Sourced from phpunit/phpunit's releases.

PHPUnit 12.2.7

Fixed

• #6254: defects,randomconfiguration is supported by implementation, but it is not allowed by the XML configuration file schema
• #6259: Order of tests which use data from data providers is not affected by test sorting
• #6266: Superfluous whitespace in TestDox output when test method name has a number after the test prefix

---

How to install or update PHPUnit

Sourced from phpunit/phpunit's changelog.

[12.2.7] - 2025-07-11

Fixed

• #6254: defects,randomconfiguration is supported by implementation, but it is not allowed by the XML configuration file schema
• #6259: Order of tests which use data from data providers is not affected by test sorting
• #6266: Superfluous whitespace in TestDox output when test method name has a number after the test prefix

[12.2.6] - 2025-07-04

Fixed

• #6104: Test with dependencies and data provider fails
• #6163: @no-named-arguments leads to static analysis errors for variadic arguments

[12.2.5] - 2025-06-27

Fixed

• #6249: No meaningful error when <testsuite> element is missing required name attribute

[12.2.4] - 2025-06-26

Changed

• Including information about the Git repository (such as the commit hash and branch name) in the Open Test Reporting XML format is now an opt-in feature that can be enabled via the --include-git-information CLI option or the includeGitInformation attribute in the XML configuration file

Fixed

• If Git information is included in the Open Test Reporting XML format (see above), any credentials that may be configured as part the remote.origin.url setting in Git were written to the originUrl attribute of <git:repository> elements. For example, when cloning a GitHub repository using a URL like https://username:password@github.com/organization/repository.git both username and password were included in the XML report. Since this report may be shared, published, or archived (for example, on a CI server) while including this information, this was reported as a potential security vulnerability (CVE-2025-53103). Any credentials are now removed before writing them to the XML report.

[12.2.3] - 2025-06-20

Added

• #6236: failOnPhpunitWarning attribute on the <phpunit> element of the XML configuration file and --fail-on-phpunit-warning CLI option for controlling whether PHPUnit should fail on PHPUnit warnings (default: true)
• #6239: --do-not-fail-on-deprecation, --do-not-fail-on-phpunit-warning, --do-not-fail-on-phpunit-deprecation, --do-not-fail-on-empty-test-suite, --do-not-fail-on-incomplete, --do-not-fail-on-notice, --do-not-fail-on-risky, --do-not-fail-on-skipped, and --do-not-fail-on-warning CLI options
• --do-not-report-useless-tests CLI option as a replacement for --dont-report-useless-tests

Deprecated

• #6240: --dont-report-useless-tests CLI option (use --do-not-report-useless-tests instead)

Fixed

• #6243: Constraints cannot be implemented without using internal class ExpectationFailedException

[12.2.2] - 2025-06-13

Fixed

... (truncated)

• 8b1348b Prepare release
• 39f739a Merge branch '11.5' into 12.2
• 446d438 Prepare release
• 26e3b10 Merge branch '10.5' into 11.5
• 6e0a2bc Prepare release
• 64dea84 Merge branch '11.5' into 12.2
• 7587997 Closes #6266
• 4acdb58 Merge branch '11.5' into 12.2
• de5d027 Merge branch '10.5' into 11.5
• f5133b2 Merge branch '9.6' into 10.5
• Additional commits viewable in compare view

Sourced from phpstan/phpstan's releases.

2.1.17

Major new features 🚀

• Introducing Editor Mode (phpstan/phpstan-src@74b909a)
  • Learn more: https://phpstan.org/user-guide/editor-mode

Bleeding edge 🔪

• Report new static() in static method of abstract class - level 0 (phpstan/phpstan-src@a5f7c06)

If you want to see the shape of things to come and adopt bleeding edge features early, you can include this config file in your project's phpstan.neon:

includes:
	- vendor/phpstan/phpstan/conf/bleedingEdge.neon

Of course, there are no backwards compatibility guarantees when you include this file. The behaviour and reported errors can change in minor versions with this file included. Learn more

Improvements 🔧

• This release includes improvements and bugfixes from PHPStan 1.12.27

Bugfixes 🐛

• Fix array_column() with explicit null $index_key (#3970), #12945, thanks @​herndlm!
• AlwaysRememberedExpr - use getNativeExprType (phpstan/phpstan-src@222676e)
• Invalidate result cache properly when property hook changes (phpstan/phpstan-src@dff492e, phpstan/phpstan-src@268d7c6)
• Result cache - react to property having abstract/final/asymmetric visibility changed (phpstan/phpstan-src@0ad2a6a)
• Result cache - react to property being virtual changing (phpstan/phpstan-src@e33a560)

Function signature fixes 🤖

• Update libxml_get_errors() (#3973), thanks @​jack-worman!

Internals 🔍

• Call ProcessPromise::cancel() from deferred canceller (phpstan/phpstan-src@df4c1f3)
• Solve some cases of dead code (phpstan/phpstan-src@e1e8302)

... (truncated)

• 89b5ef6 PHPStan 2.1.17
• ac6dae9 Updated PHPStan to commit ac6dae9b014720d077a4fa371d34ea57e2713cfe
• c4211ad Editor mode docs
• ea816fc Updated PHPStan to commit ea816fcce3d01247137a97423c143b847607b484
• 4c8c60d Update playground-runner
• dd38409 Updated PHPStan to commit dd3840912ea421745a238d139cdd61c87db9106a
• 8d3e66f Updated PHPStan to commit 8d3e66f52b5abf32283b5afa5a75ab3bdd30e6d8
• 08180bd Update errors identifiers
• a8f412a Updated PHPStan to commit a8f412a2ec1bfb455cfc529bb4e8a05a9caf1249
• fed47b1 Updated PHPStan to commit fed47b1c3c57bd319b71d653d17f70973b62e7fc
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions