chore(deps): update all non-minor and non major dependencies (main) (patch) - autoclosed

[renovate]

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
axios (source)	devDependencies	patch	1.12.0 -> 1.12.2
laravel/pennant	require	patch	1.17.0 -> 1.17.1
nunomaduro/collision	require-dev	patch	8.8.1 -> 8.8.2
pestphp/pest	require-dev	patch	3.8.2 -> 3.8.4
phpat/phpat	require-dev	patch	0.11.5 -> 0.11.10
psalm/plugin-laravel	require-dev	patch	3.0.3 -> 3.0.4
squizlabs/php_codesniffer	require-dev	patch	3.13.2 -> 3.13.4
vimeo/psalm	require-dev	patch	6.12.0 -> 6.12.1

---

Release Notes

axios/axios (axios)

v1.12.2

Compare Source

Bug Fixes

• fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#​7030) (cf78825)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi

v1.12.1

Compare Source

Bug Fixes

• types: fixed env config types; (#​7020) (b5f26b7)

Contributors to this release

• Dmitriy Mozgovoy

laravel/pennant (laravel/pennant)

v1.17.1

Compare Source

• Fix - Correct retrieval of 0 feature values via DB driver by @​pocketninja in #​143

nunomaduro/collision (nunomaduro/collision)

v8.8.2

Compare Source

pestphp/pest (pestphp/pest)

v3.8.4

Compare Source

v3.8.3

Compare Source

• adds support for phpunit v11.5.33

carlosas/phpat (phpat/phpat)

v0.11.10

Compare Source

Fix ShouldHaveOnlyOnePublicMethodNamed assertion by @​carlosas

v0.11.9

Compare Source

• Fix shouldBeNamed assertion by @​Bapawe
• Add isStandardClass selector by @​carlosas

v0.11.8

Compare Source

• Add PHP 8.3 missing built-in classes by @​carlosas
• Catch instanceof in dependency rules by @​carlosas

v0.11.7

Compare Source

• Add withFilepath selector by @​SpencerMalone
• Rollback param name for ShouldBeNamed assertion by @​carlosas

v0.11.6

Compare Source

• Add missing rule identifier to Declaration assertions errors by @​calebdw
• Fix support for regex in ShouldHaveOnlyOnePublicMethodNamed assertion by @​NanoSector
• Add support for attribute arguments in AppliesAttribute assertion by @​raffaelecarelle

psalm/psalm-plugin-laravel (psalm/plugin-laravel)

v3.0.4

Compare Source

What’s Changed

• Update stub for dispatch() match upstream Laravel (#​407) @​saulens22

Full Changelog: psalm/psalm-plugin-laravel@v3.0.3...v3.0.4

PHPCSStandards/PHP_CodeSniffer (squizlabs/php_codesniffer)

v3.13.4: - 2025-09-05

Compare Source

Fixed

• Fixed bug #​1213: ability to run tests for external standards using the PHPCS native test framework was broken.
  • Thanks to Juliette Reinders Folmer for the patch.
• Fixed bug #​1215: PHP 8.5 "Using null as an array offset" deprecation notices.
  • Thanks to Juliette Reinders Folmer for the patch.

Statistics

Closed: 0 issues
Merged: 3 pull requests

If you like to stay informed about releases and more, follow @​phpcs on Mastodon or @​PHP_CodeSniffer on X.

Please consider funding the PHP_CodeSniffer project. If you already do so: thank you!

v3.13.3: - 2025-09-04

Compare Source

Added

• Tokenizer support for PHP 8.4 dereferencing of new expressions without wrapping parentheses. #​1160
  • Thanks to Juliette Reinders Folmer for the patch.
• Tokenizer support for PHP 8.4 abstract properties. #​1183
  • The File::getMemberProperties() method now also supports abstract properties through a new is_abstract array index in the return value. #​1184
  • Additionally, the following sniffs have been updated to support abstract properties:
    • Generic.PHP.LowerCaseConstant #​1185
    • Generic.PHP.UpperCaseConstant #​1185
    • PSR2.Classes.PropertyDeclaration #​1188
    • Squiz.Commenting.VariableComment #​1186
    • Squiz.WhiteSpace.MemberVarSpacing #​1187
  • Thanks to Juliette Reinders Folmer for the patches
• Tokenizer support for the PHP 8.4 "exit as a function call" change. #​1201
  • When exit/die is used as a fully qualified "function call", it will now be tokenized as T_NS_SEPARATOR + T_EXIT.
  • Additionally, the following sniff has been updated to handle fully qualified exit/die correctly:
    • Squiz.PHP.NonExecutableCode
  • Thanks to Juliette Reinders Folmer for the patches

Changed

• Tokenizer/PHP: fully qualified true/false/null will now be tokenized as T_NS_SEPARATOR + T_TRUE/T_FALSE/T_NULL. #​1201
  • Previously, these were tokenized as T_NS_SEPARATOR + T_STRING.
  • Additionally, the following sniffs have been updated to handle fully qualified true/false/null correctly:
    • Generic.CodeAnalysis.UnconditionalIfStatement
    • Generic.ControlStructures.DisallowYodaConditions
    • PEAR.Functions.ValidDefaultValue
  • Thanks to Juliette Reinders Folmer for the patches.
• Generic.PHP.Syntax: the sniff is now able to scan input provided via STDIN on non-Windows OSes. #​915
  • Thanks to Rodrigo Primo for the patch.
• PSR2.ControlStructures.SwitchDeclaration: the WrongOpener* error code is now auto-fixable if the identified "wrong opener" is a semi-colon. #​1161
  • Thanks to Juliette Reinders Folmer for the patch.
• The PSR2.Classes.PropertyDeclaration will now check that the abstract modifier keyword is placed before a visibility keyword. #​1188
  • Errors will be reported via a new AbstractAfterVisibility error code.
  • Thanks to Juliette Reinders Folmer for the patch.
• Various housekeeping, including improvements to the tests and documentation.
  • Thanks to Bernhard Zwein, Rick Kerkhof, Rodrigo Primo and Juliette Reinders Folmer for their contributions.

Fixed

• Fixed bug #​1112 : --parallel option fails if PHP_CodeSniffer is invoked via bash and the invokation creates a non-PHPCS-managed process.
  • Thanks to Rick Kerkhof for the patch.
• Fixed bug #​1113 : fatal error when the specified "files to scan" would result in the same file being added multiple times to the queue.
  • This error only occured when --parallel scanning was enabled.
  • Thanks to Rodrigo Primo for the patch.
• Fixed bug #​1154 : PEAR.WhiteSpace.ObjectOperatorIndent: false positive when checking multiple chained method calls in a multidimensional array.
  • Thanks to Rodrigo Primo for the patch.
• Fixed bug #​1193 : edge case inconsistency in how empty string array keys for sniff properties are handled.
  • Thanks to Rodrigo Primo and Juliette Reinders Folmer for the patch.
• Fixed bug #​1197 : Squiz.Commenting.FunctionComment: return types containing a class name with underscores would be truncated leading to incorrect results.
  • Thanks to Juliette Reinders Folmer for the patch.

Other

• The Wiki documentation is now publicly editable. 🎉
  • Update proposals can be submittted by opening a pull request in the PHPCSStandards/PHP_CodeSniffer-documentation repository.
    Contributions welcome !
  • Thanks to Anna Filina, Dan Wallis and Juliette Reinders Folmer for their work on getting this set up.
• The Phar website has had a facelift. #​107
  • Thanks to Bernhard Zwein for making this happen!

---

New Contributors

The PHP_CodeSniffer project is happy to welcome the following new contributors:
@​benno5020, @​NanoSector

Statistics

Closed: 11 issues
Merged: 40 pull requests

Follow @​phpcs on Mastodon or @​PHP_CodeSniffer on X to stay informed.

Please consider funding the PHP_CodeSniffer project. If you already do so: thank you!

vimeo/psalm (vimeo/psalm)

v6.12.1

Compare Source

What's Changed

Fixes

• Fix false negatives with mixed in templated value-of/key-of by @​danog in #​11499
• Avoid tainting problems with first-class callables by @​danog

Full Changelog: vimeo/psalm@6.12.0...6.12.1

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.