From afedfeba7c68914af6e6ecd38005c43a572b3741 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Aug 2025 17:59:44 +0000 Subject: [PATCH 1/3] Bump actions/checkout from 4 to 5 in the all-actions group Bumps the all-actions group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 4 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/documentation.yml | 2 +- .github/workflows/php.yml | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index a9e3c51..41ea815 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -19,7 +19,7 @@ jobs: runs-on: [ubuntu-latest] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Lint markdown files uses: nosborn/github-action-markdown-cli@v3 diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml index be154bc..0acb8bf 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/php.yml @@ -19,7 +19,7 @@ jobs: runs-on: ['ubuntu-latest'] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: # super-linter needs the full git history to get the # list of files that changed across commits @@ -59,7 +59,7 @@ jobs: - name: Setup problem matchers for PHP run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Get composer cache directory run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV" @@ -124,7 +124,7 @@ jobs: - name: Setup problem matchers for PHP run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Get composer cache directory run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV" @@ -180,7 +180,7 @@ jobs: git config --global core.autocrlf false git config --global core.eol lf - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Get composer cache directory run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV" @@ -242,7 +242,7 @@ jobs: git config --global core.autocrlf false git config --global core.eol lf - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Get composer cache directory run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$env:GITHUB_ENV" @@ -265,7 +265,7 @@ jobs: runs-on: [ubuntu-latest] needs: [unit-tests-linux] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/download-artifact@v5 with: From eb504ea7bc442ff91aab0018939e3ec17b84ce3a Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Tue, 19 Aug 2025 23:10:07 +0200 Subject: [PATCH 2/3] Install zip-extension --- .github/workflows/php.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml index 0acb8bf..8cef077 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/php.yml @@ -226,7 +226,7 @@ jobs: uses: shivammathur/setup-php@v2 with: php-version: ${{ matrix.php-versions }} - extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml + extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml, zip tools: composer ini-values: error_reporting=E_ALL coverage: none From 37271f6c08e992777946ec6505c0917e3d6a6a56 Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Tue, 19 Aug 2025 23:14:54 +0200 Subject: [PATCH 3/3] Replace psalm with phpstan --- .github/workflows/php.yml | 21 ++++----------------- phpstan-dev.neon | 4 ++++ phpstan.neon | 4 ++++ psalm.xml | 31 ------------------------------- src/Auth/Process/Authorize.php | 12 ++++++------ src/Controller/Authorize.php | 4 ++-- 6 files changed, 20 insertions(+), 56 deletions(-) create mode 100644 phpstan-dev.neon create mode 100644 phpstan.neon delete mode 100644 psalm.xml diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml index 8cef077..5133714 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/php.yml @@ -86,26 +86,13 @@ jobs: - name: PHP Code Sniffer run: phpcs - - name: Psalm + - name: PHPStan run: | - psalm -c psalm.xml \ - --show-info=true \ - --shepherd \ - --php-version=${{ steps.setup-php.outputs.php-version }} + vendor/bin/phpstan analyze -c phpstan.neon - - name: Psalm (testsuite) + - name: PHPStan (testsuite) run: | - psalm -c psalm-dev.xml \ - --show-info=true \ - --shepherd \ - --php-version=${{ steps.setup-php.outputs.php-version }} - - - name: Psalter - run: | - psalm --alter \ - --issues=UnnecessaryVarAnnotation \ - --dry-run \ - --php-version=${{ steps.setup-php.outputs.php-version }} + vendor/bin/phpstan analyze -c phpstan-dev.neon security: name: Security checks diff --git a/phpstan-dev.neon b/phpstan-dev.neon new file mode 100644 index 0000000..09d9773 --- /dev/null +++ b/phpstan-dev.neon @@ -0,0 +1,4 @@ +parameters: + level: 5 + paths: + - tests diff --git a/phpstan.neon b/phpstan.neon new file mode 100644 index 0000000..db37782 --- /dev/null +++ b/phpstan.neon @@ -0,0 +1,4 @@ +parameters: + level: 6 + paths: + - src diff --git a/psalm.xml b/psalm.xml deleted file mode 100644 index cd7d69d..0000000 --- a/psalm.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/src/Auth/Process/Authorize.php b/src/Auth/Process/Authorize.php index 3fc05e3..e9366b2 100644 --- a/src/Auth/Process/Authorize.php +++ b/src/Auth/Process/Authorize.php @@ -47,7 +47,7 @@ class Authorize extends Auth\ProcessingFilter /** * Array of localised rejection messages * - * @var array + * @var string[] */ protected array $reject_msg = []; @@ -60,9 +60,9 @@ class Authorize extends Auth\ProcessingFilter /** * Array of valid users. Each element is a regular expression. You should - * user \ to escape special chars, like '.' etc. + * use \ to escape special chars, like '.' etc. * - * @param array + * @var array */ protected array $valid_attribute_values = []; @@ -82,7 +82,7 @@ class Authorize extends Auth\ProcessingFilter * Initialize this filter. * Validate configuration parameters. * - * @param array $config Configuration information about this filter. + * @param array $config Configuration information about this filter. * @param mixed $reserved For future use. */ public function __construct(array $config, $reserved) @@ -155,7 +155,7 @@ public function __construct(array $config, $reserved) /** * Apply filter to validate attributes. * - * @param array &$state The current request + * @param array &$state The current request */ public function process(array &$state): void { @@ -225,7 +225,7 @@ public function process(array &$state): void * thinking in case a "chained" ACL is needed, more complex * permission logic. * - * @param array $state + * @param array $state */ protected function unauthorized(array &$state): void { diff --git a/src/Controller/Authorize.php b/src/Controller/Authorize.php index d7e8785..026558d 100644 --- a/src/Controller/Authorize.php +++ b/src/Controller/Authorize.php @@ -51,7 +51,7 @@ public function forbidden(Request $request): Template throw new Error\BadRequest('Missing required StateId query parameter.'); } - /** @var array $state */ + /** @var array $state */ $state = Auth\State::loadState($stateId, 'authorize:Authorize'); $t = new Template($this->config, 'authorize:authorize_403.twig'); @@ -108,7 +108,7 @@ public function reauthenticate(Request $request): void if (!is_string($stateId)) { throw new Error\BadRequest('Missing required StateId query parameter.'); } - /** @var array $state */ + /** @var array $state */ $state = Auth\State::loadState($stateId, 'authorize:Authorize'); $authSource = $state['Source']['auth'];