Various

My full contribution to the various projects.

php/php-src 65 contr. Session security hardening, BCMath performance, typed constants, rounding modes RFC, and various fixes across the core.

Commits 65

ref title
#22098 ext/session: add missing NEWS entries #22074 ext/session: reject null bytes in session.cookie_path, session.cookie_domain, session.cache_limiter #22072 ext/intl: Fix merge conflict markers in spoofchecker_arginfo.h #21939 refactor: remove dead condition in session.c #21938 ext/session: secure session configuration defaults (RFC) #21761 docs: add ValueError message wording conventions to CODING_STANDARDS #21704 ext/session: fix cookie_lifetime overflow #21670 ext/session: Validate SameSite cookie attribute against allowed values #21491 ext/session: add recursive session cleanup for dirname > 0 #21171 ci: add fork protection on workflow verify-bundled-files #21157 ci: remove PHP8.1 from push.yml triggers #21087 test: improve the tests for in_array #21012 chore: improve error message when passing named parameter for variadic #19663 mbstring: move mb_internal_encoding to INI section #19552 remove safe_mode leftovers #19517 ci: update codecov-action to v5 #18525 ext/hash: tests for md5 and sha1 compatibility #18518 ext/standard/md5: Improve types #18514 Add macos 15 to push GH action #18017 remove wrappers in session ext #17437 zend_hrtime: Fix build for macOS without clock_gettime_nsec_np() #16894 Remove wrapping comments in ext/skeleton #16080 Remove unused headers from link.c #15790 ext/bcmath: bcpow() performance improvement #15647 ext/standard: validate mode in array_filter() #15448 Add type indicator to array/arg unpack #15338 session_create_id - error message for large prefix #15337 session.save_handler - add two uncovered cases #15286 ValueError on null byte in session_name() #15284 fix: disable negative values for session GC probability and divisor #14958 Update fuzzer parser dict for property hooks words #14728 Check session_create_id() input for null byte #14536 random: Remove redundant assignments in php_random_rangeX() #14316 Fix undefined flags in base64 #13799 Add test for session_start with read_and_close option #13796 Remove impossible paths from session_decode and session_encode #13410 Remove HAVE_INET_PTON #13408 Add entry on return type of long2ip to NEWS #13395 Change long2ip return type #13359 remove debug.c file from bcmath ext #13235 GH-13142: add missing test cases #13192 Enable xdebug extension again in nightly #13160 add missing keywords to parser fuzzer dict from PHP 7.4 to 8.3 #13068 Improve preg_* functions warnings for NUL byte #13064 Fix value passed to show_start in run-test.php script #13010 Add case 0.0 to the test runtime_compile_time_binary_operands.phpt #13005 Improve pow function tests #12989 RFC: Deprecate date constant RFC7231 #12978 RFC: Deprecate date_sunrise and date_sunset constants #12729 Add milliseconds to the test time output #12379 Typed constants in sqlite extension #12378 Typed constants in reflection extension #12362 Typed constants in PDO extension #12361 Typed constants in date extension #12360 Typed constants in Intl extension #12358 Typed constants in SPL extension #12056 RFC: Add 4 new rounding modes to round() function #12049 Fix round() tests for different modes #11996 Tests improvement for round() modes #11896 BCmath extension code reformatting #11798 Fix GH-11761: Bcmath numbers with trailing zeros #11683 refactor: Reorder list construction in php_intpow10 #11563 Extend tests of bcmath extension #9685 Remove unnecessary usage of CONST_CS #9658 Use function HT_IS_PACKED where it's missing
glayzzle/php-parser 39 contr. PHP 8.4 property hooks, asymmetric visibility, precedence fixes, AST location corrections, and CVE-2024-57071.

Commits 39

ref title
#1272 fix: clone operator precedence #1271 fix: default read visibility to public for shorthand asymmetric syntax #1242 fix: correct location for variadicplaceholder nodes #1236 fix: correct unary minus/plus/tilde precedence #1235 refactor: use explicit T_ATTRIBUTE guard in read_interface_body #1234 fix: raise SyntaxError for final class constants before PHP 8.1 #1233 refactor: remove dead code #1231 fix: pass attrs to trait declarations and support attributes on enum cases #1230 fix: trait alias with no visibility and no alias now raises an error #1229 fix: arrow function version guard never fired due to operator precedence #1225 fix: correct loc.start for classconstant and propertystatement with attributes #1224 fix: throw SyntaxError for invalid modifiers on class constants #1223 fix: throw SyntaxError on leading separator in read_list #1219 feat: asymmetric visibility support (PHP 8.4+) #1218 fix: noop location #1217 fix: attribute location #1216 fix: dnf types #1215 fix: multiple static lookup #1214 fix: class constant location #1213 fix: nullsafe operator location #1211 fix: semicolon-style namespaces incorrectly nested instead of siblings #1210 test: add regression coverage for static property with nullable type #1209 fix: attach doc comments to inner nodes in short-form if/elseif/else #1208 fix: invalid location for union types #1207 fix: precedence of instanceof was wrong #1204 feat: property hooks (PHP 8.4) #1203 test: ignore eslint warnings about assertions #1202 fix: property lookup by reference #1201 chore: improve tests without assertions #1200 update yarn #1197 fix: support readonly modifier before visibility in class properties #1196 fix: resolve property chains in new expression class name #1195 fix: prevent crash when suppressErrors and withPositions are both enabled #1194 fix: CVE-2024-57071 #1193 fix: new line in heredoc #1188 test: inlined comments between parameters #1187 build: update dependencies #1186 fix: invalid properties annotations in ast classes #1172 feat: runtime class static keyword
prettier/plugin-php 7 contr. Parenthesization fixes, bitwise operator detection, and php-parser 3.4 support.

Commits 7

ref title
#2469 ci: drop node 18 from CI #2466 fix: yield from parenthesis #2464 fix: correct silence typo to silent #2463 fix: don't parenthesize assign inside static variable declaration #2461 fix: correct parts.unshift() to parts.shift() in isSimpleCallArgument #2460 fix: detect >> and << in isBitwiseOperator #2459 feat: support php-parser 3.4.0 (pipe operator and readonly anonymous classes)
vimeo/psalm 6 contr. PHP 8.5 deprecation fixes, session function type specs, and a default-baseline feature.

Commits 6

ref title
#11599 fix: deprecated null offset #11596 ci: add nikic/php-parser deprecations to Psalm baseline #11541 fix: deprecations for PHP 8.5 #10859 Specify array return type of session_get_cookie_params #10696 feat: Default baseline file #10593 Baseline update
composer/composer 6 contr. Performance improvements in dependency-resolution hot paths.

Commits 6

ref title
#12861 perf: early returns in for loops in Problem.php #12860 perf: early return instead of full array_filter run #12764 Enforce allow-plugins in non-interactive mode for pre-2.2 lock file #12505 fix: deprecation of curl_close in CurlDownloader.php 2bcbfc3 Fix credentials persisting in git mirror .git/config after clone or failed update 5e71d77 Fix usage of insecure 3DES cipher suites when curl is disabled reported through security process
phpstan/phpstan 1 contr. Documentation for PHPDoc types.

Commits 1

ref title
#8826 Update phpdoc-types.md
rectorphp/rector-src 4 contr. Unused import removal fixes for different letter casing and a PHP 8.4 RoundingMode enum rule.

Commits 4

ref title
#6376 [UnusedImport] Fix removing multiple uses #6369 [Php84] Add rule for RoundingMode enum #6362 [UnusedImport] Different letter case for classes + optimization #6350 Fix UnusedImportRemovingPostRector for different letter case
rectorphp/rector-downgrade-php 1 contr. Downgrade rule for the PHP 8.4 RoundingMode enum.

Commits 1

ref title
#260 [DowngradePhp84] Downgrade RoundingMode enum
nikic/PHP-Parser 5 contr. Unreachable statement fix, PHPUnit 10 compatibility, and void return type additions.

Commits 5

ref title
#1042 fix: remove unreachable statement #1040 update target.php to new PHP-Parser version #1000 Update actions/checkout to v4 #998 Adjust tests to PHPUnit 10 #997 Add missing void return types
php/doc-en 7 contr. Session configuration docs, number_format rounding note, array_change_key_case correction, and PHP 8.4/8.5 version bumps.

Commits 7

ref title
#3657 Update invalid values of session gc ini settings #3650 Maximum length of prefix in session_create_id #2538 Add used rounding rule into the description of number_format #1879 Outdated information about warning of array_change_key_case #1161 8.4: Changed announced version to 8.4 from 8.4.0 #890 Updated examples of casting to boolean #64 Bump max version to PHP 8.5
beluga-php/docker-php 3 contr. PHP 8.4 explicit nullable params and PHP 8.5 CI support.

Commits 3

ref title
#111 ci: update symfony dependencies #110 ci: support PHP 8.5 in CI #92 set explicit nullable parameters for PHP 8.4
redhat-developer/lsp4ij 1 contr. Added php-lsp to the JetBrains LSP4IJ server registry.

Commits 1

ref title
#1471 fix: add no-op for workspace/inlineValue/refresh to prevent UnsupportedOperationException
Piebald-AI/claude-code-lsps 1 contr. Added php-lsp to the Claude Code LSP server registry.

Commits 1

ref title
#64 feat: add php-lsp — Rust-based PHP language server
thecodingmachine/graphqlite 1 contr. Symfony 8 dependency updates.

Commits 1

ref title
#770 chore: symfony 8 dependencies
webonyx/graphql-php 1 contr. PHP 8.4 compatibility bump for thecodingmachine/safe dependency.

Commits 1

ref title
#1684 chore(deps): bump thecodingmachine/safe for PHP 8.4
php-zookeeper/php-zookeeper 1 contr. Extended max supported version to PHP 8.5.

Commits 1

ref title
#64 Bump max version to PHP 8.5