Bump SonarAnalyzer.CSharp from 8.53.0.62665 to 9.2.0.71021 #251

dependabot · 2023-06-01T00:56:48Z

Bumps SonarAnalyzer.CSharp from 8.53.0.62665 to 9.2.0.71021.

Release notes

Sourced from SonarAnalyzer.CSharp's releases.

9.2

This release brings a new implementation of S3949 rule, that is now part of SonarWay again.

New features

7147 - [VB.NET] New rule S3949: Integral operations should not overflow - for VB.NET

7239 - [C#] Rule S6613: implement CodeFix

False Positive fixes

7104 - [C#] Fix S2259 FP: Conditional access checked for bool

3491 - [C#] Fix S3949 FP: Do not report inside GetHashCode

Improvements

4631 - [C#] Migrate S3949 to the new Symbolic Execution engine

7148 - [C#] S3949: Add rule to SonarWay profile

7138 - [C#] Remove CBDE dependency

7212 - [C#] Modify S3237 message to be more accurate

7262 - [C#, VB.NET] Revert "UtilityAnalyzer: Use RegisterCompilationStartAction" - fix performance regression

7234 - [C#, VB.NET] SE Fix FPs: Improve fixed-count loops

7156 - [C#, VB.NET] SE: Cache NumberConstraint

7111 - [C#, VB.NET] SE: Concatenate string expression returns non-null string

7260 - Update RSPEC before 9.2 release

Bug Fixes

7050 - [C#] Fix AD0001 on S1186: NullReferenceException for top-level methods

9.1

Release 9.1 brings a set of rules that help users avoid performance pitfalls.

New Rules

7132 - [C#] New rule S6618: "string.Create" should be used instead of "FormattableString"

7131 - [C#, VB.NET] New rule S6617: "Contains" should be used instead of "Any" for simple equality checks

7129 - [C#, VB.NET] New rule S6613: "First" and "Last" properties of "LinkedList" should be used instead of the "First()" and "Last()" extension methods

7128 - [C#, VB.NET] New rule S6612: The lambda parameter should be used instead of capturing arguments in "ConcurrentDictionary" methods

7127 - [C#, VB.NET] New rule S6610: "StartsWith" and "EndsWith" overloads that take a "char" should be used instead of the ones that take a "string"

7126 - [C#, VB.NET] New rule S6609: "Min/Max" properties of "Set" types should be used instead of the "Enumerable" extension methods

7125 - [C#, VB.NET] New rule S6608: Indexing should be used instead of "Enumerable" methods on types implementing "IList"

7124 - [C#, VB.NET] New rule S6607: The collection should be filtered before sorting by using "Where" before "OrderBy"

7123 - [C#, VB.NET] New rule S6605: Collection-specific "Exists" method should be used instead of the "Any" extension

7122 - [C#, VB.NET] New rule S6603: The collection-specific "TrueForAll" method should be used instead of the "All" extension

7121 - [C#, VB.NET] New rule S6602: "Find" method should be used instead of the "FirstOrDefault" extension

Improvements

7197 - [VB.NET] Improve S2302 Message: Use NameOf for VB.NET

7133 - [C#] Extend S3260 to include file access modifier on types

Bug Fixes

7134 - [C#] Fix AD0001 in S138: NullReferenceException

False Negative

2528 - [C#] FPs and FNs in the Symbolic Execution rules when null coalescing is combined with arithmetic expressions because we do not support constraints on integers

... (truncated)

Commits

9d55571 Update RSPEC before 9.2 release (#7297)
d2ca13a S3949: Implement ShouldExecute for C# (#7298)
7cbbb44 Rule S6613: Implement CodeFix (#7250)
e4bcb2c SE: Concatenate string expression returns non-null string (#7285)
cf9b161 Fix S2259 FP: Conditional access checked for bool (#7283)
df65a51 SE: Use file scoped namespaces (#7279)
7519381 S2259: Add FP repro for #7104 (#7278)
7090865 Fix a failing UT for S3949 based on Division (#7287)
f2cbe9a Bump classgraph from 4.8.158 to 4.8.160 (#7254)
5ff2dde Update RSPEC for S1048 and S3237 after migrating them to LaYC format (#7277)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [SonarAnalyzer.CSharp](https://github.com/SonarSource/sonar-dotnet) from 8.53.0.62665 to 9.2.0.71021. - [Release notes](https://github.com/SonarSource/sonar-dotnet/releases) - [Commits](SonarSource/sonar-dotnet@8.53.0.62665...9.2.0.71021) --- updated-dependencies: - dependency-name: SonarAnalyzer.CSharp dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>