Update dependency wp-coding-standards/wpcs to v3 #108
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
from
e21a7d0 to
9744d28
Compare
Contributor
Author
⚠ Artifact update problemRenovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below: File name: app/wp-content/themes/md-starter/composer.lock |
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
from
9744d28 to
3842ef4
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
from
3842ef4 to
63a2275
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
from
63a2275 to
b25238b
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
2 times, most recently
from
b8a5d78 to
c747cb6
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
from
c747cb6 to
fa25708
Compare
Contributor
Author
|
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
2 times, most recently
from
f14f750 to
5e22ffe
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
from
5e22ffe to
e8551c8
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
from
e8551c8 to
380b4d4
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
2 times, most recently
from
6176eb1 to
d6b0c86
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
from
d6b0c86 to
433da08
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
from
433da08 to
958112b
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
from
958112b to
d87fd88
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
from
d87fd88 to
b872117
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
from
b872117 to
d959e6a
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
from
d959e6a to
49431cb
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
2 times, most recently
from
02c13f9 to
fe6dab5
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
from
fe6dab5 to
2cce82d
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
2 times, most recently
from
1354fe1 to
d550c93
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
from
d550c93 to
89dcedf
Compare
renovate
bot
force-pushed
the
renovate/wp-coding-standards-wpcs-3.x
branch
from
89dcedf to
33e367e
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.3.0→3.3.0Release Notes
WordPress/WordPress-Coding-Standards (wp-coding-standards/wpcs)
v3.3.0Compare Source
Added
readonlyanonymous classes (PHP 8.3) to theWordPress.Security.EscapeOutputsniff. Props [@rodrigoprimo]. #2559WordPress.Security.EscapeOutputsniff. #2563Universal.Attributes.BracketSpacingandUniversal.Attributes.DisallowAttributeParentheses. #2646Changed
PHP_CodeSnifferversion to 3.13.4 (was 3.13.0). #2630PHPCSExtraversion to 1.5.0 (was 1.4.0). #2646minimum_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to6.6. #2656WordPress.DB.DirectDatabaseQuerywill now recognize more caching functions, like thewp_cache_*_multiple()functions as added in WordPress 6.0 and thewp_cache_*_salted()functions as added in WordPress 6.9. #2654WordPress.NamingConventions.PrefixAllGlobalshas been updated to recognize pluggable functions introduced in WP up to WP 6.9.0. #2652WordPress.WP.ClassNameCasehas been updated to recognize classes introduced in WP up to WP 6.9.0. #2652WordPress.WP.DeprecatedFunctionsnow detects functions deprecated in WordPress up to WP 6.9.0. #2652WordPress.WP.DeprecatedParametersnow detects parameters deprecated in WordPress up to WP 6.9.0. #2652WordPress.Security.ValidatedSanitizedInput: improved the clarity of the error message for theInputNotValidatederror code. Props [@rodrigoprimo]. #2642testVersionrecommendations for PHPCompatibility. Props [@johnjago]. #2471minimum_wp_versionandtestVersionrecommendations. #2608Deprecated
Removed
wp_kses_allowed_html()from the list of escaping functions. #2566This affects the
WordPress.Security.EscapeOutputsniff.Fixed
WordPress.DB.DirectDatabaseQuery: false positive when function call to caching functions did not use the canonical function name. Props [@rodrigoprimo]. #2613WordPress.DB.DirectDatabaseQuery: potential false negative when a class property or constant would mirror the name of one of the caching functions. Props [@rodrigoprimo]. #2615WordPress.DB.PreparedSQL: false positive for correctly escaped SQL snippets when the function call did not use the canonical function name. Props [@rodrigoprimo]. #2570WordPress.DB.PreparedSQLPlaceholders: improved handling of fully qualified calls to global functions. Props [@rodrigoprimo]. #2569WordPress.Security.EscapeOutput: expanded protection against false positives for*::class. Props [@rodrigoprimo]. #2605WordPress.Security.NonceVerification: false positive when nonce checking function call did not use the canonical function name. Props [@rodrigoprimo]. #2572WordPress.WP.EnqueuedResourceParameters: the sniff could cause a PHP 8.5 deprecation notice if the code under scan contained one of the deprecated type casts. #2573WordPress.WP.EnqueuedResourceParameters: improved recognition of non-lowercase and fully qualifiedtrue/false/nullwhen passed as the$verparameter value. Props [@rodrigoprimo]. #2630v3.2.0Compare Source
Added
WordPress.WP.GetMetaSinglesniff to theWordPress-Extraruleset. Props [@rodrigoprimo]! #2465This sniff warns when
get_*_meta()andget_metadata*()functions are used with the$meta_key/$keyparam, but without the$singleparameter as this could lead to unexpected behavior due to the different return types.WordPress-Extra: the following additional sniffs have been added to the ruleset:Generic.Strings.UnnecessaryHeredocandGeneric.WhiteSpace.HereNowdocIdentifierSpacing. #2534rest_sanitize_boolean()functions to the list of known "sanitizing" functions. Props [@westonruter]. #2530WordPress.DB.PreparedSQL(props [@jaymcp], #2454),WordPress.NamingConventions.ValidFunctionName(props [@richardkorthuis] and [@rodrigoprimo], #2452, #2531),WordPress.NamingConventions.ValidVariableName(props [@richardkorthuis], #2457),WordPress.PHP.DontExtract(props [@aiolachiara], #2456).This documentation can be exposed via the
PHP_CodeSniffer--generator=...command-line argument.Changed
PHP_CodeSnifferversion to 3.13.0 (was 3.9.0). #2532PHPCSUtilsversion to 1.1.0 (was 1.0.10). #2532PHPCSExtraversion to 1.4.0 (was 1.2.1). #2532AbstractFunctionParameterSniffwill now call a dedicatedprocess_first_class_callable()method for PHP 8.1+ first class callables. Props [@rodrigoprimo], [@jrfnl]. #2518, #2544By default, the method won't do anything, but individual sniffs extending the
AbstractFunctionParameterSniffclass can choose to implement the method to handle first class callables.Previously, first class callables were treated as a function call without parameters and would trigger the
process_no_parameters()method.WordPress.NamingConventions.PrefixAllGlobalssniff has been changed from 3 to 4 characters. Props [@davidperezgar]. #2479minimum_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to6.5. #2553WordPress.NamingConventions.ValidVariableNamenow allows for PHP 8.4 properties in interfaces. #2532WordPress.NamingConventions.PrefixAllGlobalshas been updated to recognize pluggable functions introduced in WP up to WP 6.8.1. #2537WordPress.WP.Capabilitieshas been updated to recognize new capabilities introduced in WP up to WP 6.8.1. #2537WordPress.WP.ClassNameCasehas been updated to recognize classes introduced in WP up to WP 6.8.1. #2537WordPress.WP.DeprecatedFunctionsnow detects functions deprecated in WordPress up to WP 6.8.1. #2537WordPress.WP.DeprecatedParametersnow detects parameters deprecated in WordPress up to WP 6.8.1. #2537WordPress.WP.DeprecatedParameterValuesnow detects parameter values deprecated in WordPress up to WP 6.8.1. #2537composer.lockfile. Thanks [@fredden]! #2443Deprecated
Removed
Generic.Functions.CallTimePassByReferencehas been removed from theWordPress-Extraruleset. Props [@rodrigoprimo]. #2536This sniff was dated anyway and deprecated in PHP_CodeSniffer. If you need to check if your code is PHP cross-version compatible, use the [PHPCompatibility] standard instead.
Fixed
AbstractClassRestrictionsSniffcould previously run into a PHPCSInternal.Exception, leading to fixes not being made. #2500AbstractFunctionParameterSniffwill now bow out more often when it is sure the code under scan is not calling the target function and during live coding, preventing false positives. Props [@rodrigoprimo]. #2518v3.1.0Compare Source
Added
Universal.PHP.LowercasePHPTagsniff.Generic.CodeAnalysis.RequireExplicitBooleanOperatorPrecedenceand theUniversal.CodeAnalysis.NoDoubleNegativesniffs.sanitize_locale_name()function to the list of known "escaping" functions. Props [@Chouby]sanitize_locale_name()function to the list of known "sanitize & unslash" functions. Props [@Chouby]Changed
PHP_CodeSnifferversion to 3.9.0 (was 3.7.2).PHPCSUtilsversion to 1.0.10 (was 1.0.8).PHPCSExtraversion to 1.2.1 (was 1.1.0).Please ensure you run
composer update wp-coding-standards/wpcs --with-dependenciesto benefit from these updates.usekeyword for closureusestatements will now consistently be checked. Props [@westonruter] for reporting.minimum_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to6.2.WordPress.NamingConventions.PrefixAllGlobalshas been updated to recognize pluggable functions introduced in WP 6.4 and 6.5.WordPress.NamingConventions.ValidPostTypeSlughas been updated to recognize reserved post types introduced in WP 6.4 and 6.5.WordPress.WP.ClassNameCasehas been updated to recognize classes introduced in WP 6.4 and 6.5.WordPress.WP.DeprecatedClassesnow detects classes deprecated in WordPress up to WP 6.5.WordPress.WP.DeprecatedFunctionsnow detects functions deprecated in WordPress up to WP 6.5.IsUnitTestTraitwill now recognize classes which extend the new WP CoreWP_Font_Face_UnitTestCaseclass as test classes.Fixed
WordPress.WP.PostsPerPagecould potentially result in anInternal.Exceptionwhen encountering a query string which doesn't include the value forposts_per_pagein the query string. Props [@anomiex] for reporting.v3.0.1Compare Source
Added
WordPress.Security.EscapeOutputsniff was updated to report unescaped message parameters passed to exceptions created inthrowstatements. This specific violation now has a separate error code:ExceptionNotEscaped. This will allow users to ignore or exclude that specific error code. Props [@anomiex].The error code(s) for other escaping issues flagged by the sniff remain unchanged.
Changed
Fixed
phpcs.xml.dist.samplefile (case-sensitive sniff name). Props [@dawidurbanski].v3.0.0Compare Source
Important information about this release:
At long last... WordPressCS 3.0.0 is here.
This is an important release which makes significant changes to improve the accuracy, performance, stability and maintainability of all sniffs, as well as making WordPressCS much better at handling modern PHP.
WordPressCS 3.0.0 contains breaking changes, both for people using ignore annotations, people maintaining custom rulesets, as well as for sniff developers who maintain a custom PHPCS standard based on WordPressCS.
If you are an end-user or maintain a custom WordPressCS based ruleset, please start by reading the Upgrade Guide to WordPressCS 3.0.0 for end-users which lists the most important changes and contains a step by step guide for upgrading.
If you are a maintainer of an external standard based on WordPressCS and any of your custom sniffs are based on or extend WordPressCS sniffs, please read the Upgrade Guide to WordPressCS 3.0.0 for Developers.
In all cases, please read the complete changelog carefully before you upgrade.
Added
While support in external sniffs used by WordPressCS has not be exhaustively verified, a lot of work has been done to try and add support for new PHP syntaxes to those as well.
WordPressCS native sniffs and utilities have received fixes for the following syntaxes:
falseandnulltypes.$object::classWordPress.CodeAnalysis.AssignmentInTernaryConditionsniff to theWordPress-Coreruleset which partially replaces the removedWordPress.CodeAnalysis.AssignmentInConditionsniff.WordPress.WhiteSpace.ObjectOperatorSpacingsniff which replaces the use of theSquiz.WhiteSpace.ObjectOperatorSpacingsniff in theWordPress-Coreruleset.WordPress.WP.ClassNameCasesniff to theWordPress-Coreruleset, to check that any class name references to WP native classes and classes from external dependencies use the case of the class as per the class declaration.WordPress.WP.Capabilitiessniff to theWordPress-Extraruleset. This sniff checks that valid capabilities are used, not roles or user levels. Props, amongst others, to [@grappler] and [@khacoder].Custom capabilities can be added to the sniff via a
custom_capabilitiesruleset property.The sniff also supports the
minimum_wp_versionproperty to allow the sniff to accurately determine how the use of deprecated capabilities should be flagged.WordPress.WP.CapitalPDangitsniff contains a new check to verify the correct spelling ofWordPressin namespace names.WordPress.WP.I18nsniff contains a newEmptyTextDomainerror code for an empty text string being passed as the text domain, which overrules the default value of the parameter and renders a text untranslatable.WordPress.DB.PreparedSQLPlaceholderssniff has been expanded with additional checks for the correct use of the%iplaceholder, which was introduced in WP 6.2. Props [@craigfrancis].The sniff now also supports the
minimum_wp_versionruleset property to determine whether the%iplaceholder can be used.WordPress-Core: the following additional sniffs (or select error codes from these sniffs) have been added to the ruleset:Generic.CodeAnalysis.AssignmentInCondition,Generic.CodeAnalysis.EmptyPHPStatement(replaces the WordPressCS native sniff),Generic.VersionControl.GitMergeConflict,Generic.WhiteSpace.IncrementDecrementSpacing,Generic.WhiteSpace.LanguageConstructSpacing,Generic.WhiteSpace.SpreadOperatorSpacingAfter,PSR2.Classes.ClassDeclaration,PSR2.Methods.FunctionClosingBrace,PSR12.Classes.ClassInstantiation,PSR12.Files.FileHeader(select error codes only),PSR12.Functions.NullableTypeDeclaration,PSR12.Functions.ReturnTypeDeclaration,PSR12.Traits.UseDeclaration,Squiz.Functions.MultiLineFunctionDeclaration(replaces part of theWordPress.WhiteSpace.ControlStructureSpacingsniff),Modernize.FunctionCalls.Dirname,NormalizedArrays.Arrays.ArrayBraceSpacing(replaces part of theWordPress.Arrays.ArrayDeclarationSpacingsniff),NormalizedArrays.Arrays.CommaAfterLast(replaces the WordPressCS native sniff),Universal.Classes.ModifierKeywordOrder,Universal.Classes.RequireAnonClassParentheses,Universal.Constants.LowercaseClassResolutionKeyword,Universal.Constants.ModifierKeywordOrder,Universal.Constants.UppercaseMagicConstants,Universal.Namespaces.DisallowCurlyBraceSyntax,Universal.Namespaces.DisallowDeclarationWithoutName,Universal.Namespaces.OneDeclarationPerFile,Universal.NamingConventions.NoReservedKeywordParameterNames,Universal.Operators.DisallowShortTernary(replaces the WordPressCS native sniff),Universal.Operators.DisallowStandalonePostIncrementDecrement,Universal.Operators.StrictComparisons(replaces the WordPressCS native sniff),Universal.Operators.TypeSeparatorSpacing,Universal.UseStatements.DisallowMixedGroupUse,Universal.UseStatements.KeywordSpacing,Universal.UseStatements.LowercaseFunctionConst,Universal.UseStatements.NoLeadingBackslash,Universal.UseStatements.NoUselessAliases,Universal.WhiteSpace.CommaSpacing,Universal.WhiteSpace.DisallowInlineTabs(replaces the WordPressCS native sniff),Universal.WhiteSpace.PrecisionAlignment(replaces the WordPressCS native sniff),Universal.WhiteSpace.AnonClassKeywordSpacing.WordPress-Extra: the following additional sniffs have been added to the ruleset:Generic.CodeAnalysis.UnusedFunctionParameter,Universal.Arrays.DuplicateArrayKey,Universal.CodeAnalysis.ConstructorDestructorReturn,Universal.CodeAnalysis.ForeachUniqueAssignment,Universal.CodeAnalysis.NoEchoSprintf,Universal.CodeAnalysis.StaticInFinalClass,Universal.ControlStructures.DisallowLonelyIf,Universal.Files.SeparateFunctionsFromOO.WordPress.Utils.I18nTextDomainFixer: theload_script_textdomain()function to the functions the sniff looks for.WordPress.WP.AlternativeFunctions: the following PHP native functions have been added to the sniff and will now be flagged when used:unlink()(in a newunlinkgroup) ,rename()(in a newrenamegroup),chgrp(),chmod(),chown(),is_writable()is_writeable(),mkdir(),rmdir(),touch(),fputs()(in the existingfile_system_operationsgroup, which was previously namedfile_system_read). Props [@sandeshjangam] and [@JDGrimes].PHPUnit_Adapter_TestCaseclass to the list of "known test (case) classes".antispambot()function to the list of known "formatting" functions.esc_xml()andwp_kses_one_attr()functions to the list of known "escaping" functions.wp_timezone_choice()andwp_readonly()functions to the list of known "auto escaping" functions.sanitize_url()andwp_kses_one_attr()functions to the list of known "sanitizing" functions.WordPress.WhiteSpace.ControlStructureSpacingsniff. These can be displayed using--report=infowhen theblank_line_checkproperty has been set totrue.WordPress.DateTime.RestrictedFunctions,WordPress.NamingConventions.PrefixAllGlobals(props [@Ipstenu]),WordPress.PHP.StrictInArray(props [@marconmartins]),WordPress.PHP.YodaConditions(props [@Ipstenu]),WordPress.WhiteSpace.ControlStructureSpacing(props [@ckanitz]),WordPress.WhiteSpace.ObjectOperatorSpacing,WordPress.WhiteSpace.OperatorSpacing(props [@ckanitz]),WordPress.WP.CapitalPDangit(props [@NielsdeBlaauw]),WordPress.WP.Capabilities,WordPress.WP.ClassNameCase,WordPress.WP.EnqueueResourceParameters(props [@NielsdeBlaauw]).This documentation can be exposed via the
PHP_CodeSniffer--generator=...command-line argument.Note: all sniffs which have been added from PHPCSExtra (Universal, Modernize, NormalizedArrays sniffs) are also fully documented.
Added (internal/dev-only)
ArrayWalkingFunctionsHelperConstantsHelper*ContextHelper*DeprecationHelper*FormattingFunctionsHelperListHelper*RulesetPropertyHelper*SnakeCaseHelper*UnslashingFunctionsHelperValidationHelperVariableHelper*WPGlobalVariablesHelperWPHookHelperEscapingFunctionsTraitIsUnitTestTraitMinimumWPVersionTraitPrintingFunctionsTraitSanitizationHelperTrait*WPDBTraitThese classes and traits mostly contain pre-existing functionality moved from the
Sniffclass.The classes marked with an
*are considered internal and do not have any promise of future backward compatibility.More information is available in the Upgrade Guide to WordPressCS 3.0.0 for Developers.
Changed
Installing in a different manner (git clone/PEAR/PHAR) is still possible, but no longer supported.
PHP_CodeSnifferversion to 3.7.2 (was 3.3.1).filter,libxmlandXMLReaderextensions are now explicitly required.It is recommended to also have the
Mbstringandiconvextensions enabled for the most accurate results.mastertomain.WordPress-ExtratoWordPress-Core: theGeneric.Files.OneObjectStructurePerFile(also changed fromwarningtoerror),Generic.PHP.BacktickOperator,PEAR.Files.IncludingFile,PSR2.Classes.PropertyDeclaration,PSR2.Methods.MethodDeclaration,Squiz.Scope.MethodScope,Squiz.WhiteSpace.ScopeKeywordSpacingsniffs. Props, amongst others, to [@desrosj].WordPress-Core: TheGeneric.Arrays.DisallowShortArraySyntaxsniff has been replaced by theUniversal.Arrays.DisallowShortArraySyntaxsniff.The new sniff will recognize short lists correctly and ignore them.
WordPress-Core: TheGeneric.Files.EndFileNewlinesniff has been replaced by the more comprehensivePSR2.Files.EndFileNewlinesniff.This could be done in two different ways:
minimum_supported_versionproperty for each sniff from a ruleset.--runtime-set minimum_supported_wp_version #.#on the command line.The names of the property and the CLI setting have now been aligned to both use
minimum_wp_versionas the name.Both ways of passing the value are still supported.
WordPress.NamingConventions.PrefixAllGlobals: thecustom_test_class_whitelistproperty has been renamed tocustom_test_classes.WordPress.NamingConventions.ValidVariableName: thecustomPropertiesWhitelistproperty has been renamed toallowed_custom_properties.WordPress.PHP.NoSilencedErrors: thecustom_whitelistproperty has been renamed tocustomAllowedFunctionsList.WordPress.PHP.NoSilencedErrors: theuse_default_whitelistproperty has been renamed tousePHPFunctionsList.WordPress.WP.GlobalVariablesOverride: thecustom_test_class_whitelistproperty has been renamed tocustom_test_classes.custom_test_classes(previouslycustom_test_class_whitelist) ruleset property.minimum_supported_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to6.0.WordPress.NamingConventions.PrefixAllGlobalsnow takes new pluggable constants into account as introduced in WordPress up to WP 6.3.WordPress.NamingConventions.ValidPostTypeSlugnow takes new reserved post types into account as introduced in WordPress up to WP 6.3.WordPress.WP.DeprecatedClassesnow detects classes deprecated in WordPress up to WP 6.3.WordPress.WP.DeprecatedFunctionsnow detects functions deprecated in WordPress up to WP 6.3.WordPress.WP.DeprecatedParametersnow detects parameters deprecated in WordPress up to WP 6.3.WordPress.WP.DeprecatedParameterValuesnow detects parameter values deprecated in WordPress up to WP 6.3.WordPress.Utils.I18nTextDomainFixer: the lists of recognized plugin and theme header tags has been updated based on the current information in the plugin and theme handbooks.WordPress.WP.AlternativeFunctions: the "group" namefile_system_read, which can be used with theexcludeproperty, has been renamed tofile_system_operations.This also means that the error codes for individual functions flagged via that group have changed from
WordPress.WP.AlternativeFunctions.file_system_read_*toWordPress.WP.AlternativeFunctions.file_system_operations_*.WordPress.WP.CapitalPDangit: theMisspellederror code has been split into two error codes -MisspelledInTextandMisspelledInComment- to allow for more modular exclusions/selectively turning off the auto-fixer for the sniff.WordPress.WP.I18nno longer throws both theMissingSingularPlaceholderand theMismatchedPlaceholdersfor the same code, as the errors have an overlap.WordPress-Core: previously only the spacing around commas in arrays, function declarations and function calls was checked. Now, the spacing around commas will be checked in all contexts.WordPress.Arrays.ArrayKeySpacingRestrictions: a newSpacesBetweenBracketserror code has been introduced for the spacing between square brackets for array assignments without key. Previously, this would throw aNoSpacesAroundArrayKeyserror with an unclear error message.WordPress.Files.FileNamenow recognizes more word separators, meaning that files using other word separators than underscores will now be flagged for not using hyphenation.WordPress.Files.FileNamenow checks if a file contains a test class and if so, will bow out.This change was made to prevent issues with PHPUnit 9.1+, which strongly prefers PSR4-style file names.
Whether something is test class or not is based on a pre-defined list of "known" test case classes which can be extended and, optionally, a list of user provided test case classes provided via setting the
custom_test_classesproperty in a custom ruleset or the complete test directory can be excluded via a custom ruleset.WordPress.NamingConventions.PrefixAllGlobalsnow allows for pluggable functions and classes, which should not be prefixed when "plugged".WordPress.PHP.NoSilencedErrors: the metric, which displays in theinforeport, has been renamed from "whitelisted function call" to "silencing allowed function call".WordPress.Security.EscapeOutputnow flags the use ofget_search_query( false )when generating output (as thefalseturns off the escaping).WordPress.Security.EscapeOutputnow also examines parameters passed for exception creation inthrowstatements and expressions for correct escaping.WordPress.Security.ValidatedSanitizedInputnow examines all superglobal (except for$GLOBALS). Previously, the$_SESSIONand$_ENVsuperglobals would not be flagged as needing validation/sanitization.WordPress.WP.I18nnow recognizes the new PHP 8.0+handHtype specifiers.WordPress.WP.PostsPerPagehas improved recognition for numbers prefixed with a unary operator and non-decimal numbers.WordPress.DB.PreparedSQLwill identify more precisely the code which is problematic.WordPress.DB.PreparedSQLPlaceholderswill identify more precisely the code which is problematic.WordPress.DB.SlowDBQuerywill identify more precisely the code which is problematic.WordPress.Security.PluginMenuSlug: the error will now be thrown more precisely on the code which triggered the error. Depending on code layout, this may mean that an error will now be thrown on a different line.WordPress.WP.DiscouragedConstants: the error will now be thrown more precisely on the code which triggered the error. Depending on code layout, this may mean that an error will now be thrown on a different line.WordPress.WP.EnqueuedResourceParameters: the error will now be thrown more precisely on the code which triggered the error. Depending on code layout, this may mean that an error will now be thrown on a different line.WordPress.WP.I18n: the errors will now be thrown more precisely on the code which triggered the error. Depending on code layout, this may mean that an error will now be thrown on a different line.WordPress.WP.PostsPerPagewill identify more precisely the code which is problematic.WordPress.PHP.TypeCasts.UnsetFoundhas been changed from awarningto anerroras the(unset)cast is no longer available in PHP 8.0 and higher.WordPress.WP.EnqueuedResourceParameters.MissingVersionhas been changed from anerrorto awarning.WordPress.Arrays.ArrayKeySpacingRestrictions: improved the clarity of the error messages for theTooMuchSpaceBeforeKeyandTooMuchSpaceAfterKeyerror codes.WordPress.CodeAnalysis.EscapedNotTranslated: improved the clarity of the error message.WordPress.PHP.IniSet: improved the clarity of the error messages for the sniff.WordPress.PHP.PregQuoteDelimiter: improved the clarity of the error message for theMissingerror code.WordPress.PHP.RestrictedFunctions: improved the clarity of the error messages for the sniff.WordPress.PHP.RestrictedPHPFunctions: improved the error message for thecreate_function_create_functionerror code.WordPress.PHP.TypeCast: improved the clarity of the error message for theUnsetFounderror code. It will no longer advise assigningnull.WordPress.Security.SafeRedirect: improved the clarity of the error message. (very minor)WordPress.Security.ValidatedSanitizedInput: improved the clarity of the error messages for theMissingUnslasherror code.WordPress.WhiteSpace.CastStructureSpacing: improved the clarity of the error message for theNoSpaceBeforeOpenParenthesiserror code.WordPress.WP.I18n: improved the clarity of the error messages for the sniff.WordPress.WP.I18n: the error messages will now use the correct parameter name.WordPress.CodeAnalysis.EscapedNotTranslated,WordPress.NamingConventions.PrefixAllGlobals,WordPress.NamingConventions.ValidPostTypeSlug,WordPress.PHP.IniSet, and theWordPress.PHP.NoSilencedErrorssniff will now display the code sample found without comments and extranuous whitespace.Changed (internal/dev-only)
finalwith the exception of the following four classes which are known to be extended by external PHPCS standards build on top of WordPressCS:WordPress.NamingConventions.ValidHookName,WordPress.Security.EscapeOutput,WordPress.Security.NonceVerification,WordPress.Security.ValidatedSanitizedInput.WordPressCS\WordPress\Sniffclass, have been moved to dedicated Helper classes and traits or, in some cases, to the sniff class using them.As this change is only relevant for extenders, the full details of these moves are not included in this changelog, but can be found in the Developers Upgrade Guide to WordPressCS 3.0.0
publicproperties, which were used by multiple sniffs, have been moved from*Sniffclasses to traits. Again, the full details of these moves are not included in this changelog, but can be found in the Developers Upgrade Guide to WordPressCS 3.0.0As this change is only relevant for extenders, the full details of these renames are not included in this changelog, but can be found in the Developers Upgrade Guide to WordPressCS 3.0.0
AbstractFunctionRestrictionsSniff: Thewhitelistkey in the$groupsarray property has been renamed toallow.WordPress.NamingConventions.ValidFunctionNamesniff no longer extends the similar PHPCS nativePEARsniff.Removed
WordPress.Arrays.CommaAfterArrayItemsniff (replaced by theNormalizedArrays.Arrays.CommaAfterLastand theUniversal.WhiteSpace.CommaSpacingsniffs).WordPress.Classes.ClassInstantiationsniff (replaced by thePSR12.Classes.ClassInstantiation,Universal.Classes.RequireAnonClassParenthesesandUniversal.WhiteSpace.AnonClassKeywordSpacingsniffs).WordPress.CodeAnalysis.AssignmentInConditionsniff (replaced by theGeneric.CodeAnalysis.AssignmentInConditionand theWordPress.CodeAnalysis.AssignmentInTernaryConditionsniffs).WordPress.CodeAnalysis.EmptyStatementsniff (replaced by theGeneric.CodeAnalysis.EmptyPHPStatementsniff).WordPress.PHP.DisallowShortTernarysniff (replaced by theUniversal.Operators.DisallowShortTernarysniff).WordPress.PHP.StrictComparisonssniff (replaced by theUniversal.Operators.StrictComparisonssniff).WordPress.WhiteSpace.DisallowInlineTabssniff (replaced by theUniversal.WhiteSpace.DisallowInlineTabssniff).WordPress.WhiteSpace.PrecisionAlignmentsniff (replaced by theUniversal.WhiteSpace.PrecisionAlignmentsniff).WordPress.WP.TimezoneChangesniff (replaced by theWordPress.DateTime.RestrictedFunctionssniff). This sniff was previously already deprecated.WordPress-Extra: TheSquiz.WhiteSpace.LanguageConstructSpacingsniff (replaced by the added, more comprehensiveGeneric.WhiteSpace.LanguageConstructSpacingsniff in theWordPress-Coreruleset).WordPress.Arrays.ArrayDeclarationSpacing: array brace spacing checks (replaced by theNormalizedArrays.Arrays.ArrayBraceSpacingsniff).WordPress.WhiteSpace.ControlStructureSpacing: checks for the spacing for function declarations (replaced by theSquiz.Functions.MultiLineFunctionDeclarationsniff).Includes removal of the
spaces_before_closure_open_parenproperty for this sniff.WordPress.WP.I18n: thecheck_translator_commentsproperty.Exclude the
WordPress.WP.I18n.MissingTranslatorsCommentand theWordPress.WP.I18n.TranslatorsCommentWrongStyleerror codes instead.This is a PHP parse error since PHP 7.0. Use the
PHPCompatibilityWPstandard to check for PHP cross-version compatibility issues.WordPress.Arrays.ArrayKeySpacingRestrictions.MissingBracketClosererror code as sniffs should not report on parse errors.WordPress.CodeAnalysis.AssignmentIn[Ternary]Condition.NonVariableAssignmentFounderror code as sniffs should not report on parse errors.Block_Supported_Styles_Testclass will no longer incorrectly be recognized as an extendable test case class.Removed (internal/dev-only)
AbstractArrayAssignmentRestrictionsSniff: support for the optional'callback'key in the array returned bygetGroups().WordPressCS\WordPress\PHPCSHelperclass (use thePHPCSUtils\BackCompat\Helperclass instead).WordPressCS\WordPress\Sniff::addMessage()method (use thePHPCSUtils\Utils\MessageHelper::addMessage()method instead).WordPressCS\WordPress\Sniff::addFixableMessage()method (use thePHPCSUtils\Utils\MessageHelper::addFixableMessage()method instead).WordPressCS\WordPress\Sniff::determine_namespace()method (use thePHPCSUtils\Utils\Namespaces::determineNamespace()method instead).WordPressCS\WordPress\Sniff::does_function_call_have_parameters()method (use thePHPCSUtils\Utils\PassedParameters::hasParameters()method instead).WordPressCS\WordPress\Sniff::find_array_open_close()method (use thePHPCSUtils\Utils\Arrays::getOpenClose()method instead).WordPressCS\WordPress\Sniff::find_list_open_close()method (use thePHPCSUtils\Utils\Lists::getOpenClose()method instead).WordPressCS\WordPress\Sniff::get_declared_namespace_name()method (use thePHPCSUtils\Utils\Namespaces::getDeclaredName()method instead).WordPressCS\WordPress\Sniff::get_function_call_parameter_count()method (use thePHPCSUtils\Utils\PassedParameters::getParameterCount()method instead).WordPressCS\WordPress\Sniff::get_function_call_parameters()method (use thePHPCSUtils\Utils\PassedParameters::getParameters()method instead).WordPressCS\WordPress\Sniff::get_function_call_parameter()method (use thePHPCSUtils\Utils\PassedParameters::getParameter()method instead).WordPressCS\WordPress\Sniff::get_interpolated_variables()method (use thePHPCSUtils\Utils\TextStrings::getEmbeds()method instead).WordPressCS\WordPress\Sniff::get_last_ptr_on_line()method (no replacement available at this time).WordPressCS\WordPress\Sniff::get_use_type()method (use thePHPCSUtils\Utils\UseStatements::getType()method instead).WordPressCS\WordPress\Sniff::has_whitelist_comment()method (no replacement).WordPressCS\WordPress\Sniff::$hookFunctionsproperty (no replacement available at this time).WordPressCS\WordPress\Sniff::init()method (no replacement).WordPressCS\WordPress\Sniff::is_class_constant()method (use thePHPCSUtils\Utils\Scopes::isOOConstant()method instead).WordPressCS\WordPress\Sniff::is_class_property()method (use thePHPCSUtils\Utils\Scopes::isOOProperty()method instead).WordPressCS\WordPress\Sniff::is_foreach_as()method (use thePHPCSUtils\Utils\Context::inForeachCondition()method instead).WordPressCS\WordPress\Sniff::is_short_list()method (depending on your needs, use thePHPCSUtils\Utils\Lists::isShortList()or thePHPCSUtils\Utils\Arrays::isShortArray()method instead).WordPressCS\WordPress\Sniff::is_token_in_test_method()method (no replacement available at this time).WordPressCS\WordPress\Sniff::REGEX_COMPLEX_VARSconstant (use the PHPCSUtilsPHPCSUtils\Utils\TextStrings::stripEmbeds()andPHPCSUtils\Utils\TextStrings::getEmbeds()methods instead).WordPressCS\WordPress\Sniff::string_to_errorcode()method (use thePHPCSUtils\Utils\MessageHelper::stringToErrorcode()method instead).WordPressCS\WordPress\Sniff::strip_interpolated_variables()method (use thePHPCSUtils\Utils\TextStrings::stripEmbeds()method instead).WordPressCS\WordPress\Sniff::strip_quotes()method (use thePHPCSUtils\Utils\TextStrings::stripQuotes()method instead).WordPressCS\WordPress\Sniff::valid_direct_scope()method (use thePHPCSUtils\Utils\Scopes::validDirectScope()method instead).bindirectory.Fixed
This fixes various false positives and false negatives.
minimum_wp_versionproperty (previouslyminimum_supported_version) will no longer throw a "passing null to non-nullable" deprecation notice on PHP 8.1+.WordPress.WhiteSpace.ControlStructureSpacingno longer throws aTypeErroron PHP 8.0+.WordPress.NamingConventions.PrefixAllGlobalsno longer throws a "passing null to non-nullable" deprecation notice on PHP 8.1+.WordPress.WP.I18nno longer throws a "passing null to non-nullable" deprecation notice on PHP 8.1+.VariableHelper::is_comparison()(previouslySniff::is_comparison()): fixed risk of undefined array key notice when scanning code containing parse errors.AbstractArrayAssignmentRestrictionsSniffcould previously get confused when it encountered comments in unexpected places.This fix has a positive impact on all sniffs which are based on this abstract (2 sniffs).
AbstractArrayAssignmentRestrictionsSniffno longer examines numeric string keys as PHP treats those as integer keys, which were never intended as the target of this abstract.This fix has a positive impact on all sniffs which are based on this abstract (2 sniffs).
AbstractArrayAssignmentRestrictionsSniffin case of duplicate entries, the sniff will now only examine the last value, as that's the value PHP will see.This fix has a positive impact on all sniffs which are based on this abstract (2 sniffs).
AbstractArrayAssignmentRestrictionsSniffnow determines the assigned value with higher accuracy.This fix has a positive impact on all sniffs which are based on this abstract (2 sniffs).
AbstractClassRestrictionsSniffnow treats thenamespacekeyword when used as an operator case-insensitively.This fix has a positive impact on all sniffs which are based on this abstract (3 sniffs).
AbstractClassRestrictionsSniffnow treats the hierarchy keywords (self,parent,static) case-insensitively.This fix has a positive impact on all sniffs which are based on this abstract (3 sniffs).
AbstractClassRestrictionsSniffnow limits itself correctly when trying to find a class name before a::.This fix has a positive impact on all sniffs which are based on this abstract (3 sniffs).
AbstractClassRestrictionsSniff: false negatives on class instantiation statements ending on a PHP close tag.This fix has a positive impact on all sniffs which are based on this abstract (3 sniffs).
AbstractClassRestrictionsSniff: false negatives on class instantiation statements combined with method chaining.This fix has a positive impact on all sniffs which are based on this abstract (3 sniffs).
AbstractFunctionRestrictionsSniff: false positives on function declarations when the function returns by reference.This fix has a positive impact on all sniffs which are based on this abstract (nearly half of the WordPressCS sniffs).
AbstractFunctionRestrictionsSniff: false positives on instantiation of a class with the same name as a targeted function.This fix has a positive impact on all sniffs which are based on this abstract (nearly half of the WordPressCS sniffs).
AbstractFunctionRestrictionsSniffnow respects that function names in PHP are case-insensitive in more places.This fix has a positive impact on all sniffs which are based on this abstract (nearly half of the WordPressCS sniffs).
These fixes have a positive impact on all sniffs using these methods.
minimum_wp_versionproperty (previouslyminimum_supported_version) will now be more precise.WordPress.Arrays.ArrayIndentationnow ignores indentation issues for array items which are not the first thing on a line. This fixes a potential fixer conflict.WordPress.Arrays.ArrayKeySpacingRestrictions: signed positive integer keys will now be treated the same as signed negative integer keys.WordPress.Arrays.ArrayKeySpacingRestrictions: keys consisting of calculations will now be recognized more accurately.WordPress.Arrays.ArrayKeySpacingRestrictions.NoSpacesAroundArrayKeys: now has better protection in case of a fixer conflict.WordPress.Classes.ClassInstantiationcould create parse errors when fixing a class instantiation using variable variables. This has been fixed by replacing the sniff with thePSR12.Classes.ClassInstantiationsniff (and some others).WordPress.DB.DirectDatabaseQuerycould previously get confused when it encountered comments in unexpected places.WordPress.DB.DirectDatabaseQuerynow respects that function (method) names in PHP are case-insensitive.WordPress.DB.DirectDatabaseQuerynow only looks at the current statement to find a method call to the$wpdbobject.WordPress.DB.DirectDatabaseQueryno longer warns aboutTRUNCATEqueries as those cannot be cached and need a direct database query.WordPress.DB.PreparedSQLcould previously get confused when it encountered comments in unexpected places.WordPress.DB.PreparedSQLnow respects that function names in PHP are case-insensitive.WordPress.DB.PreparedSQLimproved recognition of interpolated variables and expressions in the$textargument. This fixes both some false negatives as well as some false positives.WordPress.DB.PreparedSQLstricter recognition of the$wpdbvariable in double quoted query strings.WordPress.DB.PreparedSQLfalse positive for floating point numbers concatenated into an SQL query.WordPress.DB.PreparedSQLPlaceholderscould previously get confused when it encountered comments in unexpected places.WordPress.DB.PreparedSQLPlaceholdersnow respects that function names in PHP are case-insensitive.WordPress.DB.PreparedSQLPlaceholdersstricter recognition of the$wpdbvariable in double quotes query strings.WordPress.DB.PreparedSQLPlaceholdersfalse positive when a fully qualified function call is encountered in animplode( ', ', array_fill(...))pattern.WordPress.Files.FileNameno longer presumes a three character file extension.WordPress.NamingConventions.PrefixAllGlobalscould previously get confused when it encountered comments in unexpected places in function calls which were being examined.WordPress.NamingConventions.PrefixAllGlobalsnow respects that function names in PHP are case-insensitive when checking whether a function declaration is polyfilling a PHP native function.WordPress.NamingConventions.PrefixAllGlobalsimproved false positive prevention for variable assignments via keyed lists.WordPress.NamingConventions.PrefixAllGlobalsnow only looks at the current statement when determining which variables were imported via aglobalstatement. This prevents both false positives as well as false negatives.WordPress.NamingConventions.PrefixAllGlobalsno longer gets confused overglobalstatements in nested clsure/function declarations.WordPress.NamingConventions.ValidFunctionNamenow also checks the names of (global) functions when the declaration is nested within an OO method.WordPress.NamingConventions.ValidFunctionNameno longer throws false positives for triple underscore methods.WordPress.NamingConventions.ValidFunctionNamethe suggested replacement names in the error message no longer remove underscores from a name in case of leading or trailing underscores, or multiple underscores in the middConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.