chore(deps-dev): update phan/phan requirement from ^5.4 to ^5.4 || ^6.0

[dependabot]

Updates the requirements on phan/phan to permit the latest version.

Release notes

Sourced from phan/phan's releases.

6.0.5

Deprecations:

• Deprecate override_return_types config flag in favor of track_all_inferred_types, which subsumes its behavior and also accumulates concrete types on interface-typed properties (#5476)

Bug fixes:

• Fix json_decode() false positives by improving return type inference for various flag combinations (#5503)
• Fix @inheritDoc false positives (#5504)
• Add depth guard to ArrayShapeType::withStaticResolvedInContext to prevent infinite recursion on self-referential array shapes (#5508)

Changelog

Sourced from phan/phan's changelog.

Mar 27 2026, Phan 6.0.5

Deprecations:

• Deprecate override_return_types config flag in favor of track_all_inferred_types, which subsumes its behavior and also accumulates concrete types on interface-typed properties (#5476)

Bug fixes:

• Fix json_decode() false positives by improving return type inference for various flag combinations (#5503)
• Fix @inheritDoc false positives (#5504)
• Add depth guard to ArrayShapeType::withStaticResolvedInContext to prevent infinite recursion on self-referential array shapes (#5508)

Mar 23 2026, Phan 6.0.4

Bug fix:

• Fix crash in DependentReturnTypeOverridePlugin when functions are called with named arguments that skip positional parameters (e.g. json_decode($data, flags: JSON_OBJECT_AS_ARRAY)) (#5502)

Mar 23 2026, Phan 6.0.3

New features:

• Add AnalyzeCallableArgumentCapability plugin interface that automatically fires for every callable-typed argument across the codebase, eliminating boilerplate for callable analysis plugins (#5483, #5499)
• Add CaseMismatchPlugin for detecting casing inconsistencies in class, function, method, and namespace references (#5480)
• Add --analyze-until-convergence flag and improve --analyze-twice to only re-analyze files whose inferred types changed (#5488, #5495)
• Add track_all_inferred_types config flag to accumulate concrete types on interface-typed properties across assignments (#5476)
• Add --from-checkstyle option to tool/add_suppressions.php to accept Phan checkstyle XML output (#5482)
• Warn when @inheritDoc is used with nothing to inherit (#5404, #5498)
• Propagate PhoundPlugin callsites up the inheritance hierarchy (#5484)
• Track callables passed to higher-order array functions in PhoundPlugin (#5475)

Bug fixes:

• Fix false positive PhanTypeMismatchArgument when passing positive-int or negative-int to a float parameter (#5467)
• Fix named arguments breaking AnalyzeFunctionCallCapability and ReturnTypeOverrideCapability plugin closures — args are now normalized to declaration order (#5483, #5499)
• Fix isset()/empty() type narrowing for static properties (self::$prop) (#5471, #5472)
• Fix false positive PhanCoalescingNeverUndefined for static properties (#5473)
• Fix class-string<T> template resolution dropping literal string types (#5474)
• Fix false positive PhanTypeExpectedObjectPropAccess for template types (#5479, #5485)
• Preserve typed generic array element types alongside mixed in dim access (#5478)
• Fix expressionHasClassReference to recurse into nested arrays during large-array trimming (#5470)
• Fix stdClass shape type narrowing losing dynamic property types in branches (#5486)
• Fix stub loading to respect target_php_version instead of PHP_VERSION_ID for template stub selection (#5489, #5492)
• Fix PhanInfiniteRecursion false positive when throwing expressions in non-call contexts (#5490, #5493)
• Fix three false positives related to PHP 8.4 property hooks: PhanUnreferencedUseFunction for functions used in hook bodies, PhanReadOnlyPHPDocProperty for backed properties with hooks, and PhanTypeInvalidPropertyDefaultReal for virtual properties (#5491, #5494)
• Fix variable scope handling in try/catch/finally blocks when finally is present (#5496, #5497)

Miscellaneous:

• Improve RedisArray stub definitions (#5481)

Mar 5 2026, Phan 6.0.2

New features:

• Add class, interface, and trait hierarchy tables to PhoundPlugin's SQLite database (#5443, #5460)
• Add function/method signatures and parameter tables to PhoundPlugin's SQLite database (#5458)

... (truncated)

Commits

• ebaecc7 Prepare 6.0.5 release
• fc3eb09 Merge pull request #5511 from rodrigoprimo/docs/update-phpcs-repo-link
• c1ac008 Update PHP_CodeSniffer repository link
• 88e6c6e Merge pull request #5510 from phan/bug5500
• a824b1f Add test
• f093354 Use getAnalyzeCallableArgumentClosure()
• 45c0c93 Merge pull request #5508 from phan/array-shape-depth-guard
• 3cf251b Merge pull request #5507 from phan/stdclass-false-positives
• 9633462 Add NEWS entry for override_return_types deprecation (#5506)
• bdb8ed5 Add raw and formatted type string comments to depth guard test
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)