Problem/Motivation

mglaman/phpstan-drupal has a new release

Proposed resolution

  1. composer update mglaman/phpstan-drupal phpstan/extension-installer phpstan/phpstan phpstan/phpstan-deprecation-rules phpstan/phpstan-phpunit spaze/phpstan-disallowed-calls
  2. update manually the constraints to latest versions
  3. composer update --lock

Remaining tasks

User interface changes

Introduced terminology

API changes

Data model changes

Release notes snippet

CommentFileSizeAuthor
#25 3585555-nr-bot_08uw0y5t.txt1.21 KBneeds-review-queue-bot
#16 3585555-nr-bot_c6tw822e.txt11.73 KBneeds-review-queue-bot

Issue fork drupal-3585555

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

mondrake created an issue. See original summary.

mondrake opened merge request !15498

mondrake’s picture

mondrake
Location 🇮🇹
commented
Status: Active » Needs review
smustgrave’s picture

smustgrave commented
Status: Needs review » Reviewed & tested by the community

Seems straight forward enough

xjm’s picture

xjm
she/her
Primary language English
commented
Status: Reviewed & tested by the community » Needs review

Everything in this looks patch-safe except for the assertions about link items, which I assume were added to resolve a test failure or something?

Theoretically it's prod-safe, but it could disrupt CIs and etc. if someone has non-link-item things there (if that was possible before).

Clarification about that change with Re-TBC would be super. :)

mondrake’s picture

mondrake
Location 🇮🇹
commented

Honestly I did not mean this for a patch release, just for main for now. Then all dependencies will be bumped on a minor anyway, no?

I started this because the mglaman/phpstan-drupal release was including https://github.com/mglaman/phpstan-drupal/pull/926 and I was testing #[IgnoreDeprecations] with an argument - ending up in a branch that would fit with a MR.

Yes, the asserts are there to validate a type and avoid PHPStan reporting unknown var type.

In any case, both PHPStan and PHPStan-Drupal have released again since this issue was started, so it's probably worth rebase to latest.

mondrake’s picture

mondrake
Location 🇮🇹
commented

if someone has non-link-item things there (if that was possible before).

That's unlikely though because just below the ::buildUrl() method is called and that method has a native type describing the $item parameter,
https://git.drupalcode.org/project/drupal/-/blob/2f5f71dde7192dc50778cce..., so if anything else than a link item is passed we would have a type error thrown.

mondrake’s picture

mondrake
Location 🇮🇹
commented
Assigned: Unassigned » mondrake
Status: Needs review » Needs work

Let's bump again, and see if instead of assert we can use generics here to indicate the type of the values in the $items array.

mondrake’s picture

mondrake
Location 🇮🇹
commented
Status: Needs work » Needs review

Yes #8 worked.

mondrake’s picture

mondrake
Location 🇮🇹
commented
Assigned: mondrake » Unassigned
longwave’s picture

longwave
he/him
Primary language English
Location UK
commented
Status: Needs review » Needs work

2.1.52 is out which contains a larger than normal number of fixes: https://github.com/phpstan/phpstan/releases/tag/2.1.52

mondrake’s picture

mondrake
Location 🇮🇹
commented

#11 2.1.53 actually.

Bumped:
- Upgrading mglaman/phpstan-drupal (2.0.14 => 2.0.15)
- Upgrading phpstan/phpstan (2.1.51 => 2.1.53)
- Upgrading spaze/phpstan-disallowed-calls (v4.11.0 => v4.12.0)

I am afraid if we do not draw a line for the issue here, we are getting in a chase game as all these tools are releasing very frequently.

mondrake’s picture

mondrake
Location 🇮🇹
commented
Status: Needs work » Needs review
longwave’s picture

longwave
he/him
Primary language English
Location UK
commented
Status: Needs review » Needs work

I think we should fix Call to deprecated method allowsNull\\(\\) of class ReflectionParameter or this is going to spread to everything that uses AutowireTrait.

The fix is likely just

-      if ($parameter->allowsNull()) {
+      if ($parameter->getType()->allowsNull()) {
mondrake’s picture

mondrake
Location 🇮🇹
commented
Status: Needs work » Needs review

done #14

needs-review-queue-bot’s picture

needs-review-queue-bot commented
Status: Needs review » Needs work
StatusFileSize
new 3585555-nr-bot_c6tw822e.txt11.73 KB

The Needs Review Queue Bot tested this issue. It fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.

Consult the Drupal Contributor Guide to find step-by-step guides for working with issues.

mondrake’s picture

mondrake
Location 🇮🇹
commented
Status: Needs work » Needs review

Bumped:
- Upgrading phpstan/phpstan (2.1.53 => 2.1.54)

smustgrave’s picture

smustgrave commented
Status: Needs review » Reviewed & tested by the community

Feedback for this one appears to be addressed

catch closed merge request !15498

  • catch committed bf070995 on main 
    task: #3585555 Bump PHPStan...
catch’s picture

catch
he/him
Primary language English
commented
Version: main » 11.x-dev
Status: Reviewed & tested by the community » Patch (to be ported)

Normally I'd commit this to main and mark it fixed, on the basis that 11.x/11.4 will eventually have an 'update dev dependencies' issue and it'll be caught there. But I think we will want to backport the AutowiredInstanceTrait and link changes to 11.x from here so we don't have to find and fix them again later.

mondrake opened merge request !15713

mondrake’s picture

mondrake
Location 🇮🇹
commented
Title: Bump PHPStan & friends to latest release » [backport] Bump PHPStan & friends to latest release

backport

mondrake’s picture

mondrake
Location 🇮🇹
commented
Status: Patch (to be ported) » Needs review
needs-review-queue-bot’s picture

needs-review-queue-bot commented
Status: Needs review » Needs work
StatusFileSize
new 3585555-nr-bot_08uw0y5t.txt1.21 KB

The Needs Review Queue Bot tested this issue. It fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.

Consult the Drupal Contributor Guide to find step-by-step guides for working with issues.

smustgrave’s picture

smustgrave commented
Status: Needs work » Reviewed & tested by the community
Issue tags: +no-needs-review-bot

Seems like a good backport

quietone’s picture

quietone commented
Title: [backport] Bump PHPStan & friends to latest release » Bump PHPStan & friends to latest release

  • xjm committed 5200a346 on 11.x 
    fix: #3585555 Bump PHPStan...
xjm’s picture

xjm
she/her
Primary language English
commented
Status: Reviewed & tested by the community » Fixed
Issue tags: +DrupalSouth 2026

I gave the 11.x backport a quick review, comparing it to the changes that have already been committed to main, and it all matches up aside from the new spaze/phpstan-disallowed-calls dependency in main.

Committed to 11.x. Thanks!

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

xjm closed merge request !15713

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.