build(deps-dev): bump carthage-software/mago from 1.13.3 to 1.14.0

[dependabot]

Bumps carthage-software/mago from 1.13.3 to 1.14.0.

Release notes

Sourced from carthage-software/mago's releases.

Mago 1.14.0

Mago 1.14.0 is a feature-packed release that brings full parent type hint support across the analyzer and codex, two new linter rules, PER-CS 3.0 compliance for the formatter's opening tag placement, a new parameter-attribute-on-new-line formatter setting, authenticated GitHub API requests for self-update, and a batch of bug fixes across the analyzer, formatter, syntax, and prelude.

✨ Features

Analyzer

• Full parent type hint support: The parent type hint is now fully supported across the codex, analyzer, scanner, builder, and expander — including return types, parameter types, properties, generics, arrays, and nested types (#1249)
• Type provider for Psl\Type\int_range: Added type narrowing support for Psl\Type\int_range (#1329)

Linter

• New switch-continue-to-break rule: Detects continue inside switch cases and suggests using break instead, since continue in a switch behaves identically to break in PHP and can mislead readers (#1314)
• New no-redundant-binary-string-prefix rule: Flags redundant b or B prefixes on string literals that don't contain any bytes outside the ASCII range (#1324)

Formatter

• opening-tag-on-own-line option for PER-CS 3.0 compliance: Ensures <?php is placed on its own line in pure PHP files by default, per PER-CS 3.0 Section 3. The setting defaults to true but can be set to false to preserve the previous behavior. Template files are unaffected (#1293)
• parameter_attribute_on_new_line setting: When enabled (default, PER-CS 12.2 compliant), parameter attributes are placed on their own line before the parameter (#1298)

CLI

• Authenticated GitHub API requests for self-update: mago self-update now uses GitHub tokens (from GITHUB_TOKEN, or GH_TOKEN) for authenticated API requests, avoiding rate-limit failures (#1284)

Docker

• Alpine base image: The Docker image now uses alpine:3 instead of scratch, providing a shell (/bin/sh) so CI runners like GitLab CI can execute commands correctly (#1285)

🐛 Bug Fixes

Analyzer

• Fixed false positive possibly-null-property-access with null-coalesce in short-circuit evaluation: The reconciler now correctly narrows types when ($x ?? null) === null is used in short-circuit || expressions (#1278)
• Fixed false positive redundant-null-coalesce on uninitialized typed properties: Typed properties without default values are now correctly marked as possibly-undefined, preventing false redundant-null-coalesce diagnostics when using ??= (#1286)
• Fixed protected method resolution through @require-extends traits: Protected methods from traits used by a @require-extends class are now correctly resolved as accessible (#1287)
• Fixed sealed keyed arrays with disjoint keys merged incorrectly in unions: Sealed keyed arrays with disjoint keys are now kept as separate union members instead of being merged into a single array with all keys made optional (#1291)

Linter

• Narrowed annotation spans: Cyclomatic-complexity and kan-defect diagnostics now highlight minimal code regions instead of entire class bodies (#1282)
• Fixed else if flagged by block-statement rule: The block-statement rule no longer incorrectly flags else if (two keywords) as missing a block body (#1299)

Formatter

• Fixed compact inline array alignment: align-assignment-like no longer pads compact inline arrays into columns (#1321)
• Fixed parentheses stripped from unbounded constructs in member access chains: Parentheses around require, include, include_once, require_once, and print are now preserved when used as the base of a member access chain (#1322)
• Fixed brace placement for preserved single-parameter lists: Restored correct opening brace placement for functions/methods with a single parameter when preserve_breaking_parameter_list is enabled (#1290)
• Fixed trailing comment drift in try-catch-finally chains: Trailing comments on try/catch/finally closing braces no longer cause idempotency issues (#1303)

... (truncated)

Commits

• 197dae0 release: 1.14.0 (#1340)
• 1e0d50a fix(formatter): avoid aligning compact inline arrays (#1321)
• 19fce0b feat(formatter): add opening-tag-on-own-line option for PER-CS 3.0 complian...
• 8e7bd34 chore(docker): use alpine base image (#1339)
• e177d81 fix(analyzer): resolve protected methods from traits used by @​require-extends...
• 1a7ddde feat(codex, analyzer): fully support parent type hint (#1336)
• e72ef80 fix(analyzer): narrow null-coalesce in equality checks for short-circuit eval...
• 9536d22 feat(updater): use GitHub token for authenticated API requests (#1334)
• 39b06a6 fix(codex): keep sealed keyed arrays with disjoint keys as separate union mem...
• f503155 fix(analyzer): mark typed properties without defaults as possibly-undefined t...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)