Update squizlabs/php_codesniffer in composer.json from ^2.5.1 to 3.3.1

[dependencies]

Overview

The following dependencies have been updated by dependencies.io:

• squizlabs/php_codesniffer in composer.json from "^2.5.1" to "3.3.1"

Details

squizlabs/php_codesniffer

This dependency is located in composer.json and was updated from "^2.5.1" to "3.3.1".

3.0.0

This is the first stable release of the 3.0 branch, and is a large refactoring of the code base. It breaks backwards compatibility for all custom sniffs and custom reports. An upgrade guide for sniff and report developers is available here: https://github.com/squizlabs/PHP_CodeSniffer/wiki/Version-3.0-Upgrade-Guide

Note: If you only use the built-in coding standards (such as PEAR or PSR2), or you have a custom ruleset.xml file that only makes use of the sniffs and reports distributed with PHP_CodeSniffer, you do not need to make any changes to begin using the 3.0.0 version.

There are no future planned releases for the 2.x branch, but there may still be additional 2.9.x versions released for a time due to the number of changes required to upgrade custom sniffs for 3.0. The intention is to limit 2.9.x releases to serious bug and security fixes only.

Changes since 3.0.0RC4

• Added an --ignore-annotations command line argument to ignore all codingStandards annotations in code comments (request #811)
  • This allows you to force errors to be shown that would otherwise be ignored by code comments
  • Also stop files being able to change sniff properties mid way through processing
• An error is now reported if no sniffs were registered to be run (request #1129)
• The autoloader will now search for files inside the directory of any loaded coding standard
  • This allows autoloading of any file inside a custom coding standard without manually requiring them
  • Ensure your namespace begins with your coding standard's directory name and follows PSR-4
  • e.g., StandardName\Sniffs\CategoryName\AbstractHelper or StandardName\Helpers\StringSniffHelper
• Fixed an error where STDIN was sometimes not checked when using the --parallel CLI option
• The is_closure index has been removed from the return value of File::getMethodProperties()
  • This value was always false becasue T_FUNCTION tokens are never closures
  • Closures have a token type of T_CLOSURE
• The File::isAnonymousFunction() method has been removed
  • This function always returned false because it only accepted T_FUNCTION tokens, which are never closures
  • Closures have a token type of T_CLOSURE
• Includes all changes from the 2.9.0 release
• Fixed bug #834 : PSR2.ControlStructures.SwitchDeclaration does not handle if branches with returns
  • Thanks to Fabian Wiget for the patch

Changes since 2.x

For a full list of changes from the 2.x version, please review the following changelogs:
https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.0a1
https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.0RC1
https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.0RC2
https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.0RC3
https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.0RC4

3.0.1

Security Advisory

• This release contains a fix for a security advisory related to the improper handling of a shell command
  • A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option
  • All version 3 users are encouraged to upgrade to this version, especially if you are checking 3rd-party code
    • e.g., you run PHPCS over libraries that you did not write
    • e.g., you provide a web service that runs PHPCS over user-uploaded files or 3rd-party repositories
    • e.g., you allow external tool paths to be set by user-defined values
  • If you are unable to upgrade but you check 3rd-party code, ensure you are not using the Git modified filter
  • This advisory does not affect PHP_CodeSniffer version 2.
  • Thanks to Sergei Morozov for the report and patch

Other Changes

• Arguments on the command line now override or merge with those specified in a ruleset.xml file in all cases
• PHPCS now stops looking for a phpcs.xml file as soon as one is found, favoring the closest one to the current dir
• Added missing help text for the --stdin-path CLI option to --help
• Re-added missing help text for the --file-list and --bootstrap CLI options to --help
• Runner::runPHPCS() and Runner::runPHPCBF() now return an exit code instead of exiting directly (request #1484)
• The Squiz standard now enforces short array syntax by default
• The autoloader is now working correctly with classes created with class_alias()
• The autoloader will now search for files inside all directories in the installed_paths config var
  • This allows autoloading of files inside included custom coding standards without manually requiring them
• You can now specify a namespace for a custom coding standard, used by the autoloader to load non-sniff helper files
  • Also used by the autoloader to help other standards directly include sniffs for your standard
  • Set the value to the namespace prefix you are using for sniff files (everything up to \Sniffs\)
  • e.g., if your namespace format is MyProject\CS\Standard\Sniffs\Category set the namespace to MyProject\CS\Standard
  • If omitted, the namespace is assumed to be the same as the directory name containing the ruleset.xml file
  • The namespace is set in the ruleset tag of the ruleset.xml file
  • e.g., <ruleset name="My Coding Standard" namespace="MyProject\CS\Standard">
• Rulesets can now specify custom autoloaders using the new autoload tag
  • Autoloaders are included while the ruleset is being processed and before any custom sniffs are included
  • Allows for very custom autoloading of helper classes well before the bootstrap files are included
• The PEAR standard now includes Squiz.Commenting.DocCommentAlignment
  • It previously broke comments onto multiple lines, but didn't align them
• Fixed a problem where excluding a message from a custom standard's own sniff would exclude the whole sniff
  • This caused some PSR2 errors to be under-reported
• Fixed bug #1442 : T_NULLABLE detection not working for nullable parameters and return type hints in some cases
• Fixed bug #1447 : Running the unit tests with a phpunit config file breaks the test suite
  • Unknown arguments were not being handled correctly, but are now stored in $config->unknown
• Fixed bug #1449 : Generic.Classes.OpeningBraceSameLine doesn't detect comment before opening brace
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1450 : Coding standard located under an installed_path with the same directory name throws an error
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1451 : Sniff exclusions/restrictions dont work with custom sniffs unless they use the PHP_CodeSniffer NS
• Fixed bug #1454 : Squiz.WhiteSpace.OperatorSpacing is not checking spacing on either side of a short ternary operator
  • Thanks to Mponos George for the patch
• Fixed bug #1495 : Setting an invalid installed path breaks all commands
• Fixed bug #1496 : Squiz.Strings.DoubleQuoteUsage not unescaping dollar sign when fixing
  • Thanks to Michał Bundyra for the patch
• Fixed bug #1501 : Interactive mode is broken
• Fixed bug #1504 : PSR2.Namespaces.UseDeclaration hangs fixing use statement with no trailing code

3.0.2

• Fixed a problem where the source report was not printing the correct number of errors found
• Fixed a problem where the --cache=/path/to/cachefile CLI argument was not working
• The code report now gracefully handles tokenizer exceptions
• The phpcs and phpcbf scripts are now the only places that exit() in the code
  • This allows for easier usage of core PHPCS functions from external scripts
  • If you are calling Runner::runPHPCS() or Runner::runPHPCBF() directly, you will get back the full range of exit codes
  • If not, catch the new DeepExitException to get the error message ($e->getMessage()) and exit code ($e->getCode())
• NOWDOC tokens are now considered conditions, just as HEREDOC tokens are
  • This makes it easier to find the start and end of a NOWDOC from any token within it
  • Thanks to Michał Bundyra for the patch
• Custom autoloaders are now only included once in case multiple standards are using the same one
  • Thanks to Juliette Reinders Folmer for the patch
• Improved tokenizing of fallthrough CASE and DEFAULT statements that share a closing statement and use curly braces
• Improved the error message when Squiz.ControlStructures.ControlSignature detects a newline after the closing parenthesis
• Fixed bug #1465 : Generic.WhiteSpace.ScopeIndent reports incorrect errors when indenting double arrows in short arrays
• Fixed bug #1478 : Indentation in fallthrough CASE that contains a closure
• Fixed bug #1497 : Fatal error if composer prepend-autoloader is set to false
  • Thanks to Kunal Mehta for the patch
• Fixed bug #1503 : Alternative control structure syntax not always recognized as scoped
• Fixed bug #1523 : Fatal error when using the --suffix argument
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1526 : Use of basepath setting can stop PHPCBF being able to write fixed files
• Fixed bug #1530 : Generic.WhiteSpace.ScopeIndent can increase indent too much for lines within code blocks
• Fixed bug #1547 : Wrong token type for backslash in use function
  • Thanks to Michał Bundyra for the patch
• Fixed bug #1549 : Squiz.PHP.EmbeddedPhp fixer conflict with // comment before PHP close tag
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1560 : Squiz.Commenting.FunctionComment fatal error when fixing additional param comment lines that have no indent

3.1.0

Unit Test Changes

• This release includes a change to support newer versions of PHPUnit (versions 4, 5, and 6 are now supported)
  • The custom PHP_CodeSniffer test runner now requires a bootstrap file
  • Developers with custom standards using the PHP_CodeSniffer test runner will need to do one of the following:
    • run your unit tests from the PHP_CodeSniffer root dir so the bootstrap file is included
    • specify the PHP_CodeSniffer bootstrap file on the command line: phpunit --bootstrap=/path/to/phpcs/tests/bootstrap.php
    • require the PHP_CodeSniffer bootstrap file from your own bootstrap file
  • If you don't run PHP_CodeSniffer unit tests, this change will not affect you
  • Thanks to Juliette Reinders Folmer for the patch

Other Changes

• A phpcs.xml or phpcs.xml.dist file now takes precedence over the default_standard config setting
  • Thanks to Björn Fischer for the patch
• Both phpcs.xml and phpcs.xml.dist files can now be prefixed with a dot (request #1566)
  • The order that the files are searched is: .phpcs.xml, .phpcs.xml.dist, phpcs.xml, phpcs.xml.dist
• The autoloader will now search for files during unit tests runs from the same locations as during normal phpcs runs
  • Allows for easier unit testing of custom standards that use helper classes or custom namespaces
• Include patterns for sniffs now use OR logic instead of AND logic
  • Previously, a file had to be in each of the include patterns to be processed by a sniff
  • Now, a file has to only be in at least one of the patterns
  • This change reflects the original intention of the feature
• PHPCS will now follow symlinks under the list of checked directories
  • This previously only worked if you specified the path to a symlink on the command line
• Output from --config-show, --config-set, and --config-delete now includes the path to the loaded config file
• PHPCS now cleanly exits if its config file is not readable
  • Previously, a combination of PHP notices and PHPCS errors would be generated
• Comment tokens that start with /** are now always tokenized as docblocks
  • Thanks to Michał Bundyra for the patch
• The PHP-supplied T_YIELD and T_YIELD_FROM tokens have been replicated for older PHP versions
  • Thanks to Michał Bundyra for the patch
• Added new Generic.CodeAnalysis.AssignmentInCondition sniff to warn about variable assignments inside conditions
  • Thanks to Juliette Reinders Folmer for the contribution
• Added Generic.Files.OneObjectStructurePerFile sniff to ensure there is a single class/interface/trait per file
  • Thanks to Mponos George for the contribution
• Function call sniffs now check variable function names and self/static object creation
  • Specific sniffs are Generic.Functions.FunctionCallArgumentSpacing, PEAR.Functions.FunctionCallSignature, and PSR2.Methods.FunctionCallSignature
  • Thanks to Michał Bundyra for the patch
• Generic.Files.LineLength can now be configured to ignore all comment lines, no matter their length
  • Set the ignoreComments property to TRUE (default is FALSE) in your ruleset.xml file to enable this
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.PHP.LowerCaseKeyword now checks self, parent, yield, yield from, and closure (function) keywords
  • Thanks to Michał Bundyra for the patch
• PEAR.Functions.FunctionDeclaration now removes a blank line if it creates one by moving the curly brace during fixing
• Squiz.Commenting.FunctionCommentThrowTag now supports PHP 7.1 multi catch exceptions
• Squiz.Formatting.OperatorBracket no longer throws errors for PHP 7.1 multi catch exceptions
• Squiz.Commenting.LongConditionClosingComment now supports finally statements
• Squiz.Formatting.OperatorBracket now correctly fixes pipe separated flags
• Squiz.Formatting.OperatorBracket now correctly fixes statements containing short array syntax
• Squiz.PHP.EmbeddedPhp now properly fixes cases where the only content in an embedded PHP block is a comment
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.WhiteSpace.ControlStructureSpacing now ignores comments when checking blank lines at the top of control structures
• Squiz.WhiteSpace.ObjectOperatorSpacing now detects and fixes spaces around double colons
  • Thanks to Julius Šmatavičius for the patch
• Squiz.WhiteSpace.MemberVarSpacing can now be configured to check any number of blank lines between member vars
  • Set the spacing property (default is 1) in your ruleset.xml file to set the spacing
• Squiz.WhiteSpace.MemberVarSpacing can now be configured to check a different number of blank lines before the first member var
  • Set the spacingBeforeFirst property (default is 1) in your ruleset.xml file to set the spacing
• Added a new PHP_CodeSniffer\Util\Tokens::$ooScopeTokens static member var for quickly checking object scope
  • Includes T_CLASS, T_ANON_CLASS, T_INTERFACE, and T_TRAIT
  • Thanks to Juliette Reinders Folmer for the patch
• PHP_CodeSniffer\Files\File::findExtendedClassName() now supports extended interfaces
  • Thanks to Martin Hujer for the patch
• Fixed bug #1550 : Squiz.Commenting.FunctionComment false positive when function contains closure
• Fixed bug #1577 : Generic.InlineControlStructureSniff breaks with a comment between body and condition in do while loops
• Fixed bug #1581 : Sniffs not loaded when one-standard directories are being registered in installed_paths
• Fixed bug #1591 : Autoloader failing to load arbitrary files when installed_paths only set via a custom ruleset
• Fixed bug #1605 : Squiz.WhiteSpace.OperatorSpacing false positive on unary minus after comment
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1615 : Uncaught RuntimeException when phpcbf fails to fix files
• Fixed bug #1637 : Generic.WhiteSpaceScopeIndent closure argument indenting incorrect with multi-line strings
• Fixed bug #1638 : Squiz.WhiteSpace.ScopeClosingBrace closure argument indenting incorrect with multi-line strings
• Fixed bug #1640 : Squiz.Strings.DoubleQuoteUsage replaces tabs with spaces when fixing
  • Thanks to Juliette Reinders Folmer for the patch

3.2.0

Comment Syntax Changes

This release deprecates the @codingStandards comment syntax used for sending commands to PHP_CodeSniffer. The existing syntax will continue to work in all version 3 releases, but will be removed in version 4

The comment formats have been replaced by a shorter syntax:

• @codingStandardsIgnoreFile becomes phpcs:ignoreFile
• @codingStandardsIgnoreStart becomes phpcs:disable
• @codingStandardsIgnoreEnd becomes phpcs:enable
• @codingStandardsIgnoreLine becomes phpcs:ignore
• @codingStandardsChangeSetting becomes phpcs:set

The new syntax allows for additional developer comments to be added after a -- separator. This is useful for describing why a code block is being ignored, or why a setting is being changed. E.g., // phpcs:disable -- This code block must be left as-is.

Comments using the new syntax are assigned new comment token types to allow them to be detected:

• phpcs:ignoreFile has the token T_PHPCS_IGNORE_FILE
• phpcs:disable has the token T_PHPCS_DISABLE
• phpcs:enable has the token T_PHPCS_ENABLE
• phpcs:ignore has the token T_PHPCS_IGNORE
• phpcs:set has the token T_PHPCS_SET

Other Changes

• The phpcs:disable and phpcs:ignore comments can now selectively ignore specific sniffs (request #604)
  • E.g., // phpcs:disable Generic.Commenting.Todo.Found for a specific message
  • E.g., // phpcs:disable Generic.Commenting.Todo for a whole sniff
  • E.g., // phpcs:disable Generic.Commenting for a whole category of sniffs
  • E.g., // phpcs:disable Generic for a whole standard
  • Multiple sniff codes can be specified by comma separating them
    • E.g., // phpcs:disable Generic.Commenting.Todo,PSR1.Files
• @codingStandardsIgnoreLine comments now only ignore the following line if they are on a line by themselves
  • If they are at the end of an existing line, they will only ignore the line they are on
  • Stops some lines from accidentally being ignored
  • Same rule applies for the new phpcs:ignore comment syntax
• PSR1.Files.SideEffects now respects the new phpcs:disable comment syntax
  • The sniff will no longer check any code that is between phpcs:disable and phpcs:enable comments
  • The sniff does not support phpcs:ignore; you must wrap code structures with disable/enable comments
  • Previously, there was no way to have this sniff ignore parts of a file
• Fixed a problem where PHPCS would sometimes hang waiting for STDIN, or read incomplete versions of large files
  • Thanks to Arne Jørgensen for the patch
• Array properties specified in ruleset files now have their keys and values trimmed
  • This saves having to do this in individual sniffs and stops errors introduced by whitespace in rulesets
  • Thanks to Juliette Reinders Folmer for the patch
• Added phpcs.xsd to allow validation of ruleset XML files
  • Thanks to Renaat De Muynck for the contribution
• File paths specified using --stdin-path can now point to fake file locations (request #1488)
  • Previously, STDIN files using fake file paths were excluded from checking
• Setting an empty basepath (--basepath=) on the CLI will now clear a basepath set directly in a ruleset
  • Thanks to Xaver Loppenstedt for the patch
• Ignore patterns are now checked on symlink target paths instead of symlink source paths
  • Restores previous behaviour of this feature
• Metrics were being double counted when multiple sniffs were recording the same metric
• Added support for bash process substitution
  • Thanks to Scott Dutton for the contribution
• Files included in the cache file code hash are now sorted to aid in cache file reuse across servers
• Windows BAT files can now be used outside a PEAR install
  • You must have the path to PHP set in your PATH environment variable
  • Thanks to Joris Debonnet for the patch
• The JS unsigned right shift assignment operator is now properly classified as an assignment operator
  • Thanks to Juliette Reinders Folmer for the patch
• The AbstractVariableSniff abstract sniff now supports anonymous classes and nested functions
  • Also fixes an issue with Squiz.Scope.MemberVarScope where member vars of anonymous classes were not being checked
• Added AbstractArraySniff to make it easier to create sniffs that check array formatting
  • Allows for checking of single and multi line arrays easily
  • Provides a parsed structure of the array including positions of keys, values, and double arrows
• Added Generic.Arrays.ArrayIndent to enforce a single tab stop indent for array keys in multi-line arrays
  • Also ensures the close brace is on a new line and indented to the same level as the original statement
  • Allows for the indent size to be set using an indent property of the sniff
• Added Generic.PHP.DiscourageGoto to warn about the use of the GOTO language construct
  • Thanks to Juliette Reinders Folmer for the contribution
• Generic.Debug.ClosureLinter was not running the gjslint command
  • Thanks to Michał Bundyra for the patch
• Generic.WhiteSpace.DisallowSpaceIndent now fixes space indents in multi-line block comments
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.WhiteSpace.DisallowSpaceIndent now fixes mixed space/tab indents more accurately
  • Thanks to Juliette Reinders Folmer for the patch
• Generic.WhiteSpace.DisallowTabIndent now fixes tab indents in multi-line block comments
  • Thanks to Juliette Reinders Folmer for the patch
• PEAR.Functions.FunctionDeclaration no longer errors when a function declaration is the first content in a JS file
  • Thanks to Juliette Reinders Folmer for the patch
• PEAR.Functions.FunctionCallSignature now requires the function name to be indented to an exact tab stop
  • If the function name is not the start of the statement, the opening statement must be indented correctly instead
  • Added a new fixable error code PEAR.Functions.FunctionCallSignature.OpeningIndent for this error
• Squiz.Functions.FunctionDeclarationArgumentSpacing is no longer confused about comments in function declarations
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.PHP.NonExecutableCode error messages now indicate which line the code block ending is on
  • Makes it easier to identify where the code block exited or returned
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.Commenting.FunctionComment now supports nullable type hints
• Squiz.Commenting.FunctionCommentThrowTag no longer assigns throw tags inside anon classes to the enclosing function
• Squiz.WhiteSpace.SemicolonSpacing now ignores semicolons used for empty statements inside FOR conditions
  • Thanks to Juliette Reinders Folmer for the patch
• Squiz.ControlStructures.ControlSignature now allows configuring the number of spaces before the colon in alternative syntax
  • Override the requiredSpacesBeforeColon setting in a ruleset.xml file to change
  • Default remains at 1
  • Thanks to Nikola Kovacs for the patch
• The Squiz standard now ensures array keys are indented 4 spaces from the main statement
  • Previously, this standard aligned keys 1 space from the start of the array keyword
• The Squiz standard now ensures array end braces are aligned with the main statement
  • Previously, this standard aligned the close brace with the start of the array keyword
• The standard for PHP_CodeSniffer itself now enforces short array syntax
• The standard for PHP_CodeSniffer itself now uses the Generic.Arrays/ArrayIndent sniff rules
• Improved fixer conflicts and syntax error handling for a number of sniffs
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1462 : Error processing cyrillic strings in Tokenizer
• Fixed bug #1573 : Squiz.WhiteSpace.LanguageConstructSpacing does not properly check for tabs and newlines
  • Thanks to Michał Bundyra for the patch
• Fixed bug #1590 : InlineControlStructure CBF issue while adding braces to an if thats returning a nested function
• Fixed bug #1718 : Unclosed strings at EOF sometimes tokenized as T_WHITESPACE by the JS tokenizer
• Fixed bug #1731 : Directory exclusions do not work as expected when a single file name is passed to phpcs
• Fixed bug #1737 : Squiz.CSS.EmptyStyleDefinition sees comment as style definition and fails to report error
• Fixed bug #1746 : Very large reports can sometimes become garbled when using the parallel option
• Fixed bug #1747 : Squiz.Scope.StaticThisUsage incorrectly looking inside closures
• Fixed bug #1757 : Unknown type hint "object" in Squiz.Commenting.FunctionComment
• Fixed bug #1758 : PHPCS gets stuck creating file list when processing circular symlinks
• Fixed bug #1761 : Generic.WhiteSpace.ScopeIndent error on multi-line function call with static closure argument
• Fixed bug #1762 : Generic.WhiteSpace.Disallow[Space/Tab]Indent not inspecting content before open tag
  • Thanks to Juliette Reinders Folmer for the patch
• Fixed bug #1769 : Custom "define" function triggers a warning about declaring new symbols
• Fixed bug #1776 : Squiz.Scope.StaticThisUsage incorrectly looking inside anon classes
• Fixed bug #1777 : Generic.WhiteSpace.ScopeIndent incorrect indent errors when self called function proceeded by comme

We didn't find any content for 3.1.1, 3.2.1, 3.2.2, 3.2.3, 3.3.0, or 3.3.1. Feel free to open an issue at https://github.com/dependencies-io/support to suggest any improvements.