Skip to content

Build/Tools: Update PHPCompatibilityWP to 3.0.0-alpha2#11217

Open
rodrigoprimo wants to merge 5 commits intoWordPress:trunkfrom
rodrigoprimo:phpcompatibility-wp-3.0.0-alpha
Open

Build/Tools: Update PHPCompatibilityWP to 3.0.0-alpha2#11217
rodrigoprimo wants to merge 5 commits intoWordPress:trunkfrom
rodrigoprimo:phpcompatibility-wp-3.0.0-alpha

Conversation

@rodrigoprimo
Copy link

@rodrigoprimo rodrigoprimo commented Mar 10, 2026

This PR updates the PHPCompatibilityWP Composer dependency from ~2.1.3 to 3.0.0-alpha2 (which includes PHPCompatibility 10.0.0-alpha2) and addresses the new violations surfaced by the updated sniffs.

Changes are split into separate commits for easier review:

  1. Update PHPCompatibilityWP to 3.0.0-alpha2: composer.json changes with explicit version pins for phpcompatibility/php-compatibility-wp, phpcompatibility/php-compatibility and phpcompatibility/phpcompatibility-paragonie.
  2. Update phpcompat.xml.dist error codes: PHPCompatibility v10 adds removal data for functions/constants/directives removed in PHP 8+, changing their error codes from *Deprecated to *DeprecatedRemoved. Update the existing exclusion rules to match.
  3. Update phpcompat.xml.dist exclusions: Add file-level exclusions for third-party bundled libraries (SimplePie, getID3, Snoopy, PHP AI Client) following the approach used in https://core.trac.wordpress.org/ticket/63168#comment:16. Also add a rule-level exclusion for the intentional use of #[\SensitiveParameter] (https://core.trac.wordpress.org/ticket/57304) and remove the workaround for PHPCompatibility#1481.
  4. Update inline phpcs:ignore annotations: Add or update annotations in WordPress Core files for version-guarded deprecated function calls and function_exists/defined-guarded new function usage.
  5. TEMP: Temporarily exclude violations tracked in separate tickets: This is a temporary commit to allow the PHP compatibility scan to pass. It excludes NewHTMLEntitiesFlagsDefault.NotSet (waiting for https://core.trac.wordpress.org/ticket/53465) and adds phpcs:ignore annotations for utf8_encode (https://core.trac.wordpress.org/ticket/55603). This commit should not be merged as-is; the plan is to wait for a decision on https://core.trac.wordpress.org/ticket/53465 and https://core.trac.wordpress.org/ticket/55603 before updating PHPCompatibilityWP.

Trac ticket: https://core.trac.wordpress.org/ticket/64634

This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.

@rodrigoprimo
Build/Tools: Update PHPCompatibilityWP to 3.0.0-alpha2.
c5a579b 
Update the PHPCompatibilityWP dependency from `~2.1.3` to `3.0.0-alpha2`.
This brings in PHPCompatibility 10.0.0-alpha2 which adds sniffs for
PHP 8.0 through 8.5.

PHPCompatibilityWP's own dependencies (PHPCompatibility and
PHPCompatibilityParagonie) are explicitly pinned in `require-dev`
to allow Composer to install the alpha versions without needing
to set `minimum-stability` to `dev` for the entire project.

Ref: https://github.com/PHPCompatibility/PHPCompatibilityWP/releases/tag/3.0.0-alpha2
@rodrigoprimo
Build/Tools: Update phpcompat.xml.dist error codes for PHPCompatibili…
3a142d7 
…ty v10.

PHPCompatibility v10 adds data about functions, constants, and ini
directives that were removed in PHP 8+. Those that were previously only
known to be deprecated now correctly show as both deprecated and removed,
which changes the error code from `*Deprecated` to `*DeprecatedRemoved`.
Update the existing exclusion rules to match.
@rodrigoprimo
Build/Tools: Update phpcompat.xml.dist exclusions for PHPCompatibilit…
726fbf6 
…y v10.

Remove the workaround for PHPCompatibility/PHPCompatibility 1481, which is fixed in v10.

Add a rule-level exclusion for:
- NewAttributes.PHPNativeAttributeFound: the `#[\SensitiveParameter]`
  attribute is used intentionally. See https://core.trac.wordpress.org/ticket/57304.

Add file-level exclusions for violations in third-party bundled libraries.
I'm assuming file-level exclusions are preferred over inline `phpcs:ignore`
annotations for third-party bundled libraries based on
https://core.trac.wordpress.org/ticket/63168#comment:16.
- SimplePie: `strftime`, `RemovedCallingDestructAfterConstructorExit`,
  `curl_close`, `xml_parser_free`.
- getID3: `libxml_disable_entity_loader`.
- Snoopy: `socket_set_timeout` (not maintained and deprecated since WP 3.0).
- PHP AI Client (Nyholm/Psr7): `RemovedTriggerErrorLevel` (version-guarded,
  unreachable on PHP 7.4+).
@rodrigoprimo
Build/Tools: Update inline phpcs:ignore annotations for PHPCompatibil…
b636f08 
…ity v10.

Update existing annotations where error codes changed in v10:
- `mbstring_func_overloadDeprecated` to `mbstring_func_overloadDeprecatedRemoved`
  in `functions.php` and `pomo/streams.php`.

Add new phpcs:ignore annotations for violations surfaced by the updated
sniffs:
- Version-guarded deprecated no-op calls: curl_close, imagedestroy,
  finfo_close, xml_parser_free, libxml_disable_entity_loader.
- function_exists/defined-guarded new function and constant usage:
  imageavif, imagecreatefromavif, IMG_WEBP_LOSSLESS.
- Deprecated ini directive `auto_detect_line_endings` in pomo/po.php
  (kept intentionally, see comment in the file).
@rodrigoprimo
TEMP Build/Tools: Temporarily exclude violations tracked in separate …
8e2cfb6 
…tickets.

- Exclude NewHTMLEntitiesFlagsDefault.NotSet while waiting for https://core.trac.wordpress.org/ticket/53465.
- Add phpcs:ignore annotations for utf8_encode in export.php and image.php (https://core.trac.wordpress.org/ticket/55603).

This is just a temporary commit for the build to pass. The plan is to wait for a decision on https://core.trac.wordpress.org/ticket/53465 and https://core.trac.wordpress.org/ticket/55603 before updating PHPCompatibilityWP.
@github-actions
Copy link

github-actions bot commented Mar 10, 2026

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Core Committers: Use this line as a base for the props when committing in SVN:

Props rodrigosprimo.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

@github-actions
Copy link

github-actions bot commented Mar 10, 2026

Test using WordPress Playground

The changes in this pull request can previewed and tested using a WordPress Playground instance.

WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Some things to be aware of

  • All changes will be lost when closing a tab with a Playground instance.
  • All changes will be lost when refreshing the page.
  • A fresh instance is created each time the link below is clicked.
  • Every time this pull request is updated, a new ZIP file containing all changes is created. If changes are not reflected in the Playground instance,
    it's possible that the most recent build failed, or has not completed. Check the list of workflow runs to be sure.

For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation.

Test this pull request with WordPress Playground.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rodrigoprimo