yiisoft · vjik · Sep 23, 2025 · Sep 22, 2025 · Sep 22, 2025
diff --git a/.github/workflows/.github/workflows/composer-require-checker.yml b/.github/workflows/.github/workflows/composer-require-checker.yml
@@ -0,0 +1,34 @@
+on:
+  pull_request:
+    paths-ignore:
+      - 'docs/**'
+      - 'README.md'
+      - 'CHANGELOG.md'
+      - '.gitignore'
+      - '.gitattributes'
+      - 'infection.json.dist'
+      - 'phpunit.xml.dist'
+      - 'psalm.xml'
+
+  push:
+    branches: ['master']
+    paths-ignore:
+      - 'docs/**'
+      - 'README.md'
+      - 'CHANGELOG.md'
+      - '.gitignore'
+      - '.gitattributes'
+      - 'infection.json.dist'
+      - 'phpunit.xml.dist'
+      - 'psalm.xml'
+
+name: Composer require checker
+
+jobs:
+  composer-require-checker:
+    uses: yiisoft/actions/.github/workflows/composer-require-checker.yml@master
+    with:
+      os: >-
+        ['ubuntu-latest']
+      php: >-
+        ['8.1', '8.2', '8.3', '8.4']
diff --git a/.github/workflows/mutation.yml b/.github/workflows/mutation.yml
@@ -21,12 +21,12 @@
 name: mutation test
 
 jobs:
   mutation:
-    uses: yiisoft/actions/.github/workflows/infection.yml@master
+    uses: yiisoft/actions/.github/workflows/roave-infection.yml@master
     with:
       os: >-
         ['ubuntu-latest']
      php: >-
        ['8.2']
    secrets:
      STRYKER_DASHBOARD_API_KEY: ${{ secrets.STRYKER_DASHBOARD_API_KEY }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,7 @@
 - Chg #44: Change PHP constraint in composer.json to `8.1 - 8.4` (@vjik)
 - Enh #44: Add psalm type `int<1, 2147483647>` to `depth` parameter in `JsonParser` constructor (@vjik)
 - Bug #44: Explicitly mark nullable parameters (@vjik)
+- Bug #46: Explicitly add transitive dependency `psr/http-factory` (@vjik)
 
 ## 1.1.1 June 03, 2024
 

diff --git a/composer.json b/composer.json
@@ -32,18 +32,20 @@
         "php": "8.1 - 8.4",
         "ext-json": "*",
         "psr/container": "^1.0 || ^2.0",
+        "psr/http-factory": "^1.1",
         "psr/http-message": "^1.0 || ^2.0",
         "psr/http-message-implementation": "1.0",
         "psr/http-server-handler": "^1.0",
         "psr/http-server-middleware": "^1.0",
         "yiisoft/http": "^1.2"
     },
     "require-dev": {
-        "httpsoft/http-message": "^1.1",
-        "infection/infection": "^0.29.8",
+        "httpsoft/http-message": "^1.1.6",
+        "maglnet/composer-require-checker": "^4.7.1",
         "phpunit/phpunit": "^10.5.55",
+        "roave/infection-static-analysis-plugin": "^1.35",
         "spatie/phpunit-watcher": "^1.24",
-        "vimeo/psalm": "^6.13.1",
+        "vimeo/psalm": "^5.26.1 || ^6.13.1",
         "yiisoft/test-support": "^3.0.2"
     },
     "autoload": {

diff --git a/docs/internals.md b/docs/internals.md
@@ -10,10 +10,11 @@ The package is tested with [PHPUnit](https://phpunit.de/). To run tests:
 
 ## Mutation testing
 
-The package tests are checked with [Infection](https://infection.github.io/) mutation framework. To run it:
+The package tests are checked with [Infection](https://infection.github.io/) mutation framework with
+[Infection Static Analysis Plugin](https://github.com/Roave/infection-static-analysis-plugin). To run it:
 
 ```shell
-./vendor/bin/infection
+./vendor/bin/roave-infection-static-analysis-plugin
 ```
 
 ## Static analysis