Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump SonarAnalyzer.CSharp from 8.52.0.60960 to 9.20.0.85982 #194

Closed

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 21, 2024

Bumps SonarAnalyzer.CSharp from 8.52.0.60960 to 9.20.0.85982.

Release notes

Sourced from SonarAnalyzer.CSharp's releases.

9.20

Hey everyone!

This release brings a vast number of improvements. The main focus lies on improving the capabilities of our Symbolic Execution engine, which results in much more accurate findings. The biggest visible impact is a significant reduction in false positives around loops for the rules S2583 and S2589.

And a big thank you to @​rcatley for their external contribution!

Bug Fixes

  • 8642 - [C#] Exception in SonarAnalyzer.Rules.CSharp.SymbolicExecutionRunner

False Positive

  • 8678 - [C#, VB.NET] Fix S2583 FP: Variable Updated in Catch Block
  • 8028 - [C#, VB.NET] Fix S2583 FP: Loop with manually incremented counter
  • 8449 - [C#, VB.NET] Fix S2589 FP: Change this condition so that it does not always evaluate to 'True'
  • 8495 - [C#, VB.NET] Fix S2583/S2589 FP: Return inside lock and using causes FP after the block
  • 8428 - [C#, VB.NET] Fix S2583/S2589 FP: For loop with Array.Length
  • 8483 - [C#, VB.NET] Fix S4158 FP: Should not report on HashSet.UnionWith for readonly fields.
  • 8739 - [C#] Fix S4049 FP: Do not raise on methods with generic parameters
  • 8638 - [C#] Fix S2386 & S3887 FP: should not be raised for FrozenDictionary and FrozenSet
  • 8611 - [C#] Fix S2372 FP: Add support for method invocations (@​rcatley)
  • 8567 - [C#] Fix S2325 FP: Primary Constructor Support

False Negative

  • 8486 - [C#] Fix S2589 FN: Tuple binary operations (comparison)

Improvements

  • 8010 - [C#, VB.NET] S2589: Improve message in the case of null propagating operator
  • 7866 - [C#, VB.NET] SE: Allow collection tracking even when S4158 is not active
  • 8499 - [C#] SE: Learn number constraints from relational pattern
  • 8651 - Update RSPEC before 9.20 release

9.19

Hello,

small release to enhance the deprecation warning before SonarQube v.10.4, explicitly notifying users analyzing with MSBuild 14 that it's no longer supported while maintaining the deprecation status for MSBuild 15. Furthermore, we've also introduced three improvements to our rules:

Improvements

  • 8609 - AnalysisWarningAnalyzerBase: targeted warnings for MSBuild14/15
  • 8559 - [C#, VB.NET] Fix S2178 Rule message: Mention extracting right operand if applicable
  • 6139 - [C#, VB.NET] Detect symbol references for @ keyword identifiers
  • 3753 - [C#, VB.NET] S1186: also inspect empty set and init and empty local functions

9.18

Hi everyone!

This release focuses on fixing false positives and on general improvements that will be included in the upcoming SonarQube 10.4.

False Positive

  • 7792 - [C#, VB.NET] Fix S1125 FP: Type check with System.Object
  • 7904 - [C#] Fix S1144 FP: Record method PrintMembers
  • 6326 - [C#] Fix S2437 FP: None of the operands is 0

... (truncated)

Commits
  • afd7543 Fix S2583/2589 FP: Return inside lock, using and finally causes FP after the ...
  • 4644b28 SE: Learn number constraints from relational pattern (#8773)
  • 3ad4377 Fix S2583/S2589 FP: try-finally in loop (#8755)
  • e3ef756 Update RSPEC before 9.20 release (#8775)
  • 9161bc0 Fix S2583/S2589 FP: try-catch in loop (#8753)
  • 5d6b781 SE Loops: Addition for same sign operands (#8760)
  • 32f2bdb Coding style: Remove compiler directives (#8757)
  • 4f18a86 Support Tuple Binary Operations in Symbolic Execution (#8718)
  • 6069617 S2589: Add FP Repro for #8570 (#8759)
  • ecf5aea SE: Move CollectionConstraint from S4158 to the engine (part 6) (#8733)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [SonarAnalyzer.CSharp](https://github.com/SonarSource/sonar-dotnet) from 8.52.0.60960 to 9.20.0.85982.
- [Release notes](https://github.com/SonarSource/sonar-dotnet/releases)
- [Commits](SonarSource/sonar-dotnet@8.52.0.60960...9.20.0.85982)

---
updated-dependencies:
- dependency-name: SonarAnalyzer.CSharp
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 21, 2024
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 21, 2024

Sorry, only users with push access can use that command.

Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 5, 2024

Superseded by #195.

@dependabot dependabot bot closed this Mar 5, 2024
@dependabot dependabot bot deleted the dependabot/nuget/SonarAnalyzer.CSharp-9.20.0.85982 branch March 5, 2024 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants