Skip to content

chore(deps): bump carthage-software/mago from 1.26.0 to 1.40.0#108

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/composer/carthage-software/mago-1.40.0
Closed

chore(deps): bump carthage-software/mago from 1.26.0 to 1.40.0#108
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/composer/carthage-software/mago-1.40.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor

Bumps carthage-software/mago from 1.26.0 to 1.40.0.

Release notes

Sourced from carthage-software/mago's releases.

Mago 1.40.0

A big release driven by community reports: three new formatter settings, a new suspicious-explode-arguments linter rule and a final-controller auto-fix, an inspect-baseline CLI command, a Composer-shipped editor schema, and a long list of analyzer, codex, prelude, and PHP-parity syntax fixes. Under the hood, the 2.0 groundwork landed on main: a new high-level IR, a unified mago-phpdoc-syntax, and new mago-allocator/mago-flags crates.

✨ Features

Analyzer

  • array_filter truthiness: a callback-less array_filter() narrows values to their truthy form. (#1990, bc9bede8a)

Formatter

  • Breaking binary expressions: preserve_breaking_binary_expression keeps author line breaks in such chains. (#1853, 5aacc7d2b)
  • Sort uses by length: optional sorting of use statements by length. (#1942, 0688859c2)
  • Tag + declare: optionally combine the opening tag and declare(strict_types=1) onto one line. (#1959, 2ff4cf5e8)

Linter

  • suspicious-explode-arguments: warns when explode's short literal looks swapped into the string position. (#1998, 577d40ab4)
  • final-controller fix: offers an auto-fix that inserts final before any modifier. (#2006, 82017a062)
  • sensitive-parameter: skips boolean-like parameters. (#1949, 2333626d7)

Type System

  • empty types: empty and empty-scalar are supported in type-syntax and codex. (#1968, e94cfdd83)

CLI

  • inspect-baseline: new command to visualise the distribution of baselined issues. (#1900, efd07bda2)

Composer

  • Editor schema: ships a version-matched schema.json under vendor/carthage-software/mago/. (#1899, 38b78d0d4)

Nix

  • Default package: packages.<system>.default now provides bin/mago. (#1970, 13d70712b)

🐛 Bug Fixes

Analyzer

  • Named args + optional params: too-few-arguments fires when a named arg fills only an optional param. (#2004, c5ec4ef41)
  • Conditional array shapes: double-quoted array-access keys reconcile like single-quoted ones. (#2005, 095badf3f)
  • Shadowed overrides: no false incompatible-return-type against an ancestor hidden by an intermediate override. (#1996, 431ff9741)
  • $this calls: a property keeps its declared type instead of widening to mixed. (#1994, 5eef024fd)
  • Readonly narrowing: readonly property narrowings survive a call passing an object argument. (#1993, 5cbbe91e6)
  • foreach over unions: corrected always-entered inference, fixing a false impossible-condition. (#1986, 22951bdea)
  • Compound conditions: avoid duplicate diagnostics in compound conditions. (#1961, 1ea5ba2d9)
  • @property traits: trait property conflicts are no longer reported against @property tags. (#1964, a5f38233d)

... (truncated)

Commits
  • 4b41338 release: 1.40.0
  • 6ff4df7 chore: update pinned nightly toolchain to nightly-2026-06-23 (#2002)
  • 50cdd11 fix(linter): only flag boolean parameters used as flags (#1988) (#1991)
  • 577d40a feat(linter): add suspicious-explode-arguments rule to catch swapped explode ...
  • 82017a0 feat(linter): offer a final-keyword fix in final-controller, before any modifier
  • f8a31f8 fix(linter): collapse whole string-concat chain into one no-redundant-string-...
  • 095badf fix(analyzer): reconcile double-quoted array-access keys, not just single-quoted
  • c5ec4ef fix(analyzer): report too-few-arguments when named args fill only optional pa...
  • 522609b chore: update pinned nightly toolchain to nightly-2026-06-21 (#2000)
  • cee0550 feat(hir): flag imported names so consumers can reproduce PHP's namespace fal...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [carthage-software/mago](https://github.com/carthage-software/mago) from 1.26.0 to 1.40.0.
- [Release notes](https://github.com/carthage-software/mago/releases)
- [Commits](carthage-software/mago@1.26.0...1.40.0)

---
updated-dependencies:
- dependency-name: carthage-software/mago
  dependency-version: 1.40.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Jun 24, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #109.

@dependabot dependabot Bot closed this Jun 25, 2026
@dependabot dependabot Bot deleted the dependabot/composer/carthage-software/mago-1.40.0 branch June 25, 2026 10:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant