[TASK] Upgrade PHPStan ecosystem to 2.x

[CybotTM]

Summary

Coordinated upgrade of the PHPStan ecosystem to major version 2:

• phpstan/phpstan: ^1.12 -> ^2.1
• phpstan/phpstan-strict-rules: ^1.6 -> ^2.0
• symplify/phpstan-rules: ^13.0 -> ^14.9
• Removed deprecated symplify regex rules (dropped in 14.x)
• Updated phpstan.neon config: strictCalls -> strictFunctionCalls (renamed in 2.x)
• Regenerated phpstan-baseline.neon — reduced from 13 entries (main) to 9 entries

Baseline reduction approach

All PHPStan errors were fixed with genuine code changes (no @phpstan-ignore suppressions):

• Return type narrowing: Changed Node|null → Node on NodeTransformer implementations (valid PHP covariance)
• Input validation: Added is_string()/is_array() guards for mixed Symfony Console inputs
• JSON/YAML parsing: Step-by-step type validation of json_decode()/Yaml::parse() results
• Type annotations: Fixed array type annotations (array<string, mixed> instead of array<mixed>)
• DOM handling: Proper DOMNodeList access in SiteSetSettingsDirective

Remaining 9 baseline entries are unfixable external library constraints:

• 7 entries: phpDocumentor interfaces returning mixed from getId(), getAdditionalIds(), etc.
• 2 entries: Symfony ExtensionInterface::load() parameter contravariance

PHPStan 2.x works on PHP ^7.4|^8.0, no PHP minimum bump needed.

Test plan

• PHPStan analysis passes (0 errors with baseline)
• PHP CS Fixer clean (0 fixes)
• Unit tests pass (83/83)
• Integration tests pass
• CI passes

[gemini-code-assist]

Summary of Changes

Hello @CybotTM, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request coordinates a significant upgrade of the PHPStan static analysis ecosystem to its major version 2. This update brings the project in line with the latest static analysis capabilities, ensuring more robust code quality checks and adherence to stricter coding standards. The changes involve updating core PHPStan packages and related rulesets, leading to a regenerated error baseline and adjustments in the PHPStan configuration.

Highlights

• PHPStan Core Upgrade: Upgraded phpstan/phpstan from version ^1.12 to ^2.1, moving to the latest major release of the static analysis tool.
• PHPStan Strict Rules Upgrade: Upgraded phpstan/phpstan-strict-rules from version ^1.6 to ^2.0, aligning with the new PHPStan core version and introducing stricter checks.
• Symplify PHPStan Rules Upgrade: Upgraded symplify/phpstan-rules from version ^13.0 to ^14.9, ensuring compatibility and leveraging new rules from the Symplify ecosystem.
• PHPStan Baseline Regeneration: The phpstan-baseline.neon file was regenerated to accommodate the stricter rules and new error detections introduced by PHPStan 2.x.
• PHPStan Configuration Updates: Modified phpstan.neon to rename the strictCalls parameter to strictFunctionCalls and removed specific Symplify rules that are either deprecated or no longer needed.

Changelog

• composer.json
  • Updated phpstan/phpstan from ^1.12 to ^2.1.
  • Updated phpstan/phpstan-strict-rules from ^1.6 to ^2.0.
  • Updated symplify/phpstan-rules from ^13.0 to ^14.9.
• composer.lock
  • Updated content-hash.
  • Updated nette/utils from v4.0.8 to v4.0.10.
  • Updated webmozart/assert from 1.11.0 to 1.12.1, adjusting its require and suggest dependencies.
  • Updated phpstan/phpstan from 1.12.23 to 2.1.39, and adjusted its PHP requirement to ^7.4|^8.0.
  • Updated phpstan/phpstan-strict-rules from 1.6.2 to 2.0.10, adjusted its PHP requirement to ^7.4|^8.0, and updated require-dev dependencies.
  • Updated symplify/phpstan-rules from 13.0.1 to 14.9.11, updating its dependencies and adding a new autoloaded file.
  • Updated plugin-api-version from 2.6.0 to 2.9.0.
• phpstan-baseline.neon
  • Regenerated the entire baseline, introducing numerous new ignoreErrors entries with specific identifiers and counts, reflecting increased strictness.
• phpstan.neon
  • Removed specific Symplify rules (AnnotateRegexClassConstWithRegexLinkRule, RegexSuffixInRegexConstantRule).
  • Renamed the strictCalls parameter to strictFunctionCalls.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/main.yaml

Activity

• The pull request was created by CybotTM.
• The pull request description outlines the summary, specific package upgrades, and a test plan.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request successfully upgrades the PHPStan ecosystem to version 2.x. The changes include updating the versions of phpstan/phpstan, phpstan/phpstan-strict-rules, and symplify/phpstan-rules in composer.json. The phpstan.neon configuration file has been correctly updated to reflect changes in the new versions, such as renaming strictCalls to strictFunctionCalls and removing rules that are no longer available. The phpstan-baseline.neon has been regenerated to account for the stricter analysis, which is a good strategy for managing the new findings. The changes are consistent with the goal of the pull request and look correct. Well done.

[Copilot]

Pull request overview

This PR upgrades the repository’s static-analysis toolchain to PHPStan 2.x and updates related extensions/configuration so analysis continues to pass under the new major versions.

Changes:

• Upgraded phpstan/phpstan, phpstan/phpstan-strict-rules, and symplify/phpstan-rules to their PHPStan 2-compatible major versions.
• Updated PHPStan config to reflect renamed strict-rules option (strictCalls → strictFunctionCalls) and removed dropped Symplify rules.
• Regenerated phpstan-baseline.neon for PHPStan 2.x and expanded CI PHP matrix to include PHP 8.5.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
phpstan.neon	Removes dropped Symplify rules and updates strict-rules parameter naming for PHPStan 2.x.
phpstan-baseline.neon	Regenerated baseline to match new PHPStan 2.x diagnostics/identifiers.
composer.json	Bumps PHPStan ecosystem dependencies to 2.x-compatible versions.
composer.lock	Locks the upgraded dependency graph for the PHPStan ecosystem and related packages.
.github/workflows/main.yaml	Adds PHP 8.5 to the CI test matrix.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 34 out of 35 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 36 out of 37 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

packages/typo3-version-handling/src/Packagist/PackagistService.php:123

• In fetchPackageData(), curl_errno() is read before curl_exec(), so $errorNumber will almost always be 0 and the timeout detection (CURLE_OPERATION_TIMEOUTED) won’t work. Capture curl_errno (and optionally curl_error) after curl_exec() (and before curl_close()), and consider guarding against curl_init($url) returning false to avoid warnings from curl_setopt().

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The new phpdoc for $configs uses array<int, mixed>, which is narrower than Symfony’s ExtensionInterface expectation (array<array> / array<array-key, array>). This mismatch is now being suppressed via the PHPStan baseline. Adjust the phpdoc to use array<array-key, mixed> (or array<array-key, array<string, mixed>> if you want to reflect the real structure) so the method is contravariant with the interface and the baseline entry can be removed.