[Security] Bump squizlabs/php_codesniffer from 2.6.2 to 3.5.3

[dependabot-preview[bot]]

Bumps squizlabs/php_codesniffer from 2.6.2 to 3.5.3. This update includes a security fix.

Vulnerabilities fixed

*Sourced from [The PHP Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories/blob/master/squizlabs/php_codesniffer/2017-03-01.yaml).* > **Arbitrary shell execution** > > Affected versions: >=1.0.0, <2.0.0; >=2.0.0, <2.8.1

Release notes

*Sourced from [squizlabs/php_codesniffer's releases](https://github.com/squizlabs/PHP_CodeSniffer/releases).* > ## 3.5.3 > * The PHP 7.4 `T_FN` token has been made available for older versions > * `T_FN` represents the `fn` string used for arrow functions > * The double arrow becomes the scope opener, and uses a new `T_FN_ARROW` token type > * The token after the statement (normally a semicolon) becomes the scope closer > * The token is also associated with the opening and closing parenthesis of the statement > * Any functions named `fn` will have a `T_FN token` for the function name, but have no scope information > * Thanks to Michał Bundyra for the help with this change > * PHP 7.4 numeric separators are now tokenized in the same way when using older PHP versions > * Previously, a number like `1_000` would tokenize as `T_LNUMBER (1), T_STRING (_000)` > * Now, the number tokenizes as `T_LNUMBER (1_000)` > * Sniff developers should consider how numbers with underscores impact their custom sniffs > * The PHPCS file cache now takes file permissions into account > * The cache is now invalidated for a file when its permissions are changed > * `File::getMethodParameters()` now supports arrow functions > * `File::getMethodProperties()` now supports arrow functions > * Added `Fixer::changeCodeBlockIndent()` to change the indent of a code block while auto-fixing > * Can be used to either increase or decrease the indent > * Useful when moving the start position of something like a closure, where you want the content to also move > * Added `Generic.Files.ExecutableFile` sniff > * Ensures that files are not executable > * Thanks to Matthew Peveler for the contribution > * `Generic.CodeAnalysis.EmptyPhpStatement` now reports unnecessary semicolons after control structure closing braces > * Thanks to Vincent Langlet for the patch > * `Generic.PHP.LowerCaseKeyword` now enforces that the `fn` keyword is lowercase > * Thanks to Michał Bundyra for the patch > * `Generic.WhiteSpace.ScopeIndent` now supports static arrow functions > * `PEAR.Functions.FunctionCallSignature` now adjusts the indent of function argument contents during auto-fixing > * Previously, only the first line of an argument was changed, leading to inconsistent indents > * This change also applies to `PSR2.Methods.FunctionCallSignature` > * `PSR2.ControlStructures.ControlStructureSpacing` now checks whitespace before the closing parenthesis of multi-line control structures > * Previously, it incorrectly applied the whitespace check for single-line definitions only > * `PSR12.Functions.ReturnTypeDeclaration` now checks the return type of arrow functions > * Thanks to Michał Bundyra for the patch > * `PSR12.Traits.UseDeclaration` now ensures all trait import statements are grouped together > * Previously, the trait import section of the class ended when the first non-import statement was found > * Checking now continues throughout the class to ensure all statements are grouped together > * This also ensures that empty lines are not requested after an import statement that isn't the last one > * `Squiz.Functions.LowercaseFunctionKeywords` now enforces that the `fn` keyword is lowercase > * Thanks to Michał Bundyra for the patch > * Fixed bug [#2586](https://github-redirect.dependabot.com/squizlabs/PHP_CodeSniffer/issues/2586) : Generic.WhiteSpace.ScopeIndent false positives when indenting open tags at a non tab-stop > * Fixed bug [#2638](https://github-redirect.dependabot.com/squizlabs/PHP_CodeSniffer/issues/2638) : Squiz.CSS.DuplicateClassDefinitionSniff sees comments as part of the class name > * Thanks to Raphael Horber for the patch > * Fixed bug [#2640](https://github-redirect.dependabot.com/squizlabs/PHP_CodeSniffer/issues/2640) : Squiz.WhiteSpace.OperatorSpacing false positives for some negation operators > * Thanks to Jakub Chábek and Juliette Reinders Folmer for the patch > * Fixed bug [#2674](https://github-redirect.dependabot.com/squizlabs/PHP_CodeSniffer/issues/2674) : Squiz.Functions.FunctionDeclarationArgumentSpacing prints wrong argument name in error message > * Fixed bug [#2676](https://github-redirect.dependabot.com/squizlabs/PHP_CodeSniffer/issues/2676) : PSR12.Files.FileHeader locks up when file ends with multiple inline comments > * Fixed bug [#2678](https://github-redirect.dependabot.com/squizlabs/PHP_CodeSniffer/issues/2678) : PSR12.Classes.AnonClassDeclaration incorrectly enforcing that closing brace be on a line by itself > * Fixed bug [#2685](https://github-redirect.dependabot.com/squizlabs/PHP_CodeSniffer/issues/2685) : File::getMethodParameters() setting typeHintEndToken for vars with no type hint > * Thanks to Juliette Reinders Folmer for the patch > ... (truncated)

Commits

- [`557a1fc`](https://github.com/squizlabs/PHP_CodeSniffer/commit/557a1fc7ac702c66b0bbfe16ab3d55839ef724cb) Prepare for 3.5.3 release - [`68048f3`](https://github.com/squizlabs/PHP_CodeSniffer/commit/68048f3df9defae0d3995237dd5cdd1dc24dc6dc) Make it easier to detect we are running tests under a PEAR install so the exe... - [`b3c7925`](https://github.com/squizlabs/PHP_CodeSniffer/commit/b3c7925e18b0367c4a751aaa43f6339d55fc3fb6) Travis: don't allow PHP 7.4 build to fail - [`0676055`](https://github.com/squizlabs/PHP_CodeSniffer/commit/06760553d4b976cf0bd3c2adcb748402b6394cab) Merge branch 'feature/fn-closure-function-declaration-arg-spacing' of https:/... - [`62ae7e7`](https://github.com/squizlabs/PHP_CodeSniffer/commit/62ae7e7e975720f3bba40a058d1670b92bd2707d) Adds support for array closures in Squiz.Functions.FunctionDeclarationArgumen... - [`d6025fa`](https://github.com/squizlabs/PHP_CodeSniffer/commit/d6025fa59c879170b4087b52d256e6d7ce0880b3) Adds support for array closures in Generic.CodeAnalysis.UnusedFunctionParameter - [`80ebd4a`](https://github.com/squizlabs/PHP_CodeSniffer/commit/80ebd4a1ab30971d40b71cf52685ae595b568482) CS fix: align array arrows - [`e95c077`](https://github.com/squizlabs/PHP_CodeSniffer/commit/e95c0778b6cd88afa2cf09b7a574ab04a553a286) Adds support for PHP 7.4 arrow functions in PEAR.Functions.ValidDefaultValue ... - [`68e0b06`](https://github.com/squizlabs/PHP_CodeSniffer/commit/68e0b062d012b93c7381096a6e14b6848cccfe27) Merge branch 'qa/optimize-imports' of https://github.com/michalbundyra/PHP_Co... - [`04ab5a0`](https://github.com/squizlabs/PHP_CodeSniffer/commit/04ab5a0ea92dbd979477859a060dde539043d8b6) Fixed detection of scope closers when arrow functions used in ternary (ref [#2](https://github-redirect.dependabot.com/squizlabs/PHP_CodeSniffer/issues/2)... - Additional commits viewable in [compare view](https://github.com/squizlabs/PHP_CodeSniffer/compare/2.6.2...3.5.3)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

[dependabot-preview[bot]]

Superseded by #173.