chore(deps): update dependency squizlabs/php_codesniffer to v4

[renovate]

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

---

This PR contains the following updates:

Package	Change	Age	Confidence
squizlabs/php_codesniffer	^3.13 -> ^4.0

---

Release Notes

PHPCSStandards/PHP_CodeSniffer (squizlabs/php_codesniffer)

v4.0.0: - 2025-09-16

Compare Source

This release contains breaking changes.

Upgrade guides for both ruleset maintainers/end-users, as well as for sniff developers and integrators, have been published to the Wiki.

You are strongly encouraged to read the upgrade guide applicable to your situation before upgrading.

This release includes all improvements and bugfixes from PHP_CodeSniffer 4.0.0-beta1, 4.0.0-RC1, 3.13.3 and 3.13.4.

Changed

• Tokenizer/PHP: fully qualified exit/die/true/false/null will be tokenized as the keyword token and the token 'content' will include the leading backslash. #​1201
• Wherever possible based on the PHP 7.2 minimum version, parameter types have been added to all methods. #​1237
• The supported PHPUnit version constraints have been updated to ^8.4.0 || ^9.3.4 || ^10.5.32 || 11.3.3 - 11.5.28 || ^11.5.31. #​1247
  • External standards using the PHP_CodeSniffer native framework may need to update their own PHPUnit version constraints.
• Various housekeeping, including improvements to the tests and documentation.

Fixed

• Fixed bug #​1082: new exit codes weren't applied when running phpcbf on code provided via STDIN.
  • Thanks to Dan Wallis for the patch.
• Fixed bug #​1172: // phpcs:set for inline array properties did not handle a single item array with the value true, false or null correctly.
• Fixed bug #​1174: progress bar wasn't showing files as fixed when running phpcbf in parallel mode.
• Fixed bug #​1226: PHP 8.5 "Using null as an array offset" deprecation notice.

Other

• Please be aware that the master branch has been renamed to 3.x and the default branch has changed to the 4.x branch.
  • If you contribute to PHP_CodeSniffer, you will need to update your local git clone.
  • If you develop against PHP_CodeSniffer and run your tests against dev branches of PHPCS, you will need to update your workflows.

---

Statistics

Closed: 5 issues
Merged: 35 pull requests

Follow @​phpcs on Mastodon or @​PHP_CodeSniffer on X to stay informed.

Please consider funding the PHP_CodeSniffer project. If you already do so: thank you!

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: composer.lock

Command failed: composer update squizlabs/php_codesniffer:4.0.0 --with-dependencies --ignore-platform-req='ext-*' --ignore-platform-req='lib-*' --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins --minimal-changes
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires squizlabs/php_codesniffer ^4.0, found squizlabs/php_codesniffer[4.0.0] but these were not loaded, likely because it conflicts with another require.
  Problem 2
    - dealerdirect/phpcodesniffer-composer-installer is locked to version v1.1.2 and an update of this package was not requested.
    - dealerdirect/phpcodesniffer-composer-installer v1.1.2 requires squizlabs/php_codesniffer ^2.0 || ^3.1.0 || ^4.0 -> found squizlabs/php_codesniffer[2.0.0, ..., 2.9.2, 3.1.0, ..., 3.13.4, 4.0.0] but these were not loaded, likely because it conflicts with another require.
  Problem 3
    - pheromone/phpcs-security-audit is locked to version 2.0.1 and an update of this package was not requested.
    - pheromone/phpcs-security-audit 2.0.1 requires squizlabs/php_codesniffer >3.0 -> found squizlabs/php_codesniffer[3.0.1, ..., 3.13.4, 4.0.0] but these were not loaded, likely because it conflicts with another require.
  Problem 4
    - phpcompatibility/php-compatibility is locked to version 9.3.5 and an update of this package was not requested.
    - phpcompatibility/php-compatibility 9.3.5 requires squizlabs/php_codesniffer ^2.3 || ^3.0.2 -> found squizlabs/php_codesniffer[2.3.0, ..., 2.9.2, 3.0.2, ..., 3.13.4] but it conflicts with your root composer.json require (^4.0).
  Problem 5
    - slevomat/coding-standard is locked to version 8.22.1 and an update of this package was not requested.
    - slevomat/coding-standard 8.22.1 requires squizlabs/php_codesniffer ^3.13.4 -> found squizlabs/php_codesniffer[3.13.4] but it conflicts with your root composer.json require (^4.0).

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud