Bump phan/phan from 2.4.8 to 4.0.6

[dependabot-preview]

Bumps phan/phan from 2.4.8 to 4.0.6.

Changelog

Sourced from phan/phan's changelog.

May 19 2021, Phan 4.0.6

New Features (Analysis):

• Partially support php 8.1 enums (#4313) (infer the real type is the class type, that they cannot be instantiated, that enum values cannot be reused, and that class constants will exist for enum cases)

  New issue types: PhanReusedEnumCaseValue, PhanTypeInstantiateEnum, PhanTypeInvalidEnumCaseType, PhanSyntaxInconsistentEnum, PhanInstanceMethodWithNoEnumCases, PhanInstanceMethodWithNoEnumCases, PhanEnumCannotHaveProperties, PhanUnreferencedEnumCase, PhanEnumForbiddenMagicMethod.

• Support php 7.4 covariant return types and contravariant parameter types when the configured or inferred minimum_target_php_version is '7.4' or newer (#3795)

• Add initial support for the php 8.1 never type (in real return types and phpdoc). (#4380) Also add support for the phpdoc aliases no-return, never-return, and never-returns

• Support casting iterable<K, V> to Traversable<K, V> with is_object or !is_array checks

• Detect more types of expressions that never return when inferring types (e.g. when analyzing ?:, ?? operators)

• Use php 8.1's tentative return types from reflection (hasTentativeReturnType, getTentativeReturnType) to assume real return types of internal functions/methods (#4400)

  This can be disabled by setting use_tentative_return_type to false (e.g. when using subclasses of internal classes that return incompatible types).

• Warn about modifying properties of classes that are immutable at runtime (enums, internal classes such as \Closure and \WeakRef, etc.) (#4313) New issue type: PhanTypeModifyImmutableObjectProperty

Dead code detection:

• Infer that functions with a return type of never (or phpdoc aliases such as no-return) are unreachable when performing control flow analysis. This can be disabled by setting dead_code_detection_treat_never_type_as_unreachable to false

  Note that control flow is only affected when UseReturnValuePlugin is enabled.

Plugins:

• In UseReturnValuePlugin, also start warning about when using the result of an expression that evaluates to never New issue types: PhanUseReturnValueOfNever

Bug fixes:

• As part of the work on php 7.4 contravariant parameter types, don't automatically inherit inferred parameter types from ancestor classlikes when (1) there is no @param tag with a type for the parameter on the overriding method and (2) the ancestor parameter types are a subtype of the real parameter types unless

  1. @inheritDoc is used.
  2. This is a generic array type such as array<string,mixed> that is a specialization of an array type. If you want to indicate that the overriding method can be any array type, add @param array $paramName.

• Change composer.json dependency on composer/xdebug-handler from ^2.0 to ^1.1|2.0 to avoid conflicting with other libraries or applications that depend on xdebug-handler 1.x (#4382)

• Support parsing multiple declare directives in the polyfill/fallback parser (#4160)

Apr 29 2021, Phan 4.0.5

New Features (Analysis):

• Fix handling of some redundant condition checks involving non-null-mixed and null (#4388, #4391)
• Emit PhanCompatibleSerializeInterfaceDeprecated when a class implements Serializable without also implementing the __serialize and __unserialize methods as well. (#4387) PHP 8.1 deprecates the Serializable interface when __serialize and __unserialize aren't also implemented to be used instead of serialize/unserialize.

Maintenance:

... (truncated)

Commits

• 4caaa97 Merge pull request #4410 from TysonAndre/release-4.0.6
• ebf0c14 Release Phan 4.0.6
• 1ddf3be Support parsing multiple declare directives in fallback parser
• 9796964 Merge pull request #4408 from TysonAndre/enum-immutable-properties
• f9b9c25 Infer that enums and other classes have immutable properties
• 5d742fb Merge pull request #4407 from TysonAndre/enum-case-strict
• d9c2f27 Remove unreferenced class constant
• 46406f1 Exit if using php 8.1 with php-ast<1.0.12
• 4b3b87d Warn about forbidden magic methods in enums
• 8751074 Warn about cloning enums
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[codecov-commenter]

Codecov Report

Merging #131 (8ce31ee) into master (889d256) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master     #131   +/-   ##
=========================================
  Coverage     96.90%   96.90%           
  Complexity      196      196           
=========================================
  Files            50       50           
  Lines           550      550           
=========================================
  Hits            533      533           
  Misses           17       17           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 889d256...8ce31ee. Read the comment docs.

[dependabot-preview]

Superseded by #137.