build(deps-dev): bump carthage-software/mago from 1.24.0 to 1.25.1

[dependabot]

Bumps carthage-software/mago from 1.24.0 to 1.25.1.

Release notes

Sourced from carthage-software/mago's releases.

Mago 1.25.1

Patch release. Three correctness fixes surfaced while upgrading real codebases on 1.25.0 (an invariant-generic redundant-docblock false positive, a stale narrowing leaking from try into finally, and a no-redundant-variable false positive on loop wraparound writes), plus three previously-orphaned doc pages wired back into the sidebar.

🐛 Bug Fixes

Codex

• Invariant generics reject as-mixed coercion: Foo<mixed> no longer reads as identical to Foo<T> in redundancy checks. (863b796)

Analyzer

• finally inherits try call invalidations: narrowings cleared inside try no longer leak into the finally. (330a41e)

Linter

• no-redundant-variable respects loop wraparound: a write at the bottom of a loop body counts as observed by the top-of-body read. (#1747, 40093a6)

📖 Documentation

• Wire orphan pages into the sidebar: generate-completions, format-ignore, and pre-commit-hooks are now reachable. (f8f4394)

🙏 Thank You

Issue Reporters

Thank you to everyone who reported issues that shaped this release:

• @​Dima-369: #1747

Full Changelog: carthage-software/mago@1.25.0...1.25.1

Mago 1.25.0

Mago 1.25.0 is a big release. Seven new linter rules (no-dead-store, no-redundant-variable, no-redundant-else, no-negated-ternary, no-unused-static, no-unused-global, no-unused-closure-capture), default values on @template parameters, and a config extends directive for shared mago.toml inheritance. The analyzer picks up an opt-in pipe-callable hint relaxation, branch-discriminator narrowing, integer-bound widening in loop fixpoints, and a long list of correctness fixes around shapes, by-reference params, nullsafe scope, and finally state. Performance got serious attention: CodSpeed CI is wired up, hot allocations are gone from the comparator, populator, algebra, and syntax crates, and type-syntax now arena-allocates its AST.

A new feature-gated mago language-server subcommand ships as an unstable preview behind --features language-server, and the install script now auto-verifies release attestations through gh (with --always-verify and --no-verify escape hatches) for teams that want supply-chain checks at install time.

✨ Features

Analyzer

• Default template types: support default values on @template parameters in docblocks. (#899, 9d592d2)
• Pipe callable hint relaxation: allow-implicit-pipe-callable-types skips type-hint checks on |> callables. (#1634, 67d1736)
• Boundary-widen literal types at property assignments: tightens shape inference when properties are mutated. (86ebd89)
• Warn on list-destructuring with string or negative integer keys: catches mismatches between target shape and source. (#1740, 85587dc)
• Detect array append after PHP_INT_MAX key: flags $arr[] once the implicit key would overflow. (8a47607)
• Narrow through if/else branch-discriminator booleans: improves narrowing on if ($flag) {} else {} patterns. (9828771)
• Expose AnalysisArtifacts and analyze_with_artifacts: orchestrator API for embedders that need per-expression types. (79e332a)

... (truncated)

Commits

• b00c5dc release: 1.25.1
• 40093a6 fix(linter): re-walk loop bodies in no-redundant-variable so wraparound reads...
• 330a41e fix(analyzer): inherit try-block call invalidations into the finally scope
• 863b796 fix(codex): treat as-mixed coercion as a real mismatch on invariant generics
• f8f4394 fix(docs): wire generate-completions, format-ignore, and pre-commit-hooks int...
• f3eb1d0 release: 1.25.0
• d02d18d docs(install): point pinning example at the commit that shipped --always-verify
• cd4cf4d feat(install): auto-verify release attestations via gh, add --always-verify a...
• 67d1736 feat(analyzer): add allow-implicit-pipe-callable-types to relax type-hint che...
• b027fe2 feat(lsp): wire mago.toml linter/analyzer/formatter/source config into langua...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Looks like carthage-software/mago is up-to-date now, so this is no longer needed.