Changelog for WPCS version 2.0.0-RC1 (#1610)

jrfnl · web-flow · commit 9b17fe2e52fa · 2018-12-30T19:16:01.000+01:00
Changelog for WPCS version 2.0.0-RC1

* Release date set at this Monday December 31..
* Includes all currently merged changes.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,150 @@ This projects adheres to [Semantic Versioning](https://semver.org/) and [Keep a
 
 _No documentation available about unreleased changes as of yet._
 
+## [2.0.0-RC1] - 2018-12-31
+
+### Important information about this release:
+
+This is the first release candidate for WordPressCS 2.0.0.
+WordPressCS 2.0.0 contains breaking changes, both for people using custom rulesets as well as for sniff developers who maintain a custom PHPCS standard based on WordPressCS.
+
+Support for `PHP_CodeSniffer` 2.x has been dropped, the new minimum `PHP_CodeSniffer` version is 3.3.1.
+Also, all previously deprecated sniffs, properties and methods have been removed.
+
+Please read the complete changelog carefully before you upgrade.
+
+If you are a maintainer of an external standard based on WordPressCS and any of your custom sniffs are based on or extend WPCS sniffs, please read the [Developers Upgrade Guide to WordPressCS 2.0.0](https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/wiki/Upgrade-Guide-to-WordPressCS-2.0.0-for-Developers-of-external-standards).
+
+### Added
+- `Generic.PHP.DiscourageGoto`, `Generic.PHP.LowerCaseType`, `Generic.WhiteSpace.ArbitraryParenthesesSpacing` and `PSR12.Keywords.ShortFormTypeKeywords` to the `WordPress-Core` ruleset.
+- Checking the spacing around the `instanceof` operator to the `WordPress.WhiteSpace.OperatorSpacing` sniff.
+
+### Changed
+- The minimum required `PHP_CodeSniffer` version to 3.3.1 (was 2.9.0).
+- The namespace used by WordPressCS has been changed from `WordPress` to `WordPressCS\WordPress`.
+    This was not possible while `PHP_CodeSniffer` 2.x was still supported, but WordPressCS, as a good Open Source citizen, does not want to occupy the `WordPress` namespace and is releasing its use of it now this is viable.
+- The `WordPress.DB.PreparedSQL` sniff used the same error code for two different errors.
+    The `NotPrepared` error code remains, however an additional `InterpolatedNotPrepared` error code has been added for the second error.
+    If you are referencing the old error code in a ruleset XML file or in inline annotations, you may need to update it.
+- The `WordPress.NamingConventions.PrefixAllGlobals` sniff used the same error code for some errors as well as warnings.
+    The `NonPrefixedConstantFound` error code remains for the related error, but the warning will now use the new `VariableConstantNameFound` error code.
+	The `NonPrefixedHooknameFound` error code remains for the related error, but the warning will now use the new `DynamicHooknameFound` error code.
+    If you are referencing the old error codes in a ruleset XML file or in inline annotations, you may need to update these to use the new codes instead.
+- `WordPress.NamingConventions.ValidVariableName`: the error messages and error codes used by this sniff have been changed for improved usability and consistency.
+    - The error messages will now show a suggestion for a valid alternative name for the variable.
+    - The `NotSnakeCaseMemberVar` error code has been renamed to `UsedPropertyNotSnakeCase`.
+    - The `NotSnakeCase` error code has been renamed to `VariableNotSnakeCase`.
+    - The `MemberNotSnakeCase` error code has been renamed to `PropertyNotSnakeCase`.
+    - The `StringNotSnakeCase` error code has been renamed to `InterpolatedVariableNotSnakeCase`.
+    If you are referencing the old error codes in a ruleset XML file or in inline annotations, you may need to update these to use the new codes instead.
+- The `WordPress.Security.NonceVerification` sniff used the same error code for both an error as well as a warning.
+    The old error code `NoNonceVerification` is no longer used.
+    The `error` now uses the `Missing` error code, while the `warning` now uses the `Recommended` error code.
+    If you are referencing the old error code in a ruleset XML file or in inline annotations, please update these to use the new codes instead.
+- The `WordPress.WP.DiscouragedConstants` sniff used to have two error codes `UsageFound` and `DeclarationFound`.
+    These error codes will now be prefixed by the name of the constant found to allow for more fine-grained excluding/ignoring of warnings generated by this sniff.
+    If you are referencing the old error codes in a ruleset XML file or in inline annotations, you may need to update these to use the new codes instead.
+- The `WordPress.WP.GlobalVariablesOverride.OverrideProhibited` error code has been replaced by the `WordPress.WP.GlobalVariablesOverride.Prohibited` error code.
+    If you are referencing the old error code in a ruleset XML file or in inline annotations, you may need to update it.
+- `WordPress-Extra`: Replaced the inclusion of the `Generic.Files.OneClassPerFile`, `Generic.Files.OneInterfacePerFile` and the `Generic.Files.OneTraitPerFile` sniffs with the new `Generic.Files.OneObjectStructurePerFile` sniff.
+- `WordPress-Extra`: Replaced the inclusion of the `Squiz.WhiteSpace.LanguageConstructSpacing` sniff with the new `Generic.WhiteSpace.LanguageConstructSpacing` sniff.
+- `WordPress-Extra`: Replaced the inclusion of the `Squiz.Scope.MemberVarScope` sniff with the more comprehensive `PSR2.Classes.PropertyDeclaration` sniff.
+- `WordPress.NamingConventions.ValidFunctionName`: Added a unit test confirming support for interfaces extending multiple interfaces.
+- `WordPress.NamingConventions.ValidVariableName`: Added unit tests confirming support for multi-variable/property declarations.
+- The `get_name_suggestion()` method has been moved from the `WordPress.NamingConventions.ValidFunctionName` sniff to the base `Sniff` class, renamed to `get_snake_case_name_suggestion()` and made static.
+- The rulesets are now validated against the `PHP_CodeSniffer` XSD schema.
+- Updated the [custom ruleset example](https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/blob/develop/phpcs.xml.dist.sample) to use the recommended ruleset syntax for `PHP_CodeSniffer` 3.3.1+, including using the new [array property format](https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.3.0) which is now supported.
+- Dev: The command to run the unit tests has changed. Please see the updated instructions in the [CONTRIBUTING.md](https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/blob/develop/.github/CONTRIBUTING.md) file.
+    The `bin/pre-commit` example git hook has been updated to match. Additionally a `run-tests` script has been added to the `composer.json` file for your convenience.
+	To facilitate this, PHPUnit has been added to `require-dev`, even though it is strictly speaking a dependency of PHPCS, not of WPCS.
+- Dev: The DealerDirect PHPCS Composer plugin has been added to `require-dev`.
+- Various code tweaks and clean up.
+- User facing documentation, including the wiki, as well as inline documentation has been updated for all the changes contained in WordPressCS 2.0 and other recommended best practices for `PHP_CodeSniffer` 3.3.1+.
+
+### Deprecated
+- The use of the [WordPressCS native whitelist comments](https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/wiki/Whitelisting-code-which-flags-errors), which were introduced in WPCS 0.4.0, have been deprecated and support will be removed in WPCS 3.0.0.
+    The WordPressCS native whitelist comments will continue to work for now, but a deprecation warning will be thrown when they are encountered.
+    You are encouraged to upgrade our whitelist comment to use the [PHPCS native selective ignore annotations}(https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.2.0) as introduced in `PHP_CodeSniffer` 3.2.0, as soon as possible.
+
+### Removed
+- Support for PHP 5.3. PHP 5.4 is the minimum requirement for `PHP_CodeSniffer` 3.x.
+    Includes removing any and all workarounds which were in place to still support PHP 5.3.
+- Support for `PHP_CodeSniffer` < 3.3.1.
+    Includes removing any and all workarounds which were in place for supporting older `PHP_CodeSniffer` versions.
+- The `WordPress-VIP` standard which was deprecated since WordPressCS 1.0.0.
+    For checking a theme/plugin for hosting on the WordPress.com VIP platform, please use the [Automattic VIP coding standards](https://github.com/Automattic/VIP-Coding-Standards) instead.
+- Support for array properties set in a custom ruleset without the `type="array"` attribute.
+    Support for this was deprecated in WPCS 1.0.0.
+    If in doubt about how properties should be set in your custom ruleset, please refer to the [Customizable sniff properties](https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/wiki/Customizable-sniff-properties) wiki page which contains XML code examples for setting each and every WPCS native sniff property.
+    As the minimum `PHP_CodeSniffer` version is now 3.3.1, you can now also use the [new format for setting array properties](https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.3.0), so this would be a great moment to review and update your custom ruleset.
+    Note: the ability to set select properties from the command-line as comma-delimited strings is _not_ affected by this change.
+- The following sniffs have been removed outright without deprecation.
+    If you are referencing these sniffs in a ruleset XML file or in inline annotations, please update these to reference the replacement sniffs instead.
+    - `WordPress.Functions.FunctionCallSignatureNoParams` - superseded by a bug fix in the upstream `PEAR.Functions.FunctionCallSignature` sniff.
+    - `WordPress.PHP.DiscourageGoto` - replaced by the same sniff which is now available upstream: `Generic.PHP.DiscourageGoto`.
+    - `WordPress.WhiteSpace.SemicolonSpacing` - superseded by a bug fix in the upstream `Squiz.WhiteSpace.SemicolonSpacing` sniff.
+    - `WordPress.WhiteSpace.ArbitraryParenthesesSpacing` - replaced by the same sniff which is now available upstream: `Generic.WhiteSpace.ArbitraryParenthesesSpacing`.
+- The following "base" sniffs which were previously already deprecated and turned into abstract base classes, have been removed:
+    - `WordPress.Arrays.ArrayAssignmentRestrictions` - use the `AbstractArrayAssignmentRestrictionsSniff` class instead.
+    - `WordPress.Functions.FunctionRestrictions` - use the `AbstractFunctionRestrictionsSniff` class instead.
+    - `WordPress.Variables.VariableRestrictions` without replacement.
+- The following sniffs which were previously deprecated, have been removed:
+    - `WordPress.Arrays.ArrayDeclaration` - use the other sniffs in the `WordPress.Arrays` category instead.
+    - `WordPress.CSRF.NonceVerification` - use `WordPress.Security.NonceVerification` instead.
+    - `WordPress.Functions.DontExtract` - use `WordPress.PHP.DontExtract` instead.
+    - `WordPress.Variables.GlobalVariables` - use `WordPress.WP.GlobalVariablesOverride` instead.
+    - `WordPress.VIP.CronInterval` - use `WordPress.WP.CronInterval` instead.
+    - `WordPress.VIP.DirectDatabaseQuery` - use `WordPress.DB.DirectDatabaseQuery` instead.
+    - `WordPress.VIP.PluginMenuSlug` - use `WordPress.Security.PluginMenuSlug` instead.
+    - `WordPress.VIP.SlowDBQuery` - use `WordPress.DB.SlowDBQuery` instead.
+    - `WordPress.VIP.TimezoneChange` - use `WordPress.WP.TimezoneChange` instead.
+    - `WordPress.VIP.ValidatedSanitizedInput` - use `WordPress.Security.ValidatedSanitizedInput` instead.
+    - `WordPress.WP.PreparedSQL` - use `WordPress.DB.PreparedSQL` instead.
+    - `WordPress.XSS.EscapeOutput` - use `WordPress.Security.EscapeOutput` instead.
+    - `WordPress.PHP.DiscouragedFunctions` without direct replacement.
+        The checks previously contained in this sniff were moved to separate sniffs in WPCS 0.11.0.
+    - `WordPress.Variables.VariableRestrictions` without replacement.
+    - `WordPress.VIP.AdminBarRemoval` without replacement.
+    - `WordPress.VIP.FileSystemWritesDisallow` without replacement.
+    - `WordPress.VIP.OrderByRand` without replacement.
+    - `WordPress.VIP.PostsPerPage` without replacement.
+        Part of the previous functionality was split off in WPCS 1.0.0 to the `WordPress.WP.PostsPerPage` sniff.
+    - `WordPress.VIP.RestrictedFunctions` without replacement.
+    - `WordPress.VIP.RestrictedVariables` without replacement.
+    - `WordPress.VIP.SessionFunctionsUsage` without replacement.
+    - `WordPress.VIP.SessionVariableUsage` without replacement.
+    - `WordPress.VIP.SuperGlobalInputUsage` without replacement.
+- The `WordPress.DB.SlowDBQuery.DeprecatedWhitelistFlagFound` error code which is superseded by the blanket deprecation warning for using the now deprecated WPCS native whitelist comments.
+- The `WordPress.PHP.TypeCasts.NonLowercaseFound` error code which has been replaced by the upstream `Generic.PHP.LowerCaseType` sniff.
+- The `WordPress.PHP.TypeCasts.LongBoolFound` and `WordPress.PHP.TypeCasts.LongIntFound` error codes which has been replaced by the new upstream `PSR12.Keywords.ShortFormTypeKeywords` sniff.
+- The `WordPress.Security.EscapeOutput.OutputNotEscapedShortEcho` error code which was only ever used if WPCS was run on PHP 5.3 with the `short_open_tag` ini directive set to `off`.
+- The following sniff categories which were previously deprecated, have been removed, though select categories may be reinstated in the future:
+    - `CSRF`
+    - `Functions`
+    - `Variables`
+    - `VIP`
+    - `XSS`
+- `WordPress.NamingConventions.ValidVariableName`: The `customVariableWhitelist` property, which had been deprecated since WordPressCS 0.11.0. Use the `customPropertiesWhitelist` property instead.
+- `WordPress.Security.EscapeOutput`: The `customSanitizingFunctions` property, which had been deprecated since WordPressCS 0.5.0. Use the `customEscapingFunctions` property instead.
+- `WordPress.Security.NonceVerification`: The `errorForSuperGlobals` and `warnForSuperGlobals` properties, which had been deprecated since WordPressCS 0.12.0.
+- The `vip_powered_wpcom` function from the `Sniff::$autoEscapedFunctions` list which is used by the `WordPress.Security.EscapeOutput` sniff.
+- The `AbstractVariableRestrictionsSniff` class, which was deprecated since WordPressCS 1.0.0.
+- The `Sniff::has_html_open_tag()` utility method, which was deprecated since WordPressCS 1.0.0.
+- The internal `$php_reserved_vars` property from the `WordPress.NamingConventions.ValidVariableName` sniff in favour of using a PHPCS native property which is now available.
+- The class aliases and WPCS native autoloader used for PHPCS cross-version support.
+- The unit test framework workarounds for PHPCS cross-version unit testing.
+- Support for the `@codingStandardsChangeSetting` annotation, which is generally only used in unit tests.
+- The old generic GitHub issue template which was replaced by more specific issue templates in WPCS 1.2.0.
+
+### Fixed
+- Support for PHP 7.3.
+    `PHP_CodeSniffer` < 3.3.1 was not fully compatible with PHP 7.3. Now the minimum required PHPCS has been upped to `PHP_CodeSniffer` 3.3.1, WordPressCS will run on PHP 7.3 without issue.
+- `WordPress.Arrays.ArrayDeclarationSpacing`: improved fixing of the placement of array items following an array item with a trailing multi-line comment.
+- `WordPress.NamingConventions.ValidFunctionName`: the sniff will no longer throw false positives nor duplicate errors for methods declared in nested anonymous classes.
+    The error message has also been improved for methods in anonymous classes.
+- `WordPress.NamingConventions.ValidFunctionName`: the sniff will no longer throw false positives for PHP 4-style class constructors/destructors where the name of the constructor/destructor method did not use the same case as the class name.
+
+
 ## [1.2.1] - 2018-12-18
 
 Note: This will be the last release supporting PHP_CodeSniffer 2.x.
@@ -826,6 +970,7 @@ See the comparison for full list.
 Initial tagged release.
 
 [Unreleased]: https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/compare/master...HEAD
+[2.0.0-RC1]: https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/compare/1.2.1...2.0.0-RC1
 [1.2.1]: https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/compare/1.2.0...1.2.1
 [1.2.0]: https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/compare/1.1.0...1.2.0
 [1.1.0]: https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/compare/1.0.0...1.1.0
