Bump laminas/laminas-escaper from 2.7.0 to 2.8.0

[dependabot]

Bumps laminas/laminas-escaper from 2.7.0 to 2.8.0.

Release notes

Sourced from laminas/laminas-escaper's releases.

2.8.0

Release Notes for 2.8.0

Feature release (minor)

In release 2.7.1, multiple users reported crashes due to the introduction of declare(strict_types=1); in our codebase:

• laminas/laminas-escaper#20
• laminas/laminas-escaper#21
• laminas/laminas-escaper#22

These crashes were related to misuse of the library on the caller side, since this library always expected string values as inputs for most its methods.

This release replaces declared input type declarations with native type declarations provided by PHP.

The reason why this was done, is that:

• since PHP 7.2, and specifically the Parameter Type Widening RFC by @​kelunik, it is safe to declare stricter types in parent interfaces/types, whereas subtypes can completely omit the parameter type. This library supports PHP 7.3 and newer, which means that existing subclass implementations of the Escaper that do not declare string parameters in their methods will continue to work as expected
• the new string type declaration will lead to more shallow stack traces in the case of invalid input, which will further help avoiding misunderstanding of the issue, like what happened in laminas/laminas-escaper#20. Developers should be able to determine more clearly that a non-string was given as input
• in case of developers still passing invalid input to laminas/laminas-escaper, should they not use declare(strict_types=1) in their code, then there will be an implicit conversion performed by the engine, as specified by PHP 7.0 in the Scalar Type Hints v5 by @​ircmaxell

This release therefore:

• increases strictness in this library
• increases compatibility with poorly written / reviewed code

2.8.0

• Total issues resolved: 0
• Total pull requests resolved: 1
• Total contributors: 1

Enhancement

• 23: Stricter input/output type declaration, matching original type signatures from 2.0.0-beta5 release thanks to @​carnage

2.7.1

Release Notes for 2.7.1

2.7.x bugfix release (patch)

2.7.1

• Total issues resolved: 0
• Total pull requests resolved: 1
• Total contributors: 1

Enhancement

... (truncated)

Commits

• 2d6dce9 Merge pull request #23 from carnage/fix-strict-type-bc
• f0df7d3 Removed errors solved by #23 from the psalm baseline
• a7c428a Removed unnecessary docblocks and imports from #23
• f43be95 Removed dead code from #23
• b877686 Fix BC break by introduction of strict types
• 77c248d Merge pull request #19 from laminas/2.7.x-merge-up-into-2.8.x_imyHlz5L
• 1af2137 Merge release 2.7.1 into 2.8.x
• 67dac07 Merge pull request #18 from ghostwriter/feature/add-ci
• f88aa57 qa: address Psalm errors
• c9c50eb fix: extract data providers in test case
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)