Upgrade to 4.6.0

kirby/vendor/laminas/laminas-escaper/composer.json

@@ -34,12 +34,12 @@
         "ext-mbstring": "*"
     },
     "require-dev": {
-        "infection/infection": "^0.27.9",
-        "laminas/laminas-coding-standard": "~3.0.0",
+        "infection/infection": "^0.27.11",
+        "laminas/laminas-coding-standard": "~3.0.1",
         "maglnet/composer-require-checker": "^3.8.0",
-        "phpunit/phpunit": "^9.6.16",
+        "phpunit/phpunit": "^9.6.22",
         "psalm/plugin-phpunit": "^0.19.0",
-        "vimeo/psalm": "^5.21.1"
+        "vimeo/psalm": "^5.26.1"
     },
     "autoload": {
         "psr-4": {

kirby/vendor/laminas/laminas-escaper/src/Escaper.php

@@ -25,6 +25,8 @@ use const ENT_SUBSTITUTE;
 
 /**
  * Context specific methods for use in secure output escaping
+ *
+ * @final
  */
 class Escaper
 {
@@ -49,7 +51,7 @@ class Escaper
      * Current encoding for escaping. If not UTF-8, we convert strings from this encoding
      * pre-escaping and back to this encoding post-escaping.
      *
-     * @var string
+     * @var non-empty-string
      */
     protected $encoding = 'utf-8';
 
@@ -88,7 +90,7 @@ class Escaper
     /**
      * List of all encoding supported by this class
      *
-     * @var array
+     * @var list<non-empty-string>
      */
     protected $supportedEncodings = [
         'iso-8859-1',
@@ -131,6 +133,7 @@ class Escaper
      * Constructor: Single parameter allows setting of global encoding for use by
      * the current object.
      *
+     * @param non-empty-string|null $encoding
      * @throws Exception\InvalidArgumentException
      */
     public function __construct(?string $encoding = null)
@@ -159,25 +162,19 @@ class Escaper
         // set matcher callbacks
         $this->htmlAttrMatcher =
             /** @param array<array-key, string> $matches */
-            function (array $matches): string {
-                return $this->htmlAttrMatcher($matches);
-            };
+            fn(array $matches): string => $this->htmlAttrMatcher($matches);
         $this->jsMatcher       =
             /** @param array<array-key, string> $matches */
-            function (array $matches): string {
-                return $this->jsMatcher($matches);
-            };
+            fn(array $matches): string => $this->jsMatcher($matches);
         $this->cssMatcher      =
             /** @param array<array-key, string> $matches */
-            function (array $matches): string {
-                return $this->cssMatcher($matches);
-            };
+            fn(array $matches): string => $this->cssMatcher($matches);
     }
 
     /**
      * Return the encoding that all output/input is expected to be encoded in.
      *
-     * @return string
+     * @return non-empty-string
      */
     public function getEncoding()
     {
@@ -188,7 +185,7 @@ class Escaper
      * Escape a string for the HTML Body context where there are very few characters
      * of special meaning. Internally this will use htmlspecialchars().
      *
-     * @return string
+     * @return ($string is non-empty-string ? non-empty-string : string)
      */
     public function escapeHtml(string $string)
     {
@@ -200,7 +197,7 @@ class Escaper
      * to escape that are not covered by htmlspecialchars() to cover cases where an attribute
      * might be unquoted or quoted illegally (e.g. backticks are valid quotes for IE).
      *
-     * @return string
+     * @return ($string is non-empty-string ? non-empty-string : string)
      */
     public function escapeHtmlAttr(string $string)
     {
@@ -222,7 +219,7 @@ class Escaper
      * Backslash escaping is not used as it still leaves the escaped character as-is and so
      * is not useful in a HTML context.
      *
-     * @return string
+     * @return ($string is non-empty-string ? non-empty-string : string)
      */
     public function escapeJs(string $string)
     {
@@ -240,7 +237,7 @@ class Escaper
      * an entire URI - only a subcomponent being inserted. The function is a simple proxy
      * to rawurlencode() which now implements RFC 3986 since PHP 5.3 completely.
      *
-     * @return string
+     * @return ($string is non-empty-string ? non-empty-string : string)
      */
     public function escapeUrl(string $string)
     {
@@ -251,7 +248,7 @@ class Escaper
      * Escape a string for the CSS context. CSS escaping can be applied to any string being
      * inserted into CSS and escapes everything except alphanumerics.
      *
-     * @return string
+     * @return ($string is non-empty-string ? non-empty-string : string)
      */
     public function escapeCss(string $string)
     {