(Changed) Update dependencies and exclude meta files from archives

MarjovanLier commented 6 months ago

User description

Summary

This merge request updates the versions of several dependencies in the composer.json file to ensure the project uses the latest stable releases. It also modifies the .gitattributes file to exclude additional meta files from repository archives. These changes enhance the project's functionality, security, and maintainability.

Context and Background

Keeping dependencies up to date is crucial for maintaining a secure and efficient codebase. The latest versions often include bug fixes, performance improvements, and new features that can benefit the project. Additionally, excluding unnecessary files from archives helps keep the repository lean and focused.

Problem Description

The project's dependencies were not using the most recent stable versions, which could potentially lead to missed bug fixes, security vulnerabilities, and suboptimal performance. Furthermore, certain meta files were being included in repository archives, unnecessarily increasing their size and clutter.

Solution Description

The merge request addresses these issues by:

Updating the marjovanlier/stringmanipulation package from ^1.0.74 to ^1.0.79.
Bumping the phpstan/phpstan version from >=1.10.59 to >=1.10.60.
Upgrading the vimeo/psalm package from >=5.22.2 to >=5.23.1.
Adding /.coderabbit.yaml and /.pr_agent.toml to the export-ignore list in .gitattributes.

These updates ensure the project leverages the latest improvements and features from the updated packages while excluding unnecessary files from archives.

List of Changes

chore(deps): Upgrade stringmanipulation to ^1.0.79
build(deps): Update phpstan to v1.10.60
build(deps): Upgrade vimeo/psalm to v5.23.1
chore(gitattributes): Exclude meta files from archives

Type

enhancement, documentation

Description

Updated dependencies in composer.json to their latest versions for improved functionality, security, and maintainability:
- marjovanlier/stringmanipulation to ^1.0.79.
- phpstan/phpstan to >=1.10.60.
- vimeo/psalm to >=5.23.1.
Modified .gitattributes to exclude /.coderabbit.yaml and /.pr_agent.toml from repository archives, aligning with best practices for repository maintenance.

Changes walkthrough

Relevant files

Documentation

.gitattributes

Exclude Additional Meta Files from Archives

.gitattributes

Added /.coderabbit.yaml and /.pr_agent.toml to the export-ignore list.

+2/-0

Enhancement

composer.json

Update Dependencies to Latest Versions

composer.json

Updated marjovanlier/stringmanipulation package version from ^1.0.74
to ^1.0.79.

Bumped phpstan/phpstan version from >=1.10.59 to >=1.10.60.

Upgraded vimeo/psalm package version from >=5.22.2 to >=5.23.1.

+3/-3

✨ PR-Agent usage: Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

Summary by CodeRabbit

Chores
- Updated .gitattributes to exclude new configuration files from exports.
Documentation
- Adjusted version constraints for dependencies in composer.json.

coderabbitai[bot] commented 6 months ago

Walkthrough

## Walkthrough This update introduces modifications to the project's configuration and dependency management. It includes the exclusion of new configuration files from export and adjusts the version constraints for several dependencies in the project's `composer.json` file. These changes aim to enhance the project's setup and maintain compatibility with external libraries. ## Changes | Files | Change Summary | |-------------------------------|--------------------------------------------------------------------------------------------------| | `.gitattributes` | Added `.coderabbit.yaml` and `.pr_agent.toml` to the list of files excluded from exports | | `composer.json` | Updated version constraints for `marjovanlier/stringmanipulation`, `phpstan/phpstan`, `vimeo/psalm` |

Tips

### Chat There are 3 ways to chat with CodeRabbit: - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit .` - `Generate unit-tests for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit tests for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai generate interesting stats about this repository and render them as a table.` - `@coderabbitai show all the console.log statements in this repository.` - `@coderabbitai read src/utils.ts and generate unit tests.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (invoked as PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger a review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai help` to get help. Additionally, you can add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. ### CodeRabbit Configration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - The JSON schema for the configuration file is available [here](https://coderabbit.ai/integrations/coderabbit-overrides.v2.json). - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json` ### CodeRabbit Discord Community Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback.

sonarcloud[bot] commented 6 months ago

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

sweep-ai[bot] commented 6 months ago

Apply Sweep Rules to your PR?

[ ] Apply: All PHP Code should be in the PER Coding Style 2.0 (This rule expands on the PSR-12 coding standard)

This is an automated message generated by Sweep AI.

codiumai-pr-agent-pro[bot] commented 6 months ago

PR Description updated to latest commit (https://github.com/MarjovanLier/SouthAfricanIDValidator/commit/32fecade70bd2e98a742dc45ccd6c7bb1f422736)

[x] Copy walkthrough table to "Files Changed" Tab

codiumai-pr-agent-pro[bot] commented 6 months ago

Changelog updates:

2024-03-11

Changed

Updated marjovanlier/stringmanipulation package to ^1.0.79.
Updated phpstan/phpstan to >=1.10.60.
Upgraded vimeo/psalm to >=5.23.1.
Excluded /.coderabbit.yaml and /.pr_agent.toml from repository archives in .gitattributes.

to commit the new content to the CHANGELOG.md file, please type: '/update_changelog --pr_update_changelog.push_changelog_changes=true'

codiumai-pr-agent-pro[bot] commented 6 months ago

PR Code Suggestions

Category	Suggestions
Best practice	Specify exact versions for critical packages to avoid breaking changes. ___ It's a good practice to lock the versions of critical packages to a specific version rather than using a version range. This ensures that the application is tested against a specific version and reduces the risk of introducing breaking changes inadvertently. Consider specifying exact versions for packages like `phpstan/phpstan` and `vimeo/psalm`. [composer.json [53-60]](https://github.com/MarjovanLier/SouthAfricanIDValidator/pull/27/files#diff-d2ab9925cad7eac58e0ff4cc0d251a937ecf49e4b6bf57f8b95aab76648a9d34R53-R60) ```diff -"phpstan/phpstan": ">=1.10.60", -"vimeo/psalm": ">=5.23.1" +"phpstan/phpstan": "1.10.60", +"vimeo/psalm": "5.23.1" ```
Best practice	Use a stable version constraint for `roave/security-advisories` to ensure project stability. ___ For the `roave/security-advisories` package, using `dev-latest` as the version constraint might expose your project to unstable versions. It's recommended to use a more stable version constraint to ensure the security and stability of your project. [composer.json [59]](https://github.com/MarjovanLier/SouthAfricanIDValidator/pull/27/files#diff-d2ab9925cad7eac58e0ff4cc0d251a937ecf49e4b6bf57f8b95aab76648a9d34R59-R59) ```diff -"roave/security-advisories": "dev-latest", +"roave/security-advisories": "@stable", ```

codiumai-pr-agent-pro[bot] commented 6 months ago

Auto-approved PR

codecov[bot] commented 6 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 100.00%. Comparing base (5c23519) to head (32fecad).

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #27 +/- ## =========================================== Coverage 100.00% 100.00% Complexity 20 20 =========================================== Files 1 1 Lines 47 47 =========================================== Hits 47 47 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

MarjovanLier / SouthAfricanIDValidator