Psalm v4.2.0 Release Notes
Release Date: 2020-11-20 // over 3 years ago-
๐ Security analysis
๐ Support for sending analysis GitHub Security
Thanks to @LukasReschke, Psalm can now output its results in a format compatible with GitHub's Code Scanning feature (#4582)
๐ More specific output for security issues
๐ Psalm now separates out different security issues it finds, with code snippets that reproduce the issue e.g. TaintedHtml and TaintedUnserialize
๐ Bugfixes
Inheritance for docblock return and param types
This ticket โ #4537 โ revealed a slight issue with Psalm's automatic inheritance of docblock param and return types.
Psalm will now only inherit docblock parameter and return types from a single docblock, which means you can't define param types in one parent class method and return types in another. It's a relatively minor change, but it might break some code.
๐ Other bugfixes
- ๐ Security Analysis: @LukasReschke made a lot of improvements to Psalm's taint analysis (#4554, #4572, #4576, #4592, #4604, #4630)
- @pilif improved the
mb_strtolower
return type (#4469) - ๐ perform better inference for literal int division (#2132)
- ๐ fix bugs caused by around
ReflectionProperty
stub not implementingReflector
(#4481) - ๐ better error message for
PossiblyInvalidArrayOffset
(#4479) - ๐ support assertions in
new
calls (#4491) - ๐ fix type inference when unpacking typed iterables (#4487)
- @orklah added some undocumented properties to
SoapFault
(#4510) - ๐ @wouterj added support for reflecting builtin PHP union types (#4505)
- autoloaded constants set in
define
are now inferred asmixed
(#4509) - prevent crash with empty match expression (#4519)
- treat
exit
expressions as the empty type (#4516) - track type contradiction issues in match expressions (#4517)
- remember assignments when descending into property use (#4522)
- ๐ @adrienlucas added support for proxying functions for taint analysis (#4495)
- ๐ improve template param inference (#4485, #4524, #4545)
- fix property initialisation checks when parent::__construct refers to grandparent class (#4540)
- ๐ allow better
get_class
inference insidematch
expressions (#4544) - mark closure uses as UnusedVariable where possible (#4547)
- โ prevent false-positive warning about calling
unset
on array with key (#4529) - @orklah added a check for accessing an array with a negative int offset (#4552)
- ๐ @thomasvargiu fixed a bug intersecting with templated types (#4560)
- ๐ @duskwuff added support for passing named arguments to functions that use variadic params (#4575)
- โ added a more specific return type for
substr
in PHP 8 (#4580) - @BenMorel improved
mysqli
property types and aDateTimeInterface
signature (#4577, #4579) - @mstilkerich added a more accurate stub for
preg_filter
(#4587) - ๐ improved a lot of tainting (#4599, #4605)
- prevent negative line numbers in output (#4600)
- prevent string literals from carrying taints (#4620)
- improve inference of
array_key_exists
when the first arg is a variable (#4626) - โก๏ธ @orklah improved return type updating when returning
$this
orstatic
(#4632)