definedIn filter also works for `new Class`

Fixes
The definedIn filter added in 2.15.0 now also works correctly and as expected for new Class() statements (#203, thanks @BackEndTea)

Internal changes

• The newest coding standard is required no changes were needed (#202)
• Load all library files automatically in tests, otherwise class reflection doesn't class-reflect (#204)

New definedIn & exclude directives to limit selection

Can exclude some attributes, calls, namespaces (#197, #199)

Handy when you disallow items with wildcards but there's this one thing you'd like to leave out.

parameters:
    disallowedFunctionCalls:
        -
            function: 'pcntl_*()'
            exclude:
                - 'pcntl_foo*()'

exclude can be a string or an array/list of strings. Currently works for attributes, function & method calls, namespaces.

Add definedIn?:string|list<string> config option (#198, #200)

To further specify/limit files where the function or method should be defined to be disallowed.

parameters:
    disallowedFunctionCalls:
        -
            function: '*'
            definedIn:
                - 'vendor/foo/bar'
    disallowedMethodCalls:
        -
            method: '*'
            definedIn:
                - 'vendor/foo/bar'

definedIn can also be string or a list/array of strings. Currently works for function and method calls only. You may also need to set filesRootDir, see the README.

Internal changes

• Internal naming cleanup (#195)
• Require symfony/polyfill-php80 for dev/tests because some tests use str_starts_with() (#196)

Disallowing attributes with named params will work now

Re-allowing disallowed attributes didn't work properly when attributes parameters were involved. This release fixes it (#190, thanks @ruudk)

The disallowed attributes feature was added in v2.13.0 and was sponsored by @ruudk @TicketSwap, thank you!

Support constants on class-string<Foo>

Release 2.14.0 has introduced a regression (#189) and has been replaced with 2.14.1. Original release notes follow:

• Support $foo::BAR where $foo is declared as class-string<Foo>, this partly fixes a very old issue (#186, thanks @eithed)

Internal change:

• Leading namespace separator is now removed consistently in one place (\Name\Space → Name\Space) (#187)

Can disallow attributes

Can disallow attributes (#183)

This feature was sponsored by @ruudk @TicketSwap, thank you!

Can even re-allow them back with a config similar to re-allowing method calls (with allowIn, allowParamsAnywhereAnyValue, allowInMethods etc.).

This may be most useful in the following cases:

1. You don't want to use some attributes in your project for whatever reason you may have
2. You want to use attributes but only with some parameters specified, for example you'd like all Doctrine\ORM\Mapping\Entity attributes to have repositoryClass specified
3. You want an attribute to be used only in some class

Attributes are available starting with PHP 8.0.

Smaller changes

• Update dev dependencies, support PHPUnit 10 (#181)

I've also added a sponsorship button so you can buy me a ☕ or a 🍺 if this extension helps you in any way (#182)

Arrays in param configs officially not supported

• Arrays in param configs (allowParam*, allowExceptParam* etc.) not supported at the moment (#177, #165 thanks @mad-briller)

They never were and now it's official. It means that you can't for example allow a method call when a parameter ($message in the case below) would be an array:

parameters:
    disallowedMethodCalls:
        -
            method: 'Logger::log()'
            allowParamsAnywhere:
                -
                    position: 1
                    name: 'message'
                    value: ['foo', 'bar']

This would mean that Logger::log() would be allowed only when it would be called like Logger::log(['foo', 'bar']). And allowing that is not supported at the moment, only scalar values may be used in value:. It may change in the future though.

Also some internal changes too tiny to even list here:

• Use fully-qualified function name in tests (6bb5575)
• Function and method can also be a list, a docblock change only (240e6e7)
• Formatting multiple calls to look like {Foo,Bar,Baz}::call() is done in one place only (d598c89)

Require PHPStan 1.10

PHPStan 1.10 has deprecated using instanceof *Type for many Type interface implementations, some of which were also used by this extension. I have refactored the code so the instanceof checks are not used.

As a result of this:

1. You may find some of the errors are now more precise which was also the case in one of the extension's own tests
2. The newly released PHPStan 1.10 is now required

There are some other internal changes, too, but that's it.

What's Changed

• Remove helper classes #173
• Use the same types in phpdoc as what the method signature says #175
• Remove instanceof *Type #174

Better Windows support

This release adds better Microsoft Windows support. Some extension functionality ("allow calls in") didn't work properly until now.

• It all started with Disable backslash escaping in "is allowed" helper (#169, thanks @mnastalski)
• Then I Make tests pass on Windows™ too #170
• And then I made an internal-only change Correct allow path in tests #171

Correctly process disallowed params

• Correctly process non-scalar params like func($property . 'string') which would be marked as disallowed even when they weren't (regression introduced in 2.11.3) (#167)

Union types in params

• Support union types in params so you can disallow foo param value and it will be found in param types like 'foo'|'bar' (#163)

Internal:

• Add tests to ensure params with class-strings (Foo::class) are supported (#161, thanks @ruudk also for the Blade-related chuckle)
• The Git default branch has been renamed from master to main