Bump wp-coding-standards/wpcs from 1.0.0 to 2.2.0

[dependabot-preview]

Bumps wp-coding-standards/wpcs from 1.0.0 to 2.2.0.

Release notes

Sourced from wp-coding-standards/wpcs's releases.

2.2.0

Note: The repository has moved. The new URL is https://github.com/WordPress/WordPress-Coding-Standards.
The move does not affect the package name for Packagist. This remains the same: wp-coding-standards/wpcs.

Added

• New WordPress.DateTime.CurrentTimeTimestamp sniff to the WordPress-Core ruleset, which checks against the use of the WP native current_time() function to retrieve a timestamp as this won't be a real timestamp. Includes an auto-fixer.
• New WordPress.DateTime.RestrictedFunctions sniff to the WordPress-Core ruleset, which checks for the use of certain date/time related functions. Initially this sniff forbids the use of the PHP native date_default_timezone_set() and date() functions.
• New WordPress.PHP.DisallowShortTernary sniff to the WordPress-Core ruleset, which, as the name implies, disallows the use of short ternaries.
• New WordPress.CodeAnalysis.EscapedNotTranslated sniff to the WordPress-Extra ruleset which will warn when a text string is escaped for output, but not being translated, while the arguments passed to the function call give the impression that translation is intended.
• New WordPress.NamingConventions.ValidPostTypeSlug sniff to the WordPress-Extra ruleset which will examine calls to register_post_type() and throw errors when an invalid post type slug is used.
• Generic.Arrays.DisallowShortArraySyntax to the WordPress-Core ruleset.
• WordPress.NamingConventions.PrefixAllGlobals: the PHP prefix has been added to the prefix blacklist as it is reserved by PHP itself.
• The wp_sanitize_redirect() function to the sanitizingFunctions list used by the WordPress.Security.NonceVerification, WordPress.Security.ValidatedSanitizedInput and WordPress.Security.EscapeOutput sniffs.
• The sanitize_key() and the highlight_string() functions to the escapingFunctions list used by the WordPress.Security.EscapeOutput sniff.
• The RECOVERY_MODE_COOKIE constant to the list of WP Core constants which may be defined by plugins and themes and therefore don't need to be prefixed (WordPress.NamingConventions.PrefixAllGlobals).
• $content_width, $plugin, $mu_plugin and $network_plugin to the list of WP globals which is used by both the WordPress.Variables.GlobalVariables and the WordPress.NamingConventions.PrefixAllGlobals sniffs.
• Sniff::is_short_list() utility method to determine whether a short array open/close token actually represents a PHP 7.1+ short list.
• Sniff::find_list_open_close() utility method to find the opener and closer for list() constructs, including short lists.
• Sniff::get_list_variables() utility method which will retrieve an array with the token pointers to the variables which are being assigned to in a list() construct. Includes support for short lists.
• Sniff::is_function_deprecated() static utility method to determine whether a declared function has been marked as deprecated in the function DocBlock.
• End-user documentation to the following existing sniffs: WordPress.Arrays.ArrayIndentation, WordPress.Arrays.ArrayKeySpacingRestrictions, WordPress.Arrays.MultipleStatementAlignment, WordPress.Classes.ClassInstantiation, WordPress.NamingConventions.ValidHookName, WordPress.PHP.IniSet, WordPress.Security.SafeRedirect, WordPress.WhiteSpace.CastStructureSpacing, WordPress.WhiteSpace.DisallowInlineTabs, WordPress.WhiteSpace.PrecisionAlignment, WordPress.WP.CronInterval, WordPress.WP.DeprecatedClasses, WordPress.WP.DeprecatedFunctions, WordPress.WP.DeprecatedParameters, WordPress.WP.DeprecatedParameterValues, WordPress.WP.EnqueuedResources, WordPress.WP.PostsPerPage.
  This documentation can be exposed via the PHP_CodeSniffer --generator=... command-line argument.

Changed

• The default value for minimum_supported_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to 5.0.
• The WordPress.Arrays.ArrayKeySpacingRestrictions sniff has two new error codes: TooMuchSpaceBeforeKey and TooMuchSpaceAfterKey. Both auto-fixable.
  The sniff will now check that there is exactly one space on the inside of the square brackets around the array key for non-string, non-numeric array keys. Previously, it only checked that there was whitespace, not how much whitespace.
• WordPress.Arrays.ArrayKeySpacingRestrictions: the fixers have been made more efficient and less fixer-conflict prone.
• WordPress.NamingConventions.PrefixAllGlobals: plugin/theme prefixes should be at least three characters long. A new ShortPrefixPassed error has been added for when the prefix passed does not comply with this rule.
• WordPress.WhiteSpace.CastStructureSpacing now allows for no whitespace before a cast when the cast is preceded by the spread ... operator. This pre-empts a fixer conflict for when the spacing around the spread operator will start to get checked.
• The WordPress.WP.DeprecatedClasses sniff will now detect classes deprecated in WP 4.9 and WP 5.3.
• The WordPress.WP.DeprecatedFunctions sniff will now detect functions deprecated in WP 5.3.
• WordPress.NamingConventions.ValidHookName now has "cleaner" error messages and higher precision for the line on which an error is thrown.
• WordPress.Security.EscapeOutput: if an error refers to array access via a variable, the array index key will now be included in the error message.
• The processing of the WordPress ruleset by PHP_CodeSniffer will now be faster.
• Various minor code tweaks and clean up.
• Various minor documentation fixes.
• Documentation: updated the repo URL in all relevant places.

Deprecated

• The WordPress.WP.TimezoneChange sniff. Use the WordPress.DateTime.RestrictedFunctions instead.
  The deprecated sniff will be removed in WPCS 3.0.0.

Fixed

• All sniffs in the WordPress.Arrays category will no longer treat short lists as if they were a short array.
• The WordPress.NamingConventions.ValidFunctionName and the WordPress.NamingConventions.PrefixAllGlobals sniff will now ignore functions marked as @deprecated.
• Both the WordPress.NamingConventions.PrefixAllGlobals sniff as well as the WordPress.WP.GlobalVariablesOverride sniff have been updated to recognize variables being declared via (long/short) list() constructs and handle them correctly.
• Both the WordPress.NamingConventions.PrefixAllGlobals sniff as well as the WordPress.WP.GlobalVariablesOverride sniff will now take a limited list of WP global variables which are intended to be overwritten by plugins/themes into account.
  Initially this list contains the $content_width and the $wp_cockneyreplace variables.
• WordPress.NamingConventions.ValidHookName: will no longer examine a string array access index key as if it were a part of the hook name.

... (truncated)

Changelog

Sourced from wp-coding-standards/wpcs's changelog.

[2.2.0] - 2019-11-11

Note: The repository has moved. The new URL is https://github.com/WordPress/WordPress-Coding-Standards.
The move does not affect the package name for Packagist. This remains the same: wp-coding-standards/wpcs.

Added

• New WordPress.DateTime.CurrentTimeTimestamp sniff to the WordPress-Core ruleset, which checks against the use of the WP native current_time() function to retrieve a timestamp as this won't be a real timestamp. Includes an auto-fixer.
• New WordPress.DateTime.RestrictedFunctions sniff to the WordPress-Core ruleset, which checks for the use of certain date/time related functions. Initially this sniff forbids the use of the PHP native date_default_timezone_set() and date() functions.
• New WordPress.PHP.DisallowShortTernary sniff to the WordPress-Core ruleset, which, as the name implies, disallows the use of short ternaries.
• New WordPress.CodeAnalysis.EscapedNotTranslated sniff to the WordPress-Extra ruleset which will warn when a text string is escaped for output, but not being translated, while the arguments passed to the function call give the impression that translation is intended.
• New WordPress.NamingConventions.ValidPostTypeSlug sniff to the WordPress-Extra ruleset which will examine calls to register_post_type() and throw errors when an invalid post type slug is used.
• Generic.Arrays.DisallowShortArraySyntax to the WordPress-Core ruleset.
• WordPress.NamingConventions.PrefixAllGlobals: the PHP prefix has been added to the prefix blacklist as it is reserved by PHP itself.
• The wp_sanitize_redirect() function to the sanitizingFunctions list used by the WordPress.Security.NonceVerification, WordPress.Security.ValidatedSanitizedInput and WordPress.Security.EscapeOutput sniffs.
• The sanitize_key() and the highlight_string() functions to the escapingFunctions list used by the WordPress.Security.EscapeOutput sniff.
• The RECOVERY_MODE_COOKIE constant to the list of WP Core constants which may be defined by plugins and themes and therefore don't need to be prefixed (WordPress.NamingConventions.PrefixAllGlobals).
• $content_width, $plugin, $mu_plugin and $network_plugin to the list of WP globals which is used by both the WordPress.Variables.GlobalVariables and the WordPress.NamingConventions.PrefixAllGlobals sniffs.
• Sniff::is_short_list() utility method to determine whether a short array open/close token actually represents a PHP 7.1+ short list.
• Sniff::find_list_open_close() utility method to find the opener and closer for list() constructs, including short lists.
• Sniff::get_list_variables() utility method which will retrieve an array with the token pointers to the variables which are being assigned to in a list() construct. Includes support for short lists.
• Sniff::is_function_deprecated() static utility method to determine whether a declared function has been marked as deprecated in the function DocBlock.
• End-user documentation to the following existing sniffs: WordPress.Arrays.ArrayIndentation, WordPress.Arrays.ArrayKeySpacingRestrictions, WordPress.Arrays.MultipleStatementAlignment, WordPress.Classes.ClassInstantiation, WordPress.NamingConventions.ValidHookName, WordPress.PHP.IniSet, WordPress.Security.SafeRedirect, WordPress.WhiteSpace.CastStructureSpacing, WordPress.WhiteSpace.DisallowInlineTabs, WordPress.WhiteSpace.PrecisionAlignment, WordPress.WP.CronInterval, WordPress.WP.DeprecatedClasses, WordPress.WP.DeprecatedFunctions, WordPress.WP.DeprecatedParameters, WordPress.WP.DeprecatedParameterValues, WordPress.WP.EnqueuedResources, WordPress.WP.PostsPerPage.
  This documentation can be exposed via the PHP_CodeSniffer --generator=... command-line argument.

Changed

• The default value for minimum_supported_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to 5.0.
• The WordPress.Arrays.ArrayKeySpacingRestrictions sniff has two new error codes: TooMuchSpaceBeforeKey and TooMuchSpaceAfterKey. Both auto-fixable.
  The sniff will now check that there is exactly one space on the inside of the square brackets around the array key for non-string, non-numeric array keys. Previously, it only checked that there was whitespace, not how much whitespace.
• WordPress.Arrays.ArrayKeySpacingRestrictions: the fixers have been made more efficient and less fixer-conflict prone.
• WordPress.NamingConventions.PrefixAllGlobals: plugin/theme prefixes should be at least three characters long. A new ShortPrefixPassed error has been added for when the prefix passed does not comply with this rule.
• WordPress.WhiteSpace.CastStructureSpacing now allows for no whitespace before a cast when the cast is preceded by the spread ... operator. This pre-empts a fixer conflict for when the spacing around the spread operator will start to get checked.
• The WordPress.WP.DeprecatedClasses sniff will now detect classes deprecated in WP 4.9 and WP 5.3.
• The WordPress.WP.DeprecatedFunctions sniff will now detect functions deprecated in WP 5.3.
• WordPress.NamingConventions.ValidHookName now has "cleaner" error messages and higher precision for the line on which an error is thrown.
• WordPress.Security.EscapeOutput: if an error refers to array access via a variable, the array index key will now be included in the error message.
• The processing of the WordPress ruleset by PHP_CodeSniffer will now be faster.
• Various minor code tweaks and clean up.
• Various minor documentation fixes.
• Documentation: updated the repo URL in all relevant places.

Deprecated

• The WordPress.WP.TimezoneChange sniff. Use the WordPress.DateTime.RestrictedFunctions instead.
  The deprecated sniff will be removed in WPCS 3.0.0.

Fixed

• All sniffs in the WordPress.Arrays category will no longer treat short lists as if they were a short array.
• The WordPress.NamingConventions.ValidFunctionName and the WordPress.NamingConventions.PrefixAllGlobals sniff will now ignore functions marked as @deprecated.
• Both the WordPress.NamingConventions.PrefixAllGlobals sniff as well as the WordPress.WP.GlobalVariablesOverride sniff have been updated to recognize variables being declared via (long/short) list() constructs and handle them correctly.
• Both the WordPress.NamingConventions.PrefixAllGlobals sniff as well as the WordPress.WP.GlobalVariablesOverride sniff will now take a limited list of WP global variables which are intended to be overwritten by plugins/themes into account.
  Initially this list contains the $content_width and the $wp_cockneyreplace variables.

... (truncated)

Commits

• f90e869 Merge pull request #1828 from WordPress/develop
• d45f5e5 Merge pull request #1833 from WordPress/feature/changelog-2.2.0
• e004a3e Changelog for WPCS 2.2.0
• 84033ee Adds WP.Security.SafeRedirect documentation. (#1826)
• e105835 Merge pull request #1824 from NielsdeBlaauw/1722-WordPress.WP.EnqueuedResources
• 31b8d9b Various minor documentation fixes (#1831)
• 9bd5f9c Adds documentation for WordPress.WP.EnqueuedResources.
• a2a32d1 Various minor documentation fixes
• e7560d1 Ini_set: add documentation (#1730)
• ed52f7d Merge pull request #1732 from WordPress/docs/posts-per-page
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #3.