chore(deps-dev): bump wp-coding-standards/wpcs from 2.3.0 to 3.2.0

[dependabot]

Bumps wp-coding-standards/wpcs from 2.3.0 to 3.2.0.

Release notes

Sourced from wp-coding-standards/wpcs's releases.

3.2.0

Added

• New WordPress.WP.GetMetaSingle sniff to the WordPress-Extra ruleset. Props @​rodrigoprimo! #2465 This sniff warns when get_*_meta() and get_metadata*() functions are used with the $meta_key/$key param, but without the $single parameter as this could lead to unexpected behavior due to the different return types.
• WordPress-Extra: the following additional sniffs have been added to the ruleset: Generic.Strings.UnnecessaryHeredoc and Generic.WhiteSpace.HereNowdocIdentifierSpacing. #2534
• The rest_sanitize_boolean() functions to the list of known "sanitizing" functions. Props @​westonruter. #2530
• End-user documentation to the following existing sniffs: WordPress.DB.PreparedSQL (props @​jaymcp, #2454), WordPress.NamingConventions.ValidFunctionName (props @​richardkorthuis and @​rodrigoprimo, #2452, #2531), WordPress.NamingConventions.ValidVariableName (props @​richardkorthuis, #2457). This documentation can be exposed via the PHP_CodeSniffer --generator=... command-line argument.

Changed

• The minimum required PHP_CodeSniffer version to 3.13.0 (was 3.9.0). #2532
• The minimum required PHPCSUtils version to 1.1.0 (was 1.0.10). #2532
• The minimum required PHPCSExtra version to 1.4.0 (was 1.2.1). #2532
• Sniffs based on the AbstractFunctionParameterSniff will now call a dedicated process_first_class_callable() method for PHP 8.1+ first class callables. Props @​rodrigoprimo, @​jrfnl. #2518, #2544 By default, the method won't do anything, but individual sniffs extending the AbstractFunctionParameterSniff class can choose to implement the method to handle first class callables. Previously, first class callables were treated as a function call without parameters and would trigger the process_no_parameters() method.
• The minimum required prefix length for the WordPress.NamingConventions.PrefixAllGlobals sniff has been changed from 3 to 4 characters. Props @​davidperezgar. #2479
• The default value for minimum_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to 6.5. #2553
• WordPress.NamingConventions.ValidVariableName now allows for PHP 8.4 properties in interfaces. #2532
• WordPress.NamingConventions.PrefixAllGlobals has been updated to recognize pluggable functions introduced in WP up to WP 6.8.1. #2537
• WordPress.WP.Capabilities has been updated to recognize new capabilities introduced in WP up to WP 6.8.1. #2537
• WordPress.WP.ClassNameCase has been updated to recognize classes introduced in WP up to WP 6.8.1. #2537
• WordPress.WP.DeprecatedFunctions now detects functions deprecated in WordPress up to WP 6.8.1. #2537
• WordPress.WP.DeprecatedParameters now detects parameters deprecated in WordPress up to WP 6.8.1. #2537
• WordPress.WP.DeprecatedParameterValues now detects parameter values deprecated in WordPress up to WP 6.8.1. #2537
• Minor performance improvements.
• Developer happiness: prevent creating a composer.lock file. Thanks @​fredden! #2443
• Various housekeeping, including documentation and test improvements. Includes contributions by @​rodrigoprimo and @​szepeviktor.
• All sniffs are now also being tested against PHP 8.4 for consistent sniff results. #2511

Deprecated

Removed

• The Generic.Functions.CallTimePassByReference has been removed from the WordPress-Extra ruleset. Props @​rodrigoprimo. #2536 This sniff was dated anyway and deprecated in PHP_CodeSniffer. If you need to check if your code is PHP cross-version compatible, use the [PHPCompatibility] standard instead.

Fixed

• Sniffs based on the AbstractClassRestrictionsSniff could previously run into a PHPCS Internal.Exception, leading to fixes not being made. #2500
• Sniffs based on the AbstractFunctionParameterSniff will now bow out more often when it is sure the code under scan is not calling the target function and during live coding, preventing false positives. Props @​rodrigoprimo. #2518

3.1.0

Added

• WordPress-Core ruleset: now includes the Universal.PHP.LowercasePHPTag sniff.
• WordPress-Extra ruleset: now includes the Generic.CodeAnalysis.RequireExplicitBooleanOperatorPrecedence and the Universal.CodeAnalysis.NoDoubleNegative sniffs.
• The sanitize_locale_name() function to the list of known "escaping" functions. Props @​Chouby
• The sanitize_locale_name() function to the list of known "sanitize & unslash" functions. Props @​Chouby

Changed

... (truncated)

Changelog

Sourced from wp-coding-standards/wpcs's changelog.

[3.2.0] - 2025-07-24

Added

• New WordPress.WP.GetMetaSingle sniff to the WordPress-Extra ruleset. Props [@​rodrigoprimo]! #2465 This sniff warns when get_*_meta() and get_metadata*() functions are used with the $meta_key/$key param, but without the $single parameter as this could lead to unexpected behavior due to the different return types.
• WordPress-Extra: the following additional sniffs have been added to the ruleset: Generic.Strings.UnnecessaryHeredoc and Generic.WhiteSpace.HereNowdocIdentifierSpacing. #2534
• The rest_sanitize_boolean() functions to the list of known "sanitizing" functions. Props [@​westonruter]. #2530
• End-user documentation to the following existing sniffs: WordPress.DB.PreparedSQL (props [@​jaymcp], #2454), WordPress.NamingConventions.ValidFunctionName (props [@​richardkorthuis] and [@​rodrigoprimo], #2452, #2531), WordPress.NamingConventions.ValidVariableName (props [@​richardkorthuis], #2457). This documentation can be exposed via the PHP_CodeSniffer --generator=... command-line argument.

Changed

• The minimum required PHP_CodeSniffer version to 3.13.0 (was 3.9.0). #2532
• The minimum required PHPCSUtils version to 1.1.0 (was 1.0.10). #2532
• The minimum required PHPCSExtra version to 1.4.0 (was 1.2.1). #2532
• Sniffs based on the AbstractFunctionParameterSniff will now call a dedicated process_first_class_callable() method for PHP 8.1+ first class callables. Props [@​rodrigoprimo], [@​jrfnl]. #2518, #2544 By default, the method won't do anything, but individual sniffs extending the AbstractFunctionParameterSniff class can choose to implement the method to handle first class callables. Previously, first class callables were treated as a function call without parameters and would trigger the process_no_parameters() method.
• The minimum required prefix length for the WordPress.NamingConventions.PrefixAllGlobals sniff has been changed from 3 to 4 characters. Props [@​davidperezgar]. #2479
• The default value for minimum_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to 6.5. #2553
• WordPress.NamingConventions.ValidVariableName now allows for PHP 8.4 properties in interfaces. #2532
• WordPress.NamingConventions.PrefixAllGlobals has been updated to recognize pluggable functions introduced in WP up to WP 6.8.1. #2537
• WordPress.WP.Capabilities has been updated to recognize new capabilities introduced in WP up to WP 6.8.1. #2537
• WordPress.WP.ClassNameCase has been updated to recognize classes introduced in WP up to WP 6.8.1. #2537
• WordPress.WP.DeprecatedFunctions now detects functions deprecated in WordPress up to WP 6.8.1. #2537
• WordPress.WP.DeprecatedParameters now detects parameters deprecated in WordPress up to WP 6.8.1. #2537
• WordPress.WP.DeprecatedParameterValues now detects parameter values deprecated in WordPress up to WP 6.8.1. #2537
• Minor performance improvements.
• Developer happiness: prevent creating a composer.lock file. Thanks [@​fredden]! #2443
• Various housekeeping, including documentation and test improvements. Includes contributions by [@​rodrigoprimo] and [@​szepeviktor].
• All sniffs are now also being tested against PHP 8.4 for consistent sniff results. #2511

Deprecated

Removed

• The Generic.Functions.CallTimePassByReference has been removed from the WordPress-Extra ruleset. Props [@​rodrigoprimo]. #2536 This sniff was dated anyway and deprecated in PHP_CodeSniffer. If you need to check if your code is PHP cross-version compatible, use the [PHPCompatibility] standard instead.

Fixed

• Sniffs based on the AbstractClassRestrictionsSniff could previously run into a PHPCS Internal.Exception, leading to fixes not being made. #2500
• Sniffs based on the AbstractFunctionParameterSniff will now bow out more often when it is sure the code under scan is not calling the target function and during live coding, preventing false positives. Props [@​rodrigoprimo]. #2518

#2443: WordPress/WordPress-Coding-Standards#2443 #2465: WordPress/WordPress-Coding-Standards#2465 #2452: WordPress/WordPress-Coding-Standards#2452 #2454: WordPress/WordPress-Coding-Standards#2454 #2457: WordPress/WordPress-Coding-Standards#2457 #2479: WordPress/WordPress-Coding-Standards#2479 #2500: WordPress/WordPress-Coding-Standards#2500 #2511: WordPress/WordPress-Coding-Standards#2511

... (truncated)

Commits

• d2421de Merge pull request #2558 from WordPress/develop
• d0140c8 Merge pull request #2557 from WordPress/feature/changelog-3.2.0
• 4c8c11b Merge pull request #2561 from WordPress/feature/variablehelper-fix-docs
• a9b8a4b Merge pull request #2556 from WordPress/feature/changelog-fix-indentation
• d45070e VariableHelper::is_assignment(): fix parameter description
• 512b3ef CHANGELOG: fix indentation
• 5f4e740 Changelog for the release of WordPressCS 3.2.0
• 4d0160f NamingConventions/PrefixAllGlobals: update min prefix length from 3 to 4 char...
• 0f2fadb Merge pull request #2553 from WordPress/feature/update-minimum-wp-version
• 5428700 AbstractFunctionParameterSniff: don't ignore first class callables (#2544)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[pirate-bot]

Plugin build for 7fb09c7 is ready 🛎️!

• Download build

[dependabot]

Superseded by #1242.