Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump SonarAnalyzer.CSharp from 8.52.0.60960 to 10.3.0.106239 #228

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 27, 2024

Bumps SonarAnalyzer.CSharp from 8.52.0.60960 to 10.3.0.106239.

Release notes

Sourced from SonarAnalyzer.CSharp's releases.

9.32

This rule includes the promotion of 4 rules to Sonar-way, the deprecation of 1 rule and 2 FP fixes.

Rule Promotions and Deprecations

  • 9644 - Modify S2387: Deprecate rule
  • 9643 - Modify S4050: Promote to Sonar-way
  • 9642 - Modify S2674: Promote to Sonar-way
  • 9641 - Modify S3993: Promote to Sonar-way
  • 9640 - Modify S4052: Promote to Sonar-way

False Positive

  • 9590 - [C#] Fix S6966 FP: EntityFrameworks IDbContextFactory CreateDbContext method is preferred over its Async counterpart
  • 8300 - [C#] Fix S3431 FP: Don't raise if assertions are done in catch or finally

9.31

This release focuses on improving the SonarQube plugin for the .NET analyzers.

Improvements

  • 9558 - SQ Plugin: Load STIG standard after ACOMMONS-11 is done
  • 8503 - SQ Plugin: Align logging for not indexed files
  • 7798 - SQ Plugin: Remove the sonar runtime checks for versions prior 9.9
  • 7115 - SQ Plugin: Replace org.sonar.api.utils.log.Logger
  • 4687 - SQ Plugin: Add xunit report paths in products UI
  • 4685 - SQ Plugin: Remove deprecated import of integration test coverage from plugins
  • 3102 - SQ Plugin: Replace usages of deprecated Build.setProfile in the integration tests
  • 8032 - SQ Plugin: Update the plugin to store the hash for the .cshtml files to enable incremental PR analysis

9.30

Hello, everyone. In this release, we worked on hardening our live variable analysis, which improved the analyzer's accuracy.

False Positives

  • 9473 - Fix S1854 FP: Raises when a variable is reassigned in a using body after it has been already assigned in using statement
  • 9472 - Fix S1854 FP: Raises when a variable is assigned in the switch statement and not used in the first case
  • 9471 - Fix S1854 FP: Raises when a variable is assigned in expression that is part of the ternary condition
  • 9468 - Fix S1854 FP: Throw should connect to outer catch
  • 9466 - Fix S1854 FP: Throw should visit finally

9.29

This release includes a lot of false positive and false negative fixes.

Improvements

  • 2120 - [C#] Improve S3247: Rule should recommend pattern matching for new C# instead of as
  • 9465 - Update RSPEC before 9.29 release

False Positive

  • 7522 - [C#] Fix S1104 FP: Do not report in Unity3D serializable classes
  • 6990 - [C#] Fix S1144 FP: Event with a concrete sender
  • 3842 - [C#] Fix S1144 FP: Ignore unused Deconstruct methods

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [SonarAnalyzer.CSharp](https://github.com/SonarSource/sonar-dotnet) from 8.52.0.60960 to 10.3.0.106239.
- [Release notes](https://github.com/SonarSource/sonar-dotnet/releases)
- [Commits](https://github.com/SonarSource/sonar-dotnet/commits)

---
updated-dependencies:
- dependency-name: SonarAnalyzer.CSharp
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 27, 2024
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 27, 2024

Sorry, only users with push access can use that command.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants