Bump the phpstan group with 5 updates #117

dependabot · 2024-05-01T10:02:53Z

Updates the requirements on phpstan/phpstan, phpstan/phpstan-strict-rules, nepada/phpstan-nette-tester, spaze/phpstan-disallowed-calls and shipmonk/phpstan-rules to permit the latest version.
Updates phpstan/phpstan to 1.10.67

Release notes

Sourced from phpstan/phpstan's releases.

1.10.67

This is the last release, or one of the last releases, in 1.10.x series. The next one is going to be PHPStan 1.11, and it's going to be released at some point in May 2024.

Improvements 🔧

Forbid PHPUnitPHAR prefixed classes (#3002), thanks @staabm!

Improve error messages on unnamed parameters (#3010), #10814, thanks @takaram!

Bugfixes 🐛

Improve date() return types (#2888), #10468, #6613, thanks @zonuexe!

Default value null does not make promoted property type nullable (phpstan/phpstan-src@b2177e3), #9839

Fix socket_select array types after call (phpstan/phpstan-src@24c5249), `if-this-is` alternative? phpstan/phpstan#10285

Fix conditional types in PHPDocs from stubs for native functions (phpstan/phpstan-src@8ae0b28)

Fix env int key problem (phpstan/phpstan-src@e606fbe), #10833

Fix false positives about uninitialized properties (#2897), #10523, #10822, thanks @staabm!

Incremented numeric-string should change to int/float (#2797), #10122, #10187, thanks @staabm!

Do not generalize big array when combined with empty array (#3003), #10834, thanks @RobertMe!

Fix string concatenation with benevolent union type (phpstan/phpstan-src@4a4c739), #10863

Treat get_defined_vars() as using constructor arguments (#3012), #10865, thanks @rvanvelzen!

Allow undefined variables passed into by-ref parameters only if the type is nullable (phpstan/phpstan-src@7f8f9cc, phpstan/phpstan-src@7961f7a), #1916

Function signature fixes 🤖

More precise gc_status() signature for PHP8.3+ (#2996), thanks @staabm!

Add object shape for mysqli_result::fetch_fields (#3005), thanks @schlndh!

Internals 🔍

composer-dependency-analyser: update to 1.5.0 (support functions) (#3011), thanks @janedbal!

Commits

16ddbe7 PHPStan 1.10.67
7961f7a Updated PHPStan to commit 7961f7ae1fe815b0796e4d73717f1b117d4a7163
7f8f9cc Updated PHPStan to commit 7f8f9cce7f3903e505916c7afe04b7912570b5e2
f71da02 Updated PHPStan to commit f71da02958da0dd6b40193c64fcb6da12daf7227
074de75 Updated PHPStan to commit 074de75ff3bffd32e554e3ce8b0dbbde003e471e
1453c3f Updated PHPStan to commit 1453c3f160075f299dc4fc3b3098e8b0b3739b85
4a4c739 Updated PHPStan to commit 4a4c739f9ff85b6c73659c21f8f3b8b7af8c82c9
28c5729 Updated PHPStan to commit 28c57296288b78707902fdb4cdf9313a60eff363
a80cd8a Update Larastan
336ab5c Update baselines
Additional commits viewable in compare view

Updates phpstan/phpstan-strict-rules to 1.5.5

Release notes

Sourced from phpstan/phpstan-strict-rules's releases.

1.5.5

2e193a0 - ArrayFilterStrictRule - get rid of different behavour with treatPhpDocTypesAsCertain: false

Commits

2e193a0 ArrayFilterStrictRule - get rid of different behavour with `treatPhpDocTypesA...
8afd4af Loosen up ArrayFilterStrictRule for unions with clearly truthy/falsey types
568210b Introduce strict array_filter call (require callback method)
4723149 Require PHPStan 1.10.60
2fc12e5 Fix UselessCastRuleTest.
See full diff in compare view

Updates nepada/phpstan-nette-tester to 1.2.0

Release notes

Sourced from nepada/phpstan-nette-tester's releases.

1.2.0

Allow nikic/php-parser 5.x

Commits

505821b Allow php-parser 5.x
e293a4c Drop old phpunit version
6a39d1f Update php-parallel-lint/php-parallel-lint requirement (#75)
7cccf91 Bump the phpstan group with 1 update (#74)
abe86cc Bump the phpstan group with 2 updates (#73)
96ed840 Bump the phpstan group with 2 updates (#72)
7703f34 Update nepada/coding-standard requirement from 7.13.0 to 7.14.0 (#71)
ff60501 Bump actions/github-script from 6 to 7 (#69)
ca2ac54 Bump the phpstan group with 1 update (#68)
e4b5667 Bump the phpstan group with 4 updates (#67)
Additional commits viewable in compare view

Updates spaze/phpstan-disallowed-calls to 3.2.0

Release notes

Sourced from spaze/phpstan-disallowed-calls's releases.

Add phpinfo() to dangerous calls config

Add phpinfo() to dangerous calls config (#255)

See

https://www.michalspacek.com/stealing-session-ids-with-phpinfo-and-how-to-stop-it

or https://www.michalspacek.cz/kradeni-session-id-pomoci-phpinfo-a-jak-tomu-zabranit (in Czech)

for reasons why (phpinfo() echoes cookie values like the session id, which may then be stolen with XSS for example, bypassing HttpOnly cookie flag), and use https://github.com/spaze/phpinfo instead of just calling phpinfo().

Internal changes

It's already a list, no need to call array_values() (#253, this is a new bleeding edge rule added in PHPStan 1.10.59)

Update dev dependencies (#254)

Commits

6d5ce7e Add phpinfo() to dangerous calls config (#255)
a28a1e6 Add phpinfo() to dangerous calls config
bcd693f Update dev dependencies (#254)
e3f6e67 Move the flag config type check to paramFactory()
104dc95 Add attributes in addition to docblocks
75d9f4c Allow nikic/php-parser 5
d363d00 It's already a list, no need to call array_values() (#253)
d0f8166 It's already a list, no need to call array_values()
See full diff in compare view

Updates shipmonk/phpstan-rules to 2.12.0

Release notes

Sourced from shipmonk/phpstan-rules's releases.

2.12.0

New features

forbidNotNormalizedType: check invalid Parent|Child even in multi-catch and @throws (#231, #232)

Commits

db342d8 Readme: whitelist what forbidNotNormalizedType supports (#233)
a919257 ForbidNotNormalizedTypeRule: support also @throws (#232)
7769c17 ForbidNotNormalizedTypeRule: check even multi-catch statements (#231)
32002c4 Bump the prod-dependencies group with 1 update (#230)
10afe5f Bump the dev-dependencies group with 4 updates (#229)
e36bdd2 Bump the prod-dependencies group with 1 update (#228)
613df6f dependabot: use groups to avoid clutter (#227)
7738dab Readme: suggest reportAnyTypeWideningInVarTag along enforceListReturn (#226)
66c30cb Readme: link czech talk about checked exceptions (#225)
1814da4 Readme: mention reportAnyTypeWideningInVarTag extra strictness (#224)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @xificurk.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Updates the requirements on [phpstan/phpstan](https://github.com/phpstan/phpstan), [phpstan/phpstan-strict-rules](https://github.com/phpstan/phpstan-strict-rules), [nepada/phpstan-nette-tester](https://github.com/nepada/phpstan-nette-tester), [spaze/phpstan-disallowed-calls](https://github.com/spaze/phpstan-disallowed-calls) and [shipmonk/phpstan-rules](https://github.com/shipmonk-rnd/phpstan-rules) to permit the latest version. Updates `phpstan/phpstan` to 1.10.67 - [Release notes](https://github.com/phpstan/phpstan/releases) - [Changelog](https://github.com/phpstan/phpstan/blob/1.11.x/CHANGELOG.md) - [Commits](phpstan/phpstan@1.10.66...1.10.67) Updates `phpstan/phpstan-strict-rules` to 1.5.5 - [Release notes](https://github.com/phpstan/phpstan-strict-rules/releases) - [Commits](phpstan/phpstan-strict-rules@1.5.2...1.5.5) Updates `nepada/phpstan-nette-tester` to 1.2.0 - [Release notes](https://github.com/nepada/phpstan-nette-tester/releases) - [Commits](nepada/phpstan-nette-tester@v1.1.0...v1.2.0) Updates `spaze/phpstan-disallowed-calls` to 3.2.0 - [Release notes](https://github.com/spaze/phpstan-disallowed-calls/releases) - [Commits](spaze/phpstan-disallowed-calls@v3.1.2...v3.2.0) Updates `shipmonk/phpstan-rules` to 2.12.0 - [Release notes](https://github.com/shipmonk-rnd/phpstan-rules/releases) - [Commits](shipmonk-rnd/phpstan-rules@2.11.3...2.12.0) --- updated-dependencies: - dependency-name: phpstan/phpstan dependency-type: direct:development dependency-group: phpstan - dependency-name: phpstan/phpstan-strict-rules dependency-type: direct:development dependency-group: phpstan - dependency-name: nepada/phpstan-nette-tester dependency-type: direct:development dependency-group: phpstan - dependency-name: spaze/phpstan-disallowed-calls dependency-type: direct:development dependency-group: phpstan - dependency-name: shipmonk/phpstan-rules dependency-type: direct:development dependency-group: phpstan ... Signed-off-by: dependabot[bot] <support@github.com>

xificurk · 2024-05-01T10:03:05Z

@dependabot squash and merge

coveralls · 2024-05-01T10:05:02Z

coverage: 95.395%. remained the same
when pulling a2e027d on dependabot/composer/phpstan-87856b2d7c
into 5183f0b on master.

coveralls · 2024-05-01T10:05:02Z

coverage: 95.395%. remained the same
when pulling a2e027d on dependabot/composer/phpstan-87856b2d7c
into 5183f0b on master.

dependabot bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels May 1, 2024

dependabot bot merged commit 7b546c1 into master May 1, 2024
23 checks passed

dependabot bot deleted the dependabot/composer/phpstan-87856b2d7c branch May 1, 2024 10:04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the phpstan group with 5 updates #117

Bump the phpstan group with 5 updates #117

dependabot bot commented on behalf of github May 1, 2024 •

edited

xificurk commented May 1, 2024

coveralls commented May 1, 2024

coveralls commented May 1, 2024

Bump the phpstan group with 5 updates #117

Bump the phpstan group with 5 updates #117

Conversation

dependabot bot commented on behalf of github May 1, 2024 • edited

1.10.67

Improvements 🔧

Bugfixes 🐛

Function signature fixes 🤖

Internals 🔍

1.5.5

1.2.0

Add phpinfo() to dangerous calls config

Add phpinfo() to dangerous calls config (#255)

Internal changes

2.12.0

New features

xificurk commented May 1, 2024

coveralls commented May 1, 2024

coveralls commented May 1, 2024

dependabot bot commented on behalf of github May 1, 2024 •

edited

Add `phpinfo()` to dangerous calls config (#255)