FriendsOfREDAXO / rexstan

redaxo phpstan addon
https://staabm.github.io/archive.html#rexstan
MIT License
35 stars 3 forks source link

Bump spaze/phpstan-disallowed-calls from 2.16.1 to 3.1.2 #670

Closed dependabot[bot] closed 6 months ago

dependabot[bot] commented 8 months ago

Bumps spaze/phpstan-disallowed-calls from 2.16.1 to 3.1.2.

Release notes

Sourced from spaze/phpstan-disallowed-calls's releases.

Dynamic class constant fetch, disallowedEnums

What's Changed

  • Support dynamic class constant fetch available in PHP 8.3 (#242, #248)
  • Added disallowedEnums, they use DisallowedConstant internally (#243, docs)

Internal changes:

  • The PHP 8.0 polyfill is not needed anymore (#237)
  • More tests for attributes (#240) and on more PHP versions (#244)
  • More strict/correct config schema, disallowedConstants' constant field is always present (#245)
  • Reuse the existing reflection variable (#246)

Note

The 3.1.0 release was the same minus #248.

Param values with PHPdoc typeString, attributes on properties and more reported, no "because reasons" in errors, more rules for the same call, few possible bw compat breaks

New major version because some major new features in this release, and some potential backwards compatibility breaks, if you use the extension in one way or another, all described below.

New features

  • Can specify params with a doctype in typeString config option (#234) You can now specify dis/allowed parameter values as PHPDoc string like typeString: 'foo'|'bar' or typeString: 'array{}' etc. instead of just value: scalar
  • Support more attribute targets: properties, class constants, params (#225) Disallowed attributes will now be also reported when used on/with those.

Changed

  • No "because reasons", because reasons (#221) (Possible backwards compatibility break, if you ignore error messages in your config) Previously, if there was no message key in the disallowed configuration, "because reasons" was added automatically. I thought it was funny back when this was an internal extension only, but maybe it's not anymore. So there's no "because reasons" anymore, and the error message will always end with a full stop ., unless it already ends with one, or unless it ends with ? or !.
  • Define extension parameters as a structure (#222, #231 and a follow-up in #229 thanks to @​francescolaffi) (Possible BC break, if you have a typo in your config, you may suddenly be alerted about it) Bye typos, at least some of them.
  • Can add more rules for the same call to have different messages for various params (#232) (Possible BC break if you for some reason relied on the order of the rules for the same function or method)
  • The allowExceptParamsInAllowed description in docs was flipped around (#235)

Internal test changes

  • Use the DI container in tests (#223, #228)
  • Merge test libs dir into src (#227)
  • Rename attribute tests and drop ClassWithAttributesAllow (#230)
Commits
  • d0b3d66 Run tests every day to assure compatibility (#251)
  • 179e952 Run tests every day to assure compatibility
  • 1d6d022 Allow tests to be executed manually too
  • 6d49c14 Hardcode ENT_QUOTES as int 3 in disallowed-loose-calls.neon config (#250)
  • 00a5929 Hardcode ENT_QUOTES as int 3 in disallowed-loose-calls.neon config
  • fe56632 Support all Expr nodes when in dynamic constant fetch (#248)
  • 43e9213 Support all Expr nodes when in dynamic constant fetch
  • ce98abe Reuse the existing reflection and do it just once (#246)
  • 92e3305 Reuse the existing reflection and do it just once
  • 0741bd1 disallowedConstants' constant field is always present (#245)
  • Additional commits viewable in compare view


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot[bot] commented 6 months ago

Superseded by #697.