Bump spaze/phpstan-disallowed-calls from 4.2.1 to 4.3.0

[dependabot]

Bumps spaze/phpstan-disallowed-calls from 4.2.1 to 4.3.0.

Release notes

Sourced from spaze/phpstan-disallowed-calls's releases.

Re-allow in class with/by attributes

This release has been sponsored by @​ticketswap & @​ruudk, thank you 🍰

Re-allow in class with/by attributes (#296, #298)

So far, when you wanted to re-allow a disallowed function or a method, or specifically disallow them, you could use:

• an allowIn path to specify a path or a filename where the function or method could be called without generating an error
• or allowInMethods (or the allowInFunctions alias) to specify functions and methods in which the disallowed function would be allowed
• you could also use the companion directives disallowIn or disallowInMethods (or the allowExceptIn[...] aliases) if you wanted to list paths or methods in which the call is explicitly disallowed

Starting with this release, you can use attributes to sort of mark functions and methods in which the disallowed call would be allowed (or explicitly disallowed):

• use allowInClassWithAttributes to allow for example a method in a class that has a specified class attribute
• use allowInMethodsWithAttributes (or the disallowInFunctionsWithAttributes alias) to allow the call in methods (or function) with the given method attribute (or a function attribute)
• use allowInClassWithMethodAttributes to allow a call in a class where any method has the attribute, where "any method" includes any other method as well, static or not, public, private, or protected
• you can also use the disallowIn[...] counterparts (with allowExceptIn[...] aliases) to specify only classes and methods in which the call should be disallowed

This allows you to create rules that do not depend on paths or method names, and can be useful if you're working with frameworks or libs that already use attributes. You can specify multiple items in the directives above and only one of them needs to match (it's not an AND list, more like OR list) and they all support fnmatch patterns.

Other minor changes

• More callable param tests for a bugfix in the previous release (#295)
• Call fnmatch less often only when needed (#297)
• Tweak attribute example in the disallowedAttributes docs (#299, thanks @​ruudk)

---

You too can sponsor a release or buy me a 🍻 or a 🍰, thanks!

Commits

• ea3d1ea Tweak attribute example (#299)
• 28813a1 Tweak attribute example
• e805d45 Document and test that allowInClassWithMethodAttributes means any method in...
• 39a1f1f Document and test that allowInClassWithMethodAttributes means any method incl...
• 1761c31 Call fnmatch less often only when needed (#297)
• 1d9d5e8 Call fnmatch less often only when needed, and also in one place only.
• f74c087 Re-allow in class with attributes (#296)
• 1d65ba3 Figured out at least some way to get function attributes
• a55fe9e Allow or disallow an item in methods with attributes
• 1a66e61 Make the isAllowed() method a bit shorter
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)