diff --git a/rector.php b/rector.php
index 12a24007d..76a02ab28 100644
--- a/rector.php
+++ b/rector.php
@@ -31,7 +31,6 @@
 use Rector\EarlyReturn\Rector\Return_\PreparedValueToEarlyReturnRector;
 use Rector\Php55\Rector\String_\StringClassNameToClassConstantRector;
 use Rector\Php73\Rector\FuncCall\JsonThrowOnErrorRector;
-use Rector\Php73\Rector\FuncCall\StringifyStrNeedlesRector;
 use Rector\PHPUnit\AnnotationsToAttributes\Rector\Class_\AnnotationWithValueToAttributeRector;
 use Rector\PHPUnit\CodeQuality\Rector\Class_\YieldDataProviderRector;
 use Rector\PHPUnit\Set\PHPUnitSetList;
@@ -82,7 +81,6 @@
         __DIR__ . '/src/Views',
 
         JsonThrowOnErrorRector::class,
-        StringifyStrNeedlesRector::class,
         YieldDataProviderRector::class,
 
         // Note: requires php 8
diff --git a/src/Authentication/Passwords/NothingPersonalValidator.php b/src/Authentication/Passwords/NothingPersonalValidator.php
index 92151e8b0..14a8c587b 100644
--- a/src/Authentication/Passwords/NothingPersonalValidator.php
+++ b/src/Authentication/Passwords/NothingPersonalValidator.php
@@ -79,7 +79,7 @@ protected function isNotPersonal(string $password, ?User $user): bool
             if (! empty($domain)) {
                 $emailParts[] = $domain;
             }
-            $needles = array_merge($needles, $emailParts);
+            $needles = [...$needles, ...$emailParts];
 
             // Get any other "personal" fields defined in config
             $personalFields = $this->config->personalFields;
@@ -183,6 +183,8 @@ protected function isNotSimilar(string $password, ?User $user): bool
      *
      * Replaces all non-word characters and underscores in $str with a space.
      * Then it explodes that result using the space for a delimiter.
+     *
+     * @return array<int, string>
      */
     protected function strip_explode(string $str): array
     {
diff --git a/src/Authentication/Passwords/PwnedValidator.php b/src/Authentication/Passwords/PwnedValidator.php
index ef862b2b8..a68e92e99 100644
--- a/src/Authentication/Passwords/PwnedValidator.php
+++ b/src/Authentication/Passwords/PwnedValidator.php
@@ -35,7 +35,8 @@ public function check(string $password, ?User $user = null): Result
     {
         $hashedPword = strtoupper(sha1($password));
         $rangeHash   = substr($hashedPword, 0, 5);
-        $searchHash  = substr($hashedPword, 5);
+        /** @var string $searchHash */
+        $searchHash = substr($hashedPword, 5);
 
         try {
             $client = Services::curlrequest([