(), and php_sapi_name() which could mask side-effect analysis (#​1195)
  • Multiple stub corrections: Fixed several incorrect type stubs affecting analysis accuracy
Composer
  • Windows binary download fixed: The Composer installer now correctly downloads .zip archives for Windows MSVC targets instead of requesting non-existent .tar.gz files, which caused 404 errors when invoking vendor/bin/mago (#​1196)
  • Installer refactored with proper architecture support: The installer script has been reorganized into composable, documented functions under the Mago\Internal namespace. Unsupported architecture targets have been removed and ARM v5/v6 detection has been added, with clear error messages when a platform has no pre-built binary

📖 Documentation

  • Reserved MAGO_ environment variable prefix: Documented that all environment variables starting with MAGO_ are reserved for configuration. Unrecognized MAGO_-prefixed variables (e.g., from CI tools) cause configuration errors. The docs now explain how to diagnose and resolve this (#​844)
  • Dynamic benchmarks page: The benchmarks documentation page now fetches live data from the PHP toolchain benchmarks dashboard instead of using hardcoded numbers, keeping performance comparisons up to date
  • Pre-commit hook recipes: Updated documentation with examples for using --staged with --fix to automatically fix and re-stage files in pre-commit hooks

🙏 Thank You

Contributors

A huge thank you to everyone who contributed code to this release:

Issue Reporters

Thank you to everyone who reported issues and requested features that shaped this release:

Full Changelog: carthage-software/mago@1.10.0...1.11.0

v1.10.0: Mago 1.10.0

Compare Source

Mago 1.10.0

This release introduces wildcard pragma suppression (@mago-ignore all), auto-fix for unused pragmas, a new just-in-time binary download for Composer, and a large number of bug fixes across the analyzer, linter, formatter, and type system.

✨ Features

Collector (Pragma System)
  • @mago-ignore all / @mago-expect all wildcard pragmas: You can now use all as the issue code in suppress pragmas to suppress all issues within a category (e.g., @mago-ignore lint:all) or across all categories (e.g., @mago-ignore all). This is especially useful for legacy code where listing individual codes is impractical (#​1034)
  • Auto-fix suggestions for unused pragmas: When running mago lint --fix or mago analyze --fix, unused @mago-ignore and unfulfilled @mago-expect directives are now automatically stripped. The fixer handles three cases: removing a single code from a comma-separated list, removing a directive line from a multi-line comment, or deleting the entire comment when all pragmas are unused (#​1187)
Linter
  • check-functions option for prefer-first-class-callable: The rule now supports a check-functions config option (default: false). When disabled, the rule only suggests first-class callable conversion for method and static method calls, avoiding false positives with internal PHP functions that throw ArgumentCountError on extra arguments (#​1147, #​1160)
  • exclude-setters-and-constructors option for no-boolean-flag-parameter: The rule now supports excluding setter methods and constructors from boolean flag parameter detection, reducing noise for legitimate boolean setter patterns (#​1155)
Composer
  • Just-in-time binary download: The Composer plugin has been replaced with a lightweight wrapper script that detects the platform and downloads the correct Mago binary on first run. This eliminates the need to allow a Composer plugin and supports multi-platform environments (e.g., Docker on macOS with mounted volumes) (#​1141, #​1159)
CLI
  • Fully resolved formatter settings in config output: The mago config --show formatter command now displays all resolved formatter settings flattened alongside excludes, matching the TOML configuration structure. The --schema output has also been updated to reflect the flat structure. Previously, only {"excludes": []} was shown (#​1180)

🐛 Bug Fixes

Analyzer
  • False positive redundant-condition for is_float() on int|float union: The int ⊂ float containment rule is now guarded by assertion context, preventing incorrect redundant-condition and redundant-type-comparison diagnostics when is_float() or is_double() is called on int|float variables (#​1186)
  • Bogus diagnostic when writing an unknown array index: Fixed false undefined-string-array-index errors when writing to (not reading from) unknown array keys with allow-possibly-undefined-array-keys set to false (#​1168, #​1171)
  • Class names reported as written instead of normalized: The catch-type-not-throwable diagnostic now shows class names in their original casing instead of all-lowercase (#​1185)
  • Multiple incremental analysis bugs in watch mode: Fixed several issues where editing one file would clear diagnostics in other files, and body-only changes would lose existing errors. The populator now correctly clears invalid_dependencies during class-like metadata re-population, and the incremental analysis service properly tracks per-file issues (#​1176, #​1178)
  • False positive missing-magic-method with trait @property/@method: Real inherited properties and methods from parent classes now correctly override trait pseudo @property and @method annotations, preventing false positives when a trait declares magic accessors that shadow real parent members (#​1184)
  • Mixin types inherited from parent classes: Mixin types declared via @mixin on parent classes are now correctly inherited by child classes during method and property resolution (#​1169)
Linter
  • prefer-arrow-function disabled inside constant expressions: Arrow function suggestions are no longer emitted inside constant expressions (e.g., class constant initializers) where closures are the only valid syntax (#​1166)
Formatter
  • Pint preset: method-chain-semicolon-on-next-line disabled by default: The Pint preset now correctly defaults this setting to false, matching Pint's actual behavior (#​1164)
Syntax
  • yield expression detected inside return statement: The parser now correctly identifies yield expressions when used as a return value (e.g., return yield $value), preventing incorrect diagnostics on generator functions (#​1167)
Prelude (Type Stubs)
  • dir() second argument marked as optional: The second parameter of dir() is now correctly annotated as optional, fixing false too-few-arguments errors when calling dir() with a single argument (#​1163)
Reporter
  • Writer buffer flushed in watch mode: The JSON reporter now flushes its writer buffer after each report, preventing incomplete JSON output when piped to external tools like VS Code extensions (#​1170)
Atom (Case Folding)
  • Case folding matches PHP's behavior for non-ASCII characters: Fixed a bug where non-ASCII characters were incorrectly lowercased using full Unicode rules instead of ASCII-only folding, matching PHP's actual strtolower() behavior. This could cause mago to fail to detect errors resulting from case differences in non-ASCII class names (#​1161)
Playground
  • file-name rule disabled by default: The file-name lint rule is now disabled in the Mago playground to reduce noise for single-file examples (#​1162)

🙏 Thank You

Contributors

A huge thank you to everyone who contributed code to this release:

Issue Reporters

Thank you to everyone who reported issues and requested features that shaped this release:

Full Changelog: carthage-software/mago@1.9.1...1.10.0

v1.9.1: Mago 1.9.1

Compare Source

Mago 1.9.1

Patch release with several analyzer and formatter bug fixes, plus support for @psalm-mutation-free annotations.

✨ Features

Codex (Type System)
  • @psalm-mutation-free and @psalm-external-mutation-free annotations: The codex scanner now recognizes these Psalm annotations and maps them to Mago's internal mutation-free flags, improving interoperability with Psalm-annotated codebases (#​1157)

🐛 Bug Fixes

Analyzer
  • Property narrowings preserved across pure and mutation-free function calls: Previously, all property type narrowings were cleared after any function call that received an object argument. The analyzer now preserves property narrowings when the called function is marked as @pure, @mutation-free, or @external-mutation-free, since these functions are guaranteed not to mutate the object's state (#​1157)
  • Generic type parameters preserved during instanceof narrowing on sealed class hierarchies: When narrowing a generic type (e.g., Result<T>) with instanceof against a sealed inheritor (e.g., Success<T>), the type parameters from the parent type are now correctly carried over to the narrowed type, preventing unexpected never type results (#​1156)
  • Non-existent classes detected in @var annotations and instanceof RHS: The analyzer now reports non-existent-class-like errors for undefined types used in @var docblock annotations and on the right-hand side of instanceof expressions, matching the existing behavior for parameter types, return types, and property types (#​1007)
  • Possibly undefined keys in unions of sealed/unsealed arrays: Fixed incorrect undefined-string-array-index errors when accessing keys on union types containing both sealed and unsealed array variants (e.g., array{foo: int, ...}|array{foo: int}). The unsealed variant's generic parameters are now properly considered when determining whether a key might exist (#​1154)
  • Deduplicated undefined key errors across union variants: When accessing a non-existent key on a union of multiple keyed arrays, the undefined-string-array-index error is now reported only once instead of once per union variant
Formatter
  • Trailing comments preserved on opening parenthesis line in multiline parameter lists: Fixed a bug where end-of-line inline comments (e.g., // @&#8203;phpstan-ignore method.unused) on method signatures with multiline parameter lists were incorrectly moved to the next line (#​1153)
Prelude (Type Stubs)
  • DateTimeImmutable and DateTimeZone methods annotated as mutation-free: Methods on DateTimeImmutable and DateTimeZone that do not modify state are now annotated with @mutation-free, preventing false positive property narrowing invalidations when calling these methods (#​1157)
  • ReflectionClass::getReflectionConstants() return type: Added missing return type information (#​1152)
Documentation
  • Removed undocumented space_after_colon_in_enum_backing_type setting: Removed a reference to a non-existent formatter setting from the configuration reference documentation (#​1151)

🙏 Thank You

Contributors

A huge thank you to everyone who contributed code to this release:

Issue Reporters

Thank you to everyone who reported issues that shaped this release:

Full Changelog: carthage-software/mago@1.9.0...1.9.1

v1.9.0: Mago 1.9.0

Compare Source

Mago 1.9.0

This release brings PHP 8.5 deprecation detection, new return type providers for sprintf() and array_map(), generator type inference, several new formatter options, and a large number of bug fixes across the analyzer, formatter, linter, and type system.

✨ Features

Analyzer
  • Return type provider for sprintf() and Psl\Str\format(): The analyzer now resolves return types for sprintf() calls with constant format strings, producing precise literal string types when all arguments are known at analysis time (#​1073)
  • Return type provider for array_map() preserving array shapes: When calling array_map() with a typed callback on a keyed array, the analyzer now preserves the array shape in the return type instead of widening to array<key, value> (#​1144)
  • Generator key and value type inference: Closures and arrow functions containing yield but no explicit return type annotation now have their Generator<K, V, S, R> type inferred from the yielded keys, values, and return statements (#​1150)
Linter
  • PHP 8.5 deprecation rules: Three new rules to prepare your codebase for PHP 8.5:
    • deprecated-cast: Detects deprecated non-canonical type casts ((integer), (boolean), (double), and (binary)) and suggests their canonical replacements
    • deprecated-shell-execute-string: Detects usage of the backtick shell execute syntax (`ls -l`), which is deprecated in PHP 8.5, and suggests using shell_exec() instead
    • deprecated-switch-semicolon: Detects use of semicolons (;) as case separators in switch statements, deprecated in PHP 8.5, and suggests using colons (:) instead
  • Improved mago-ignore / mago-expect diagnostics: When an ignore or expect pragma does not match any issue, the diagnostic now highlights the specific issue code that was not matched, making it easier to identify stale or incorrect pragmas (#​1123)
Formatter
  • method-chain-semicolon-on-next-line setting: New option to place the semicolon on its own line when a method chain breaks across multiple lines, equivalent to PHP-CS-Fixer's multiline_whitespace_before_semicolons: new_line_for_chained_calls. Disabled by default, enabled in the Laravel/Pint preset (#​1105)
  • null_pipe_last variant for null-type-hint setting: New option that converts ?T to T|null and reorders union types to place null last, providing PER-CS 3.0 compliance for null type positioning (#​1133, #​1134)
  • Space after /**in single-line doc blocks: The formatter now ensures a space is present after the opening/**in single-line doc blocks (e.g.,/**@&#8203;var int _/becomes/\*\* @&#8203;var int _/) (#​1077)
CLI
  • analyze --list-codes: New flag that outputs all analyzer issue codes as a JSON array of strings, useful for tooling integration (#​1146)
  • lint --list-rules --json now includes severity: The JSON output of --list-rules now includes a level field (Error, Warning, Help, or Note) for each rule, matching the information shown in the human-readable table (#​1142)

🐛 Bug Fixes

Analyzer
  • Property narrowing invalidation after method calls with object arguments: Property type narrowings and assertion clauses are now correctly invalidated when a method call receives an object as an argument, since the method could mutate the object's state
  • Nullsafe operator false positives: Improved null compatibility checks prevent redundant-nullsafe-operator from producing code-breaking false positives when the nullsafe operator is legitimately needed (#​1131)
  • Numeric type subtraction in reconciler: Fixed incorrect paradoxical-condition / impossible-condition errors when narrowing numeric types with is_numeric() checks on multiple variables (#​1130)
  • Callable resolution with nullable/falsable types: The analyzer now correctly skips nullable and falsable variants when resolving callable targets, fixing false invalid-callable errors on functions like Closure::bind() (#​1127)
  • Docblock nullability merging for expandable types: Fixed a bug where nullability from docblock types was not merged for expandable types (like conditional return types), causing false null-argument positives (#​1126)
  • Variadic parameter type: Variadic parameters are now correctly typed as array<K, T> instead of list<T>, since named arguments can produce string keys (#​1138)
  • Sealed/unsealed keyed array merging: The type combiner no longer incorrectly merges sealed and unsealed keyed arrays, preserving array shape precision in union types
  • Unknown class handling in type identity comparison: Fixed a crash when comparing types involving unresolved class names (#​1145)
Formatter
  • Trailing comments moving to opening brace: Fixed a bug where end-of-line inline comments (e.g., // @&#8203;phpstan-ignore method.unused) on method signatures were incorrectly moved to the opening brace line when using method-brace-style = "always-next-line" (#​1124)
  • Echo tag indentation in inline HTML: Fixed incorrect indentation for inline PHP echo tags (<?= ?>) and single-expression echo statements within HTML templates (#​1149)
  • Unary prefix comment oscillation: Fixed an idempotency bug where comments inside parenthesized unary prefix expressions (e.g., !(/* comment */ $x)) would oscillate between different positions on each format pass (#​1135)
  • Print width with indentation: The formatter now correctly accounts for the current indentation level when calculating print width for breaking calls with zero-argument call arguments (#​993, #​1136)
  • Method chain semicolon placement for nested chains: The method-chain-semicolon-on-next-line setting now correctly applies only when the method chain is the direct expression of the statement, not when a chain appears nested inside another expression (e.g., as a function argument)
Linter
  • no-trailing-space fixer panic on CRLF files: Fixed a panic when the fixer encountered multibyte characters on lines with CRLF line endings (#​1137)
Lexer
  • Namespaced identifiers in braced string interpolation: The lexer now correctly handles namespaced constant identifiers used as array keys inside braced string interpolation (e.g., "{$arr[Foo\BAR]}") (#​1128)
Prelude (Type Stubs)
  • parse_str() @param-out type: Fixed the output parameter type annotation for parse_str() (#​1140)
  • PHP 8.5 deprecation stubs: Updated type stubs to mark functions and features deprecated in PHP 8.5
  • Closure::bind() stubs: Added proper stub definitions to prevent false invalid-callable errors (#​1127)
Composer
  • Runtime function stubs: Added function stubs for Composer runtime compatibility, preventing errors when the Mago Composer plugin is loaded in a PHP context (#​1122)

🏗️ Internal

  • Updated prelude stubs for PHP 8.5 deprecations
  • Added IssueCode::all() method for listing all analyzer codes
  • Added RuleEntry struct for serializing linter rules with metadata and severity level

🙏 Thank You

Contributors

A huge thank you to everyone who contributed code to this release:

Issue Reporters

Thank you to everyone who reported issues and requested features that shaped this release:

Full Changelog: carthage-software/mago@1.8.0...1.9.0

v1.8.0: Mago 1.8.0

Compare Source

Mago 1.8.0

This release delivers major improvements to the incremental analysis engine for watch mode, new type narrowing capabilities, return type providers for filter_var() / filter_input(), and a large number of bug fixes across the analyzer, linter, formatter, and type system.

✨ Features

Analyzer
  • is_a() and is_subclass_of() type narrowing: The analyzer now narrows types after calls to is_a() and is_subclass_of(), including support for class-string parameters (#​1102)
  • Return type providers for filter_var() and filter_input(): These functions now return precise types based on the filter and flags arguments (e.g., FILTER_VALIDATE_INT returns int|false, FILTER_VALIDATE_EMAIL with FILTER_NULL_ON_FAILURE returns string|null) (#​1117)
  • Discriminated union narrowing: When narrowing a union of keyed arrays (e.g., array{valid: true, result: string}|array{valid: false, errorCode: string}), the analyzer now correctly filters out incompatible variants based on the narrowed key type, instead of blindly overwriting all variants. This also works for object property narrowing on union types (#​1093)
Linter
  • no-isset array access ignore option: The no-isset rule now supports an allow-array-access option, allowing you to flag isset($var) while still permitting isset($array['key']) for array offset checks (#​1097, #​1120) by [@​dotdash](https://redirect.github.c

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

Renovate Bot

@renovate
Copy link
Contributor Author

renovate bot commented Jan 29, 2026

automergeComment

@renovate renovate bot force-pushed the renovate/all-minor-patch branch from c4883b8 to 702f079 Compare January 30, 2026 17:29
@renovate renovate bot changed the title Update dependency carthage-software/mago to ^1.3.0 Update all non-major dependencies Jan 30, 2026
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 07dc643 to 19adc6e Compare February 3, 2026 21:09
@renovate renovate bot changed the title Update all non-major dependencies Update all non-major dependencies - autoclosed Feb 4, 2026
@renovate renovate bot closed this Feb 4, 2026
@renovate renovate bot deleted the renovate/all-minor-patch branch February 4, 2026 14:28
@renovate renovate bot changed the title Update all non-major dependencies - autoclosed Update dependency carthage-software/mago to ^1.5.0 Feb 5, 2026
@renovate renovate bot reopened this Feb 5, 2026
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from f0930dd to 79cda5a Compare February 5, 2026 08:57
@renovate renovate bot changed the title Update dependency carthage-software/mago to ^1.5.0 Update all non-major dependencies Feb 5, 2026
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 5fce0b8 to 4ebd3bd Compare February 8, 2026 21:04
@renovate renovate bot changed the title Update all non-major dependencies Update dependency phpunit/phpunit to ^11.5.52 Feb 8, 2026
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 4ebd3bd to 2c4252f Compare February 9, 2026 01:35
@renovate renovate bot changed the title Update dependency phpunit/phpunit to ^11.5.52 Update all non-major dependencies Feb 9, 2026
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 9 times, most recently from 0d1f9b5 to 3a1748c Compare February 17, 2026 02:34
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from 10c3a5e to 169b07e Compare February 24, 2026 18:08
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 98b548d to 5c116cc Compare February 26, 2026 10:04
@renovate
Update all non-major dependencies
089966b 
| datasource | package                           | from    | to      |
| ---------- | --------------------------------- | ------- | ------- |
| packagist  | carthage-software/mago            | 1.4.1   | 1.13.1  |
| packagist  | ergebnis/composer-normalize       | 2.49.0  | 2.50.0  |
| packagist  | phpstan/phpstan                   | 2.1.38  | 2.1.40  |
| packagist  | phpstan/phpstan-deprecation-rules | 2.0.3   | 2.0.4   |
| packagist  | phpstan/phpstan-phpunit           | 2.0.12  | 2.0.16  |
| packagist  | phpstan/phpstan-strict-rules      | 2.0.8   | 2.0.10  |
| packagist  | phpstan/phpstan-symfony           | 2.0.12  | 2.0.15  |
| packagist  | phpunit/phpunit                   | 11.5.50 | 11.5.55 |
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 5c116cc to 089966b Compare February 26, 2026 13:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Subject: Dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants