Reiter, Christoph requested to merge renovate/all-minor-patch into main Apr 19, 2021

This MR contains the following updates:

Package	Type	Update	Change
friendsofphp/php-cs-fixer	require-dev	patch	`2.18.2` -> `2.18.6`
guzzlehttp/guzzle (source)	require	minor	`7.2.0` -> `7.3.0`
nelmio/cors-bundle	require	patch	`2.1.0` -> `2.1.1`
phpstan/phpstan	require-dev	patch	`0.12.80` -> `0.12.84`
symfony/framework-bundle (source)	require	patch	`4.4.20` -> `4.4.21`
symfony/http-client (source)	require-dev	patch	`4.4.20` -> `4.4.21`
symfony/phpunit-bridge (source)	require-dev	patch	`4.4.20` -> `4.4.21`
symfony/security-bundle (source)	require	patch	`4.4.20` -> `4.4.21`
symfony/security-core (source)	require	patch	`4.4.20` -> `4.4.21`
symfony/yaml (source)	require	patch	`4.4.20` -> `4.4.21`
vimeo/psalm	require-dev	minor	`4.6.2` -> `4.7.0`
web-token/jwt-easy	require	patch	`2.2.8` -> `2.2.10`
web-token/jwt-signature-algorithm-rsa	require	patch	`2.2.8` -> `2.2.10`

Release Notes

FriendsOfPHP/PHP-CS-Fixer

`v2.18.6`

Compare Source

bug #5586 Add support for nullsafe object operator ("?->") (kubawerlos)
bug #5597 Tokens - fix for checking block edges (kubawerlos)
bug #5604 Custom annotations @type changed into @var (Leprechaunz)
bug #5606 DoctrineAnnotationBracesFixer false positive (Leprechaunz)
bug #5610 BracesFixer - fix braces of match expression (Leprechaunz)
bug #5615 GroupImportFixer severely broken (Leprechaunz)
bug #5617 ClassAttributesSeparationFixer - fix for using visibility for class elements (kubawerlos)
bug #5618 GroupImportFixer - fix removal of import type when mixing multiple types (Leprechaunz)
bug #5622 Exclude Doctrine documents from final fixer (ossinkine)
bug #5630 PhpdocTypesOrderFixer - handle complex keys (Leprechaunz)
minor #5554 DX: use tmp file in sys_temp_dir for integration tests (keradus)
minor #5564 DX: make integration tests matching entries in FixerFactoryTest (kubawerlos)
minor #5603 DX: DocumentationGenerator - no need to re-configure Differ (keradus)
minor #5612 DX: use ::class whenever possible (kubawerlos)
minor #5619 DX: allow XDebugHandler v2 (keradus)
minor #5623 DX: when displaying app version, don't put extra space if there is no CODENAME available (keradus)
minor #5626 DX: update PHPStan and way of ignoring flickering PHPStan exception (keradus)
minor #5629 DX: fix CiIntegrationTest (keradus)
minor #5636 DX: remove 'create' method in internal classes (keradus)
minor #5637 DX: do not calculate bitmap via helper anymore (keradus)
minor #5639 Move fix reports (classes and schemas) (keradus)
minor #5640 DX: use constants for PHPUnit version (keradus)
minor #5646 Cleanup YodaStyleFixerTest (kubawerlos)

`v2.18.5`

Compare Source

bug #5561 NoMixedEchoPrintFixer: fix for conditions without curly brackets (kubawerlos)
bug #5563 Priority fix: SingleSpaceAfterConstructFixer must run before BracesFixer (kubawerlos)
bug #5567 Fix order of BracesFixer and ClassDefinitionFixer (Daeroni)
bug #5596 NullableTypeTransformer - fix for attributes (kubawerlos, jrmajor)
bug #5598 GroupImportFixer - fix breaking code when fixing root classes (Leprechaunz)
minor #5571 DX: add test to make sure SingleSpaceAfterConstructFixer runs before FunctionDeclarationFixer (kubawerlos)
minor #5577 Extend priority test for "class_definition" vs "braces" (kubawerlos)
minor #5585 DX: make doc examples prettier (kubawerlos)
minor #5590 Docs: HeaderCommentFixer - document example how to remove header comment (keradus)
minor #5602 DX: regenerate docs (keradus)

`v2.18.4`

Compare Source

bug #4085 Priority: AlignMultilineComment should run before every PhpdocFixer (dmvdbrugge)
bug #5421 PsrAutoloadingFixer - Fix PSR autoloading outside configured directory (kelunik, keradus)
bug #5464 NativeFunctionInvocationFixer - PHP 8 attributes (HypeMC, keradus)
bug #5548 NullableTypeDeclarationForDefaultNullValueFixer - fix handling promoted properties (jrmajor, keradus)
bug #5550 TypeAlternationTransformer - fix for typed static properties (kubawerlos)
bug #5551 ClassAttributesSeparationFixer - fix for properties with type alternation (kubawerlos, keradus)
bug #5552 DX: test relation between function_declaration and method_argument_space (keradus)
minor #5540 DX: RuleSet - convert null handling to soft-warning (keradus)
minor #5545 DX: update checkbashisms (keradus)

`v2.18.3`

Compare Source

bug #5484 NullableTypeDeclarationForDefaultNullValueFixer - handle mixed pseudotype (keradus)
minor #5470 Disable CI fail-fast (mvorisek)
minor #5491 Support php8 static return type for NoSuperfluousPhpdocTagsFixer (tigitz)
minor #5494 BinaryOperatorSpacesFixer - extend examples (keradus)
minor #5499 DX: add TODOs for PHP requirements cleanup (keradus)
minor #5500 DX: Test that Transformers are adding only CustomTokens that they define and nothing else (keradus)
minor #5507 Fix quoting in exception message (gquemener)
minor #5514 DX: PHP 7.0 integration test - solve TODO for random_api_migration usage (keradus)
minor #5515 DX: do not override getConfigurationDefinition (keradus)
minor #5516 DX: AbstractDoctrineAnnotationFixer - no need for import aliases (keradus)
minor #5518 DX: minor typing and validation fixes (keradus)
minor #5522 Token - add handling json_encode crash (keradus)
minor #5523 DX: EregToPregFixer - fix sorting (keradus)
minor #5528 DX: code cleanup (keradus)

guzzle/guzzle

`v7.3.0`

Compare Source

Added

Support for DER and P12 certificates #2413
Support the cURL (http://) scheme for StreamHandler proxies #2850
Support for guzzlehttp/psr7:^2.0 #2878

Fixed

Handle exceptions on invalid header consistently between PHP versions and handlers #2872

nelmio/NelmioCorsBundle

`v2.1.1`

Compare Source

Fixed response for unauthorized headers containing a reflected XSS (#163)

phpstan/phpstan

Major new feature 🚀

Local type aliases

Thanks to @jiripudil and his MR phpstan/phpstan-src#460, you can now enjoy @phpstan-type and @phpstan-import-type in class-level PHPDoc. See the documentation for more details.

Improvements 🔧

Add AlwaysUsedClassConstantsExtension interface (#495), #4859, thanks @jdecool!
Remove unnecessary dependencies (phpstan/phpstan-src@2cd7a03)

Bugfixes 🐛

unlink() also clears stat cache (phpstan/phpstan-src@63d0670), #4797
Named arguments - fix optional arguments and variadics (phpstan/phpstan-src@3e5621e), #4800
Fix Closure::bind() (phpstan/phpstan-src@566b44b), #4808
Fix CatchWithUnthrownExceptionRule for new $expr() (phpstan/phpstan-src@8463afd), #4806
Fix CatchWithUnthrownExceptionRule for $expr::foo() (phpstan/phpstan-src@8c7cf85), #4805
Allow autoloaders to require/require_once for #4836 via a fake read (#491), thanks @rrazor!
Get closer to how type inference in TypeScript works (phpstan/phpstan-src@3be90f0), #4803
Fix throwpoint in elseif condition (phpstan/phpstan-src@fb62e5e)
Fix excessive memory usage (phpstan/phpstan-src@7c0146c), #4815

Function signature fixes 🤖

Update XSLTProcessor::transformToXML signature (#492), thanks @jawira!
Update rediscluster inspections (#493), thanks @sudo-plz!
Fix array_sum return type (#494), thanks @VincentLanglet!
Fix wrong IntlDateFormatter format signature (#496), thanks @alfredbez!

Improvements 🔧

Precise try-catch-finally analysis (#481), thanks @rainbow-alex for the kick-off of this feature!
- Learn more on PHPStan's blog
- Fixes: #1597, #3617, #778, #2969, #3004, #3710, #3822, #505, #1670, #1219, #3302
Dependent types - understand truthy BooleanOr and falsey BooleanAnd scope (phpstan/phpstan-src@2c42ef1), #4733, #4326, #987, #4215, #4695
Dependent types - save conditional expression after variable assignment (phpstan/phpstan-src@56ae015), #2977, #3190

Bleeding edge 🔪

Consistent remembering and forgetting returned values (phpstan/phpstan-src@d4edc59)
- Learn more on PHPStan's blog
- Fixes: #2420, #4588, #3553, #3382, #4177, #4091, #2288, #1157
Report dead catch with exception that is not thrown in the try block - level 4 (phpstan/phpstan-src@ce9299c)
Rule for detecting overwriting exit points in finally - level 4 (phpstan/phpstan-src@3f712be)

If you want to see the shape of things to come and adopt bleeding edge features early, you can include this config file in your project's phpstan.neon:

includes:
	- vendor/phpstan/phpstan/conf/bleedingEdge.neon

Of course, there are no backwards compatibility guarantees when you include this file. The behaviour and reported errors can change in minor versions with this file included. Learn more

Bugfixes 🐛

Fixed detecting method signature compatibility (phpstan/phpstan-src@8f0150d), #4729
Fixed inferring template types from ThisType (phpstan/phpstan-src@a843d87), #4725
More robust PHPDoc parsing (phpstan/phpstan-src@5d37113), #4731
Support the $foo ?? false pattern when making sure variable exists (phpstan/phpstan-src@c4cc668), #560
mt_rand and rand are not pure (phpstan/phpstan-src@edc8446)
random_int and random_bytes are not deterministic (phpstan/phpstan-src@f36fa71), #4190
Invalidate is_file() calls and similar only after clearstatcache() (phpstan/phpstan-src@bcc8d61)
Invalidate object state after passing to impure function (phpstan/phpstan-src@f92b95e), #3203
BaselineNeonErrorFormatter: Sort output by file and pattern (#483), thanks @dktapps!
Match expression - do not complain about void in arm body (phpstan/phpstan-src@90e49f7, phpstan/phpstan-src@2c0dda3), #4292
Fix merging scopes with narrowed constant types (phpstan/phpstan-src@42d0b36), #4434
Allow phpVersion up to 80099 (phpstan/phpstan-src@4db2e14), #4762
Fix Access to an undefined static property in Closure::bind (#489), thanks @VincentLanglet!
Add array_sum() dynamic return type extension (#490), thanks @VincentLanglet!
Fix NativeMethodReflection::hasSideEffects() (phpstan/phpstan-src@98fb540), #4231, #4287
TypeSpecifier - support IntegerRangeType with count() (phpstan/phpstan-src@7b417c7), #4700
Improved performance (phpstan/phpstan-src@dbe08a6, phpstan/phpstan-src@626f72a, phpstan/phpstan-src@1463c57, phpstan/phpstan-src@91f477f), #4723
Fix problem with generics and inheritance, #4008, #3546
Fix native static return typehint when entering class method (phpstan/phpstan-src@baa371e), #4795

Function signature fixes 🤖

Fix function-map for PDOStatement pass-by-reference functions (#480), thanks @jaylinski!
Add uopz 6.x functions (#482), thanks @zonuexe!

Improvements 🔧

Support for generic traits and specifying template types with @use (phpstan/phpstan-src@8766923), #4423
Result cache - invalidate when project extensions are edited (phpstan/phpstan-src@1e53ab6), https://github.com/phpstan/phpstan/discussions/4691
Make RecursiveIterator generic (phpstan/phpstan-src@82596f5), #4718
Update phpstan/phpdoc-parser to 0.5 (phpstan/phpstan-src@3e1d200)

Bugfixes 🐛

Eliminate non-generic types before inferring from unions (phpstan/phpstan-src@a1b7b38), #2575, #4130, #3623
Calling static:: preserves generic types (phpstan/phpstan-src@d4e0177), #3251, #2231
Resolve static type in the typesystem, not in scope (#474), #4213, #4648, #3523, #3120, #1652, #4267
Fixed handling of static in parameter type in implemented interfaces (phpstan/phpstan-src@d225a68), #4707, #3118
Calling parent:: preserves generic types (phpstan/phpstan-src@4acbc6c), #2231, #2621, #3537, #3251
Fix: phpdoc cache collision with identical aliases & variable names (#471), thanks @rainbow-alex!
Fixed getting class constants PHPDoc from wrong file (phpstan/phpstan-src@6d52302), phpstan/phpstan-deprecation-rules#35
Fix default method parameter value mentioning ::class constant (phpstan/phpstan-src@431905c), #4713, #4066
Fix default trait method parameter mentioning constant from the using class (phpstan/phpstan-src@8babba3), #4288
Fixed native expression type for by-ref variable after closure (#477), #4657, thanks @ruudk!
Make functions present in functionMap but not in PhpStorm stubs known (phpstan/phpstan-src@b51a26f), #4702
PHP 8 supports %h and %H in printf/sprintf (phpstan/phpstan-src@0cbbfba), #4717
Fix DsMapDynamicReturnTypeExtension (phpstan/phpstan-src@330eb22), #4545
Regression tests for already solved issues (phpstan/phpstan-src@d01431c), #3558, #3351, #1843

Function signature fixes 🤖

Fix XMLReader::open() return type (phpstan/phpstan-src#456), thanks @jeroennoten!

Improvements 🔧

Support for running PHPStan without any arguments (phpstan/phpstan-src@469a8c3)
- You can run PHPStan just by executing vendor/bin/phpstan, if you satisfy two conditions:
  - You have phpstan.neon (or phpstan.neon.dist) in your current working directory
  - This configuration file contains rule level parameter, and paths to analyse
Fix support for classes named after pseudotypes in PHPDocs (#365), thanks @stof!
- This means that existing classes with names like Resource or Never are now correctly recognized in PHPDocs and have priority over PHP's resource type and PHPStan's never pseudotype
Understand noreturn in PHPDoc as NeverType (phpstan/phpstan-src@bce31f0)
Docker - support ARM architecture (#4663)

Bugfixes 🐛

Updated PHP 8 stubs (phpstan/phpstan-src@8382e35)
Fix infinite recursion when asking isSuperTypeOf() between template union types (phpstan/phpstan-src@9f51f8e), #4670
Fix generic variance with BenevolentUnionType (phpstan/phpstan-src@49dcc50), #4634
Nested generic type - correctly infer template types (phpstan/phpstan-src@48aea56), #4642
Fixed false positive about unreferenced template type in a parameter with nested generics (phpstan/phpstan-src@0725f5a), #4641
Fixed class-scoped template type used as a bound in method-scoped template type (phpstan/phpstan-src@e68ca10), #4643

Function signature fixes 🤖

Fixed incorrect return type for SplFileObject::fgetcsv() (#464), thanks @TomAdam!

symfony/framework-bundle

`v4.4.21`

Compare Source

Changelog (https://github.com/symfony/framework-bundle/compare/v4.4.20...v4.4.21)

bug #40178 Exclude unreadable files when executing About command (michaljusiega)
bug #40398 : Fix method name compare in ResolveControllerNameSubscriber (glensc)
bug #40373 Check if templating engine supports given view (fritzmg)
bug #40313 Fix PropertyAccess definition when not in debug (PedroTroller)

symfony/http-client

`v4.4.21`

Compare Source

Changelog (https://github.com/symfony/http-client/compare/v4.4.20...v4.4.21)

bug #40587 fix using stream_copy_to_stream() with responses cast to php streams (nicolas-grekas)
bug #40538 remove using $http_response_header (nicolas-grekas)

symfony/phpunit-bridge

`v4.4.21`

Compare Source

Changelog (https://github.com/symfony/phpunit-bridge/compare/v4.4.20...v4.4.21)

bug #40508 fix reporting deprecations from DebugClassLoader (nicolas-grekas)
bug #40494 fix compat with symfony/debug (nicolas-grekas)

symfony/security-bundle

`v4.4.21`

Compare Source

Changelog (https://github.com/symfony/security-bundle/compare/v4.4.20...v4.4.21)

bug #40537 Handle properly 'auto' option for remember me cookie security (fliespl)

symfony/security-core

`v4.4.21`

Compare Source

Changelog (https://github.com/symfony/security-core/compare/v4.4.20...v4.4.21)

bug #40386 Backport psr/container 1.1/2.0 compatibility (derrabus)

symfony/yaml

`v4.4.21`

Compare Source

Changelog (https://github.com/symfony/yaml/compare/v4.4.20...v4.4.21)

no significant changes

vimeo/psalm

`v4.7.0`

Compare Source

Features

Better tracking of mixed issues

On level 1 Psalm now provides traces whenever mixed types occur in your code, to help you pinpoint where the mixed types were introduced. Here's an article that goes into more detail.

Some unused code is now a level 1 issue

Unused code detection breaks down into two main categories: function-scoped unused code (e.g. unused variables and unused closure params) and codebase-scoped (unused public methods, unused public properties).

Psalm has unused code detection for a long time, but it's always been opt-in. Now in version 4.7 all function-scoped unused code issues are emitted when using level 1, Psalm's strictest level.

This allows us to perform the aforementioned tracking of mixed types, because we're using the same underlying mechanism for both features. More importantly, it should also help you improve code quality, and avoid bugs.

Plugin hook for per-expression taint analysis

@mortenson has added a plugin that allows you to add and remove taint flows (#5398)

Error level XML autocompletion improvements

@weirdan made the XML config level more specific, allowing the value to be autocompleted in IDEs that understand the .xsd (#5476)

Add `@psalm-ignore-var`

Thanks to @sj-i you can now tell Psalm to ignore an inline @var type annotation with a @psalm-ignore-var tag (#5488)

Psalm level badges

If your project is open-source you can now show what Psalm level you use in a badge:

[![Psalm level](https://shepherd.dev/github/<username>/<repository>/level.svg?)](https://psalm.dev/)

This is the badge for Psalm's repository:

Make sure your build is sending appropriate data to Shepherd, the Psalm build data service:

vendor/bin/psalm --shepherd

Bugfixes

@orklah improved the return type for json_encode when JSON_THROW_ON_ERROR is passed (#5417)
@AndrolGenhald fixed major/minor version handling for composer packages (#5415)
@AndrolGenhald fixed a number of array bugs (#5427, #5431, #5436, #5421)
@AndrolGenhald added support for template property invariance (#5371)
@weirdan fixed timezone identifier method/function signatures (#5443)
@weirdan prevented a crash when accessing templates with array offsets (#5447)
@yakimun fixed handling of unpacked arrays with string arguments (#5446)
@AndrolGenhald improved handling of @no-named-arguments (#5455)
Fixed a potential crash when calling __set explicitly with only one argument
@azjezz pure functions are allowed to return no-return (#5461)
@morozov improved signature for mysql_real_connect (#5464)
@danog allowed string template params in concatenation (#5468)
@danog improved posix_* function return types (#5469)
Taint Analysis taints can now flow through array keys (#5470)
@jni- improved analysis of intersections of classes with classes with magic methods (#5473)
@morozov fixed OCI stubs in PHP 8 (#5478)
reset and end now respect template unwrapping for nested templates (#5208)
@weirdan prevented string subtypes subsuming class-string (#5497)

`v4.6.4`

Compare Source

IssueBuffer::finish had a small undocumented API change – that change is reverted here (#5410).

Bugfixes:

@orklah improved the return type of array_combine and iterator_to_array (#5393, #5400)
Promoted properties are no longer counted as unused params — thanks @weirdan (#5404)
@theodorejb improved the type of DOMElement::childNodes (#5403)
Property invariance checks are now disabled for properties with templates — thanks @AndrolGenhald (#5380)
@orklah fixed scalar-to-string reconciliation inside templates (#5402)
Fixed a regression asserting on templated arrays and generic objects (#5406)

`v4.6.3`

Compare Source

Features

@weirdan added support for PHP Version-dependent method stubs (#5337)

Bugfixes

Improving handling of nested template types in class strings (#5290)
Language Server Allow static methods to be autocompleted on instances (#5210, #5295)
Language Server Fix inferred type caching bug when editing neighbouring methods (#5297)
Fix JSON reports containing UTF-8 strings – thanks @danog (#5300)
Improve callmap for gd functions in PHP 8 – thanks @iluuu1994 (#5271)
improvements to mysql_init and PDOStatement::fetchAll return type – thanks @morozov (#5306, #5317)
WeakMap is now generic – thanks @weirdan (#5313)
Allow iterable coercion from a generic object (#5310)
Fix an issue with method memoisation (#5317)
Allow ReflectionParameter::getType() to return non-null if a ReflectionParameter::hasType() call returns true (#5258)
Undefined variables can now be tracked in arrow functions – thanks @weirdan (#5343)
ImplicitToStringCast is now emitted in more places – thanks @weirdan (#5344)
variable usage in bool to int casts are now tracked – thanks @weirdan (#5349)
explode return type is improved – thanks @weirdan (#5350)
ceil just returns a float, thanks @simPod (#5355)
improved return type for min and max – thanks @orklah
Psalm startup variables are now shielded from plugins that change global variables – thanks @weirdan! (#5366)
fixed integer overflow that could cause a Psalm crash – thanks @orklah (#5369)
@orklah fixed a bug where Psalm would not accurately type the output of array_map when given a callable (#5373)
prevented an edge-case where calling the constructor of a genericised class could poison Psalm's internal cache (b549989)

web-token/jwt-easy

Configuration

📅 Schedule: "before 3am on Monday" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this MR, check this box.

This MR has been generated by Renovate Bot.

Edited Apr 22, 2021 by Reiter, Christoph

chore(deps): update all non-major dependencies

Release Notes

Added

Fixed

Major new feature 🚀

Improvements 🔧

Bugfixes 🐛

Function signature fixes 🤖

Improvements 🔧

Bleeding edge 🔪

Bugfixes 🐛

Function signature fixes 🤖

Improvements 🔧

Bugfixes 🐛

Function signature fixes 🤖

Improvements 🔧

Bugfixes 🐛

Function signature fixes 🤖

Features

Better tracking of mixed issues

Some unused code is now a level 1 issue

Plugin hook for per-expression taint analysis

Error level XML autocompletion improvements

Add @psalm-ignore-var

Psalm level badges

Bugfixes

Features

Bugfixes

Configuration

Merge request reports

Add `@psalm-ignore-var`