Bump vimeo/psalm from 3.12.1 to 3.12.2
Created by: dependabot[bot]
Bumps vimeo/psalm from 3.12.1 to 3.12.2.
Release notes
Sourced from vimeo/psalm's releases.
3.12.2
Taint analysis bugfixes & features
- allow taints to flow when no return type is given (#3652)
- taint encapsulated strings based on their contents (#3655)
- @TysonAndre added
unserialize
,create_function
and more as sinks- allow taints to flow through unpacked arguments and mixed
foreach
(#3670)- taint property types for magic getters/setters even in the absence of a
@property
annotation (#3668)- add taints to
filter_var
(#3675)- preserve taints after
is_string
checks (#3680)- taint the contents of
exit
just asecho
is (#3681)- @TysonAndre improved handling of
preg_replace_callback
- allow taints to flow through implied
__toString
methods (#3697)- specialize constructor taints as nececssary
- allow any part of a taint path to be suppressed with
@psalm-suppress TaintedInput
Other features
@olleharstedt added support for
@psalm-self-out
, which allows some typestate-oriented programming in Psalm (#3650)Bugfixes
- allow comparison of
get_class($foo) === static::class
- fix false-negative around missing property declarations (#3642)
- improve treatment of comparisons after assignment in conditional (#3631)
- @villfa improved reflection info for
Redis
(#3673)PDO::query
now allows two arguments (#3694)- @simPod improved reflection for
RdKafka\ProducerTopic::producev
(#3700)- @bdsl added a change that propagates
@internal
annotations on classes to their methods (#3698)- prevent crash with a
Foo|?
return type (#3716)- prevent crash on empty
@method
(#3721)- @jarstelfox fixed up the example
TemplateChecker
plugin- prevent crash when
clone
-ing undefined class (#3719)- infer template params from a class-string where appropriate (#3726)
- improve handling of
if
conditionals insidedo {...} while();
(#3685)- @lhchavez fixed a bug in docblock parsing where data was lost if a comment referred to a tag (#3776)
- allow
false
to be removed from template params (#3737)- allow storing references to impure classes via the class names inside immutable classes (#3738)
Commits
-
7c7ebd0
Make invalidation more robust -
5da2995
Use better replacement when analysing potentially-inherited templated type -
44d7f51
Generalise init vars inside for loops -
3d0a8c4
Fix #3738 - allow storing references to class-strings inside immutable -
6419788
Remove false from template param as necessary -
ba63ccb
Improve \Psalm\Internal\Scanner\DocblockParser::parse() (#3736) -
1745f5c
Fix too-long line -
cb94764
Prevent false-positive for Exception::__toString overriding -
0c582e9
Fix #3685 - improve handling of if conditionals inside do -
cf1a8ac
Suppress taints in instance properties - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)