Update all non-major dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
composer/composer (source)	^2.7.2 -> ^2.9.2					require-dev	minor
infection/infection	^0.27.11 -> ^0.31.9					require-dev	minor
laminas/automatic-releases	1.24.0 -> 1.25.0					action	minor
ocramius/package-versions	^2.8.0 -> ^2.11.0					require	minor
php	~8.1.0 || ~8.2.0 || ~8.3.0 -> ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.5.0					require	minor
phpunit/phpunit (source)	^10.5.15 -> ^10.5.60					require-dev	patch
psalm/plugin-phpunit	^0.19.0 -> ^0.19.5					require	patch
shivammathur/setup-php	2.30.0 -> 2.36.0					action	minor
symfony/process (source)	^7.0.4 -> ^7.4.0					require-dev	patch
vimeo/psalm	^5.23.1 -> ^5.26.1					require	minor

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

composer/composer (composer/composer)

v2.9.2

Compare Source

• Added new --no-security-blocking flag to disable/configure security blocking (#​12617)
  • Added a way to set audit > ignore to act only on audits or only on security blocking (#​12618, #​12612)
  • Fixed config command not being able to set the new audit settings (#​12609)
  • Fixed handling audit.ignore to support CVE ids while doing security blocking, but advisory IDs are still preferred for performance reasons (#​12624)
  • Fixed partial updates failing when another package in the lock file has a known security advisory (#​12626)

v2.9.1

Compare Source

• Fixed regression in phpunit binary proxies (#​12601)
  • Fixed script handler autoloading issues (#​12606)
  • Fixed null call of Command::setDescription in some cases (#​12605)
  • Fixed --prefer-lowest builds sometimes failing due to the filtering of versions with known vulnerabilities (#​12603)

v2.9.0

Compare Source

• Fixed a couple minor issues with --bump-after-update (#​12598)
  • Various docs fixes

v2.8.12

Compare Source

• Fixed json schema issues with version validation (#​12512)
  • Fixed PHP 8.5 deprecation warnings (#​12513)
  • Fixed support for Bitbucket API tokens (#​12515)
  • Fixed handling of spaces in paths when using binaries (#​12524)
  • Fixed config --global path resolution issue (#​12537)
  • Reduced peak memory usage while loading packages (#​12516)
  • Dropped react/promise 2.x support

v2.8.11

Compare Source

• Fixed PHP 8.5 deprecation warnings (#​12504, #​12493, #​12505)
  • Fixed bump command handling of 0.x versions (#​12468)
  • Fixed psr-4 warnings being shown in some cases when using symlinked directories (#​12480)
  • Fixed audit command failing hard if any advisory constraint was invalid (#​12507)

v2.8.10

Compare Source

• Fixed plugins appearing loaded despite not being loaded yet in some edge cases (#​12442)
  • Fixed forward compatibility with Symfony 7.4 (#​12445)
  • Fixed deprecation warning on PHP 8.4 when platform check fails (#​12453)
  • Fixed support for new planner role in GitLab (#​12426)
  • Fixed Bitbucket regression introduced in 2.8.0 (#​12462)
  • Fixed json schema issues with version validation (#​12438)
  • Fixed git prompt breaking some systems (#​12437)
  • Fixed warning on PHP 8.5 when curl is not loaded (#​12472)

v2.8.9

Compare Source

• Fixed json schema issues with version validation (#​12376)
  • Fixed bump-after-update triggering after an update --lock, which makes no sense (#​12371)
  • Fixed zip bomb false positives when unpacking using ZipArchive (#​12409)
  • Fixed creation of empty archives (#​12408)
  • Removed output of script being run when running via composer <script-name> (#​12383)

v2.8.8

Compare Source

• Fixed json schema issues with version validation (#​12367)
  • Fixed issues running on 32bit machines (#​12365)

v2.8.7

Compare Source

• Bumped justinrainbow/json-schema dependency to 6.x (#​12348)
  • Added COMPOSER_MAX_PARALLEL_PROCESS env var to control max amount of parallel processes Composer will start (#​12356)
  • Added zstd/brotli presence in diagnose command output
  • Fixed error handler to avoid spamming deprecation notices (#​12360)
  • Fixed InstalledVersions returning duplicate data at Composer runtime (#​12225)
  • Fixed handling of --with ... constraints to make them apply to packages replaced a package with a different name (#​12353)
  • Fixed deprecation warnings showing up in IDE code inspections within the vendor dir (#​12331)
  • Fixed a few json schema completeness issues (#​12332, #​12321)
  • Fixed issue autoloading files with a .phar inside the path (#​12326)

v2.8.6

Compare Source

• Added COMPOSER_WITH_DEPENDENCIES and COMPOSER_WITH_ALL_DEPENDENCIES env vars to enable the --with[-all]-dependencies flags (#​12289)
  • Added COMPOSER_SKIP_SCRIPTS env var to tell Composer to skip certain script handlers by script names (comma separated) (#​12290)
  • Added error hint when Avast is detected together with curl certificate errors (#​9894)
  • Fixed handling of backslash in folder names when creating archives (#​12327)
  • Fixed detection of containerd for containers to avoid warning about root usage (#​12299)

v2.8.5

Compare Source

• Added build provenance attestation so you can also now download and verify phar files from GitHub releases:

    gh release --repo composer/composer download --pattern composer.phar
    gh attestation verify --repo composer/composer composer.phar
  

  • Fixed unsupported funding values causing parse errors in packages (#​12247)
  • Fixed support for a few newer funding formats (#​12257)
  • Fixed InstalledVersions regression from 2.8.4 when reload() is used (#​12269)
  • Fixed psr-0/psr-4 rules having unstable order in vendor/composer/autoload*.php (#​12263)
  • Fixed a few warnings happening incorrectly in edge cases (#​12284, #​12268, #​12283)

v2.8.4

Compare Source

• Fixed exit code of the audit command not being meaningful (now 1 for vulnerabilities and 2 for abandoned, 3 for both) (#​12203)
  • Fixed issue on plugin upgrade when it defines multiple classes (#​12226)
  • Fixed duplicate errors appearing in the output depending on php settings (#​12214)
  • Fixed InstalledVersions returning duplicate data in some instances (#​12225)
  • Fixed installed.php sorting to be deterministic (#​12197)
  • Fixed bump-after-update failing when using inline constraints (#​12223)
  • Fixed create-project command to now disable symlinking when used with a path repo as argument (#​12222)
  • Fixed validate --no-check-publish to hide publish errors entirely as they are irrelevant (#​12196)
  • Fixed audit command returning a failing code when composer audit fails as this should not trigger build failures, but running audit as standard part of your build is probably a terrible idea anyway (#​12196)
  • Fixed curl usage to disable multiplexing on broken versions when proxies are in use (#​12207)

v2.8.3

Compare Source

• Fixed windows handling of process discovery (#​12180)
  • Fixed react/promise requirement to allow 2.x installs again (#​12188)
  • Fixed some issues when lock:false is set in require and bump commands

v2.8.2

Compare Source

• Fixed crash while suggesting providers if they have no description (#​12152)
  • Fixed issues creating lock files violating the schema in some circumstances (#​12149)
  • Fixed create-project regression in 2.8.1 when using path repos with relative paths (#​12150)
  • Fixed ctrl-C aborts not working inside text prompts (#​12106)
  • Fixed git failing silently when git cannot read a repo due to ownership violations (#​12178)
  • Fixed handling of signals in non-PHP binaries run via proxies (#​12176)

v2.8.1

Compare Source

• Fixed json schema issues with version validation (#​12512)
  • Fixed PHP 8.5 deprecation warnings (#​12513)
  • Fixed support for Bitbucket API tokens (#​12515)
  • Fixed handling of spaces in paths when using binaries (#​12524)
  • Fixed config --global path resolution issue (#​12537)
  • Reduced peak memory usage while loading packages (#​12516)
  • Dropped react/promise 2.x support

v2.8.0

Compare Source

• BC Warning: Fixed https_proxy env var falling back to http_proxy's value. The fallback and warning have now been removed per the 2.7.3 release notes (#​11938, #​11915)
  • Added --patch-only flag to the update command to restrict updates to patch versions and make an update of all deps safer (#​12122)
  • Added --abandoned flag to the audit command to configure how abandoned packages should be treated, overriding the audit.abandoned config setting (#​12091)
  • Added --ignore-severity flag to the audit command to ignore one or more advisory severities (#​12132)
  • Added --bump-after-update flag to the update command to run bump after the update is done (#​11942)
  • Added a way to control which scripts receive additional CLI arguments and where they appear in the command, see the docs (#​12086)
  • Added allow-missing-requirements config setting to skip the error when the lock file is not fulfilling the composer.json's dependencies (#​11966)
  • Added a JSON schema for the composer.lock file (#​12123)
  • Added better support for Bitbucket app passwords when cloning repos / installing from source (#​12103)
  • Added --type flag to filter packages by type(s) in the reinstall command (#​12114)
  • Added --strict-ambiguous flag to the dump-autoload command to make it return with an error code if duplicate classes are found (#​12119)
  • Added warning in dump-autoload when vendor files have been deleted (#​12139)
  • Added warnings for each missing platform package when running create-project to avoid having to run it again and again (#​12120)
  • Added sorting of packages in allow-plugins when sort-packages is enabled (#​11348)
  • Added suggestion of provider packages / polyfills when an ext or lib package is missing (#​12113)
  • Improved interactive package update selection by first outputting all packages and their possible updates (#​11990)
  • Improved dependency resolution failure output by sorting the output in a deterministic and (often) more logical way (#​12111)
  • Fixed PHP 8.4 deprecation warnings about E_STRICT (#​12116)
  • Fixed init command to validate the given license identifier (#​12115)
  • Fixed version guessing to be more deterministic on feature branches if it appears that it could come from either of two mainline branches (#​12129)
  • Fixed COMPOSER_ROOT_VERSION env var handling to treat 1.2 the same as 1.2.x-dev and not 1.2.0 (#​12109)
  • Fixed require command skipping new stability flags from the lock file, causing invalid lock file diffs (#​12112)
  • Fixed php://stdin potentially being open several times when running Composer programmatically (#​12107)
  • Fixed handling of platform packages in why-not command and partial updates (#​12110)
  • Reverted "Fixed transport-options.ssl for local cert authorization being stored in lock file making them less portable (#​12019)" from 2.7.8 as it was broken

v2.7.9

Compare Source

• Fixed Docker detection breaking on constrained environments (#​12095)
  • Fixed upstream issue in bash completion script, it is recommended to update it using the completion command (#​12015)

v2.7.8

Compare Source

• Added release-age, release-date and latest-release-date in the JSON output of outdated (#​12053)
  • Fixed PHP 8.4 deprecation warnings
  • Fixed addressability of branches containing # signs (#​12042)
  • Fixed bump command not handling some ~ constraints correctly (#​12038)
  • Fixed COMPOSER_AUTH not taking precedence over ./auth.json (#​12084)
  • Fixed relative: true sometimes not being respected in path repo symlinks (#​12092)
  • Fixed copy from cache sometimes failing on VirtualBox shared folders (#​12057)
  • Fixed PSR-4 autoloading order regression in some edge case (#​12063)
  • Fixed duplicate lib-* packages causing issues when having pecl + core versions of the same PHP extension (#​12093)
  • Fixed transport-options.ssl for local cert authorization being stored in lock file making them less portable (#​12019)
  • Fixed memory issues when installing large binaries (#​12032)
  • Fixed archive command crashing when a path cannot be realpath'd on windows (#​11544)
  • API: Deprecated BasePackage::$stabilities in favor of BasePackage::STABILITIES (685add7)
  • Improved Docker detection (#​12062)

infection/infection (infection/infection)

v0.31.9: Support PHPStan-dev version in PHPStanAdapter

Compare Source

Changed:

• Support PHPStan-dev version in PHPStanAdapter by @​staabm #​2495

Full Changelog: infection/infection@0.31.8...0.31.9

v0.31.8

Compare Source

Changed:

• Support PHPStan dev-versions by @​staabm #​2492

Full Changelog: infection/infection@0.31.7...0.31.8

v0.31.7: Show uncovered mutants to output when --with-uncovered is used

Compare Source

Fixed:

• Show uncovered mutants to output when --with-uncovered is used by @​maks-rafalko in #​2443
• Update description of --dry-run by @​maks-rafalko in #​2436

Full Changelog: infection/infection@0.31.6...0.31.7

v0.31.6: Introduce --logger-text option

Compare Source

Added:

• Introduce --logger-text option to enforce text logger file path by @​romm in #​2438

Full Changelog: infection/infection@0.31.5...0.31.6

v0.31.5

Compare Source

Fixed:

• Fix --dry-run option using DryRunProcess wrapper (alternative approach) by @​sanmai in #​2435

Changed:

• Use/Suggest executionOrder="defects,random" for phpunit.xml by @​staabm in #​2267
• Get rid of custom CloneVisitor and use native CloningVisitor from php-parser by @​maks-rafalko in #​2430

Full Changelog: infection/infection@0.31.4...0.31.5

v0.31.4

Compare Source

Changed:

• PHPStan integration: drop --fail-without-result-cache by @​staabm in #​2429

Internal:

• Fix escaping mutation in FilterBuilder by @​sanmai in #​2428

Full Changelog: infection/infection@0.31.3...0.31.4

v0.31.3: PHPStan running out of memory when attempting --static-analysis-tool=phpstan

Compare Source

Fixed:

• Fix PHPStan running out of memory during initial static analysis by @​sanmai in #​2427
• fix: Drop PHPUnit filters when they are too long by @​theofidry in #​2415

Changed:

• Removed mention of Pest by @​sasezaki in #​2423
• perf: Optimize the PHPUnit filters by @​theofidry in #​2407
• README.md - Bump PHP version to 8.2 by @​sasezaki in #​2422
• Improve the source filtering messages by @​theofidry in #​2394

Internal:

• test: Leverage the PHPUnit assertIsList by @​theofidry in #​2385
• test: Move the SourceFileCollector fixtures next to its test case by @​theofidry in #​2384
• fix: Rename the exclude parameter of the SourceFileCollector by @​theofidry in #​2383
• test: Fix issues reported by PHPStan for SourceFileCollectorTest by @​theofidry in #​2386
• fix: Make the source file collector yield a list by @​theofidry in #​2392
• refactor: Minor tweaks to FilterBuidler by @​theofidry in #​2410
• Fix bugs identified by PHPStan 2.1.30 by @​sanmai in #​2419

Full Changelog: infection/infection@0.31.2...0.31.3

v0.31.2: --static-analysis-tool-options and no MSI shown by default for non-covered code

Compare Source

Added:

• Remove Mutation Score Indicator (MSI) from default output, show only with --with-uncovered by @​Copilot in #​2378

Changed:

• Add --static-analysis-tool-options CLI option with proper multiple options support by @​Copilot in #​2374

Internal:

• Fixed mutator list for E2E fixtures by @​sanmai in #​2359
• Kill mutant found in #​2361 by @​maks-rafalko in #​2362
• Fix "Method ReflectionProperty::setAccessible() is deprecated since 8.5, as it has no effect" by @​staabm in #​2364
• Remove lower-bound composer constraints by @​staabm in #​2366
• Fix PHPUnit 9.x compatibility by @​staabm in #​2368
• ✨ Add Copilot instructions for Infection mutation testing framework by @​Copilot in #​2376
• Add copilot-setup-steps.yml by @​maks-rafalko in #​2377

New Contributors

• @​Copilot made their first contribution in #​2376

Full Changelog: infection/infection@0.31.1...0.31.2

v0.31.1: Cleanup old PHPUnit cache files in Infection tmp directory

Compare Source

Added:

• Cleanup PHPUnit result-cache files older than 30 days by @​staabm in #​2349

Internal:

• DiffColorizerTest: Add multi byte tests by @​staabm in #​2354
• Kill timed out mutants in DiffColorizer by @​staabm in #​2353
• CI: Added PHP 8.5 setup by @​staabm in #​2348
• [Conductor] Update all of phpstan by @​private-packagist[bot] in #​2340
• [Conductor] Update all of sanmai by @​private-packagist[bot] in #​2345
• [Conductor] Update nikic/php-parser to v5.6.0 by @​private-packagist[bot] in #​2346
• [Conductor] Update sidz/phpstan-rules to 0.5.2 by @​private-packagist[bot] in #​2347
• [Conductor] Update phpunit/phpunit to 11.5.28 by @​private-packagist[bot] in #​2351
• [Conductor] Update myclabs/deep-copy to 1.13.4 by @​private-packagist[bot] in #​2352
• [Conductor] Update sanmai/di-container to 0.1.5 by @​private-packagist[bot] in #​2355

Full Changelog: infection/infection@0.31.0...0.31.1

v0.31.0

Compare Source

Changed:

• [BR BREAK!] Remove --only-covered; Introduce --with-uncovered instead by @​staabm in #​2336
• Directly enqueue follow-up processes by @​sanmai in #​2322
• Use executionOrder="defects,random" for phpunit.xml by @​staabm in #​2328

Fixed:

• Fix CLI output rendering for diffs which contain symfony-style like text by @​staabm in #​2338

Internal:

• Update the pipeline library to version 7 by @​sanmai in #​2342
• Switch to sanmai/di-container by @​sanmai in #​2343

Backward Compatibility Break

This version introduces BC Break. Do the following:

1. If you used Infection for all the code, including uncovered, like bin/infection, now you need to add --with-uncovered, because by default, Infection doesn't mutate uncovered code anymore

- bin/infection
+ bin/infection --with-uncovered

2. If you used Infection for the only code covered by tests, like bin/infection --only-covered, you need to remove this option because now this is a default behavior and this options has been removed

- bin/infection --only-covered
+ bin/infection

3. If you used Infection for all the code, including uncovered, but now you want to mutated only covered code, do nothing (default behavior has been changed)

# continue using
bin/infection

Full Changelog: infection/infection@0.30.3...0.31.0

v0.30.3

Compare Source

Changed:

• [BR BREAK!] Remove --only-covered; Introduce --with-uncovered instead by @​staabm in #​2336
• Directly enqueue follow-up processes by @​sanmai in #​2322
• Use executionOrder="defects,random" for phpunit.xml by @​staabm in #​2328

Fixed:

• Fix CLI output rendering for diffs which contain symfony-style like text by @​staabm in #​2338

Internal:

• Update the pipeline library to version 7 by @​sanmai in #​2342
• Switch to sanmai/di-container by @​sanmai in #​2343

Backward Compatibility Break

This version introduces BC Break. Do the following:

1. If you used Infection for all the code, including uncovered, like bin/infection, now you need to add --with-uncovered, because by default, Infection doesn't mutate uncovered code anymore

- bin/infection
+ bin/infection --with-uncovered

2. If you used Infection for the only code covered by tests, like bin/infection --only-covered, you need to remove this option because now this is a default behavior and this options has been removed

- bin/infection --only-covered
+ bin/infection

3. If you used Infection for all the code, including uncovered, but now you want to mutated only covered code, do nothing (default behavior has been changed)

# continue using
bin/infection

Full Changelog: infection/infection@0.30.3...0.31.0

v0.30.2

Compare Source

Added:

• [new mutator] Add ReturnRemoval mutator by @​sanmai in #​2296

Changed:

• Don't show 0 metrics in result summary by @​staabm in #​2311

Fixed:

• Do not report unmatched ignored errors for PHPStan killer for a mutant by @​maks-rafalko in #​2326

Internal:

• Replace array-by-reference with a SplQueue object by @​sanmai in #​2321

Full Changelog: infection/infection@0.30.2...0.30.3

v0.30.1

Compare Source

Changed:

• [performance] Smarter LogicalNot mutator by @​staabm in #​2283
• [performance] MutationProcess timeout is based on test-execution time by @​staabm in #​2300
• DX: Automatically determine git reference branch by @​staabm in #​2289
• Support NullSafe PropertyFetch/MethodCall in ArrayItem mutator by @​staabm in #​2294
• Make ArrayItem mutator less evil by @​sanmai in #​2299
• Remove IdenticalEqual by @​sanmai in #​2248
• Allow setting static analysis tool in config file by @​maks-rafalko in #​2301

Internal:

• Cleanup composer.json conflict rules with phpunit/php-code-coverage by @​staabm in #​2288
• Test forgotten PhpStan value object by @​maks-rafalko in #​2302
• Finally, fix the worst and the most unmaintainable test ever by @​maks-rafalko in #​2304
• Rename functions of ReflectionVisitor.php by @​maks-rafalko in #​2308
• Add threads=max to infection.json5 by @​maks-rafalko in #​2307
• Improve ParallelProcessRunner to guard against ReturnRemoval mutator by @​sanmai in #​2310
• Refactor SchemaConfigurationTest by @​sanmai in #​2305

Full Changelog: infection/infection@0.30.1...0.30.2

v0.30.0

Compare Source

Changed:

• TextFileLogger: add hints about different logfile options by @​staabm in #​2278
• [performance] Smarter TrueValue/FalseValue mutator by @​staabm in #​2280

Fixed:

• Fix HTML report with --static-analysis-tool=phpstan by @​maks-rafalko in #​2284

Internal:

• Fix a MethodCallRemoval test by @​staabm in #​2282

Full Changelog

v0.29.14

Compare Source

Full Changelog

Added:

• Add --threads to the config file under threads key by @​maks-rafalko in #​2158
• Support --show-mutations=int|max to support non-bool values by @​staabm in #​2216
• Introduce --id=<mutant-hash> to run the only one Mutant for killing it by @​maks-rafalko in #​2226
• Implement perMutator timings by @​staabm in #​2164
• Render process-limit into perMutator logger table header by @​staabm in #​2175
• Introduce a nomenclature by @​theofidry in #​1428
• Kill mutants by Static Analysis (PHPStan --static-analysis-tool=phpstan) if they are escaped and not killed by PHPUnit tests by @​maks-rafalko in #​2098
• Detect kills by SA during mutation analysis and differentiate them from kills by Test Framework by @​maks-rafalko in #​2157

Changed:

• [performance] Support narrowing a union type containing false with a non-falsy value by @​staabm in #​2121
• [performance] Don't mutate method in final class ProtectedVisibility: by @​staabm in #​2112
• [performance] Don't mutate true/false in conditions by @​staabm in #​2143
• [performance] Don't mutate cast in return of typed function by @​staabm in #​2145
• [performance] Don't mutate int-cast in return of int-typed function by @​staabm in #​2148
• [performance] Don't mutate string-cast in return of string-typed function by @​staabm in #​2149
• [performance] Don't mutate float-cast in return of float-typed function by @​staabm in #​2150
• [performance] Don't mutate array-cast in return of array-typed function by @​staabm in #​2151
• [performance] Don't mutate object-cast in return of object-typed function by @​staabm in #​2152
• [performance] Don't mutate cast in arguments when strict_types=1 by @​staabm in #​2154
• [performance] Don't mutate instanceof into pre-existing case by @​staabm in #​2176
• [performance] Don't produce mutations for identical type comparisons in EqualIdentical by @​staabm in #​2119
• [performance] Don't produce mutations for equal type comparisons in IdenticalEqual by @​staabm in #​2117
• [performance] Don't produce mutations for empty-array type comparisons by @​staabm in #​2130
• [performance] Don't produce mutations for same type comparisons of static method calls by @​staabm in #​2132
• [performance] Don't produce mutations for same type comparisons of class constants by @​staabm in #​2134
• [performance] Don't produce mutations for same type comparisons of known global constants by @​staabm in #​2135
• [performance] Don't mutate equal/not-equal in ternary by @​staabm in #​2139
• [performance] Don't mutate false/true in ternary by @​staabm in #​2138
• [performance] Don't mutate identical/not-identical in ternary by @​staabm in #​2140
• [performance] Don't mutate greater/smaller-than in ternary by @​staabm in #​2141
• [performance] Update MutationTestingRunner to stream-filter mutations in buffered mode by @​sanmai in #​2207
• [performance] Smarter DecrementInteger mutator by @​staabm in #​2204
• [performance] Smarter IncrementInteger mutator by @​staabm in #​2208
• [performance] Smarter DecrementInteger mutator by @​staabm in [#​2238](https://redirect.github.com/infection/infection/pu

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: composer.lock

Command failed: composer update composer/composer:2.7.6 infection/infection:0.28.1 phpunit/phpunit:10.5.20 symfony/process:7.0.7 vimeo/psalm:5.24.0 --with-dependencies --ignore-platform-req='ext-*' --ignore-platform-req='lib-*' --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires vimeo/psalm ^5.24.0 -> satisfiable by vimeo/psalm[5.24.0].
    - vimeo/psalm 5.24.0 requires nikic/php-parser ^4.16 -> satisfiable by nikic/php-parser[v4.16.0, ..., v4.19.1].
    - You can only install one version of a package, so only one of these can be installed: nikic/php-parser[v4.10.0, ..., v4.19.1, v5.0.0, v5.0.1, v5.0.2].
    - infection/infection 0.28.1 requires nikic/php-parser ^5.0 -> satisfiable by nikic/php-parser[v5.0.0, v5.0.1, v5.0.2].
    - vimeo/psalm 5.24.0 conflicts with nikic/php-parser v4.17.0.
    - Root composer.json requires infection/infection ^0.28.1 -> satisfiable by infection/infection[0.28.1].

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.