chore(deps-dev): bump wp-coding-standards/wpcs from 3.2.0 to 3.3.0

[dependabot]

Bumps wp-coding-standards/wpcs from 3.2.0 to 3.3.0.

Release notes

Sourced from wp-coding-standards/wpcs's releases.

3.3.0

Added

• Support for attributes on anonymous classes (PHP 8.0) and readonly anonymous classes (PHP 8.3) to the WordPress.Security.EscapeOutput sniff. Props @​rodrigoprimo. #2559
• Support for handling "exit as a function call" (PHP 8.4) to the WordPress.Security.EscapeOutput sniff. #2563
• WordPress-Extra: the following sniffs have been added to the ruleset: Universal.Attributes.BracketSpacing and Universal.Attributes.DisallowAttributeParentheses. #2646

Changed

• The minimum supported PHP version is now PHP 7.2 (was PHP 5.4). #2614
• The minimum required PHP_CodeSniffer version to 3.13.4 (was 3.13.0). #2630
• The minimum required PHPCSExtra version to 1.5.0 (was 1.4.0). #2646
• The default value for minimum_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to 6.6. #2656
• WordPress.DB.DirectDatabaseQuery will now recognize more caching functions, like the wp_cache_*_multiple() functions as added in WordPress 6.0 and the wp_cache_*_salted() functions as added in WordPress 6.9. #2654
• WordPress.NamingConventions.PrefixAllGlobals has been updated to recognize pluggable functions introduced in WP up to WP 6.9.0. #2652
• WordPress.WP.ClassNameCase has been updated to recognize classes introduced in WP up to WP 6.9.0. #2652
• WordPress.WP.DeprecatedFunctions now detects functions deprecated in WordPress up to WP 6.9.0. #2652
• WordPress.WP.DeprecatedParameters now detects parameters deprecated in WordPress up to WP 6.9.0. #2652
• WordPress.Security.ValidatedSanitizedInput: improved the clarity of the error message for the InputNotValidated error code. Props @​rodrigoprimo. #2642
• README: updated testVersion recommendations for PHPCompatibility. Props @​johnjago. #2471
• Example ruleset: updated the minimum_wp_version and testVersion recommendations. #2608
• All sniffs are now also being tested against PHP 8.5 for consistent sniff results. #2649
• Various housekeeping, including documentation and test improvements. Includes contributions by @​rodrigoprimo.

Deprecated

• The WordPress.PHP.POSIXFunctions sniff (as it is no longer relevant). #2616

Removed

• wp_kses_allowed_html() from the list of escaping functions. #2566 This affects the WordPress.Security.EscapeOutput sniff.

Fixed

• WordPress.DB.DirectDatabaseQuery: false positive when function call to caching functions did not use the canonical function name. Props @​rodrigoprimo. #2613
• WordPress.DB.DirectDatabaseQuery: potential false negative when a class property or constant would mirror the name of one of the caching functions. Props @​rodrigoprimo. #2615
• WordPress.DB.PreparedSQL: false positive for correctly escaped SQL snippets when the function call did not use the canonical function name. Props @​rodrigoprimo. #2570
• WordPress.DB.PreparedSQLPlaceholders: improved handling of fully qualified calls to global functions. Props @​rodrigoprimo. #2569
• WordPress.Security.EscapeOutput: expanded protection against false positives for *::class. Props @​rodrigoprimo. #2605
• WordPress.Security.NonceVerification: false positive when nonce checking function call did not use the canonical function name. Props @​rodrigoprimo. #2572
• WordPress.WP.EnqueuedResourceParameters: the sniff could cause a PHP 8.5 deprecation notice if the code under scan contained one of the deprecated type casts. #2573
• WordPress.WP.EnqueuedResourceParameters: improved recognition of non-lowercase and fully qualified true/false/null when passed as the $ver parameter value. Props @​rodrigoprimo. #2630

Changelog

Sourced from wp-coding-standards/wpcs's changelog.

[3.3.0] - 2025-11-25

Added

• Support for attributes on anonymous classes (PHP 8.0) and readonly anonymous classes (PHP 8.3) to the WordPress.Security.EscapeOutput sniff. Props [@​rodrigoprimo]. #2559
• Support for handling "exit as a function call" (PHP 8.4) to the WordPress.Security.EscapeOutput sniff. #2563
• WordPress-Extra: the following sniffs have been added to the ruleset: Universal.Attributes.BracketSpacing and Universal.Attributes.DisallowAttributeParentheses. #2646

Changed

• The minimum supported PHP version is now PHP 7.2 (was PHP 5.4). #2614
• The minimum required PHP_CodeSniffer version to 3.13.4 (was 3.13.0). #2630
• The minimum required PHPCSExtra version to 1.5.0 (was 1.4.0). #2646
• The default value for minimum_wp_version, as used by a number of sniffs detecting usage of deprecated WP features, has been updated to 6.6. #2656
• WordPress.DB.DirectDatabaseQuery will now recognize more caching functions, like the wp_cache_*_multiple() functions as added in WordPress 6.0 and the wp_cache_*_salted() functions as added in WordPress 6.9. #2654
• WordPress.NamingConventions.PrefixAllGlobals has been updated to recognize pluggable functions introduced in WP up to WP 6.9.0. #2652
• WordPress.WP.ClassNameCase has been updated to recognize classes introduced in WP up to WP 6.9.0. #2652
• WordPress.WP.DeprecatedFunctions now detects functions deprecated in WordPress up to WP 6.9.0. #2652
• WordPress.WP.DeprecatedParameters now detects parameters deprecated in WordPress up to WP 6.9.0. #2652
• WordPress.Security.ValidatedSanitizedInput: improved the clarity of the error message for the InputNotValidated error code. Props [@​rodrigoprimo]. #2642
• README: updated testVersion recommendations for PHPCompatibility. Props [@​johnjago]. #2471
• Example ruleset: updated the minimum_wp_version and testVersion recommendations. #2608
• All sniffs are now also being tested against PHP 8.5 for consistent sniff results. #2649
• Various housekeeping, including documentation and test improvements. Includes contributions by [@​rodrigoprimo].

Deprecated

• The WordPress.PHP.POSIXFunctions sniff (as it is no longer relevant). #2616

Removed

• wp_kses_allowed_html() from the list of escaping functions. #2566 This affects the WordPress.Security.EscapeOutput sniff.

Fixed

• WordPress.DB.DirectDatabaseQuery: false positive when function call to caching functions did not use the canonical function name. Props [@​rodrigoprimo]. #2613
• WordPress.DB.DirectDatabaseQuery: potential false negative when a class property or constant would mirror the name of one of the caching functions. Props [@​rodrigoprimo]. #2615
• WordPress.DB.PreparedSQL: false positive for correctly escaped SQL snippets when the function call did not use the canonical function name. Props [@​rodrigoprimo]. #2570
• WordPress.DB.PreparedSQLPlaceholders: improved handling of fully qualified calls to global functions. Props [@​rodrigoprimo]. #2569
• WordPress.Security.EscapeOutput: expanded protection against false positives for *::class. Props [@​rodrigoprimo]. #2605
• WordPress.Security.NonceVerification: false positive when nonce checking function call did not use the canonical function name. Props [@​rodrigoprimo]. #2572
• WordPress.WP.EnqueuedResourceParameters: the sniff could cause a PHP 8.5 deprecation notice if the code under scan contained one of the deprecated type casts. #2573
• WordPress.WP.EnqueuedResourceParameters: improved recognition of non-lowercase and fully qualified true/false/null when passed as the $ver parameter value. Props [@​rodrigoprimo]. #2630

#2471: WordPress/WordPress-Coding-Standards#2471 #2559: WordPress/WordPress-Coding-Standards#2559 #2563: WordPress/WordPress-Coding-Standards#2563 #2566: WordPress/WordPress-Coding-Standards#2566 #2569: WordPress/WordPress-Coding-Standards#2569 #2570: WordPress/WordPress-Coding-Standards#2570 #2572: WordPress/WordPress-Coding-Standards#2572 #2573: WordPress/WordPress-Coding-Standards#2573 #2605: WordPress/WordPress-Coding-Standards#2605 #2608: WordPress/WordPress-Coding-Standards#2608

... (truncated)

Commits

• 7795ec6 Merge pull request #2658 from WordPress/develop
• 5025d83 Merge pull request #2657 from WordPress/feature/changelog-3.3.0
• c2b30bf Merge pull request #2656 from WordPress/feature/update-minimum-wp-version
• 12e2936 Changelog for the release of WordPressCS 3.3.0
• da2054d Merge pull request #2654 from WordPress/feature/directdatabasequery-update-fu...
• 7629477 Merge pull request #2651 from WordPress/feature/use-phpcompatibility-10.0.0-a...
• 7f36b9d Update the minimum_wp_version to WP 6.6
• 76eeb61 Merge pull request #2653 from WordPress/feature/ghactions-improve-dont-run-on...
• 3ef3f9d Merge pull request #2652 from WordPress/feature/update-for-wp-6.9
• 2e47aad Merge pull request #2649 from WordPress/feature/ghactions-update-for-php-8.5-...
• Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[pirate-bot]

Bundle Size Diff

Package	Old Size	New Size	Diff
Animations	276.77 KB	276.77 KB	0 B (0.00%)
Blocks	1.55 MB	1.55 MB	0 B (0.00%)
CSS	105.9 KB	105.9 KB	0 B (0.00%)
Dashboard	204.08 KB	204.08 KB	0 B (0.00%)
Onboarding	165.94 KB	165.94 KB	0 B (0.00%)
Export Import	102.86 KB	102.86 KB	0 B (0.00%)
Pro	412.21 KB	412.21 KB	0 B (0.00%)

[pirate-bot]

Plugin build for a9596ae is ready 🛎️!

• Download Otter – Page Builder Blocks & Extensions for Gutenberg - Production ~ Development
• Download Otter Pro - Production ~ Development
• Download Blocks Animation - Production ~ Development
• Download Blocks CSS - Production ~ Development
• Download Blocks Export Import - Production ~ Development

[pirate-bot]

E2E Tests

Playwright Test Status:

Performance Results

serverResponse: {"q25":626.1,"q50":647.45,"q75":669.2,"cnt":10}, firstPaint: {"q25":326.6,"q50":399.15,"q75":450.1,"cnt":10}, domContentLoaded: {"q25":1598.1,"q50":1603.3,"q75":1605.3,"cnt":10}, loaded: {"q25":1598.7,"q50":1603.75,"q75":1605.7,"cnt":10}, firstContentfulPaint: {"q25":3385.7,"q50":3410.4,"q75":3452.1,"cnt":10}, firstBlock: {"q25":7244.7,"q50":7278.95,"q75":7385.4,"cnt":10}, type: {"q25":14.06,"q50":14.41,"q75":15,"cnt":10}, typeWithoutInspector: {"q25":12.22,"q50":13.11,"q75":13.71,"cnt":10}, typeWithTopToolbar: {"q25":16.96,"q50":17.56,"q75":17.95,"cnt":10}, typeContainer: {"q25":7.01,"q50":7.74,"q75":8.99,"cnt":10}, focus: {"q25":59.73,"q50":61.5,"q75":65.92,"cnt":10}, inserterOpen: {"q25":16.66,"q50":16.98,"q75":18.44,"cnt":10}, inserterSearch: {"q25":5.76,"q50":6.11,"q75":6.37,"cnt":10}, inserterHover: {"q25":2.99,"q50":3.13,"q75":3.25,"cnt":20}, loadPatterns: {"q25":1129.21,"q50":1158.19,"q75":1184.14,"cnt":10}, listViewOpen: {"q25":91.41,"q50":96.95,"q75":98.6,"cnt":10}