build(deps): bump pdepend/pdepend from 2.12.1 to 2.16.2

[dependabot]

Bumps pdepend/pdepend from 2.12.1 to 2.16.2.

Release notes

Sourced from pdepend/pdepend's releases.

PHP Depend 2.16.2

Changelog

(since 2.16.1...2.16.2)

Fixed

• Fixed #705: Fix throw-expression parsing inside array access

PHP Depend 2.16.1

Changelog

(since 2.16.0...2.16.1)

Fixed

• Fixed #699 Symfony 7 compatibility

PHP Depend 2.16.0

Changelog

(since 2.15.1...2.16.0)

Added

• Added #692 PHP 8.3 Syntax
• Added #686 Allow Symfony 7

Fixed

• Fixed #691 Float parsing for number starting with 0.
• Fixed #689 Handle conversion to/detection of UTF-8 encoding using either mbstring PHP extension or the polyfill provided by Symfony
• Fixed phpmd/phpmd#914 Parsing the correct comment for method doc-block (Allow correct SuppressWarnings annotation handling on PHPMD)
• Fixed phpmd/phpmd#804 Handle yield termination depending on context

New Contributors

• @​freerich made their first contribution in pdepend/pdepend#686

PHP Depend 2.15.1

Changelog

(since 2.15.0...2.15.1)

Fixed

• Fixed #684: Fix #682 Re-allow empty compilation unit

Changed

• Changed #684: Show error full stack trace when debug is on

PHP Depend 2.15.0

Changelog

(since 2.14.0...2.15.0)

Fixed

• Fixed #669: Fix Halstead formula.
• Fixed #673: Fix #665 Allow readonly before public/protected/private.

Internal changes

... (truncated)

Changelog

Sourced from pdepend/pdepend's changelog.

pdepend-2.16.2 (2023/12/17)

• Fixed #705: Fix throw-expression parsing inside array access

pdepend-2.16.1 (2023/12/10)

• Fixed #699: Fix Symfony 7 compatibility

pdepend-2.16.0 (2023/11/29)

• Added #692 PHP 8.3 Syntax
• Added #686 Allow Symfony 7
• Fixed #691 Float parsing for number starting with 0.
• Fixed #689 Handle conversion to/detection of UTF-8 encoding using either mbstring PHP extension or the polyfill provided by Symfony
• Fixed phpmd/phpmd#914 Parsing the correct comment for method doc-block (Allow correct SuppressWarnings annotation handling on PHPMD)
• Fixed phpmd/phpmd#804 Handle yield termination depending on context

pdepend-2.15.1 (2023/09/28)

• Fixed #684: Fix #682 Re-allow empty compilation unit
• Changed #684: Show error full stack trace when debug is on

pdepend-2.15.0 (2023/09/23)

• Fixed #669: Fix Halstead formula.
• Fixed #673: Fix #665 Allow readonly before public/protected/private.
• Changed #670: Upgrade the GitHub Actions from V2 to V3.
• Changed #671: Update PHPStan to 1.10.25.
• Changed #672 and #676: Resolve edge cases cought by PHPStan level 7.
• Changed #675: Run the codecoverage with PHP 8.2 and use xDebug 3.
• Changed #677 and #678: Add more tests.

pdepend-2.14.0 (2023/05/26)

• Added #663: Added, sign the phar files.
• Added #657: Added keywords to composer.json.
• Fixed #656: Fix #635, #650 Base enum label validity on constant name rule.
• Fixed #661: Fix #639 Handle extra parenthis for functions.

... (truncated)

Commits

• f942b20 Merge pull request #706 from pdepend/release/2.16.2-release
• d5bbaa6 Add 2.16.2 changelog
• 9dcc17f Merge pull request #705 from pdepend/feature/throw-in-value
• 411cea3 Add support for throw expressions in array index access
• a5d739d Show issue with throw in key
• 66ceb05 Merge pull request #700 from pdepend/release/2.16.1-release
• 42fbddd Fix consistency with release not wording
• fb6c54e Add changelog for 2.16.1
• 71602df Merge pull request #699 from pdepend/fix/symfony-compatibility
• a14bfb7 Build phar with Configuration weak types
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

@dependabot merge

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 duplication

Metric	Results
Duplication	0

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes.}

[codacy-production]

Pull Request Overview

While this PR intends to bump pdepend/pdepend to add PHP 8.3 support, it currently should not be merged. The update introduces a significant breaking change by raising the minimum PHP requirement to 8.4 via transitive dependencies (specifically symfony/var-exporter v8.0.9), which is not documented in the PR description. Furthermore, the composer.lock file contains invalid metadata, including package versions with release dates in the year 2026, indicating a corrupted or non-standard generation environment. To resolve this, a PHP constraint should be added to composer.json to prevent the resolver from selecting incompatible transitive dependencies before regenerating the lock file.

About this PR

• The PR description focuses on a minor version bump of pdepend but fails to address that the transitive dependency updates (upgrading Symfony components to v7 and v8) effectively mandate PHP 8.2 or 8.4. This is a breaking change for the project's supported environments.

Test suggestions

• Verify that PDepend 2.16.2 correctly parses PHP 8.3 codebases without errors.
• Verify that existing metric calculation logic remains consistent and correct with the new library version.
• Validate runtime compatibility with PHP 8.4, which is necessitated by the new transitive dependency symfony/var-exporter v8.0.9.

Prompt proposal for missing tests

Consider implementing these tests if applicable:
1. Verify that PDepend 2.16.2 correctly parses PHP 8.3 codebases without errors.
2. Verify that existing metric calculation logic remains consistent and correct with the new library version.
3. Validate runtime compatibility with PHP 8.4, which is necessitated by the new transitive dependency `symfony/var-exporter` v8.0.9.

_{TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback}

[codacy-production]

_{🔴 HIGH RISK}

The updated transitive dependency symfony/var-exporter (v8.0.9) requires PHP 8.4 or higher. Please ensure that all project environments (local, CI, and production) are compatible with this version before proceeding, or constrain the version in composer.json.

[codacy-production]

_{🔴 HIGH RISK}

The version 'v7.4.10' for symfony/config and several other packages in this lock file are invalid as they refer to non-existent versions with future release dates (e.g., year 2026). Additionally, these versions require PHP 8.2 or higher. This suggests the composer.lock file was generated incorrectly and will cause installation failures.

[codacy-production]

_{🔴 HIGH RISK}

Suggestion: This dependency update significantly raises the minimum PHP requirement to 8.4 due to the versions selected for transitive dependencies in the lock file. To ensure compatibility with older PHP versions, you should explicitly define a PHP constraint in your require block.

Try running the following prompt in your coding agent:

Add a PHP constraint to the 'require' section of composer.json (e.g., '"php": ">=8.1"') and regenerate the composer.lock file using 'composer update'.