Skip to content

chore(deps): bump carthage-software/mago from 1.26.0 to 1.40.2#109

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/composer/carthage-software/mago-1.40.2
Closed

chore(deps): bump carthage-software/mago from 1.26.0 to 1.40.2#109
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/composer/carthage-software/mago-1.40.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Contributor

Bumps carthage-software/mago from 1.26.0 to 1.40.2.

Release notes

Sourced from carthage-software/mago's releases.

Mago 1.40.2

A patch release fixing analyzer false positives around property narrowing across calls and match subjects, two PHPDoc inline-code and conditional-type parsing fixes, plus new diagnostics for unsetting readonly/hooked properties and invalid trait as modifiers.

✨ Features

Analyzer

  • Invalid unset: unsetting a readonly or hooked property is now reported. (#2018, a24eb1033)

Semantics

  • Trait as modifiers: a non-visibility modifier in a trait as adaptation (e.g. as final) is now rejected. (e3d94378f)

🐛 Bug Fixes

Analyzer

  • match after impure call: a property used as a match subject no longer widens to mixed. (#2014, c9e5cc91e)
  • Narrowing across calls: passing $obj->prop no longer drops narrowings on sibling properties. (#2015, 2e9a52979)
  • Readonly writes: outside writes to a readonly property report a readonly violation, not a visibility one. (5eb7068c5)

PHPDoc Syntax

  • Inline code spans: // and quotes inside backticks are literal, not an "unclosed code" error. (95b393d33)
  • Parenthesized conditionals: ($x is Y ? A : B) return types parse correctly again. (3a8d627a9)

🙏 Thank You

Issue Reporters

Thank you to everyone who reported issues that shaped this release:

Full Changelog: carthage-software/mago@1.40.1...1.40.2

Mago 1.40.1

A small patch release fixing array_key_exists() narrowing under strict-array-index-existence and a PHPDoc parsing regression where a @return description beginning with is was mistaken for a conditional type.

🐛 Bug Fixes

Analyzer

  • array_key_exists(): narrows a non-literal key like isset() under strict-array-index-existence. (#2012, 246b1ebdf)

PHPDoc Syntax

... (truncated)

Commits
  • 19f3aa5 release: 1.40.2
  • 5eb7068 fix(analyzer): report readonly violation over write-visibility for readonly p...
  • a24eb10 fix(analyzer): report unset() of readonly and hooked properties
  • e3d9437 feat(semantics): reject non-visibility modifiers in trait as adaptations
  • 3a8d627 fix(phpdoc-syntax): always parse parenthesized is types as conditional
  • 2e9a529 fix(analyzer): scope post-call property invalidation to escaping object members
  • c9e5cc9 fix(analyzer): keep base type for vars absent in a match arm, not mixed
  • 95b393d fix(phpdoc-syntax): treat // and quotes as literal inside inline code spans
  • 6149480 release: 1.40.1
  • 246b1eb fix(analyzer): narrow array_key_exists() with non-literal key like isset() (#...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [carthage-software/mago](https://github.com/carthage-software/mago) from 1.26.0 to 1.40.2.
- [Release notes](https://github.com/carthage-software/mago/releases)
- [Commits](carthage-software/mago@1.26.0...1.40.2)

---
updated-dependencies:
- dependency-name: carthage-software/mago
  dependency-version: 1.40.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Jun 25, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #110.

@dependabot dependabot Bot closed this Jun 29, 2026
@dependabot dependabot Bot deleted the dependabot/composer/carthage-software/mago-1.40.2 branch June 29, 2026 10:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant