diff --git a/.github/workflows/code_analysis.yaml b/.github/workflows/code_analysis.yaml
index 5c50704..ae56ec2 100644
--- a/.github/workflows/code_analysis.yaml
+++ b/.github/workflows/code_analysis.yaml
@@ -26,6 +26,7 @@ jobs:
           - "8.2"
           - "8.3"
           - "8.4"
+          - "8.5"
 
         jwt:
           - name: JWT 5
@@ -43,7 +44,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v5
 
 
       # see https://github.com/shivammathur/setup-php
@@ -62,14 +63,14 @@ jobs:
           echo "::set-output name=dir::$(composer config cache-files-dir)"
 
 
-      - uses: actions/cache@v2
+      - uses: actions/cache@v4
         with:
           path: |
             ${{ steps.composer-cache.outputs.dir }}
           key: ${{ runner.os }}-composer-data-${{ hashFiles('composer.json') }}-php-${{ matrix.php }}-${{ matrix.jwt.name }}
 
 
-      - uses: actions/cache@v2
+      - uses: actions/cache@v4
         with:
           path: |
             **/composer.lock
diff --git a/composer.json b/composer.json
index 8da0199..e77351a 100644
--- a/composer.json
+++ b/composer.json
@@ -26,7 +26,7 @@
     "require-dev": {
         "firebase/php-jwt": "^5.0 || ^6.0 || dev-main",
         "nette/tester": "^2.5 || dev-master",
-        "phpstan/phpstan": "1.12.6"
+        "phpstan/phpstan": "^2.1"
     },
     "suggest": {
         "firebase/php-jwt": "Optional, required for SignedUrl plugin, compatible with version 5.x and 6.x"
diff --git a/src/Enabler.php b/src/Enabler.php
index 6ce8825..018bcc7 100644
--- a/src/Enabler.php
+++ b/src/Enabler.php
@@ -249,7 +249,8 @@ private function isTokenValid(array $token, ?string $name = null): bool
     }
 
     /**
-     * @return array<int, string|array>
+     * @return array<int, array>
+     * @phpstan-return list{string, array}
      */
     private function generateToken(bool $value, int $expires): array
     {