Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump vimeo/psalm from 3.11.5 to 3.12.2 #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot-preview[bot]
Copy link
Contributor

Bumps vimeo/psalm from 3.11.5 to 3.12.2.

Release notes

Sourced from vimeo/psalm's releases.

3.12.2

Taint analysis bugfixes & features

  • allow taints to flow when no return type is given (#3652)
  • taint encapsulated strings based on their contents (#3655)
  • @TysonAndre added print, unserialize, create_function and more as sinks
  • allow taints to flow through unpacked arguments and mixed foreach (#3670)
  • taint property types for magic getters/setters even in the absence of a @property annotation (#3668)
  • add taints to filter_var (#3675)
  • preserve taints after is_string checks (#3680)
  • taint the contents of exit just as echo is (#3681)
  • @TysonAndre improved handling of preg_replace_callback
  • allow taints to flow through implied __toString methods (#3697)
  • specialize constructor taints as nececssary
  • allow any part of a taint path to be suppressed with @psalm-suppress TaintedInput

Other features

@olleharstedt added support for @psalm-self-out, which allows some typestate-oriented programming in Psalm (#3650)

Bugfixes

  • allow comparison of get_class($foo) === static::class
  • fix false-negative around missing property declarations (#3642)
  • improve treatment of comparisons after assignment in conditional (#3631)
  • @villfa improved reflection info for Redis (#3673)
  • PDO::query now allows two arguments (#3694)
  • @simPod improved reflection for RdKafka\ProducerTopic::producev (#3700)
  • @bdsl added a change that propagates @internal annotations on classes to their methods (#3698)
  • prevent crash with a Foo|? return type (#3716)
  • prevent crash on empty @method (#3721)
  • @jarstelfox fixed up the example TemplateChecker plugin
  • prevent crash when clone-ing undefined class (#3719)
  • infer template params from a class-string where appropriate (#3726)
  • improve handling of if conditionals inside do {...} while(); (#3685)
  • @lhchavez fixed a bug in docblock parsing where data was lost if a comment referred to a tag (#3776)
  • allow false to be removed from template params (#3737)
  • allow storing references to impure classes via the class names inside immutable classes (#3738)

Improve taint analysis a little

Taint analysis

  • $_REQUEST is now treated as a source, and taints now flow through trim and similar funcs
  • @psalm-taint-specialize now works in static methods

Also @TysonAndre added a --debug-emitted-issues command line flag to help debug the route of a Psalm issue.

Bugfixes

  • preg_replace_callback now supports arrays properly even when the closure is not well-documented (#3639)
Commits
  • 7c7ebd0 Make invalidation more robust
  • 5da2995 Use better replacement when analysing potentially-inherited templated type
  • 44d7f51 Generalise init vars inside for loops
  • 3d0a8c4 Fix #3738 - allow storing references to class-strings inside immutable
  • 6419788 Remove false from template param as necessary
  • ba63ccb Improve \Psalm\Internal\Scanner\DocblockParser::parse() (#3736)
  • 1745f5c Fix too-long line
  • cb94764 Prevent false-positive for Exception::__toString overriding
  • 0c582e9 Fix #3685 - improve handling of if conditionals inside do
  • cf1a8ac Suppress taints in instance properties
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

Bumps [vimeo/psalm](https://github.com/vimeo/psalm) from 3.11.5 to 3.12.2.
- [Release notes](https://github.com/vimeo/psalm/releases)
- [Commits](vimeo/psalm@3.11.5...3.12.2)

Signed-off-by: dependabot-preview[bot] <[email protected]>
@dependabot-preview dependabot-preview bot added the dependencies Pull requests that update a dependency file label Jul 6, 2020
@dependabot-preview
Copy link
Contributor Author

This pull request will no longer be automatically closed when a new version is found as this pull request was created by Dependabot Preview and this repo is using a version: 2 config file. You can close this pull request and let Dependabot re-create it the next time it checks for updates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants