chore(deps): lockfile maintenance#563
Conversation
Refresh composer.lock to the latest versions allowed by the existing constraints (mostly Symfony components v8.1.0 -> v8.1.1). No composer.json constraint changes; bun.lock already current. Full suite (2185 tests), PHPStan L10, and cs-check green. Signed-off-by: Sebastian Mendel <info@sebastianmendel.de>
There was a problem hiding this comment.
Code Review
This pull request updates various PHP dependencies in composer.lock, including Guzzle, Sentry, Twig, PHP-CS-Fixer, PHP-Parser, PHPStan, PHPUnit, Rector, and several Symfony components, to their latest versions. I have no feedback to provide as there are no review comments and the changes consist solely of standard dependency updates.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #563 +/- ##
============================================
- Coverage 84.75% 84.53% -0.23%
Complexity 3286 3286
============================================
Files 229 229
Lines 8934 8934
============================================
- Hits 7572 7552 -20
- Misses 1362 1382 +20
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Pin rector/rector to 2.4.5 (was ^2.1). 2.4.6+ misfires a rule that renames User::eraseCredentials() to serialize() — wrong for a security-interface method, and it breaks PHPStan (and would break auth at runtime). Holding 2.4.5 keeps the Rector dry-run gate clean; the rector upgrade is deferred as a separate task. phpstan/phpstan still refreshed (2.2.2 -> 2.2.5) along with the runtime patches. Signed-off-by: Sebastian Mendel <info@sebastianmendel.de>
|



Routine lockfile refresh — latest versions allowed by the existing constraints, no
composer.json/package.jsonchanges.v8.1.0 → v8.1.1(26 pkgs) plus a few patch/minor bumps within range.Verified locally: PHPStan L10 clean, php-cs-fixer clean, full suite 2185 tests green.