Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump SonarAnalyzer.CSharp from 8.52.0.60960 to 9.21.0.86780 #195

Closed

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 5, 2024

Bumps SonarAnalyzer.CSharp from 8.52.0.60960 to 9.21.0.86780.

Release notes

Sourced from SonarAnalyzer.CSharp's releases.

9.21

New Rules

  • 8771 - [C#] New rule S6678: Use PascalCase for named placeholders
  • 8770 - [C#] New rule S6674: Log message template should be syntactically correct
  • 8768 - [C#] New rule S2629: Logging templates should be constant
  • 8767 - [C#] New rule S6677: Named placeholders should be unique
  • 8766 - [C#] New rule S6667: Exceptions should be passed as an argument when logging in a catch clause
  • 8765 - [C#] New rule S6668: Logging arguments should be passed to the correct parameter

Improvements

  • The following rules were promoted to the SonarWay profile: S127, S1244, S1696, S1192, S1994, S2701, S2955

Bug Fixes

  • 8787 - [C#] Fix AD0001: SonarAnalyzer.Rules.CSharp.SymbolicExecutionRunner throws an exception on unknown Numeric Constraints

False Positive

  • 8823 - [C#] Fix S2701 FP: avoid raising for xUnit Assert.True()
  • 6772 - [C#] Fix S4507 FP: Error raised on .NET 7 although the debug feature is deactivated

9.20

Hey everyone!

This release brings a vast number of improvements. The main focus lies on improving the capabilities of our Symbolic Execution engine, which results in much more accurate findings. The biggest visible impact is a significant reduction in false positives around loops for the rules S2583 and S2589.

And a big thank you to @​rcatley for their external contribution!

Bug Fixes

  • 8642 - [C#] Exception in SonarAnalyzer.Rules.CSharp.SymbolicExecutionRunner

False Positive

  • 8678 - [C#, VB.NET] Fix S2583 FP: Variable Updated in Catch Block
  • 8028 - [C#, VB.NET] Fix S2583 FP: Loop with manually incremented counter
  • 8449 - [C#, VB.NET] Fix S2589 FP: Change this condition so that it does not always evaluate to 'True'
  • 8495 - [C#, VB.NET] Fix S2583/S2589 FP: Return inside lock and using causes FP after the block
  • 8428 - [C#, VB.NET] Fix S2583/S2589 FP: For loop with Array.Length
  • 8483 - [C#, VB.NET] Fix S4158 FP: Should not report on HashSet.UnionWith for readonly fields.
  • 8739 - [C#] Fix S4049 FP: Do not raise on methods with generic parameters
  • 8638 - [C#] Fix S2386 & S3887 FP: should not be raised for FrozenDictionary and FrozenSet
  • 8611 - [C#] Fix S2372 FP: Add support for method invocations (@​rcatley)
  • 8567 - [C#] Fix S2325 FP: Primary Constructor Support

False Negative

  • 8486 - [C#] Fix S2589 FN: Tuple binary operations (comparison)

Improvements

  • 8010 - [C#, VB.NET] S2589: Improve message in the case of null propagating operator
  • 7866 - [C#, VB.NET] SE: Allow collection tracking even when S4158 is not active
  • 8499 - [C#] SE: Learn number constraints from relational pattern
  • 8651 - Update RSPEC before 9.20 release

9.19

Hello,

small release to enhance the deprecation warning before SonarQube v.10.4, explicitly notifying users analyzing with MSBuild 14 that it's no longer supported while maintaining the deprecation status for MSBuild 15. Furthermore, we've also introduced three improvements to our rules:

... (truncated)

Commits
  • b05eb80 Rule S6668: Handle the rule exceptions (#8848)
  • afbce35 Update RSPEC for 9.21 Release (#8838)
  • 88b80ab Improve S6678: Change primary and secondary locations (#8836)
  • 7ae6c9a Promote 7 rules to SonarWay (#8806)
  • c0d6a61 New rule S6674: Log message template should be syntactically correct (#8818)
  • 4fe2a8b New rule S6668: Logging arguments should be passed to the correct parameter (...
  • b0d5ee0 .NET ITs: Move .NET5 code to CSharpLatest (#8808)
  • 95a7dca Fix S2701 FP: avoid raising for xUnit Assert.True() (#8823)
  • beb30d9 S125: Add FP Repro for #8819 (#8821)
  • f96478a Template rules update after peach validation part#2 (#8820)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [SonarAnalyzer.CSharp](https://github.com/SonarSource/sonar-dotnet) from 8.52.0.60960 to 9.21.0.86780.
- [Release notes](https://github.com/SonarSource/sonar-dotnet/releases)
- [Commits](SonarSource/sonar-dotnet@8.52.0.60960...9.21.0.86780)

---
updated-dependencies:
- dependency-name: SonarAnalyzer.CSharp
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 5, 2024
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 5, 2024

Sorry, only users with push access can use that command.

Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 21, 2024

Superseded by #196.

@dependabot dependabot bot closed this Mar 21, 2024
@dependabot dependabot bot deleted the dependabot/nuget/SonarAnalyzer.CSharp-9.21.0.86780 branch March 21, 2024 12:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants