Bump wp-coding-standards/wpcs from 1.2.1 to 2.3.0

[dependabot-preview[bot]]

Bumps wp-coding-standards/wpcs from 1.2.1 to 2.3.0.

Release notes

Sourced from wp-coding-standards/wpcs's releases.

2.3.0

Added

• The WordPress.WP.I18n sniff contains a new check for translatable text strings which are wrapped in HTML tags, like <h1>Translate me</h1>. Those tags should be moved out of the translatable string. Note: Translatable strings wrapped in <a href..> tags where the URL is intended to be localized will not trigger this check.

Changed

• The default value for minimum_supported_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to 5.1.
• The WordPress.WP.DeprecatedFunctions sniff will now detect functions deprecated in WP 5.4.
• Improved grammar of an error message in the WordPress.WP.DiscouragedFunctions sniff.
• CI: The codebase is now - preliminary - being tested against the PHPCS 4.x development branch.

Fixed

• All function call detection sniffs: fixed a bug where constants with the same name as one of the targeted functions could inadvertently be recognized as if they were a called function.
• WordPress.DB.PreparedSQL: fixed a bug where the sniff would trigger on the namespace separator character \\.
• WordPress.Security.EscapeOutput: fixed a bug with the variable replacement in one of the error messages.

2.2.1

Added

• Metrics to the WordPress.Arrays.CommaAfterArrayItem sniff. These can be displayed using --report=info.
• The sanitize_hex_color() and the sanitize_hex_color_no_hash() functions to the escapingFunctions list used by the WordPress.Security.EscapeOutput sniff.

Changed

• The recommended version of the suggested DealerDirect PHPCS Composer plugin is now ^0.6.

Fixed

• WordPress.PHP.NoSilencedErrors: depending on the custom properties set, the metrics would be different.
• WordPress.WhiteSpace.ControlStructureSpacing: fixed undefined index notice for closures with use.
• WordPress.WP.GlobalVariablesOverride: fixed undefined offset notice when the treat_files_as_scoped property would be set to true.
• WordPress.WP.I18n: fixed a Trying to access array offset on value of type null error when the sniff was run on PHP 7.4 and would encounter a translation function expecting singular and plural texts for which one of these arguments was missing.

2.2.0

Note: The repository has moved. The new URL is https://github.com/WordPress/WordPress-Coding-Standards. The move does not affect the package name for Packagist. This remains the same: wp-coding-standards/wpcs.

Added

• New WordPress.DateTime.CurrentTimeTimestamp sniff to the WordPress-Core ruleset, which checks against the use of the WP native current_time() function to retrieve a timestamp as this won't be a real timestamp. Includes an auto-fixer.
• New WordPress.DateTime.RestrictedFunctions sniff to the WordPress-Core ruleset, which checks for the use of certain date/time related functions. Initially this sniff forbids the use of the PHP native date_default_timezone_set() and date() functions.
• New WordPress.PHP.DisallowShortTernary sniff to the WordPress-Core ruleset, which, as the name implies, disallows the use of short ternaries.
• New WordPress.CodeAnalysis.EscapedNotTranslated sniff to the WordPress-Extra ruleset which will warn when a text string is escaped for output, but not being translated, while the arguments passed to the function call give the impression that translation is intended.
• New WordPress.NamingConventions.ValidPostTypeSlug sniff to the WordPress-Extra ruleset which will examine calls to register_post_type() and throw errors when an invalid post type slug is used.
• Generic.Arrays.DisallowShortArraySyntax to the WordPress-Core ruleset.
• WordPress.NamingConventions.PrefixAllGlobals: the PHP prefix has been added to the prefix blacklist as it is reserved by PHP itself.
• The wp_sanitize_redirect() function to the sanitizingFunctions list used by the WordPress.Security.NonceVerification, WordPress.Security.ValidatedSanitizedInput and WordPress.Security.EscapeOutput sniffs.
• The sanitize_key() and the highlight_string() functions to the escapingFunctions list used by the WordPress.Security.EscapeOutput sniff.
• The RECOVERY_MODE_COOKIE constant to the list of WP Core constants which may be defined by plugins and themes and therefore don't need to be prefixed (WordPress.NamingConventions.PrefixAllGlobals).
• $content_width, $plugin, $mu_plugin and $network_plugin to the list of WP globals which is used by both the WordPress.Variables.GlobalVariables and the WordPress.NamingConventions.PrefixAllGlobals sniffs.
• Sniff::is_short_list() utility method to determine whether a short array open/close token actually represents a PHP 7.1+ short list.
• Sniff::find_list_open_close() utility method to find the opener and closer for list() constructs, including short lists.
• Sniff::get_list_variables() utility method which will retrieve an array with the token pointers to the variables which are being assigned to in a list() construct. Includes support for short lists.
• Sniff::is_function_deprecated() static utility method to determine whether a declared function has been marked as deprecated in the function DocBlock.

... (truncated)

Changelog

Sourced from wp-coding-standards/wpcs's changelog.

[2.3.0] - 2020-05-14

Added

• The WordPress.WP.I18n sniff contains a new check for translatable text strings which are wrapped in HTML tags, like <h1>Translate me</h1>. Those tags should be moved out of the translatable string. Note: Translatable strings wrapped in <a href..> tags where the URL is intended to be localized will not trigger this check.

Changed

• The default value for minimum_supported_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to 5.1.
• The WordPress.WP.DeprecatedFunctions sniff will now detect functions deprecated in WP 5.4.
• Improved grammar of an error message in the WordPress.WP.DiscouragedFunctions sniff.
• CI: The codebase is now - preliminary - being tested against the PHPCS 4.x development branch.

Fixed

• All function call detection sniffs: fixed a bug where constants with the same name as one of the targeted functions could inadvertently be recognized as if they were a called function.
• WordPress.DB.PreparedSQL: fixed a bug where the sniff would trigger on the namespace separator character \\.
• WordPress.Security.EscapeOutput: fixed a bug with the variable replacement in one of the error messages.

[2.2.1] - 2020-02-04

Added

• Metrics to the WordPress.Arrays.CommaAfterArrayItem sniff. These can be displayed using --report=info.
• The sanitize_hex_color() and the sanitize_hex_color_no_hash() functions to the escapingFunctions list used by the WordPress.Security.EscapeOutput sniff.

Changed

• The recommended version of the suggested DealerDirect PHPCS Composer plugin is now ^0.6.

Fixed

• WordPress.PHP.NoSilencedErrors: depending on the custom properties set, the metrics would be different.
• WordPress.WhiteSpace.ControlStructureSpacing: fixed undefined index notice for closures with use.
• WordPress.WP.GlobalVariablesOverride: fixed undefined offset notice when the treat_files_as_scoped property would be set to true.
• WordPress.WP.I18n: fixed a Trying to access array offset on value of type null error when the sniff was run on PHP 7.4 and would encounter a translation function expecting singular and plural texts for which one of these arguments was missing.

[2.2.0] - 2019-11-11

Note: The repository has moved. The new URL is https://github.com/WordPress/WordPress-Coding-Standards. The move does not affect the package name for Packagist. This remains the same: wp-coding-standards/wpcs.

Added

• New WordPress.DateTime.CurrentTimeTimestamp sniff to the WordPress-Core ruleset, which checks against the use of the WP native current_time() function to retrieve a timestamp as this won't be a real timestamp. Includes an auto-fixer.
• New WordPress.DateTime.RestrictedFunctions sniff to the WordPress-Core ruleset, which checks for the use of certain date/time related functions. Initially this sniff forbids the use of the PHP native date_default_timezone_set() and date() functions.
• New WordPress.PHP.DisallowShortTernary sniff to the WordPress-Core ruleset, which, as the name implies, disallows the use of short ternaries.
• New WordPress.CodeAnalysis.EscapedNotTranslated sniff to the WordPress-Extra ruleset which will warn when a text string is escaped for output, but not being translated, while the arguments passed to the function call give the impression that translation is intended.
• New WordPress.NamingConventions.ValidPostTypeSlug sniff to the WordPress-Extra ruleset which will examine calls to register_post_type() and throw errors when an invalid post type slug is used.
• Generic.Arrays.DisallowShortArraySyntax to the WordPress-Core ruleset.
• WordPress.NamingConventions.PrefixAllGlobals: the PHP prefix has been added to the prefix blacklist as it is reserved by PHP itself.
• The wp_sanitize_redirect() function to the sanitizingFunctions list used by the WordPress.Security.NonceVerification, WordPress.Security.ValidatedSanitizedInput and WordPress.Security.EscapeOutput sniffs.
• The sanitize_key() and the highlight_string() functions to the escapingFunctions list used by the WordPress.Security.EscapeOutput sniff.
• The RECOVERY_MODE_COOKIE constant to the list of WP Core constants which may be defined by plugins and themes and therefore don't need to be prefixed (WordPress.NamingConventions.PrefixAllGlobals).
• $content_width, $plugin, $mu_plugin and $network_plugin to the list of WP globals which is used by both the WordPress.Variables.GlobalVariables and the WordPress.NamingConventions.PrefixAllGlobals sniffs.

... (truncated)

Commits

• 7da1894 Merge pull request #1894 from WordPress/develop
• 1f525cc Merge pull request #1893 from WordPress/feature/changelog-2.3.0
• d5e3cd9 Changelog for WPCS 2.3.0
• e1c648d Merge pull request #1887 from marcortola/fix-type
• 45d08f2 Minor type hint fix
• 3ee6c4f Merge pull request #1883 from WordPress/feature/fix-up-i18n-sniff
• 04fc205 I18n: assignment in condition is only allowed in a while loop
• ef87d60 I18n: use explicit comparison
• 054eadd I18n: rename variable
• 02af9f6 Merge pull request #1881 from WordPress/feature/update-minimum-wp-version
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)