Bump phan/phan from 2.3.1 to 2.6.1

[dependabot-preview[bot]]

Bumps phan/phan from 2.3.1 to 2.6.1.

Changelog

Sourced from phan/phan's changelog.

Mar 13 2020, Phan 2.6.1

New features(CLI, Configs):

• Add a --dump-ctags=basic flag to dump a tags file in the project root directory. (https://linux.die.net/man/1/ctags) This is different from tool/make_ctags_for_phan_project - it has no external dependencies.

New features(Analysis):

• Infer that the real type set of the key in foreach ($arrayVar as $key => ...) is definitely an int|string in places where Phan previously inferred the empty union type, improving redundant condition detection. (#3789)

Bug fixes:

• Fix a crash in phan --dead-code-detection when a trait defines a real method and phpdoc @method of the same name (#3796)

Miscellaneous:

• Also allow netresearch/jsonmapper@^2.0 as a dependency when enforcing the minimum allowed version (#3801)

Mar 07 2020, Phan 2.6.0

New features(CLI, Configs):

• Show empty union types as (empty union type) in issue messages instead of as an empty string.

• Add a new CLI option --analyze-twice to run the analysis phase twice (#3743)

  Phan infers additional type information for properties, return types, etc. while analyzing, and this will help it detect more potential errors. (on the first run, it would analyze files before some of those types were inferred)

• Add a CLI option --analyze-all-files to analyze all files, ignoring exclude_analysis_file_list. This is potentially useful if third party dependencies are missing type information (also see --analyze-twice).

• Add --dump-analyzed-file-list to dump all files Phan would analyze to stdout.

• Add allow_overriding_vague_return_types to allow Phan to add inferred return types to functions/closures/methods declared with @return mixed or @return object. This is disabled by default.

  When this is enabled, it can be disabled for individual methods by adding @phan-hardcode-return-type to the comment of the method. (if the method has any type declarations such as @return mixed)

  Previously, Phan would only add inferred return types if there was no return type declaration. (also see --analyze-twice)

• Also emit the code fragment for the argument in question in the PhanTypeMismatchArgument family of issue messages (#3779)

• Render a few more AST node kinds in code fragments in issue messages.

New features(Analysis):

• Support parsing php 8.0 union types (and the static return type) in the polyfill. (#3419, #3634)
• Emit PhanCompatibleUnionType and PhanCompatibleStaticType when the target php version is less than 8.0 and union types or static return types are seen. (#3419, #3634)
• Be more consistent about warning about issues in values of class constants, global constants, and property defaults.
• Infer key and element types from iterator_to_array()
• Infer that modification of or reading from static properties all use the same property declaration. (#3760) Previously, Phan would track the static property's type separately for each subclass. (static properties from traits become different instances, in each class using the trait)
• Make assignments to properties of the declaring class affect type inference for those properties when accessed on subclasses (#3760)

... (truncated)

Commits

• 184c591 Merge pull request #3814 from TysonAndre/release-2.6.1
• d80f82e Release Phan 2.6.1
• 738e2a4 Update composer.lock
• 739f255 netresearch/jsonmapper ^2.0
• 81bf907 Merge pull request #3797 from TysonAndre/dead-code-detection-threw
• 3e14dc1 Fix a crash in dead code detection for duplicated trait method
• 81c079b Merge pull request #3793 from TysonAndre/array_real_types
• 881a99a Fix false positives, fix ctags plugin
• 7781d6b Merge pull request #3790 from TysonAndre/ctags-generation
• a0dace9 Add CLI option --dump-ctags=basic
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

[dependabot-preview[bot]]

Superseded by #233.