vimeo/psalm 4.7.0

Better tracking of mixed issues

on PHP Packagist

Features

Better tracking of mixed issues

On level 1 Psalm now provides traces whenever mixed types occur in your code, to help you pinpoint where the mixed types were introduced. Here's an article that goes into more detail.

Some unused code is now a level 1 issue

Unused code detection breaks down into two main categories: function-scoped unused code (e.g. unused variables and unused closure params) and codebase-scoped (unused public methods, unused public properties).

Psalm has unused code detection for a long time, but it's always been opt-in. Now in version 4.7 all function-scoped unused code issues are emitted when using level 1, Psalm's strictest level.

This allows us to perform the aforementioned tracking of mixed types, because we're using the same underlying mechanism for both features. More importantly, it should also help you improve code quality, and avoid bugs.

Plugin hook for per-expression taint analysis

@mortenson has added a plugin that allows you to add and remove taint flows (#5398)

Error level XML autocompletion improvements

@weirdan made the XML config level more specific, allowing the value to be autocompleted in IDEs that understand the .xsd (#5476)

Add @psalm-ignore-var

Thanks to @sj-i you can now tell Psalm to ignore an inline @var type annotation with a @psalm-ignore-var tag (#5488)

Psalm level badges

If your project is open-source you can now show what Psalm level you use in a badge:

[![Psalm level](https://shepherd.dev/github/<username>/<repository>/level.svg?)](https://psalm.dev/)

This is the badge for Psalm's repository:

Make sure your build is sending appropriate data to Shepherd, the Psalm build data service:

vendor/bin/psalm --shepherd

Bugfixes

• @orklah improved the return type for json_encode when JSON_THROW_ON_ERROR is passed (#5417)
• @AndrolGenhald fixed major/minor version handling for composer packages (#5415)
• @AndrolGenhald fixed a number of array bugs (#5427, #5431, #5436, #5421)
• @AndrolGenhald added support for template property invariance (#5371)
• @weirdan fixed timezone identifier method/function signatures (#5443)
• @weirdan prevented a crash when accessing templates with array offsets (#5447)
• @yakimun fixed handling of unpacked arrays with string arguments (#5446)
• @AndrolGenhald improved handling of @no-named-arguments (#5455)
• Fixed a potential crash when calling __set explicitly with only one argument
• @azjezz pure functions are allowed to return no-return (#5461)
• @morozov improved signature for mysql_real_connect (#5464)
• @danog allowed string template params in concatenation (#5468)
• @danog improved posix_* function return types (#5469)
• Taint Analysis taints can now flow through array keys (#5470)
• @jni- improved analysis of intersections of classes with classes with magic methods (#5473)
• @morozov fixed OCI stubs in PHP 8 (#5478)
• reset and end now respect template unwrapping for nested templates (#5208)
• @weirdan prevented string subtypes subsuming class-string (#5497)