Releases: vimeo/psalm
Releases · vimeo/psalm
7.0.0-beta19
What's Changed
Fixes
- Final improvements for reduced scanning by @danog in #11809
- Allow enums to have impure methods by @danog
- Switch void/never params to use ParadoxicalCondition issue by @danog
Full Changelog: 7.0.0-beta18...7.0.0-beta19
Contributors
danog
Assets 4
7.0.0-beta18
What's Changed
Features
- Introduce psalm plugin API by @danog in #11739
- Defer project/extra file list initialization, disable it for single-file scans by @danog in #11804
- [7.x] Allow plugin issues to specify custom documentation URLs by @alies-dev in #11735
- [7.x] Rename
compactoutput format totable, add new truly compact format by @alies-dev in #11750 - [7.x] Add
TaintedLlmPromptissue type for prompt injection detection by @alies-dev in #11746
Fixes
- [7.x] Add missing ImpureGlobalVariable to error levels doc by @alies-dev in #11737
- Mutability inference fixes by @danog in #11734
- [7.x] Support parenthesized union types in @method parameter annotations by @alies-dev in #11733
- [7.x] Respect
ERROR_LEVELfor plugin-defined issues by @alies-dev in #11736 - Fix --show-snippet option silently consuming next CLI argument by @alies-dev in #11684
- Explicitly disable JIT by default by @danog in #11745
- [6.x] Fix InterfaceAnalyzer crash when storage is overwritten by reflection by @alies-dev in #11760
- [6.x] Use macOS bundle ID for PhpStorm (support JetBrains Tool installed apps), respect
PHPSTORMenv var on Darwin by @alies-dev in #11801
Docs
- [7.x] Improve error levels documentation presentation by @alies-dev in #11759
Internal changes
Other changes
Full Changelog: 7.0.0-beta17...7.0.0-beta18
Contributors
method, maximal, and 2 other contributors
Assets 4
6.16.1
What's Changed
Fixes
- Fix --show-snippet option silently consuming next CLI argument by @alies-dev in #11684
- Explicitly disable JIT by default by @danog in #11745
Full Changelog: 6.16.0...6.16.1
Contributors
alies-dev and danog
Assets 4
7.0.0-beta17
What's Changed
Features
Fixes
- Fix duplicate error for abstract methods in traits if the issue is due to the implementer by @kkmuffme in #11695
- Report regular issue instead of throw/crash by @kkmuffme in #11693
- Add PHP 8.5 (and 8.4) handling where it wasn't added yet by @kkmuffme in #11697
- curl_share_init_persistent requires non-empty array otherwise throws by @kkmuffme in #11701
- Add max_depth option to unserialize() callmap type by @eyupcanakman in #11702
- Add TDate template parameter to DatePeriod stubs by @alies-dev in #11728
- Fix false InvalidArgument for sprintf precision placeholders by @eyupcanakman in #11729
Internal changes
- Disable JIT by default, make it opt-in via --force-jit by @alies-dev in #11682
- Regenerate callmaps to include new ext-mongodb 2.2 API by @alcaeus in #11720
- Bump docker/setup-buildx-action from 3 to 4 by @dependabot[bot] in #11719
- Pass a context wherever possible by @danog in #11725
New Contributors
- @eyupcanakman made their first contribution in #11702
- @Copilot made their first contribution in #11726
Full Changelog: 7.0.0-beta16...7.0.0-beta17
Contributors
ADmad, alcaeus, and 5 other contributors
Assets 4
6.16.0
What's Changed
Features
Fixes
- Fix duplicate error for abstract methods in traits if the issue is due to the implementer by @kkmuffme in #11695
- Report regular issue instead of throw/crash by @kkmuffme in #11693
- Add PHP 8.5 (and 8.4) handling where it wasn't added yet by @kkmuffme in #11697
- curl_share_init_persistent requires non-empty array otherwise throws by @kkmuffme in #11701
- Add max_depth option to unserialize() callmap type by @eyupcanakman in #11702
- Fix false InvalidArgument for sprintf precision placeholders by @eyupcanakman in #11729
Internal changes
- Disable JIT by default, make it opt-in via --force-jit by @alies-dev in #11682
- Regenerate callmaps to include new ext-mongodb 2.2 API by @alcaeus in #11720
- Bump docker/setup-buildx-action from 3 to 4 by @dependabot[bot] in #11719
New Contributors
- @eyupcanakman made their first contribution in #11702
Full Changelog: 6.15.1...6.16.0
Contributors
ADmad, alcaeus, and 4 other contributors
Assets 4
7.0.0-beta16
This release allows using @psalm-pure on classes, which will mark all methods as pure, and ban property declarations.
What's Changed
Features
Fixes
Full Changelog: 7.0.0-beta15...7.0.0-beta16
Contributors
danog
Assets 4
7.0.0-beta15
This release features a major refactoring of Psalm's mutability inference system.
This release will likely be followed by a stable release.
The new automated mutability (pure, mutation free, externally mutation free, impure) attribute fixes that will be proposed by Psalm, when applied, will improve Psalm's type inference and especially security analysis, as pure functions are automatically specialized by Psalm, killing false positives during security analysis.
Now, Psalm will always analyze and emit MissingPureAnnotation and MissingImmutableAnnotation issues for all functions, methods and classes that can be marked with one of the following attributes (which can be automatically added by running Psalm with --alter --issues=MissingPureAnnotation,MissingImmutableAnnotation).
For functions and methods, MissingPureAnnotation will be emitted, automatically adding the following annotations:
@psalm-pure» - Indicates that the function or method is pure, one whose output is just a function of its input (no mutations or even read property accesses allowed).@psalm-mutation-free» - Used to annotate a class method that does not mutate state, either internally or externally of the class's scope (only internal property reads on$thisare allowed for methods)@psalm-external-mutation-free» - Used to annotate a class method that does not mutate state externally of the class's scope (internal property reads and writes on$thisandselfare allowed for methods)@psalm-impure» - A new annotation, equivalent to the default mutability level of functions and methods (all mutations allowed): Psalm will require the explicit annotation of only abstract methods with this or any of the above annotations through a separate, non-autofixableMissingAbstractPureAnnotationissue, to improve mutability inference for implementors of an interface (though it can be used on all functions and methods as well).
For classes, MissingImmutableAnnotation will be emitted, automatically adding the following annotations:
@psalm-immutable» - Used to annotate a class where every property is treated by consumers as@psalm-readonlyand every instance method is treated as@psalm-mutation-free.@psalm-external-mutation-free» - Used to annotate a class where every instance method is treated as@psalm-external-mutation-free.@psalm-mutable» - A new annotation, used to annotate a class where at least one property is mutable: this is the default behavior, but it can be explicitly marked for clarity: Psalm will require the explicit annotation of only interfaces with this or any of the above annotations through a separate, non-autofixableMissingInterfaceImmutableAnnotationissue, to improve mutability inference for implementors of an interface (though it can be used on all classes and interfaces as well).
New types
For situations where the callable or Closure needs to be pure, mutation-free or externally mutation-free, the following subtypes are available:
- Pure (no mutations or even read property accesses allowed), equivalent to marking functions or methods with
@psalm-purepure-callablepure-Closure
- Mutation-free (only internal property reads on
$thisare allowed for methods), equivalent to marking functions or methods with@psalm-mutation-freeself-accessing-callableself-accessing-Closure
- Externally mutation-free (internal property reads and writes on
$thisandselfare allowed for methods), equivalent to marking functions or methods with@psalm-external-mutation-freeself-mutating-callableself-mutating-Closure
- Impure (the default behavior, all mutations allowed); functions or methods can also be explicitly marked as impure with
@psalm-impureimpure-callable(an alias tocallable)impure-Closure(an alias toClosure)
This can be useful when the callable is used in a function marked with @psalm-pure or @psalm-mutation-free or @psalm-external-mutation-free.
What's Changed
Features
- Mutation refactoring, always emit MissingPureAnnotation and MissingImmutableAnnotation issues by @danog in #11630
- Global variables are impure like static variables by @kkmuffme in #11659
Fixes
Full Changelog: 6.15.1...7.0.0-beta15
Contributors
danog and kkmuffme
Assets 4
6.15.1
Contributors
Jean85
Assets 4
6.15.0
Note: GPG signatures for older releases will be regenerated shortly using the new 99BF4D9A33D65E1E key, since the old one expired.
What's Changed
Features
- Support PHP 8.4 interface property hooks by @adamaveray in #11569
Fixes
- Improve performance of getIssueTrace by @danog in #11629
- Minor property hook improvements by @danog in #11657
- Fix GPG signing key by @danog in #11658
Other changes
New Contributors
- @adamaveray made their first contribution in #11569
- @sukei made their first contribution in #11591
Full Changelog: 6.14.3...6.15.0
Contributors
sukei, adamaveray, and danog
Assets 4
7.0.0-beta14
What's Changed
Features
- More detailed progress for taint graph resolution by @danog in #11349
- Huge performance improvements for taint analysis by @danog in #11342
- Show progress when merging thread results by @danog in #11374
- Combined analysis by @danog in #11384
- Always run taint analysis by default by @danog in #11399
Fixes
- Fix assertions with empty lists by @danog in #11312
- Allow concatenation between (string|int) and similar types by @haas-dtv in #11364
- Fix conditional taints by @danog in #11628
Docs
- Update configuration.md: Adding
--config=cli parameter by @ThomasLandauer in #11332
Other changes
- Tweak concurrency by @danog in #11361
- Fix paratest runs with default PHP unlike all other scripts by @kkmuffme in #11441
Full Changelog: 6.14.3...7.0.0-beta14
Contributors
ThomasLandauer, danog, and 2 other contributors