Bump wp-coding-standards/wpcs from 0.14.1 to 2.1.1

[dependabot-preview]

Bumps wp-coding-standards/wpcs from 0.14.1 to 2.1.1.

Release notes

Sourced from wp-coding-standards/wpcs's releases.

2.1.1

Changed

• The WordPress.WP.CapitalPDangit will now ignore misspelled instances of WordPress within constant declarations.
  This covers both constants declared using defined() as well as constants declared using the const keyword.
• The default value for minimum_supported_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to 4.9.

Removed

• paginate_comments_links() from the list of auto-escaped functions Sniff::$autoEscapedFunctions.
  This affects the WordPress.Security.EscapeOutput sniff.

Fixed

• The $current_blog and $tag_ID variables have been added to the list of WordPress global variables.
  This fixes some false positives from the WordPress.NamingConventions.PrefixAllGlobals and the WordPress.WP.GlobalVariablesOverride sniffs.
• The generic TestCase class name has been added to the $test_class_whitelist.
  This fixes some false positives from the WordPress.NamingConventions.FileName, WordPress.NamingConventions.PrefixAllGlobals and the WordPress.WP.GlobalVariablesOverride sniffs.
• The WordPress.NamingConventions.ValidVariableName sniff will now correctly recognize $tag_ID as a WordPress native, mixed-case variable.
• The WordPress.Security.NonceVerification sniff will now correctly recognize nonce verification within a nested closure or anonymous class.

2.1.0

Added

• New WordPress.PHP.IniSet sniff to the WordPress-Extra ruleset.
  This sniff will detect calls to ini_set() and ini_alter() and warn against their use as changing configuration values at runtime leads to an unpredictable runtime environment, which can result in conflicts between core/plugins/themes.
  • The sniff will not throw notices about a very limited set of "safe" ini directives.
  • For a number of ini directives for which there are alternative, non-conflicting ways to achieve the same available, the sniff will throw an error and advise using the alternative.
• doubleval(), count() and sizeof() to Sniff::$unslashingSanitizingFunctions property.
  While count() and its alias sizeof(), don't actually unslash or sanitize, the output of these functions is safe to use without unslashing or sanitizing.
  This affects the WordPress.Security.ValidatedSanitizedInput and the WordPress.Security.NonceVerification sniffs.
• The new WP 5.1 WP_UnitTestCase_Base class to the Sniff::$test_class_whitelist property.
• New Sniff::get_array_access_keys() utility method to retrieve all array keys for a variable using multi-level array access.
• New Sniff::is_class_object_call(), Sniff::is_token_namespaced() utility methods.
  These should help make the checking of whether or not a function call is a global function, method call or a namespaced function call more consistent.
  This also implements allowing for the namespace keyword being used as an operator.
• New Sniff::is_in_function_call() utility method to facilitate checking whether a token is (part of) a parameter passed to a specific (set of) function(s).
• New Sniff::is_in_type_test() utility method to determine if a variable is being type tested, along with a Sniff::$typeTestFunctions property containing the names of the functions this applies to.
• New Sniff::is_in_array_comparison() utility method to determine if a variable is (part of) a parameter in an array-value comparison, along with a Sniff::$arrayCompareFunctions property containing the names of the relevant functions.
• New Sniff::$arrayWalkingFunctions property containing the names of array functions which apply a callback to the array, but don't change the array by reference.
• New Sniff::$unslashingFunctions property containing the names of functions which unslash data passed to them and return the unslashed result.

Changed

• Moved the WordPress.PHP.StrictComparisons, WordPress.PHP.StrictInArray and the WordPress.CodeAnalysis.AssignmentInCondition sniff from the WordPress-Extra to the WordPress-Core ruleset.
• The Squiz.Commenting.InlineComment.SpacingAfter error is no longer included in the WordPress-Docs ruleset.
• The default value for minimum_supported_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to 4.8.
• The WordPress.WP.DeprecatedFunctions sniff will now detect functions deprecated in WP 5.1.
• The WordPress.Security.NonceVerification sniff now allows for variable type testing, comparisons, unslashing and sanitization before the nonce check. A nonce check within the same scope, however, is still required.
• The WordPress.Security.ValidatedSanitizedInput sniff now allows for using a superglobal in an array-value comparison without sanitization, same as when the superglobal is used in a scalar value comparison.
• WordPress.NamingConventions.PrefixAllGlobals: some of the error messages have been made more explicit.
• The error messages for the WordPress.Security.ValidatedSanitizedInput sniff will now contain information on the index keys accessed.
• The error message for the WordPress.Security.ValidatedSanitizedInput.InputNotValidated has been reworded to make it more obvious what the actual issue being reported is.
• The error message for the WordPress.Security.ValidatedSanitizedInput.MissingUnslash has been reworded.
• The Sniff::is_comparison() method now has a new $include_coalesce parameter to allow for toggling whether the null coalesce operator should be seen as a comparison operator. Defaults to true.

... (truncated)

Changelog

Sourced from wp-coding-standards/wpcs's changelog.

[2.1.1] - 2019-05-21

Changed

• The WordPress.WP.CapitalPDangit will now ignore misspelled instances of WordPress within constant declarations.
  This covers both constants declared using defined() as well as constants declared using the const keyword.
• The default value for minimum_supported_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to 4.9.

Removed

• paginate_comments_links() from the list of auto-escaped functions Sniff::$autoEscapedFunctions.
  This affects the WordPress.Security.EscapeOutput sniff.

Fixed

• The $current_blog and $tag_ID variables have been added to the list of WordPress global variables.
  This fixes some false positives from the WordPress.NamingConventions.PrefixAllGlobals and the WordPress.WP.GlobalVariablesOverride sniffs.
• The generic TestCase class name has been added to the $test_class_whitelist.
  This fixes some false positives from the WordPress.NamingConventions.FileName, WordPress.NamingConventions.PrefixAllGlobals and the WordPress.WP.GlobalVariablesOverride sniffs.
• The WordPress.NamingConventions.ValidVariableName sniff will now correctly recognize $tag_ID as a WordPress native, mixed-case variable.
• The WordPress.Security.NonceVerification sniff will now correctly recognize nonce verification within a nested closure or anonymous class.

[2.1.0] - 2019-04-08

Added

• New WordPress.PHP.IniSet sniff to the WordPress-Extra ruleset.
  This sniff will detect calls to ini_set() and ini_alter() and warn against their use as changing configuration values at runtime leads to an unpredictable runtime environment, which can result in conflicts between core/plugins/themes.
  • The sniff will not throw notices about a very limited set of "safe" ini directives.
  • For a number of ini directives for which there are alternative, non-conflicting ways to achieve the same available, the sniff will throw an error and advise using the alternative.
• doubleval(), count() and sizeof() to Sniff::$unslashingSanitizingFunctions property.
  While count() and its alias sizeof(), don't actually unslash or sanitize, the output of these functions is safe to use without unslashing or sanitizing.
  This affects the WordPress.Security.ValidatedSanitizedInput and the WordPress.Security.NonceVerification sniffs.
• The new WP 5.1 WP_UnitTestCase_Base class to the Sniff::$test_class_whitelist property.
• New Sniff::get_array_access_keys() utility method to retrieve all array keys for a variable using multi-level array access.
• New Sniff::is_class_object_call(), Sniff::is_token_namespaced() utility methods.
  These should help make the checking of whether or not a function call is a global function, method call or a namespaced function call more consistent.
  This also implements allowing for the namespace keyword being used as an operator.
• New Sniff::is_in_function_call() utility method to facilitate checking whether a token is (part of) a parameter passed to a specific (set of) function(s).
• New Sniff::is_in_type_test() utility method to determine if a variable is being type tested, along with a Sniff::$typeTestFunctions property containing the names of the functions this applies to.
• New Sniff::is_in_array_comparison() utility method to determine if a variable is (part of) a parameter in an array-value comparison, along with a Sniff::$arrayCompareFunctions property containing the names of the relevant functions.
• New Sniff::$arrayWalkingFunctions property containing the names of array functions which apply a callback to the array, but don't change the array by reference.
• New Sniff::$unslashingFunctions property containing the names of functions which unslash data passed to them and return the unslashed result.

Changed

• Moved the WordPress.PHP.StrictComparisons, WordPress.PHP.StrictInArray and the WordPress.CodeAnalysis.AssignmentInCondition sniff from the WordPress-Extra to the WordPress-Core ruleset.
• The Squiz.Commenting.InlineComment.SpacingAfter error is no longer included in the WordPress-Docs ruleset.
• The default value for minimum_supported_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to 4.8.
• The WordPress.WP.DeprecatedFunctions sniff will now detect functions deprecated in WP 5.1.
• The WordPress.Security.NonceVerification sniff now allows for variable type testing, comparisons, unslashing and sanitization before the nonce check. A nonce check within the same scope, however, is still required.
• The WordPress.Security.ValidatedSanitizedInput sniff now allows for using a superglobal in an array-value comparison without sanitization, same as when the superglobal is used in a scalar value comparison.
• WordPress.NamingConventions.PrefixAllGlobals: some of the error messages have been made more explicit.
• The error messages for the WordPress.Security.ValidatedSanitizedInput sniff will now contain information on the index keys accessed.

... (truncated)

Commits

• bd9c331 Merge pull request #1709 from WordPress-Coding-Standards/develop
• 97d6fbf Changelog for WPCS 2.1.1 (#1707)
• 4b5091b Update default minimum_supported_version to WP 4.9 (#1708)
• 3aadeee Update default minimum_supported_version to WP 4.9
• 3a2f289 Sniff::is_test_class(): recognize TestCase (#1706)
• 79b6855 Sniff::is_test_class(): recognize TestCase
• c7dcd23 CapitalPDangit: ignore misspellings in constant declarations (#1699)
• d7d3a0d Merge pull request #1701 from dingo-d/feature/remove-unsafe-functions
• 85c1a10 Remove paginate_comments_links from escaped functions list
• 8677d51 Accept tag_ID as variable name (#1697)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 1 PRs for your first few update runs. Once an update run creates fewer than 1 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.