Remove abandoned `doctrine/annotations` dependency in next major release

[lankhaar]

Problem

The package currently requires doctrine/annotations, which has been officially abandoned and marked as such on Packagist.

This creates issues for downstream projects that need to run security audits on production dependencies:

This fails due to doctrine/annotations being abandoned

composer audit --locked

Workaround: exclude dev dependencies

composer audit --locked --no-dev

The workaround is not ideal as it prevents security auditing of dev dependencies.

Current Dependency Chain

allure-framework/allure-phpunit v3.1.0
└─ allure-framework/allure-php-commons v2.3.1
	 └─ doctrine/annotations (^1.12 || ^2)  ⚠️ ABANDONED

Proposed Solution

Since this package targets PHP 8.1+, native PHP attributes should be used instead of Doctrine annotations. PHP 8 attributes provide all the functionality of annotations with native language support.

For next major release:

• Remove doctrine/annotations dependency entirely
• Migrate any remaining annotation-based code to PHP 8 attributes
• This would be a breaking change suitable for a major version bump

Additional Context

• The doctrine/annotations package was deprecated in favor of native PHP 8 attributes
• PHP attributes are now the recommended approach for metadata
• This package already requires PHP 8.1+, so attributes are fully supported
• Packagist link showing abandoned status: https://packagist.org/packages/doctrine/annotations

Impact

This affects any project using allure-framework/allure-phpunit in dev dependencies that wants to:

• Run security audits with composer audit
• Maintain clean dependency trees without abandoned packages
• Follow PHP ecosystem best practices