Bump the minor-and-patch group with 3 updates

[dependabot]

Bumps the minor-and-patch group with 3 updates: guzzlehttp/guzzle, friendsofphp/php-cs-fixer and rector/rector.

Updates guzzlehttp/guzzle from 7.12.1 to 7.12.3

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.12.3

Changed

• Adjusted guzzlehttp/psr7 version constraint to ^2.12.3

Security

• Treat IP and numeric cookie domains as exact-match-only (GHSA-g446-98w2-8p5w)

7.12.2

Fixed

• Clamp out-of-range Max-Age so a very large value no longer overflows to an already-expired timestamp
• Use strict comparison in CookieJar conflict resolution so distinct numeric-string names don't overwrite
• Store a cookie whose Domain has a trailing dot on the origin host instead of silently discarding it
• Fix StreamHandler hard-failing on bracketed IPv6 literal hosts when force_ip_resolve is set
• Use strict cookie Path comparison so CookieJar::clear() with a numeric path keeps a distinct-path cookie
• Fixed cookie handling for falsey Domain, Max-Age, path, and name values
• Fixed decode_content handling for falsey string values
• Fixed deprecated request option values reaching built-in handlers before normalization

Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.12.3 - 2026-06-23

Changed

• Adjusted guzzlehttp/psr7 version constraint to ^2.12.3

Security

• Treat IP and numeric cookie domains as exact-match-only (GHSA-g446-98w2-8p5w)

7.12.2 - 2026-06-23

Fixed

• Clamp out-of-range Max-Age so a very large value no longer overflows to an already-expired timestamp
• Use strict comparison in CookieJar conflict resolution so distinct numeric-string names don't overwrite
• Store a cookie whose Domain has a trailing dot on the origin host instead of silently discarding it
• Fix StreamHandler hard-failing on bracketed IPv6 literal hosts when force_ip_resolve is set
• Use strict cookie Path comparison so CookieJar::clear() with a numeric path keeps a distinct-path cookie
• Fixed cookie handling for falsey Domain, Max-Age, path, and name values
• Fixed decode_content handling for falsey string values
• Fixed deprecated request option values reaching built-in handlers before normalization

Commits

• 9aa17bc Release 7.12.3
• 49615e1 Adjusted guzzlehttp/psr7 version constraint to ^2.12.3 (#3696)
• b9944c1 Treat IP cookie domains as exact-only (#3694)
• 1289bf2 Release 7.12.2
• 5c79b37 Remove shitty deprecation tests (#3690)
• 9e838e8 Normalize deprecated request option values (#3684)
• c2cfa80 Restore falsey changelog wording (#3683)
• 8250f59 Add cookie follow-up tests and changelog (#3675)
• b4bf998 Document cookie name lookup case sensitivity (#3674)
• e322fa4 Use strict cookie path matching (#3673)
• Additional commits viewable in compare view

Updates friendsofphp/php-cs-fixer from 3.95.8 to 3.95.11

Release notes

Sourced from friendsofphp/php-cs-fixer's releases.

v3.95.11 Adalbertus

What's Changed

• fix: NoBreakCommentFixer - handle enum cases, TokensAnalyzer::isEnumCase - fix handling nested switch-cases by @​keradus in PHP-CS-Fixer/PHP-CS-Fixer#9565
• deps: bump actions/checkout from 6 to 7 in /.github/workflows in the all group across 1 directory by @​dependabot[bot] in PHP-CS-Fixer/PHP-CS-Fixer#9694
• deps: bump phpstan/phpstan-symfony from 2.0.19 to 2.0.20 in /dev-tools in the phpstan group by @​dependabot[bot] in PHP-CS-Fixer/PHP-CS-Fixer#9693
• test: use correct test precondition failure mode in PharTest by @​Jean85 in PHP-CS-Fixer/PHP-CS-Fixer#9700
• deps: bump dev deps by @​keradus in PHP-CS-Fixer/PHP-CS-Fixer#9702

Full Changelog: PHP-CS-Fixer/PHP-CS-Fixer@v3.95.10...v3.95.11

v3.95.10 Adalbertus

What's Changed

• fix: TokensAnalyzer - handle T_PUBLIC_SET, T_PROTECTED_SET, T_PRIVATE_SET by @​keradus in PHP-CS-Fixer/PHP-CS-Fixer#9696

Full Changelog: PHP-CS-Fixer/PHP-CS-Fixer@v3.95.9...v3.95.10

v3.95.9 Adalbertus

What's Changed

• chore: apply class_keyword by @​keradus in PHP-CS-Fixer/PHP-CS-Fixer#9689
• refactor: change Fixers execution order to always-deterministic by @​keradus in PHP-CS-Fixer/PHP-CS-Fixer#9690

Full Changelog: PHP-CS-Fixer/PHP-CS-Fixer@v3.95.8...v3.95.9

Changelog

Sourced from friendsofphp/php-cs-fixer's changelog.

Changelog for v3.95.11

• fix: NoBreakCommentFixer - handle enum cases, TokensAnalyzer::isEnumCase - fix handling nested switch-cases (#9565)
• deps: bump actions/checkout from 6 to 7 in /.github/workflows in the all group across 1 directory (#9694)
• deps: bump dev deps (#9702)
• deps: bump phpstan/phpstan-symfony from 2.0.19 to 2.0.20 in /dev-tools in the phpstan group (#9693)
• test: use correct test precondition failure mode in PharTest (#9700)

Changelog for v3.95.10

• fix: TokensAnalyzer - handle T_PUBLIC_SET, T_PROTECTED_SET, T_PRIVATE_SET (#9696)

Changelog for v3.95.9

• chore: apply class_keyword (#9689)
• refactor: change Fixers execution order to always-deterministic (#9690)

Commits

• 35f98e1 prepared the 3.95.11 release
• 538077d deps: bump dev deps (#9702)
• 4cf4bb9 fix: NoBreakCommentFixer - handle enum cases, TokensAnalyzer::isEnumCase ...
• 3a73c6c test: use correct test precondition failure mode in PharTest (#9700)
• f91d7b0 deps: bump phpstan/phpstan-symfony from 2.0.19 to 2.0.20 in /dev-tools in the...
• 327cc85 deps: bump actions/checkout from 6 to 7 in /.github/workflows in the all grou...
• 63e5098 bumped version
• 93e1ab3 prepared the 3.95.10 release
• f5ef45e fix: TokensAnalyzer - handle T_PUBLIC_SET, T_PROTECTED_SET, `T_PRIVATE_...
• 204b56e bumped version
• Additional commits viewable in compare view

Updates rector/rector from 2.4.6 to 2.5.2

Release notes

Sourced from rector/rector's releases.

Released Rector 2.5.2

Bugfixes 🐛

• Match class + path in unused-skip reporting — fix combined class => [paths] skips being wrongly flagged as unused (#8073)
• Mark skip used only when rule would change the file — a class/path skip counts as "used" only if the rule would actually touch that file, killing false "used" hits (#8076)
• Improve unused-skip resolver methods — cleaner resolution internals (#8072)
• Track used skips as class => [paths] map — richer per-path skip tracking backing the report (#8074)

Released Rector 2.5.1

Bugfixes 🐛

• Skip unused-skip reporting on narrowed runs - no more false "unused skip" noise when running Rector on a subset of paths (#8069)
• Display skips only on uncached run - skip report shows on real runs, not when results come from cache (#8071)
• RemoveAlwaysTrueIfConditionRector — avoid scanning whole new statements on dynamic variable checks; moved logic to ExprAnalyzer and bail early on defined variables (#8057)

Released Rector 2.5

New Features 🥳 🎉 🎉 🎉

This release has 3 interesting new features. Let's look at them:

[dx] Report skips that never matched (#8058)

• What? - like PHPStan's reportUnusedIgnores, but for Rector ->withSkip(). Flags skip entries that never matched anything during the run, so you can delete stale skips.

• Why? - skips rot. You skip a path/rule to dodge a problem, later the file moves or the rule stops firing there — the skip lingers forever, silently masking nothing. This surfaces dead skips so config stays honest.

// rector.php
return RectorConfig::configure()
    ->withSkip([
        SimplifyUselessVariableRector::class => [
            '*/src/Legacy/*',          // still matches — fine
            '*/NonexistentUnused/*',   // matches nothing — stale
        ],
    ])
    ->reportUnusedSkips();

Run output:

 [OK] Rector is done!
[WARNING] This skip is unused, it never matched any element.
You can remove it from "->withSkip()"

Rector\CodeQuality\Rector\FunctionLike\SimplifyUselessVariableRector => /NonexistentUnused/

... (truncated)

Commits

• 49ff633 Rector 2.5.2
• 56d179b Updated Rector to commit dd21759b1194fe28cd266337124fd3035c62ead9
• 228203d Updated Rector to commit 2328ea6338d2496c409aaf2d8a001052e323feda
• d7cb788 Updated Rector to commit 19dcdb7816f10cb502a1b2ef5a6628185f74e49d
• 76d81c5 Updated Rector to commit aea1570424613c9a0acbf80c3abeb41d7dd33dbe
• 34a9124 Rector 2.5.1
• 6502d60 Updated Rector to commit df98b3b4e5f024d2260edc233dc9cb4adfe6a3e0
• b74237c Updated Rector to commit 84ab911ef53267aa1c4a9466064def614e486eea
• e3c4ee7 Updated Rector to commit 3893ea422afa3fb801ae64fa546c8a2cb24b0f97
• bdd26a9 Updated Rector to commit 580b374ea3638fd50cf9b98b84445cd9fe53768e
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions