Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump squizlabs/php_codesniffer from 3.0.0 to 3.0.1 #476

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 26, 2022

Bumps squizlabs/php_codesniffer from 3.0.0 to 3.0.1.

Release notes

Sourced from squizlabs/php_codesniffer's releases.

3.0.1

Security Advisory

  • This release contains a fix for a security advisory related to the improper handling of a shell command
    • A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option
    • All version 3 users are encouraged to upgrade to this version, especially if you are checking 3rd-party code
      • e.g., you run PHPCS over libraries that you did not write
      • e.g., you provide a web service that runs PHPCS over user-uploaded files or 3rd-party repositories
      • e.g., you allow external tool paths to be set by user-defined values
    • If you are unable to upgrade but you check 3rd-party code, ensure you are not using the Git modified filter
    • This advisory does not affect PHP_CodeSniffer version 2.
    • Thanks to Sergei Morozov for the report and patch

Other Changes

  • Arguments on the command line now override or merge with those specified in a ruleset.xml file in all cases
  • PHPCS now stops looking for a phpcs.xml file as soon as one is found, favoring the closest one to the current dir
  • Added missing help text for the --stdin-path CLI option to --help
  • Re-added missing help text for the --file-list and --bootstrap CLI options to --help
  • Runner::runPHPCS() and Runner::runPHPCBF() now return an exit code instead of exiting directly (request #1484)
  • The Squiz standard now enforces short array syntax by default
  • The autoloader is now working correctly with classes created with class_alias()
  • The autoloader will now search for files inside all directories in the installed_paths config var
    • This allows autoloading of files inside included custom coding standards without manually requiring them
  • You can now specify a namespace for a custom coding standard, used by the autoloader to load non-sniff helper files
    • Also used by the autoloader to help other standards directly include sniffs for your standard
    • Set the value to the namespace prefix you are using for sniff files (everything up to \Sniffs\)
    • e.g., if your namespace format is MyProject\CS\Standard\Sniffs\Category set the namespace to MyProject\CS\Standard
    • If omitted, the namespace is assumed to be the same as the directory name containing the ruleset.xml file
    • The namespace is set in the ruleset tag of the ruleset.xml file
    • e.g., <ruleset name="My Coding Standard" namespace="MyProject\CS\Standard">
  • Rulesets can now specify custom autoloaders using the new autoload tag
    • Autoloaders are included while the ruleset is being processed and before any custom sniffs are included
    • Allows for very custom autoloading of helper classes well before the bootstrap files are included
  • The PEAR standard now includes Squiz.Commenting.DocCommentAlignment
    • It previously broke comments onto multiple lines, but didn't align them
  • Fixed a problem where excluding a message from a custom standard's own sniff would exclude the whole sniff
    • This caused some PSR2 errors to be under-reported
  • Fixed bug #1442 : T_NULLABLE detection not working for nullable parameters and return type hints in some cases
  • Fixed bug #1447 : Running the unit tests with a phpunit config file breaks the test suite
    • Unknown arguments were not being handled correctly, but are now stored in $config->unknown
  • Fixed bug #1449 : Generic.Classes.OpeningBraceSameLine doesn't detect comment before opening brace
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1450 : Coding standard located under an installed_path with the same directory name throws an error
    • Thanks to Juliette Reinders Folmer for the patch
  • Fixed bug #1451 : Sniff exclusions/restrictions dont work with custom sniffs unless they use the PHP_CodeSniffer NS
  • Fixed bug #1454 : Squiz.WhiteSpace.OperatorSpacing is not checking spacing on either side of a short ternary operator
    • Thanks to Mponos George for the patch
  • Fixed bug #1495 : Setting an invalid installed path breaks all commands
  • Fixed bug #1496 : Squiz.Strings.DoubleQuoteUsage not unescaping dollar sign when fixing
    • Thanks to Michał Bundyra for the patch
  • Fixed bug #1501 : Interactive mode is broken

... (truncated)

Commits
  • f9eaf03 Prepare for 3.0.1 release
  • b188679 The PEAR standard now includes Squiz.Commenting.DocCommentAlignment (ref #1479)
  • e0c537e Fixed bug #1504 : PSR2.Namespaces.UseDeclaration hangs fixing use statement w...
  • 8a57486 Fixed file fixing debug backtrace output
  • c45181c Fixed bug #1501 : Interactive mode is broken
  • 1a59851 Rulesets can now specify custom autoloaders using the new autoload tag (ref #...
  • ca446ae Added missing help text for file-list and bootstrap
  • 78f9c94 Fixed bug #1495 : Setting an invalid installed path breaks all commands
  • 046deb2 Fixed a problem where excluding a message from a custom standard's own sniff ...
  • e5790ec Changelog for #1496
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [squizlabs/php_codesniffer](https://github.com/squizlabs/PHP_CodeSniffer) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/squizlabs/PHP_CodeSniffer/releases)
- [Commits](squizlabs/PHP_CodeSniffer@3.0.0...3.0.1)

---
updated-dependencies:
- dependency-name: squizlabs/php_codesniffer
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants