Open
Conversation
|
Renovate Jira issue ID: SLLS-494 |
renovate
bot
force-pushed
the
renovate/analyzer-dependencies
branch
from
ad05796 to
b83e6d4
Compare
![sonar-review-alpha[bot]](https://avatars.githubusercontent.com/in/3025063?s=60&v=4){kind=small}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
6.76.0.93913→6.79.0.972911.36.0.101591→1.40.0.10169910.16.2.130377→10.21.0.13571710.16.2.130377→10.21.0.1357172.2.0.18377→2.8.0.197761.31.0.4938→1.33.0.53872.34.0.9939→2.42.0.107842.14.2.7437→2.16.0.76163.22.0.7011→3.25.0.74735.19.0.32098→5.20.0.3229512.0.0.38664→12.1.0.394348.16.3.1589→8.19.0.15868.22.0.41895→8.26.0.42915Release Notes
SonarSource/sonarlint-omnisharp (org.sonarsource.sonarlint.omnisharp:sonarlint-omnisharp-plugin)
v1.40.0.101699Compare Source
For full release notes, see JIRA
v1.39.0.101672Compare Source
For full release notes, see JIRA
v1.38.0.101637Compare Source
For full release notes, see JIRA
v1.37.0.101606Compare Source
For full release notes, see JIRA
SonarSource/sonar-dotnet (org.sonarsource.dotnet:sonar-csharp-plugin)
v10.21.0.135717: 10.21Compare Source
Bug
Feature
False Positive
v10.20.0.135146: 10.20Compare Source
This release brings 9 precision improvements — 7 false positive fixes and 2 false negative fixes — across rules S1116, S1144, S1210, S1643, S1854, S2365, S3254, S3265, and S127. It also promotes S2068 and S6418 from Security Hotspot to Vulnerability, making them visible directly in the IDE, and removes S3256 from the Sonar Way quality profile.
Changes
False Positive
False Negative
Rule specification
Maintenance
v10.19.0.132793: 10.19Compare Source
Documentation
False Positive
False Negative
Task
Bug
v10.18.0.131500: 10.18Compare Source
This releases focuses on fixing the false-positives that are raised on code making use of the new features in C# 14.
Improvement
Task
False Positive
False Negative
v10.17.0.131074: 10.17Compare Source
False Negative
Task
New Feature
Bug
Improvement
SonarSource/sonar-xml (org.sonarsource.xml:sonar-xml-plugin)
v2.16.0.7616Compare Source
Release notes - SonarXML - 2.16
False Positive
SONARXML-180 FP on S1120, should consider line continuations
Task
SONARXML-302 Bump org.assertj:assertj-core from 3.27.3 to 3.27.7
SONARXML-304 Create GHA for Automated Release
SONARXML-316 Document that SCA is applied to ITs intentionally
SONARXML-317 Update orchestrator to 6.1.0.3962
SONARXML-318 Update plugin API version to 13.2.0.3137
v2.15.0.7513Compare Source
Release notes - SonarXML - 2.15
False Positive
SONARXML-221 [S5604] Should not raise on items containing tools:node="remove"
Task
SONARXML-293 Use develocity in GHA build
SONARXML-297 Update rules metadata
SonarSource/sonar-html (org.sonarsource.html:sonar-html-plugin)
v3.25.0.7473Compare Source
Release notes - SonarHTML - 3.25
What's Changed
Full Changelog: SonarSource/sonar-html@3.24.0.7341...3.25.0.7473
v3.24.0.7341Compare Source
Release notes - SonarHTML - 3.24
Improvement
SONARHTML-173 FP S1090: consider hidden or tabindex property not to report
SONARHTML-177 FP in S5148: Add new exceptions for relative URLs
SONARHTML-179 Fix S1827:
bodydeprecated margin attributesSONARHTML-180 Include
.htmextensionSONARHTML-185 Fix S1096: Allow "title" without corresponding "head"
SONARHTML-187 Fix S1929: Ignore Server Side Includes
SONARHTML-219 Fix S6825 FP: Should not trigger on hidden input elements
SONARHTML-252 FP: S6819 - The ARIA “img” role should be allowed on SVG images
SONARHTML-253 Fix S6840: Do not report for Vuetify text fields
SONARHTML-256 Web:S6821 role “toolbar” should not be raised as invalid role
SONARHTML-284 tag triggers UnclosedTagCheck even though it is allowed to have no end tag
SONARHTML-288 Angular [attr.aria-checked] doesn't prevent S6807 to trigger
SONARHTML-298 Fix FP S5255: Triggers in Vue file using mutually exclusive
v-ifandv-elseclausesTask
SONARHTML-344 Update RSPEC before 3.24.0 release
SONARHTML-345 fix(S6853): Recognize Razor HTML helpers as form controls in labels
SONARHTML-348 fix(S7930): Reduce FPs for duplicate IDs in conditional blocks
SONARHTML-349 fix(S7930): Skip duplicate check for dynamic template IDs
SONARHTML-350 fix(S7930): Handle same-quote nesting in Razor/template attributes
SONARHTML-351 fix(S6853): Recognize Angular and Vue binding syntax for label 'for' attribute
SONARHTML-352 fix(S5254): Recognize ERB/JSP expressions as dynamic lang values
SONARHTML-353 fix(S5254): Recognize ERB/JSP expressions as dynamic lang values
SONARHTML-354 fix(UnsupportedTagsInHtml5Check): Skip PascalCase Vue components
SONARHTML-355 fix(S6853): Move trailing comments to their own lines
v3.23.0.7209Compare Source
Release notes - SonarHTML - 3.23
Task
SONARHTML-342 feat: Add support to links to S5725
SonarSource/sonar-javascript (org.sonarsource.javascript:sonar-javascript-plugin)
v12.1.0.39434Compare Source
Release notes - SonarJS - 12.1
Feature
JS-1341 Consolidate web analysis into a single WebSensor, replacing JsTsSensor + HtmlSensor + YamlSensor + CssRuleSensor
JS-1355 Merge CssRuling and JsTsRuling into a single unified ruling test
False Positive
JS-1122 Fix FP on S2310: Array splice with compensating counter decrement pattern
JS-1154 Fix FP on S6827: Dynamic anchor content via prop spreading or component composition
JS-1178 Fix FP on S7739: JSON Schema if-then-else validation constructs
JS-1244 Fix FP on S6747: Styled-JSX jsx and global attributes flagged as unknown
JS-1255 Fix FP on S4325: Type assertions narrowing generic/union return types
JS-1301 Fix FP on S3800: Functions with consistent return types flagged as mixed
JS-1307 Fix FP on S3516: Functions with intentional invariant returns for chaining
JS-1309 Fix FP on S6544: Promise existence checks for lazy initialization patterns
JS-1310 Fix FP on S6544: async functions used for side effects with void expectation
JS-1321 Fix FP on S101: Dollar sign prefix convention for internal types not recognized
JS-1322 Fix FP on S7723: Object() used for type coercion not object creation
JS-1360 Fix FP on S1119: Labels for multi-level loop exits in nested iteration
JS-1361 Fix FP on S1119: Labels used for control flow within switch statements
JS-1364 Fix FP on S2234: MD5/crypto algorithm parameter rotation patterns
JS-1381 Fix FP on S6598: Interface used as defineEmits type argument in Vue <script setup>
JS-1386 Fix FP on S6767: Props reported unused when entire props object is passed to a helper function
JS-1387 Fix FP on S6767: Props reported unused when spread into another object or JSX element
JS-1388 Fix FP on S6767: Props reported unused when accessed via dynamic bracket notation
JS-1395 Fix FP on S1143: Void returns as guard clauses in finally blocks
JS-1396 Fix FP on S1143: Guard clause throws in finally after cleanup
Bug
JS-1429 Fix S4030: crash when linting Svelte use: directives
SonarSource/sonar-java-symbolic-execution (org.sonarsource.java:sonar-java-symbolic-execution-plugin)
v8.19.0.1586Compare Source
Release notes - JavaSE - 8.19
Bug
JAVASE-145 Change project key for sonar-java-symbolic-execution on SQC EU and US to be consistent with Next
Task
JAVASE-13 Prepare next development iteration
JAVASE-153 Update parent pom 85.0.0.3035 and license headers
JAVASE-158 Update parent pom to version 86.0.0.3040
JAVASE-159 Update release and releasability workflows
v8.18.1.347Compare Source
Release notes - JavaSE - 8.18.1
Task
JAVASE-15 Prepare next development iteration
JAVASE-16 Upgrade commons-lang3 to 3.18.0
v8.18.0.242Compare Source
Release notes - JavaSE - 8.18
Task
JAVASE-10 Prepare next development iteration
JAVASE-12 Update rule metadata
Improvement
JAVASE-11 Remove DivisionByZeroCheck registration from the plugin
v8.17.0.181Compare Source
Release notes - JavaSE - 8.17
Task
JAVASE-9 Update rule metadata
Improvement
JAVASE-7 Remove NullDereferenceCheck from plugin
SonarSource/sonar-java (org.sonarsource.java:sonar-java-plugin)
v8.26.0.42915Compare Source
Release notes - SonarJava - 8.26
False Positive
SONARJAVA-4960 FP S1854 wrongly report issues when the semantic is not complete
SONARJAVA-5975 FP on S6856 when the ModelAttribute is a class / record
SONARJAVA-5985 S6207 should only raise if it has no side effects or only before assignments to components
SONARJAVA-6003 FP on S2055 when superclass has a generated no args constructor
SONARJAVA-6070 Fix FP on S1133: Public APIs with documented deprecation plans flagged
SONARJAVA-6179 FP in S6810: CompletableFuture is not treated as a subtype of Future when T is unknown
SONARJAVA-6180 FP on rule S5853: consecutive calls to "assertThat" chained with calls to "element" should not raise an issue
SONARJAVA-6184 FP for S4605 when having SpringBootApplication followed by ComponentScan annotation
SONARJAVA-6186 S6207 should not raise on non-trivial getter methods
False Negative
SONARJAVA-5980 S3749: false negative when Lombok
RequiredArgsConstructoris usedSONARJAVA-6122 FN Rule S3078 : VolatileVariablesOperationsCheck implementation seems to be wrong
Bug
SONARJAVA-5657 S6541, Incorrect NOAV Metric Calculation
SONARJAVA-6152 S1612 incorrect quickfix
Maintenance
SONARJAVA-5981 S5194: Compliant and non compliant code exmples are too different
SONARJAVA-6155 Use shared update rule metadata worflow
SONARJAVA-6176 Update Rspec quickfix property for ["S7629", "S7467", "S7466", "S7475", "S7477"]
SONARJAVA-6185 Prepare Next Iteration: adjust for automated release
SONARJAVA-6188 Use plugin-artifacts to fix SQS and SQC integrations
SONARJAVA-6190 Update automated release workflow
SONARJAVA-6194 Update rule metadata
v8.25.0.42802Compare Source
Release notes - SonarJava - 8.25
Feature
SONARJAVA-6093 Implement rule S3051 : Main methods should be used only as program entry point
SONARJAVA-6100 Implement rule S8450 : Use IO.readln() for console input instead of BufferedReader boilerplate
SONARJAVA-6102 Implement rule S8447 : Initialize subclass fields before super() when superclass constructor may call
SONARJAVA-6104 S8469: Use
IO.readln(String prompt)instead ofIO.printfollowed byIO.readln()SONARJAVA-6106 S8465 "ScopedValue" instances should be assigned to a stable reference
SONARJAVA-6112 Implement rule S8446 - Only one "main" method should be present
False Positive
SONARJAVA-6146 S8445: Relax the rule to allow more styles of sorting imports
False Negative
SONARJAVA-5017 S4684 Add support for Jakarta
Bug
SONARJAVA-6143 Repair quickFix for S1118 rule
Maintenance
SONARJAVA-6006 Bump org.assertj:assertj-core from 3.23.1 to 3.27.7
SONARJAVA-6016 Upgrade or remove Guava-based ruling test
SONARJAVA-6029 Licence packaging standard - SonarJava
SONARJAVA-6092 Add telemetry for Java 25 features
SONARJAVA-6098 Add redundant module imports checking to S1128
SONARJAVA-6114 Update RSpec synchonization GitHub action
SONARJAVA-6121 S2694 raises issues on classes classes within Implicitly Declared Classes
SONARJAVA-6140 Add automated release workflow
SONARJAVA-6141 Save ncloc metric on test files
SONARJAVA-6144 Modify rule S1128: Add an example of unnecessary module import
SONARJAVA-6150 Automated Release: Add Jira issue categories
SONARJAVA-6159 Update rule metadata: change formatting with new rule-api.jar
SONARJAVA-6178 Update rule metadata
v8.24.0.42567Compare Source
Release notes - SonarJava - 8.24
New Feature
SONARJAVA-5978 Support Compact Source Files
SONARJAVA-5984 Support Module Import Declarations
SONARJAVA-6084 S8433: Validation logic should be placed in constructor prologue when possible
SONARJAVA-6096 S8445: Group import declarations by specificity
SONARJAVA-6108 Implement S8432 : "ScopedValue.where" results should not be ignored
SONARJAVA-6113 Implement : S8444 - Validation and data preparation logic before super() should not bloat constructor
False Positive
SONARJAVA-5340 FP on S1171 in anonymous classes
SONARJAVA-5866 S6816 should not raise on the parameter injected when the value is annotated as NonNull
SONARJAVA-5873 S5961: AssertJ descriptions and custom error messages breaks the assertion count
SONARJAVA-5936 False Positive for nested wildcard for S1452
SONARJAVA-6014 FP:java:S1258 doesn’t exclude jakarta.inject.Inject
SONARJAVA-6095 S1166 Should not report when the exception is explicitely ignored using unnamed variable _
SONARJAVA-6099 S1135 Confuses Spanish word "todo" with English TODO
SONARJAVA-6111 S6204 should not raise an issue when addFirst/addLast/removeFirst/removeLast is called on the list
Task
SONARJAVA-5976 Remove obsolete projects from Next
SONARJAVA-6010 Prepare next development iteration (8.24.0-SNAPSHOT)
SONARJAVA-6012 Migrate ITs to Java 21 to fix CI breakage
SONARJAVA-6034 Fix sonar-java build
SONARJAVA-6077 Update "Prepare Next Development Iteration" workflow
SONARJAVA-6094 Fix unused import
SONARJAVA-6124 Create Claude command to migrate test samples
SONARJAVA-6127 Update rule metadata
Improvement
SONARJAVA-5859 Upload the aggregated diff report on a github page
SONARJAVA-5961 Upgrade sonar-java-jdt to 1.8
SONARJAVA-5973 Improve testkit tool to be able to use specific dependencies for tests
SONARJAVA-5982 S106 Should not be raised on compact source files
SONARJAVA-5983 S1220 (no unnamed package) is not applicable to compact source files
SONARJAVA-6028 S1120 Update for compact source files to avoid raising FPs
SONARJAVA-6075 S2325 Raises issues on instance main() methods
SONARJAVA-6086 Avoid unused String[] args parameter in main method
SONARJAVA-6090 S106 should detect usage of IO
SONARJAVA-6105 MethodTreeCheck.isMainMethod should be updated for Java 25 (S2096, S112, S1147, S1160, S1172, S1118, S6539)
SONARJAVA-6116 Add Java-25 project to peachee-java-kotlin
SONARJAVA-6117 S8433 should not raise issue for classes without superclass declared
SONARJAVA-6119 S3078 should report on compact source files
SONARJAVA-6123 S8433 Do not raise issues without an explicit constructor call
Documentation
SONARJAVA-5955 S122: Noncompliant example should not violate unrelated rules
SONARJAVA-6007 S2301 Inappropriate Code Sample
False Negative
SONARJAVA-5016 S2077 Add support for Jakarta
SONARJAVA-5909 FN on S3752 when @RequestMapping in class
SONARJAVA-5931 Upgrade S5128 to support the Jakarta package
Sub-task
SONARJAVA-6021 Unified dogfooding : fix/setup sync for SonarJava
v8.23.0.42096Compare Source
Release notes - SonarJava - 8.23
New Feature
SONARJAVA-5930 S8346: Increment and decrement operators (++/--) should not be used with floating point variables.
SONARJAVA-6000 New public API to access module fully qualified key in ModuleScannerContext
False Positive
SONARJAVA-5929 S1258 FP on Spring @Value annotation
Task
SONARJAVA-5942 Fix Plugin QA failure in CI
SONARJAVA-5946 Use develocity in GHA build
SONARJAVA-5958 Upgrade ECJ to version 3.44
SONARJAVA-5968 Migrate build to Java 25
SONARJAVA-5969 Update commons-lang3 to version 3.20
SONARJAVA-6004 Update rules metadata
Improvement
SONARJAVA-5928 S1118 provides a quick fix
Documentation
SONARJAVA-5927 Compliant examples for S1118 should suggest a commented body as a first alternative before throwing an exception
False Negative
SONARJAVA-5122 FN on S5977 when using SecureRandom and others
SONARJAVA-5123 FN on S2119 when using SecureRandom and others
SONARJAVA-5820 S2698 should suggest using `assertThrows` and `expectThrows` with message
Sub-task
SONARJAVA-5971 Modify rule S1258: Add exception for @Value annotated fields
SONARJAVA-5972 Modify rule S1118: Change the compliant example to an empty constructor with a comment
Configuration
📅 Schedule: Branch creation - "after 7am every weekday,before 7pm every weekday" in timezone CET, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.