At this moment, nearly every single `composer install` on PHP 8.5 is failing on a deprecation notice coming from the `react/promise` package.

To mitigate this, the ReactPHP team has just released a new version and I'd like to suggest for Composer to update to that version and release a new version of Composer itself to unblock early adopters from testing with PHP 8.5.

Note: other than fixing the deprecation notice, the `3.3.0` release does not contain any user-facing changes.

Ref:
* reactphp/promise#264
* https://github.com/reactphp/promise/releases/tag/v3.3.0
* reactphp/promise@v3.2.0...v3.3.0

Co-authored-by: jrfnl <jrfnl@users.noreply.github.com>

Co-authored-by: Tim van der Molen <tim@kariliq.nl>

#12493)

* PHP 8.5 | Prevent deprecation notices for Reflection*::setAccessible()

Since PHP 8.1, calling the `Reflection*::setAccessible()` methods is no longer necessary as reflected properties/methods/etc will always be accessible.
However, the method calls are still needed for PHP < 8.1.

As of PHP 8.5, calling the `Reflection*::setAccessible()` methods is now formally deprecated and will yield a deprecation notice, which will fail test runs.
As of PHP 9.0, the `setAccessible()` method(s) will be removed.

With the latter in mind, this commit prevents the deprecation notice by making the calls to `setAccessible()` conditional.

Silencing the deprecation would mean, this would need to be "fixed" again come PHP 9.0, while the current solution should be stable, including for PHP 9.0.

Ref: https://wiki.php.net/rfc/deprecations_php_8_5#extreflection_deprecations

* Use "and" instead of "&&" for control flow

---------

Co-authored-by: jrfnl <jrfnl@users.noreply.github.com>

…2468

…rectories (#12480)

* Fix PSR-4 warnings when using exclude-from-classmap with symlinked directories

### Description

This PR fixes an issue where Composer generates incorrect PSR-4 compliance warnings when using `exclude-from-classmap` patterns with directories that are symlinks.

### The Problem

When a PSR-4 autoload path is a symlink (either relative or absolute) and the project uses `exclude-from-classmap` patterns (e.g., `**/vendor/`), Composer incorrectly reports that classes in the excluded directories don't comply with PSR-4 standards.

Example warning:
```
Class Doctrine\Instantiator\InstantiatorInterface located in ./tools/vendor/doctrine/instantiator/src/Doctrine/Instantiator/InstantiatorInterface.php does not comply with psr-4 autoloading standard (rule: MyTools\ => ./tools). Skipping.
```

### Root Cause

The issue occurs because:
1. The `buildExclusionRegex` method was only matching exclude patterns against the real path of directories
2. When scanning symlinked directories, the patterns needed to match against both the symlink path and the resolved path

### The Solution

The fix updates `buildExclusionRegex` to also check exclude patterns against the normalized (non-realpath) version of the directory being scanned. This ensures that exclude patterns work correctly whether the directory is accessed via its symlink path or its real path.

### Testing

Added a new test case `testAbsoluteSymlinkWithPsr4DoesNotGenerateWarnings` that:
1. Creates a PSR-4 autoload rule pointing to an absolute symlink
2. Uses `exclude-from-classmap` to exclude vendor directories
3. Verifies that no PSR-4 compliance warnings are generated

All existing tests continue to pass.

### Reproducing the Issue

Before this fix:
```bash
# Create a test directory with a symlink (relative or absolute)
mkdir actual-tools
ln -s actual-tools tools
# OR with absolute path:
# ln -s /tmp/tools-composer-test tools

# Add to composer.json:
{
    "autoload": {
        "psr-4": {
            "MyTools\\": "tools/"
        },
        "exclude-from-classmap": ["**/vendor/"]
    }
}

# Run composer dump-autoload -o
# Results in PSR-4 warnings for files in tools/vendor/
```

After this fix: No warnings are generated for excluded paths.

Fixes #12478

* Optimize code a bit and use str_starts_with for clarity

---------

Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>

…aint (#12507)

Fixes composer/semver#170

#12487)