Skip to content

fix(deps): update all non-major dependencies (patch)

Reiter, Christoph requested to merge renovate/patch-all-minor-patch into main

This MR contains the following updates:

Package Type Update Change
symfony/framework-bundle (source) require patch 5.2.10 -> 5.3.2
vimeo/psalm require-dev patch 4.7.3 -> 4.8.1

Release Notes

symfony/framework-bundle

v5.3.2

Compare Source

Changelog (https://github.com/symfony/framework-bundle/compare/v5.3.1...v5.3.2)

  • bug #​41719 fix Could not find service "test.service_container" (smilesrg)
  • bug #​41505 fix KernelBrowser::loginUser with a stateless firewall (dunglas)
  • bug #​41472 remove service if its class doesn't exist (xabbuh)

v5.3.0

Compare Source

Changelog (https://github.com/symfony/framework-bundle/compare/v5.3.0-RC1...v5.3.0)

  • bug #​41458 fix ConfigBuilderCacheWarmer (nicolas-grekas)
  • bug #​41456 fix creating ContainerBuilder at warmup/CLI time (nicolas-grekas)
  • bug #​41452 Remove redundant cache service (derrabus)
  • bug #​41451 Remove PoEditor Provider (welcoMattic)
vimeo/psalm

v4.8.1

Compare Source

Release 4.8.0 introduced a bug in baseline generation. This release should fix it!

v4.8.0

Compare Source

Features

New literal-string type

Inspired by the is_literal RFC we've added a new literal-string type.

The type will be most useful to annotate functions and methods that take SQL. In those methods you generally don't want any code that is not part of your app, e.g.

<?php

/** @&#8203;param literal-string $sql */
function execute_sql(string $sql, array $params = []): void { }

$id = (string) ($_GET['id'] ?? '');

// passes type checks
execute_sql(
    'SELECT * FROM `foo` WHERE `id` = :id',
    [':id' => $id]
);

// fails
execute_sql(
    'SELECT * FROM `foo` WHERE `id` = "' .$id . '"'
);

Psalm’s taint analysis can also help detect this general class of issues, but a literal-string type allows the type-checker to provide guarantees much earlier in the process.

Read more in the documentation.

More specific taint analysis for unescaped quotes

htmlentities can be used to strip some harmful characters in strings, but not all of them (by default).

Psalm has a new issue TaintedTextWithQuotes to help detect strings that might not have HTML tags but can have harmful Javascript.

Detect unused return values

When running with the --find-unused-code flag, Psalm already detects a lot of unnecessary code, including unused public and private methods, unused properties and unused variables.

Now Psalm will also flag unused return values — where a function returns something, but nowhere that calls the given function actually uses the returned value.

See the documentation for UnusedReturnValue and PossiblyUnusedReturnValue for more information.

@var/@&#8203;param mixup

@​weirdan added a new issue that's emitted when using a @var docblock where @param is expected (#​5845)

Plugins can declare custom scanners & analyzers

You've been able to set custom scanners and analyzers in your config, but now plugins can do this too — thanks @​ohader (#​5883)

Unused foreach values

@​weirdan added a separate UnusedForeachVariable to unused variable detection to prevent Psalm incorrectly flagging unused foreach vars as fixable (#​5932)

Bugfixes

Deprecations


Configuration

📅 Schedule: "every weekend" (UTC).

🚦 Automerge: Enabled.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this MR, check this box.

This MR has been generated by Renovate Bot.

Merge request reports

Loading