In UserManager::hashPassword (src/Service/UserManager.php:233-234), $passwordRef = $password; is a value copy whose only purpose is to satisfy AuthHash::passwordHash's by-reference signature. The variable name and surrounding comment imply it preserves something it does not.
Rename to $mutable (or similar) and adjust the comment so the next maintainer understands this is just a by-ref-signature workaround, not a meaningful indirection.
In
UserManager::hashPassword(src/Service/UserManager.php:233-234),$passwordRef = $password;is a value copy whose only purpose is to satisfyAuthHash::passwordHash's by-reference signature. The variable name and surrounding comment imply it preserves something it does not.Rename to
$mutable(or similar) and adjust the comment so the next maintainer understands this is just a by-ref-signature workaround, not a meaningful indirection.