Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #56 +/- ##
============================================
+ Coverage 92.80% 93.11% +0.30%
Complexity 382 382
============================================
Files 6 6
Lines 987 987
============================================
+ Hits 916 919 +3
+ Misses 71 68 -3 🚀 New features to boost your workflow:
|
mmucklo
force-pushed
the
quality/psalm
branch
4 times, most recently
from
6441c31 to
4a1b302
Compare
Psalm level 3 with a 66-entry baseline. All findings are either false positives (PossiblyUnusedMethod for public API methods Psalm can't see callers for), duplicates of existing PHPStan baseline entries (TypeDoesNotContainType, RedundantCondition for state-machine tautologies), or already-handled edge cases (mb_regex_encoding return type). Found no genuinely new bugs that PHPStan level 8 missed. Value is as a cross-check: new code that triggers a Psalm error outside the baseline will surface during review even if PHPStan doesn't flag it. Also dismisses Dependabot alert #1 (PHPUnit GHSA-qrr6-mg7r-m243) as tolerable risk: dev-only dependency, vulnerability requires process isolation mode which we don't use, fix requires PHP 8.3+ which would drop our 8.1/8.2 support, no backport to PHPUnit 9.x. New: composer psalm script, psalm.xml config, psalm-baseline.xml. ROADMAP: Psalm item flipped to [x].
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds Psalm level 3 as a secondary static-analysis tool alongside PHPStan level 8. Both are now green.
Findings
Psalm found no genuinely new bugs that PHPStan level 8 missed. All 66 baseline entries are:
src/, not test callersbuildEmailAddressArray()initializes all keysstr_replacereturn on typed-string input; false positivemb_regex_encoding($origEncoding)type — already guardedValue: cross-check safety net. New code that triggers a Psalm error outside the baseline will surface during review even if PHPStan doesn't flag it.
Also
Dependabot alert #1 (PHPUnit GHSA-qrr6-mg7r-m243) dismissed as tolerable risk: dev-only dependency, vulnerability requires process-isolation mode which we don't use, fix requires PHP 8.3+ which would drop our 8.1/8.2 support.
New files
psalm.xml— level 3, scanssrc/psalm-baseline.xml— 66 entriescomposer psalmscriptTest plan
composer cipasses (84 tests / 3,271 assertions)composer psalmpasses with zero errors above baselinecomposer stanstill passes at level 8