Bump the dependencies group with 2 updates

[dependabot]

Bumps the dependencies group with 2 updates: phpcompatibility/php-compatibility and squizlabs/php_codesniffer.

Updates phpcompatibility/php-compatibility from 10.0.0-alpha1 to 10.0.0-alpha2

Release notes

Sourced from phpcompatibility/php-compatibility's releases.

10.0.0-alpha2 - 2025-11-28

IMPORTANT: This release contains breaking changes. Please read and follow the Upgrade guide in the wiki carefully before upgrading!

This release includes all improvements and bugfixes from PHPCompatibility 10.0.0-alpha1.

See all related issues and PRs in the 10.0.0-alpha2 milestone.

Added

• PHP cross-version:
  • 🌟 New PHPCompatibility.Keywords.ForbiddenClassAlias sniff. #1952
  • 🌟 New PHPCompatibility.LanguageConstructs.RemovedLanguageConstructs sniff. #1948 This sniff in its initial version will detect the PHP 8.5 deprecation of the backtick operator.
• PHP 8.3:
  • 🌟 New PHPCompatibility.ParameterValues.NewClassAliasInternalClass sniff. #1951
  • 🌟 New PHPCompatibility.Syntax.NewDynamicClassConstantFetch sniff. #1974
• PHP 8.5:
  • 🌟 New PHPCompatibility.Classes.NewStaticAvizProperties sniff. #1950
• ⭐ PHPCompatibility.Classes.NewClasses sniff: recognize the new DateTime and SQLite extension related error and exception classes as introduced in PHP 8.3. #1936, #1937
• ⭐ PHPCompatibility.Constants.NewConstants sniff: recognize various constants from the Mhash extension. #1938
• ⭐ PHPCompatibility.ParameterValues.ChangedIntToBoolParamType sniff: detect the Zlib $use_include_path parameter type change as per PHP 8.5. #1949
• ⭐ The "list based" sniffs, like NewFunctions, RemovedIniDirectives, ForbiddenNames etc, have received updates to account for new/deprecated/removed PHP classes, constants, functions, function parameters, ini directives, reserved namespaces and type casts as per PHP 8.5.
• 📚 Documentation for the following sniffs:
  • PHPCompatibility.Syntax.NewShortArray #1997

Changed

• 🔀 PHPCompatibility.TypeCasts.RemovedTypeCasts has new error codes. #1941
  • The t_unset_castDeprecatedRemoved has been changed to unsetDeprecatedRemoved.
  • The t_double_castDeprecatedRemoved has been changed to realDeprecatedRemoved.
• 📌 PHPCompatibility.Keywords.ForbiddenNames will now also detect incompatible use of the "other" reserved keywords parent and self. #1940
• 🔧 ☔ Various housekeeping, including general maintenance, improvements to speed up the sniffs, improvements to CI, the tests and documentation.

Credits

Thanks go out to @​afilina and @​okkun-sh for their contributions to this version. 👏

Changelog

Sourced from phpcompatibility/php-compatibility's changelog.

[10.0.0-alpha2] - 2025-11-28

IMPORTANT: This release contains breaking changes. Please read and follow the [Upgrade guide in the wiki][wiki-upgrade-to-10.0] carefully before upgrading!

This release includes all improvements and bugfixes from PHPCompatibility [10.0.0-alpha1].

See all related issues and PRs in the [10.0.0-alpha2 milestone].

Added

• PHP cross-version:

  • 🌟 New PHPCompatibility.Keywords.ForbiddenClassAlias sniff. #1952
  • 🌟 New PHPCompatibility.LanguageConstructs.RemovedLanguageConstructs sniff. #1948 This sniff in its initial version will detect the PHP 8.5 deprecation of the backtick operator.

• PHP 8.3:

  • 🌟 New PHPCompatibility.ParameterValues.NewClassAliasInternalClass sniff. #1951
  • 🌟 New PHPCompatibility.Syntax.NewDynamicClassConstantFetch sniff. #1974

• PHP 8.5:

  • 🌟 New PHPCompatibility.Classes.NewStaticAvizProperties sniff. #1950

• ⭐ PHPCompatibility.Classes.NewClasses sniff: recognize the new DateTime and SQLite extension related error and exception classes as introduced in PHP 8.3. #1936, #1937

• ⭐ PHPCompatibility.Constants.NewConstants sniff: recognize various constants from the Mhash extension. #1938

• ⭐ PHPCompatibility.ParameterValues.ChangedIntToBoolParamType sniff: detect the Zlib $use_include_path parameter type change as per PHP 8.5. #1949

• ⭐ The "list based" sniffs, like NewFunctions, RemovedIniDirectives, ForbiddenNames etc, have received updates to account for new/deprecated/removed PHP classes, constants, functions, function parameters, ini directives, reserved namespaces and type casts as per PHP 8.5.

  #1941, #1942, #1943, #1944, #1945, #1946, #1947, #1953, #1954, #1955, #1956, #1957, #1958, #1959, #1960, #1961, #1962, #1963, #1965, #1966, #1967, #1968, #1969, #1970, #1971

... (truncated)

Commits

• e0f0e5a CHANGELOG: add release date for 10.0.0-alpha2
• cc985eb Merge pull request #2000 from PHPCompatibility/feature/changelog-10.0.0-alpha2
• 86e34fc CHANGELOG for the 10.0.0-alpha2 release
• 9d8a55f Merge pull request #1993 from PHPCompatibility/feature/composer-remove-roave-...
• 1b0bd51 Merge pull request #1984 from PHPCompatibility/feature/update-manage-labels
• 4adfa58 Merge pull request #1976 from PHPCompatibility/feature/add-pull-request-template
• 16b3310 Merge pull request #1999 from PHPCompatibility/dependabot/github_actions/acti...
• 0158f1e GH Actions: Bump actions/checkout from 5.0.0 to 6.0.0
• 23bd186 PHP 8.3 | ✨ New sniff to detect dynamic class constant fetch (#1974)
• 0de9a34 Merge pull request #1998 from PHPCompatibility/dependabot/github_actions/acti...
• Additional commits viewable in compare view

Updates squizlabs/php_codesniffer from 3.13.4 to 3.13.5

Release notes

Sourced from squizlabs/php_codesniffer's releases.

3.13.5 - 2025-11-04

Added

• Runtime support for PHP 8.5. All known PHP 8.5 deprecation notices have been fixed.
  • Syntax support for new PHP 8.5 features will follow in a future release.
  • If you find any PHP 8.5 deprecation notices which were missed, please report them.

Changed

• Various housekeeping, including improvements to the tests and documentation.
  • Thanks to Rodrigo Primo and Juliette Reinders Folmer for their contributions.

Fixed

• Fixed bug #1216: Tokenizer/PHP: added more defensive coding to prevent PHP 8.5 "Using null as an array offset" deprecation notices.
  • Thanks to Andrew Lyons for the patch.
• Fixed bug #1279: Tokenizer/PHP: on PHP < 8.0, an unclosed attribute (parse error) could end up removing some tokens from the token stream.
  • This could lead to false positives and false negative from sniffs, but could also lead to incorrect fixes being made mangling the file under scan.
  • Thanks to Juliette Reinders Folmer for the patch.

Other

• Please be aware that the master branch has been renamed to 3.x and the default branch has changed to the 4.x branch.
  • If you contribute to PHP_CodeSniffer, you will need to update your local git clone.
  • If you develop against PHP_CodeSniffer and run your tests against dev branches of PHPCS, you will need to update your workflows.

---

New Contributors

The PHP_CodeSniffer project is happy to welcome the following new contributors: @​andrewnicols

Statistics

Closed: 2 issues Merged: 36 pull requests

Follow @​phpcs on Mastodon or @​PHP_CodeSniffer on X to stay informed.

Please consider funding the PHP_CodeSniffer project. If you already do so: thank you!

Changelog

Sourced from squizlabs/php_codesniffer's changelog.

[3.13.5] - 2025-11-04

Added

• Runtime support for PHP 8.5. All known PHP 8.5 deprecation notices have been fixed.
  • Syntax support for new PHP 8.5 features will follow in a future release.
  • If you find any PHP 8.5 deprecation notices which were missed, please report them.

Changed

• Various housekeeping, including improvements to the tests and documentation.
  • Thanks to [Rodrigo Primo][@​rodrigoprimo] and [Juliette Reinders Folmer][@​jrfnl] for their contributions.

Fixed

• Fixed bug #1216: Tokenizer/PHP: added more defensive coding to prevent PHP 8.5 "Using null as an array offset" deprecation notices.
  • Thanks to [Andrew Lyons][@​andrewnicols] for the patch.
• Fixed bug #1279: Tokenizer/PHP: on PHP < 8.0, an unclosed attribute (parse error) could end up removing some tokens from the token stream.
  • This could lead to false positives and false negative from sniffs, but could also lead to incorrect fixes being made mangling the file under scan.
  • Thanks to Juliette Reinders Folmer for the patch.

Other

• Please be aware that the master branch has been renamed to 3.x and the default branch has changed to the 4.x branch.
  • If you contribute to PHP_CodeSniffer, you will need to update your local git clone.
  • If you develop against PHP_CodeSniffer and run your tests against dev branches of PHPCS, you will need to update your workflows.

#1216: PHPCSStandards/PHP_CodeSniffer#1216 #1279: PHPCSStandards/PHP_CodeSniffer#1279

Commits

• 0ca8684 Merge pull request #1305 from PHPCSStandards/feature/docs-minor-touch-up-befo...
• 3e7e576 Docs: various small fixes
• c3a2490 CHANGELOG: fix up missing credit
• 848341d Merge pull request #1304 from PHPCSStandards/feature/changelog-3.13.5
• 31c62de Changelog for the 3.13.5 release
• e163dbf PHP 8.5 | Tokenizer/PHP: properly fix "Using null as an array offset" depreca...
• af1b003 Merge pull request #1301 from PHPCSStandards/feature/e2e-tests-use-new-bashun...
• cf28362 E2E tests: use new bashunit assertion
• a82bffd Merge pull request #1298 from PHPCSStandards/dependabot/github_actions/3.x/ac...
• 0ae1271 Merge pull request #1299 from PHPCSStandards/dependabot/github_actions/3.x/ac...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[danepowell]

@TravisCarden does RCAT still actively maintain this? If so, it looks like they need to update the Jira bot key. If not, maybe we should just disable the Jira ticket workflow.

[TravisCarden]

@mayur-sose can you weigh in on this? Is RCAT still using this Sync GitHub issues to Jira feature? If so, it looks like we have an authentication issue to address. If not (or if it's not adding value), we'll just disable it.

[TravisCarden]

I'm doing a little housecleaning today... I'm going to make an executive decision and remove the Jira workflow. If @mayur-sose wants to keep it, it'll be easy to restore it when he provides a new key.