Sourced from squizlabs/php_codesniffer's releases.

4.0.0 - 2025-09-16

This release contains breaking changes.

Upgrade guides for both ruleset maintainers/end-users, as well as for sniff developers and integrators, have been published to the Wiki.

You are strongly encouraged to read the upgrade guide applicable to your situation before upgrading.

This release includes all improvements and bugfixes from PHP_CodeSniffer 4.0.0-beta1, 4.0.0-RC1, 3.13.3 and 3.13.4.

Changed

• Tokenizer/PHP: fully qualified exit/die/true/false/null will be tokenized as the keyword token and the token 'content' will include the leading backslash. #1201
• Wherever possible based on the PHP 7.2 minimum version, parameter types have been added to all methods. #1237
• The supported PHPUnit version constraints have been updated to ^8.4.0 || ^9.3.4 || ^10.5.32 || 11.3.3 - 11.5.28 || ^11.5.31. #1247
  • External standards using the PHP_CodeSniffer native framework may need to update their own PHPUnit version constraints.
• Various housekeeping, including improvements to the tests and documentation.

Fixed

• Fixed bug #1082: new exit codes weren't applied when running phpcbf on code provided via STDIN.
  • Thanks to Dan Wallis for the patch.
• Fixed bug #1172: // phpcs:set for inline array properties did not handle a single item array with the value true, false or null correctly.
• Fixed bug #1174: progress bar wasn't showing files as fixed when running phpcbf in parallel mode.
• Fixed bug #1226: PHP 8.5 "Using null as an array offset" deprecation notice.

Other

• Please be aware that the master branch has been renamed to 3.x and the default branch has changed to the 4.x branch.
  • If you contribute to PHP_CodeSniffer, you will need to update your local git clone.
  • If you develop against PHP_CodeSniffer and run your tests against dev branches of PHPCS, you will need to update your workflows.

---

Statistics

Closed: 5 issues Merged: 35 pull requests

Follow @​phpcs on Mastodon or @​PHP_CodeSniffer on X to stay informed.

Please consider funding the PHP_CodeSniffer project. If you already do so: thank you!

4.0.0RC1 - 2025-06-18

This release includes all improvements and bugfixes from PHP_CodeSniffer 4.0.0-beta1, 3.13.1 and 3.13.2.

Changed

• The error code Squiz.Functions.FunctionDeclarationArgumentSpacing.SpacingAfterVisbility has been changed to Squiz.Functions.FunctionDeclarationArgumentSpacing.SpacingAfterVisibility. #1136
• The following sniff(s) have received efficiency improvements:
  • Generic.ControlStructures.InlineControlStructure #880
  • Thanks to Rodrigo Primo for the patch.

Fixed

• Fixed bug #3889 : A selective phpcs:enable could sometimes override a later selective phpcs:ignore.

... (truncated)

Sourced from squizlabs/php_codesniffer's changelog.

Changelog

The file documents changes to the PHP_CodeSniffer project for the 3.x series of releases.

[3.13.4] - 2025-09-05

Fixed

• Fixed bug #1213: ability to run tests for external standards using the PHPCS native test framework was broken.
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch.
• Fixed bug #1215: PHP 8.5 "Using null as an array offset" deprecation notices.
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch.

#1213: PHPCSStandards/PHP_CodeSniffer#1213 #1215: PHPCSStandards/PHP_CodeSniffer#1215

[3.13.3] - 2025-09-04

Added

• Tokenizer support for PHP 8.4 dereferencing of new expressions without wrapping parentheses. #1160
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch.
• Tokenizer support for PHP 8.4 abstract properties. #1183
  • The File::getMemberProperties() method now also supports abstract properties through a new is_abstract array index in the return value. #1184
  • Additionally, the following sniffs have been updated to support abstract properties:
    • Generic.PHP.LowerCaseConstant #1185
    • Generic.PHP.UpperCaseConstant #1185
    • PSR2.Classes.PropertyDeclaration #1188
    • Squiz.Commenting.VariableComment #1186
    • Squiz.WhiteSpace.MemberVarSpacing #1187
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patches
• Tokenizer support for the PHP 8.4 "exit as a function call" change. #1201
  • When exit/die is used as a fully qualified "function call", it will now be tokenized as T_NS_SEPARATOR + T_EXIT.
  • Additionally, the following sniff has been updated to handle fully qualified exit/die correctly:
    • Squiz.PHP.NonExecutableCode
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patches

Changed

• Tokenizer/PHP: fully qualified true/false/null will now be tokenized as T_NS_SEPARATOR + T_TRUE/T_FALSE/T_NULL. #1201
  • Previously, these were tokenized as T_NS_SEPARATOR + T_STRING.
  • Additionally, the following sniffs have been updated to handle fully qualified true/false/null correctly:
    • Generic.CodeAnalysis.UnconditionalIfStatement
    • Generic.ControlStructures.DisallowYodaConditions
    • PEAR.Functions.ValidDefaultValue
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patches.
• Generic.PHP.Syntax: the sniff is now able to scan input provided via STDIN on non-Windows OSes. #915
  • Thanks to [Rodrigo Primo][@​rodrigoprimo] for the patch.
• PSR2.ControlStructures.SwitchDeclaration: the WrongOpener* error code is now auto-fixable if the identified "wrong opener" is a semi-colon. #1161
  • Thanks to [Juliette Reinders Folmer][@​jrfnl] for the patch.
• The PSR2.Classes.PropertyDeclaration will now check that the abstract modifier keyword is placed before a visibility keyword. #1188
  • Errors will be reported via a new AbstractAfterVisibility error code.

... (truncated)

• 06113cf Merge pull request #1260 from PHPCSStandards/feature/changelog-4.0.0
• 7bb1928 Merge branch '3.x' into 4.x
• 8222a52 Merge pull request #1261 from PHPCSStandards/feature/release-checklist-fix-order
• 82f2cd8 Release checklist: fix order
• 68e414d Changelog for the 4.0.0 release
• 2f9900a Merge branch '3.x' into 4.x
• 38efc5d Merge pull request #1259 from PHPCSStandards/feature/update-release-checklist...
• 230c7c2 Update release checklist and document branch management
• c66fd3c Merge branch '3.x' into 4.x
• 3acd7ee Merge pull request #1258 from PHPCSStandards/feature/updates-for-branch-rename
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)