Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the phpstan group with 3 updates #81

Merged
merged 1 commit into from
May 1, 2024
Merged

Bump the phpstan group with 3 updates #81

merged 1 commit into from
May 1, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 1, 2024
edited
Loading

Updates the requirements on phpstan/phpstan-strict-rules, spaze/phpstan-disallowed-calls and shipmonk/phpstan-rules to permit the latest version.
Updates phpstan/phpstan-strict-rules to 1.5.5

Release notes

Sourced from phpstan/phpstan-strict-rules's releases.

1.5.5

  • 2e193a0 - ArrayFilterStrictRule - get rid of different behavour with treatPhpDocTypesAsCertain: false
Commits
  • 2e193a0 ArrayFilterStrictRule - get rid of different behavour with `treatPhpDocTypesA...
  • 8afd4af Loosen up ArrayFilterStrictRule for unions with clearly truthy/falsey types
  • 568210b Introduce strict array_filter call (require callback method)
  • 4723149 Require PHPStan 1.10.60
  • 2fc12e5 Fix UselessCastRuleTest.
  • See full diff in compare view

Updates spaze/phpstan-disallowed-calls to 3.2.0

Release notes

Sourced from spaze/phpstan-disallowed-calls's releases.

Add phpinfo() to dangerous calls config

Add phpinfo() to dangerous calls config (#255)

See

for reasons why (phpinfo() echoes cookie values like the session id, which may then be stolen with XSS for example, bypassing HttpOnly cookie flag), and use https://github.com/spaze/phpinfo instead of just calling phpinfo().

Internal changes

  • It's already a list, no need to call array_values() (#253, this is a new bleeding edge rule added in PHPStan 1.10.59)
  • Update dev dependencies (#254)
Commits
  • 6d5ce7e Add phpinfo() to dangerous calls config (#255)
  • a28a1e6 Add phpinfo() to dangerous calls config
  • bcd693f Update dev dependencies (#254)
  • e3f6e67 Move the flag config type check to paramFactory()
  • 104dc95 Add attributes in addition to docblocks
  • 75d9f4c Allow nikic/php-parser 5
  • d363d00 It's already a list, no need to call array_values() (#253)
  • d0f8166 It's already a list, no need to call array_values()
  • See full diff in compare view

Updates shipmonk/phpstan-rules to 2.12.0

Release notes

Sourced from shipmonk/phpstan-rules's releases.

2.12.0

New features

Commits
  • db342d8 Readme: whitelist what forbidNotNormalizedType supports (#233)
  • a919257 ForbidNotNormalizedTypeRule: support also @​throws (#232)
  • 7769c17 ForbidNotNormalizedTypeRule: check even multi-catch statements (#231)
  • 32002c4 Bump the prod-dependencies group with 1 update (#230)
  • 10afe5f Bump the dev-dependencies group with 4 updates (#229)
  • e36bdd2 Bump the prod-dependencies group with 1 update (#228)
  • 613df6f dependabot: use groups to avoid clutter (#227)
  • 7738dab Readme: suggest reportAnyTypeWideningInVarTag along enforceListReturn (#226)
  • 66c30cb Readme: link czech talk about checked exceptions (#225)
  • 1814da4 Readme: mention reportAnyTypeWideningInVarTag extra strictness (#224)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @xificurk.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the phpstan group with 3 updates
58cdc98 
Updates the requirements on [phpstan/phpstan-strict-rules](https://github.com/phpstan/phpstan-strict-rules), [spaze/phpstan-disallowed-calls](https://github.com/spaze/phpstan-disallowed-calls) and [shipmonk/phpstan-rules](https://github.com/shipmonk-rnd/phpstan-rules) to permit the latest version.

Updates `phpstan/phpstan-strict-rules` to 1.5.5
- [Release notes](https://github.com/phpstan/phpstan-strict-rules/releases)
- [Commits](phpstan/phpstan-strict-rules@1.5.2...1.5.5)

Updates `spaze/phpstan-disallowed-calls` to 3.2.0
- [Release notes](https://github.com/spaze/phpstan-disallowed-calls/releases)
- [Commits](spaze/phpstan-disallowed-calls@v3.1.2...v3.2.0)

Updates `shipmonk/phpstan-rules` to 2.12.0
- [Release notes](https://github.com/shipmonk-rnd/phpstan-rules/releases)
- [Commits](shipmonk-rnd/phpstan-rules@2.11.3...2.12.0)

---
updated-dependencies:
- dependency-name: phpstan/phpstan-strict-rules
  dependency-type: direct:development
  dependency-group: phpstan
- dependency-name: spaze/phpstan-disallowed-calls
  dependency-type: direct:development
  dependency-group: phpstan
- dependency-name: shipmonk/phpstan-rules
  dependency-type: direct:development
  dependency-group: phpstan
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels May 1, 2024
@xificurk
Copy link
Contributor

xificurk commented May 1, 2024

@dependabot squash and merge

@dependabot dependabot bot merged commit 066fe00 into master May 1, 2024
25 checks passed
@dependabot dependabot bot deleted the dependabot/composer/phpstan-da3b628579 branch May 1, 2024 22:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file php Pull requests that update Php code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@xificurk