In WordPressCS 3.0.0, the functionality of the WordPress.Security.EscapeOutput sniff was updated to report unescaped message parameters passed to exceptions created in throw statements. This specific violation now has a separate error code: ExceptionNotEscaped. This will allow users to ignore or exclude that specific error code. Props @anomiex.
The error code(s) for other escaping issues flagged by the sniff remain unchanged.
Changed
Updated the CI workflow to test the example ruleset for issues.
Funding files and updates in the Readme about funding the project.
Fixed
Fixed a sniff name in the phpcs.xml.dist.sample file (case-sensitive sniff name). Props @dawidurbanski.
3.0.0
Important information about this release:
At long last... WordPressCS 3.0.0 is here.
This is an important release which makes significant changes to improve the accuracy, performance, stability and maintainability of all sniffs, as well as making WordPressCS much better at handling modern PHP.
WordPressCS 3.0.0 contains breaking changes, both for people using ignore annotations, people maintaining custom rulesets, as well as for sniff developers who maintain a custom PHPCS standard based on WordPressCS.
If you are an end-user or maintain a custom WordPressCS based ruleset, please start by reading the Upgrade Guide to WordPressCS 3.0.0 for ruleset maintainers which lists the most important changes and contains a step by step guide for upgrading.
If you are a maintainer of an external standard based on WordPressCS and any of your custom sniffs are based on or extend WordPressCS sniffs, please read the Upgrade Guide to WordPressCS 3.0.0 for Developers.
In all cases, please read the complete changelog carefully before you upgrade.
Added
Dependencies on the following packages: PHPCSUtils, PHPCSExtra and the [Composer PHPCS plugin].
A best effort has been made to add support for the new PHP syntaxes/features to all WordPressCS native sniffs and utility functions (or to verify/improve existing support).
While support in external sniffs used by WordPressCS has not be exhaustively verified, a lot of work has been done to try and add support for new PHP syntaxes to those as well.
WordPressCS native sniffs and utilities have received fixes for the following syntaxes:
PHP 7.2
Keyed lists.
PHP 7.3
Flexible heredoc/nowdoc (providing the PHPCS scan is run on PHP 7.3 or higher).
In WordPressCS 3.0.0, the functionality of the WordPress.Security.EscapeOutput sniff was updated to report unescaped message parameters passed to exceptions created in throw statements. This specific violation now has a separate error code: ExceptionNotEscaped. This will allow users to ignore or exclude that specific error code. Props [@anomiex].
The error code(s) for other escaping issues flagged by the sniff remain unchanged.
Changed
Updated the CI workflow to test the example ruleset for issues.
Funding files and updates in the Readme about funding the project.
Fixed
Fixed a sniff name in the phpcs.xml.dist.sample file (case-sensitive sniff name). Props [@dawidurbanski].
[3.0.0] - 2023-08-21
Important information about this release:
At long last... WordPressCS 3.0.0 is here.
This is an important release which makes significant changes to improve the accuracy, performance, stability and maintainability of all sniffs, as well as making WordPressCS much better at handling modern PHP.
WordPressCS 3.0.0 contains breaking changes, both for people using ignore annotations, people maintaining custom rulesets, as well as for sniff developers who maintain a custom PHPCS standard based on WordPressCS.
If you are an end-user or maintain a custom WordPressCS based ruleset, please start by reading the Upgrade Guide to WordPressCS 3.0.0 for end-users which lists the most important changes and contains a step by step guide for upgrading.
If you are a maintainer of an external standard based on WordPressCS and any of your custom sniffs are based on or extend WordPressCS sniffs, please read the Upgrade Guide to WordPressCS 3.0.0 for Developers.
In all cases, please read the complete changelog carefully before you upgrade.
Added
Dependencies on the following packages: PHPCSUtils, PHPCSExtra and the [Composer PHPCS plugin].
A best effort has been made to add support for the new PHP syntaxes/features to all WordPressCS native sniffs and utility functions (or to verify/improve existing support).
While support in external sniffs used by WordPressCS has not be exhaustively verified, a lot of work has been done to try and add support for new PHP syntaxes to those as well.
WordPressCS native sniffs and utilities have received fixes for the following syntaxes:
PHP 7.2
Keyed lists.
PHP 7.3
Flexible heredoc/nowdoc (providing the PHPCS scan is run on PHP 7.3 or higher).
Trailing commas in function calls.
PHP 7.4
Arrow functions.
Array unpacking in array expressions.
Numeric literals with underscores.
Typed properties.
... (truncated)
Commits
b4caf96 Merge pull request #2386 from WordPress/develop
289cf43 Merge pull request #2385 from WordPress/feature/changelog-for-wpcs-3.0.1-release
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps wp-coding-standards/wpcs from 2.3.0 to 3.0.1.
Release notes
Sourced from wp-coding-standards/wpcs's releases.
... (truncated)
Changelog
Sourced from wp-coding-standards/wpcs's changelog.
... (truncated)
Commits
b4caf96
Merge pull request #2386 from WordPress/develop289cf43
Merge pull request #2385 from WordPress/feature/changelog-for-wpcs-3.0.1-release9f57f6b
Add changelog for v3.0.1d0e0fd3
Merge pull request #2378 from anomiex/add/escapeoutput-error-codes-for-error-...81f40bc
Merge pull request #2383 from WordPress/feature/update-release-checklist401e4ec
Release checklist: add link to monthly dev blogcaa0a8b
Merge pull request #2382 from WordPress/feature/fix-fundingd3c67d8
Funding: fix format4367be3
Merge pull request #2372 from WordPress/feature/update-funding-page45cff8d
Update README.mdDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show