3.0: support WordPressCS 3.0 #779
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
WordPressCS 3.0.0 has been released and requires a minimum PHPCS version of 3.7.2. This commit updates the WordPressCS and PHPCS dependencies and the documentation referring to those, in all the relevant places. Includes: * Removing the DealerDirect plugin from `require` as it comes with WordPressCS 3.0.0 automatically (via PHPCSUtils) and not having the explicit dependency may prevent conflicts with allowed versions in the future. * Updating the PHP version on which the CS check for the VIPCS native code is being run. With WPCS 3.0, this check is no longer limited to PHP 7.4. * Removing a work-around for WPCS < 3.0 vs PHP 8.0 * Updating the VIPCS native `.phpcs.xml.dist` ruleset. Ref: https://github.com/WordPress/WordPress-Coding-Standards/releases/tag/3.0.0
These are no longer needed with WPCS 3.0.0. Ref: 746
…nctionsTrait Note: this does mean that the sniff will now also support a `public` `customPrintingFunctions` property which can be adjusted in a custom ruleset. Co-authored-by: Gary Jones <[email protected]>
…t_or_empty() Co-authored-by: Gary Jones <[email protected]>
…rge_custom_array() Co-authored-by: Gary Jones <[email protected]>
…eceived `$val` The `$val` parameter received by the `callback()` method will no longer automatically have been stripped of quotes. This adjusts the `callback()` methods of the sniff which extend the WPCS `AbstractArrayAssignmentRestrictions` sniff to take this into account.
Includes adding PHPCSExtra to the `composer.json` configuration as that is now a direct dependency of VIPCS as VIPCS now uses one of its sniffs in the ruleset. Co-authored-by: Gary Jones <[email protected]>
... which has been split.
…niff ... to prevent introducing new duplicate error messages. Co-authored-by: Gary Jones <[email protected]>
* The `WordPress.Security.ValidatedSanitizedInput` sniff will now also examine `$_SESSION` variables.
As the test is about another sniff, let's just ignore the notices coming from `WordPress.Security.ValidatedSanitizedInput`.
To be honest, I'm completely stumped. I can't, for the life of me, think of a reason why the update of the WPCS dependency would suddenly cause all sorts of notices from the `VariableAnalysis` to show, where they previously did not.
* It can't be related to the version update of the `VariableAnalysis` sniff in VIPCS 2.3.4, nor the move of the properties from the Go ruleset to the Minimum ruleset as, in that case, the build for the earlier PR/commit should also have been failing.
* It can't be related to the VIPCS native `VariableAnalysis` sniff being removed as, in that case, the build for the earlier PR/commit should also have been failing.
* VA and WPCS currently have two overlapping CS related dependencies.
- PHP_CodeSniffer itself, but as they both use the same version, that can not be a reason for the change in the results.
- The Composer plugin, but that shouldn't influence the scan results, other than if a ruleset would not be registered, but if that were the case (for VA), the tests should have been failing before on line 264, which specifically tests the VA standard triggering a notice (and yes, I checked, it did do so correctly before and after).
* No new parse errors were accidentally introduced into the test files.
As things are, I'm out of ideas of why these warnings are now suddenly showing up, so all I can do is fix them (by selectively silencing the notices from VA).
Note: this is only happening in the Minimum ruleset test as VIPGo silences the `UnusedVariable` notice completely.
jrfnl
added
Require: WPCS 3.0+
Require: VIPCS 3.0
3 tasks
This was referenced Aug 26, 2023
Merged
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Composer: update WordPressCS + PHPCS dependencies
WordPressCS 3.0.0 has been released and requires a minimum PHPCS version of 3.7.2.
This commit updates the WordPressCS and PHPCS dependencies and the documentation referring to those, in all the relevant places.
Includes:
requireas it comes with WordPressCS 3.0.0 automatically (via PHPCSUtils) and not having the explicit dependency may prevent conflicts with allowed versions in the future..phpcs.xml.distruleset.Ref: https://github.com/WordPress/WordPress-Coding-Standards/releases/tag/3.0.0
WPCS 3.0 | Revert previously applied work-arounds
These are no longer needed with WPCS 3.0.0.
Ref: #746
Security/EscapingVoidReturnFunctions: switch to using WPCS PrintingFunctionsTrait
Note: this does mean that the sniff will now also support a
publiccustomPrintingFunctionsproperty which can be adjusted in a custom ruleset.AbstractVariableRestrictionsSniff: use WPCS ContextHelper::is_in_isset_or_empty()
AbstractVariableRestrictionsSniff: use WPCS RulesetPropertyHelper::merge_custom_array()
AbstractArrayAssignmentRestrictions children: adjust for changes in received
$valThe
$valparameter received by thecallback()method will no longer automatically have been stripped of quotes.This adjusts the
callback()methods of the sniff which extend the WPCSAbstractArrayAssignmentRestrictionssniff to take this into account.VIPMinimum ruleset: replace strict comparison sniff
Includes adding PHPCSExtra to the
composer.jsonconfiguration as that is now a direct dependency of VIPCS as VIPCS now uses one of its sniffs in the ruleset.Fixes #603
VIPMinimum ruleset: replace assignment-in-condition sniff
... which has been split.
VIPMinimum ruleset: update excludes for the WP/AlternativeFunctions sniff
... to prevent introducing new duplicate error messages.
Update ruleset tests: account for new errors from WPCS
WordPress.Security.ValidatedSanitizedInputsniff will now also examine$_SESSIONvariables.As the test is about another sniff, let's just ignore the notices coming from
WordPress.Security.ValidatedSanitizedInput.WordPressVIPMinimum RulesetTest: fix it
To be honest, I'm completely stumped. I can't, for the life of me, think of a reason why the update of the WPCS dependency would suddenly cause all sorts of notices from the
VariableAnalysisto show, where they previously did not.VariableAnalysissniff in VIPCS 2.3.4, nor the move of the properties from the Go ruleset to the Minimum ruleset as, in that case, the build for the earlier PR/commit should also have been failing.VariableAnalysissniff being removed as, in that case, the build for the earlier PR/commit should also have been failing.As things are, I'm out of ideas of why these warnings are now suddenly showing up, so all I can do is fix them (by selectively silencing the notices from VA).
Note: this is only happening in the Minimum ruleset test as VIPGo silences the
UnusedVariablenotice completely.Closes #727 (as WPCS 3.0.0 will no longer throw deprecations on PHP 8.x)