Skip to content

Update non-major-updates#48

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/non-major-updates
Open

Update non-major-updates#48
renovate[bot] wants to merge 1 commit intomainfrom
renovate/non-major-updates

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 10, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change Age Confidence
mariadb minor 12.012.1 age confidence
squizlabs/php_codesniffer require-dev patch 3.13.43.13.5 age confidence
wordpress final minor 6.8.3-php8.3-apache6.9.1-php8.3-apache age confidence
wp-coding-standards/wpcs require-dev minor 3.2.03.3.0 age confidence

Release Notes

PHPCSStandards/PHP_CodeSniffer (squizlabs/php_codesniffer)

v3.13.5: - 2025-11-04

Compare Source

Added
  • Runtime support for PHP 8.5. All known PHP 8.5 deprecation notices have been fixed.
    • Syntax support for new PHP 8.5 features will follow in a future release.
    • If you find any PHP 8.5 deprecation notices which were missed, please report them.
Changed
Fixed
  • Fixed bug #​1216: Tokenizer/PHP: added more defensive coding to prevent PHP 8.5 "Using null as an array offset" deprecation notices.
  • Fixed bug #​1279: Tokenizer/PHP: on PHP < 8.0, an unclosed attribute (parse error) could end up removing some tokens from the token stream.
    • This could lead to false positives and false negative from sniffs, but could also lead to incorrect fixes being made mangling the file under scan.
    • Thanks to Juliette Reinders Folmer for the patch.
Other
  • Please be aware that the master branch has been renamed to 3.x and the default branch has changed to the 4.x branch.
    • If you contribute to PHP_CodeSniffer, you will need to update your local git clone.
    • If you develop against PHP_CodeSniffer and run your tests against dev branches of PHPCS, you will need to update your workflows.
New Contributors

The PHP_CodeSniffer project is happy to welcome the following new contributors:
@​andrewnicols

Statistics

Closed: 2 issues
Merged: 36 pull requests

Follow @​phpcs on Mastodon or @​PHP_CodeSniffer on X to stay informed.

Please consider funding the PHP_CodeSniffer project. If you already do so: thank you!

WordPress/WordPress-Coding-Standards (wp-coding-standards/wpcs)

v3.3.0

Compare Source

Added
  • Support for attributes on anonymous classes (PHP 8.0) and readonly anonymous classes (PHP 8.3) to the WordPress.Security.EscapeOutput sniff. Props [@​rodrigoprimo]. #​2559
  • Support for handling "exit as a function call" (PHP 8.4) to the WordPress.Security.EscapeOutput sniff. #​2563
  • WordPress-Extra: the following sniffs have been added to the ruleset: Universal.Attributes.BracketSpacing and Universal.Attributes.DisallowAttributeParentheses. #​2646
Changed
  • The minimum supported PHP version is now PHP 7.2 (was PHP 5.4). #​2614
  • The minimum required PHP_CodeSniffer version to 3.13.4 (was 3.13.0). #​2630
  • The minimum required PHPCSExtra version to 1.5.0 (was 1.4.0). #​2646
  • The default value for minimum_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to 6.6. #​2656
  • WordPress.DB.DirectDatabaseQuery will now recognize more caching functions, like the wp_cache_*_multiple() functions as added in WordPress 6.0 and the wp_cache_*_salted() functions as added in WordPress 6.9. #​2654
  • WordPress.NamingConventions.PrefixAllGlobals has been updated to recognize pluggable functions introduced in WP up to WP 6.9.0. #​2652
  • WordPress.WP.ClassNameCase has been updated to recognize classes introduced in WP up to WP 6.9.0. #​2652
  • WordPress.WP.DeprecatedFunctions now detects functions deprecated in WordPress up to WP 6.9.0. #​2652
  • WordPress.WP.DeprecatedParameters now detects parameters deprecated in WordPress up to WP 6.9.0. #​2652
  • WordPress.Security.ValidatedSanitizedInput: improved the clarity of the error message for the InputNotValidated error code. Props [@​rodrigoprimo]. #​2642
  • README: updated testVersion recommendations for PHPCompatibility. Props [@​johnjago]. #​2471
  • Example ruleset: updated the minimum_wp_version and testVersion recommendations. #​2608
  • All sniffs are now also being tested against PHP 8.5 for consistent sniff results. #​2649
  • Various housekeeping, including documentation and test improvements. Includes contributions by [@​rodrigoprimo].
Deprecated
  • The WordPress.PHP.POSIXFunctions sniff (as it is no longer relevant). #​2616
Removed
  • wp_kses_allowed_html() from the list of escaping functions. #​2566
    This affects the WordPress.Security.EscapeOutput sniff.
Fixed
  • WordPress.DB.DirectDatabaseQuery: false positive when function call to caching functions did not use the canonical function name. Props [@​rodrigoprimo]. #​2613
  • WordPress.DB.DirectDatabaseQuery: potential false negative when a class property or constant would mirror the name of one of the caching functions. Props [@​rodrigoprimo]. #​2615
  • WordPress.DB.PreparedSQL: false positive for correctly escaped SQL snippets when the function call did not use the canonical function name. Props [@​rodrigoprimo]. #​2570
  • WordPress.DB.PreparedSQLPlaceholders: improved handling of fully qualified calls to global functions. Props [@​rodrigoprimo]. #​2569
  • WordPress.Security.EscapeOutput: expanded protection against false positives for *::class. Props [@​rodrigoprimo]. #​2605
  • WordPress.Security.NonceVerification: false positive when nonce checking function call did not use the canonical function name. Props [@​rodrigoprimo]. #​2572
  • WordPress.WP.EnqueuedResourceParameters: the sniff could cause a PHP 8.5 deprecation notice if the code under scan contained one of the deprecated type casts. #​2573
  • WordPress.WP.EnqueuedResourceParameters: improved recognition of non-lowercase and fully qualified true/false/null when passed as the $ver parameter value. Props [@​rodrigoprimo]. #​2630

Configuration

📅 Schedule: Branch creation - "after 8am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/non-major-updates branch from 21299dd to a6388ec Compare November 21, 2025 05:04
@renovate renovate bot changed the title Update dependency squizlabs/php_codesniffer to v3.13.5 Update non-major-updates Nov 21, 2025
@renovate renovate bot force-pushed the renovate/non-major-updates branch from a6388ec to bef4f70 Compare November 25, 2025 13:50
@renovate renovate bot force-pushed the renovate/non-major-updates branch 2 times, most recently from 5f23f3e to a36c598 Compare December 10, 2025 12:55
@renovate renovate bot force-pushed the renovate/non-major-updates branch from a36c598 to a501790 Compare February 4, 2026 02:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants