Add phpinfo() to dangerous calls config

[spaze]

Add phpinfo() to dangerous calls config (#255)

See

• https://www.michalspacek.com/stealing-session-ids-with-phpinfo-and-how-to-stop-it
• or https://www.michalspacek.cz/kradeni-session-id-pomoci-phpinfo-a-jak-tomu-zabranit (in Czech)

for reasons why (phpinfo() echoes cookie values like the session id, which may then be stolen with XSS for example, bypassing HttpOnly cookie flag), and use https://github.com/spaze/phpinfo instead of just calling phpinfo().

Internal changes

• It's already a list, no need to call array_values() (It's already a list, no need to call array_values() #253, this is a new bleeding edge rule added in PHPStan 1.10.59)
• Update dev dependencies (Update dev dependencies #254)

---

This discussion was created from the release Add phpinfo() to dangerous calls config.