build(deps-dev): bump carthage-software/mago from 1.16.0 to 1.18.1

[dependabot]

Bumps carthage-software/mago from 1.16.0 to 1.18.1.

Release notes

Sourced from carthage-software/mago's releases.

Mago 1.18.1

Patch release fixing a CI failure that prevented 1.18.0 binaries from being built for aarch64-unknown-linux-gnu and aarch64-unknown-linux-musl targets.

🐛 Bug Fixes

Tests

• Skip stdin_input integration tests when cross-compiling: The --stdin-input integration tests spawn the built mago binary as a subprocess. When cross-compiling (e.g., aarch64 target on an x86_64 CI runner), the binary can't execute, causing all 5 tests to fail. These tests now detect cross-compilation and skip gracefully.

Full Changelog: carthage-software/mago@1.18.0...1.18.1

Mago 1.18.0

Mago 1.18.0 is a packed release with 5 new features, 17 bug fixes across all tools, and improvements to the docblock parser. Highlights include full callable-string type support with function_exists/is_callable narrowing, --stdin-input for editor integrations on analyze/lint/guard, precise range() return types, a Psl\Dict\select_keys type provider, and numerous false positive fixes in the analyzer, linter, and formatter.

✨ Features

Analyzer

• callable-string type support: Added callable-string, lowercase-callable-string, and uppercase-callable-string types. function_exists() narrows strings to callable-string (#1532)
• range() return type provider: Infers precise return types based on argument values - range(1, 5) returns non-empty-list<int<1, 5>>, range(0, 5.0) returns non-empty-list<float>, range('a', 'z') returns non-empty-list<non-empty-string> (#1510)
• Psl\Dict\select_keys return type provider: Narrows the return type to a shaped array when called with literal keys, handling keyed arrays, generic arrays, and union/iterable types (#1357)
• Detect redundant identity comparisons in loops: $v === false where $v is int is now flagged as redundant even inside foreach/for/while loops, when the types are from fundamentally incompatible categories (#1555)

CLI

• --stdin-input for analyze, lint, and guard: Pipe unsaved buffer content from editors and use the real file path for baseline matching and issue locations. Supports path normalization for consistent baseline behavior (#1253)
• Auto-detect reporting format: Automatically uses GitHub or GitLab reporting format when running in CI environments (#1550)
• Auto-detect editor URL: Detects terminal editor from environment variables for clickable file paths in issue output
• Helpful --only error for analyze: Instead of a confusing clap suggestion, mago analyze --only now explains that the analyzer is not rule-based and suggests --retain-code (#774)

🐛 Bug Fixes

Analyzer

• Fixed callable-string false positives: Resolved too-many-arguments when calling dynamic callable strings, never narrowing after function_exists false branch, and unreachable-else-clause for function_exists checks. The scalar comparator now properly checks is_callable during assertion contexts, and cast_atomic_to_callable uses a mixed signature (#1561)
• Fixed isset narrowing lost with post-increment index: $arr[$i++] inside an isset($arr[$i]) block now preserves the narrowed type by saving it before the increment side-effect invalidates it (#1556)
• Fixed !empty not removing false/null from unions: When !empty($row['key']) proves a key exists, non-array types like false and null are now removed from the parent union (#1565)
• Fixed count() not generating NonEmptyCountable assertion: count($arr) in truthy context now properly narrows the array to non-empty
• Fixed match arm conditions affected by loop flag: Cleared the inside_loop flag when analyzing match arm conditions to fix false non-exhaustive match errors
• Fixed array_merge with unpacked arguments: array_merge(...$lists) where $lists is list<list<int>> now correctly returns list<int> instead of array<non-negative-int, int> (#1548)
• Fixed net_get_interfaces return type: Corrected the prelude stub to match PHP documentation (#1550)

Linter

• Fixed Pest ->not leaking across ->and() boundaries: The use-specific-expectations rule no longer carries the ->not modifier past ->and() calls, which reset the expectation context in Pest chains (#1511)
• Fixed halstead rule emitting multiple issues per node: Volume, difficulty, and effort violations are now consolidated into a single issue, so // @mago-expect lint:halstead suppresses all of them (#1452)
• Fixed kan-defect score in issue title breaking baseline: Removed the metric value from the issue title so baseline matching remains stable when the score improves (#1320)
• Fixed first-class callable suggestion for spread arguments: fn(array $nums) => Calculator::sum(...$nums) is no longer incorrectly suggested to be replaced with Calculator::sum(...) (#1246)

... (truncated)

Commits

• c9fdcec release: 1.18.1
• c78df11 fix(test): skip stdin_input integration tests when cross-compiling
• 70c9c64 release: 1.18.0
• ea64462 fix(formatter): raise chain-breaking threshold to avoid unnecessary line brea...
• d24f263 feat(analyzer): add return type provider for range() with precise int ranges,...
• 3ca1e63 feat(analyzer): add return type provider for Psl\Dict\select_keys
• 7fe0d2c fix(linter): don't suggest first-class callable when closure spreads array in...
• 402eee5 fix(linter): remove metric value from kan-defect issue title to stabilize bas...
• c4285b4 fix(docblock): support multi-line inline tags like {@​internal ...} spanning m...
• f3aeb77 fix(cli): show helpful error when using --only with analyze command
• Additional commits viewable in compare view

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.