-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-1ebe68832c 2020-07-30 17:50:12.727357 --------------------------------------------------------------------------------
Name : phan Product : Fedora 32 Version : 3.1.0 Release : 1.fc32 URL : https://github.com/phan/phan Summary : A static analyzer for PHP Description : Phan is a static analyzer that looks for common issues and will verify type compatibility on various operations when type information is available or can be deduced. Phan does not make any serious attempt to understand flow control and narrow types based on conditionals. -------------------------------------------------------------------------------- Update Information: Jul 16 2020, **Phan 3.1.0** **New features (CLI, Config):** + Add `--output- mode=verbose` to print the line of code which caused the issue to be emitted after the textual issue output. This is only emitted if the line is not whitespace, could be read, and does not exceed the config setting `max_verbose_snippet_length`. + Add `included_extension_subset` to limit Phan to using the reflection information to a subset of available extensions. (#4015) This can be used to make Phan warn about using constants/functions/classes that are not in the target environment or dependency list of a given PHP project/library. Note that this may cause issues if a class from an extension in this list depends on classes from another extension that is outside of this list. **New features (Analysis):** + Don't emit `PhanTypeInvalidLeftOperandOfBitwiseOp` and other binary operation warnings for `mixed` + Emit `PhanIncompatibleRealPropertyType` when real property types are incompatible (#4016) + Change the way `PhanIncompatibleCompositionProp` is checked for. (#4024) Only emit it when the property was redeclared in an inherited trait. + Emit `PhanProvidingUnusedParameter` when passing an argument to a function with an optional parameter named `$unused*` or `$_`. (#4026) This can also be suppressed on the functionlike's declaration, and should be suppressed if this does not match the project's parameter naming. This is limited to functions with no overrides. + Emit `PhanParamTooFewInPHPDoc` when a parameter that is marked with `@phan-mandatory-param` is not passed in. (#4026) This is useful when needing to preserve method signature compatibility in a method override, or when a parameter will become mandatory in a future backwards incompatible release of a project. + Emit `PhanTypeMismatchArgumentProbablyReal` instead of `PhanTypeMismatchArgument` when the inferred real type of an argument has nothing in common with the phpdoc type of a user-defined function/method. This is usually a stronger indicator that the phpdoc parameter type is inaccurate/incomplete or the argument is incorrect. (Overall, fixing phpdoc errors may help ensure compatibility long-term if the library/framework being used moves to real types (e.g. php 8.0 union types) in the future.) Note that Phan provides many ways to suppress issues (including the `--save- baseline=.phan/baseline.php` and `--load-baseline=.phan/baseline.php` functionality) in case the switch to `ProbablyReal` introduces too many new issues in your codebase.** (The new `ProbablyReal` issues are more severe than the original issue types. When they're suppressed, the original less severe issue types will also be suppressed) + Emit `PhanTypeMismatchReturnProbablyReal` instead of `PhanTypeMismatchReturn` when the inferred real return type has nothing in common with the declared phpdoc return type of a user-defined function/method. (#4028) + Emit `PhanTypeMismatchPropertyProbablyReal` instead of `PhanTypeMismatchProperty` when the inferred assigned property type has nothing in common with a property's declared phpdoc type. (#4029) + Emit `PhanTypeMismatchArgumentInternalProbablyReal` instead of `PhanTypeMismatchArgumentInternal` in a few more cases. + Be stricter about checking if callables/closures have anything in common with other types. + Preserve more specific phpdoc types when the php 8.0 `mixed` type is part of the real type set. + Also emit `PhanPluginUseReturnValueNoopVoid` when a function/method's return type is implicitly void (#4049) + Support `@param MyType $name one line description @unused-param` to suppress warnings about individual unused method parameters. This is a new alias of `@phan-unused- param`. + Support analyzing [PHP 8.0's match expression](https://wiki.php.net/rfc/match_expression_v2). (#3970) **Plugins:** + Warn and skip checks instead of crashing when running `InlineHTMLPlugin` without the `tokenizer` extension installed. (#3998) + Support throwing `\Phan\PluginV3\UnloadablePluginException` instead of returning a plugin object in plugin files. + When a plugin registers for a method definition with `AnalyzeFunctionCallCapability`, automatically register the same closure for all classlikes using the same inherited definition of that method. (#4021) + Add `UnsafeCodePlugin` to warn about uses of `eval` or the backtick string shorthand for `shell_exec()`. + Add `DeprecateAliasPlugin` to mark known aliases such as `sizeof()` or `join()` as deprecated. Implement support for `--automatic-fix`. + Add `PHPDocInWrongCommentPlugin` to warn about using `/*` instead of `/**` with phpdoc annotations supported by Phan. **Miscellaneous** + Update more unit tests for php 8.0. + Emit a warning and load an extremely limited polyfill for `filter_var` to parse integers/floats if the `filter` extension is not loaded. **Bug Fixes:** + Make suppressions on trait methods/properties consistently apply to the inherited definitions from classes/traits using those traits. + Fix false positive where Phan would think that union types with real types containing `int` and other types had an impossible condition. Fix another false positive checking if `?A|?B` can cast to another union type. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 17 2020 Remi Collet <[email protected]> - 3.1.0-1 - update to 3.1.0 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-1ebe68832c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
