Update PHP and JavaScript dependencies#156
Conversation
…root dev dependency to install using the master branch to work around wonky release numbers
Package is no longer maintained, switched to php-stubs/acf-pro-stubs.
This package is horrendously out of date since Coby left SiteCrafting, and it isn't being maintained anymore. Felt like removing the package was the best path forward instead of forking it and having to update it. It has a conflict with behat/behat, as they both require `symfony/yaml`, but this acobster/wp-cli-yaml-fixtures wants `symfony/yaml:3.4` and the newer versions of `behat/behat` want `symfony/yaml:7.x`.
Fix an "unmaintained packaged" warning when running `lando composer audit`.
Set it to be ^6.5.5 so it can pull the latest minor version on composer updates.
Remove squizlabs/php_codesniffer because wp-coding-standards/wpcs requires it, so it makes little sense for us to also require it when we're not using it directly.
It looks like johnpbloch/wordpress-core-installer isn't really being maintained anymore, but it was safe to move off the `dev-master` branch and onto the `2.0.0` branch instead. The only reason a v2 was released was because the minimum PHP version got bumped up to PHP 5.6, which doesn't affect us.
This package is no longer maintained and no longer works on Node versions 10 through 22. After talking to Scott about it, we decided it was better to just strip it out for now, as it's probably seldom being used.
We were only using this to dynamically generate the API Reference section of the documentation website. However, this package, and the others like it, are seldom updated, so it was more hassle than it was worth to try and keep it.
Now the documentation site is blazingly fast 🦀
rhendrickson-sc
added
documentation
There was a problem hiding this comment.
Pull Request Overview
This PR modernizes the Conifer codebase by introducing strict type declarations and modern PHP syntax throughout the project. The changes focus on improving type safety, code quality, and maintainability while updating development tooling.
- Added
declare(strict_types=1)to all PHP files - Migrated to modern PHP 8.1+ syntax (constructor property promotion, first-class callables, match expressions, null coalescing assignment, etc.)
- Updated development tooling: replaced GitBook with VitePress for documentation, added Rector for automated refactoring
- Enhanced type hints and PHPDoc annotations for better static analysis
- Updated dependencies (PHPStan, WPCS, ACF stubs, PHPUnit)
Reviewed Changes
Copilot reviewed 78 out of 81 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| rector.php | Added Rector configuration for automated code quality improvements |
| composer.json | Updated dependencies, added Rector, modernized PHPStan/WPCS versions |
| test/unit/*.php | Added strict types, modernized test method signatures, improved type hints |
| lib/Conifer/**/*.php | Applied strict types, constructor property promotion, first-class callables |
| docs/.vitepress/config.mts | Added VitePress configuration replacing GitBook |
| package.json | Replaced GitBook with VitePress for documentation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There are some lingering sniff "issues" that I don't consider issues. But the bulk of the problems have been solved.
rhendrickson-sc
force-pushed
the
update/package-updates-092025
branch
from
67a486c to
8384a55
Compare
|
@sdunham I made the Sniff updates/fixes. There ended up being two "fixes" I didn't implement. The first is an issue of The second is an issue of |
|
@rhendrickson-sc I think you're good to skip those sniff fixes. I agree that the first one is out of scope for this update. I also agree that implementing it is a good idea, but there will be plenty of edge-cases to account for (especially when you factor in caching, which can cause all kinds of issues when using nonces). I'd say adding a backlog task would be a good idea so it doesn't get lost in the shuffle, but we're definitely going to need to think through the implementation so we don't run into major issues once something like Cloudflare is in the mix. As for the second one, it's odd that you're still getting a sniff result after adding |
This reverts commit 90e26c6.
Issue
The project had quite a few Dependabot warnings about
gitbook-cli. We also wanted to update the site overall.Solution
Updated and removed the packages in
composer.json. Most of the dependencies were updated, however I removed some that weren't being used and/or were causing conflicts/weren't necessary anymore after updating another dependency.Replaced
gitbook-clientirely with VitePress. Note: this does have the "negative" that the documentation site will not longer have the "Api References" section because the libraries I could find that would do something like that were either incompatible with VitePress, or were last updated five+ years ago.Impact
This shouldn't have any negative impact. It updates some dependencies and integrates Rector into the project, to help with this update + future updates.
Note: Rector did add some PHP 8.1 specific changes, but I didn't think this would be a problem considering PHP 8.1 is end of life in December 2025.
Usage Changes
Only thing I can think of is that these updates do make Conifer a bit more strict on the typing, but I was conservative with it, so we didn't jump from 0% typing to 100% typing.
Considerations
At some point we might want to beef up the typing in this project, but that would probably require a new major release + work on any site using Conifer.
Testing
All unit tests are passing. No new tests were added.