Bump Meziantou.Analyzer and SonarAnalyzer.CSharp

[dependabot]

Updated Meziantou.Analyzer from 2.0.201 to 2.0.210.

Release notes

Sourced from Meziantou.Analyzer's releases.

2.0.210

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.210

What's Changed

• Use additional locations to report diagnostic on symbols with multiple locations by @​meziantou in Use additional locations to report diagnostic on symbols with multiple locations meziantou/Meziantou.Analyzer#821

Full Changelog: meziantou/Meziantou.Analyzer@2.0.209...2.0.210

2.0.209

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.209

What's Changed

• Add MA0171: Replace HasValue with pattern matching by @​meziantou in Add MA0171: Replace HasValue with pattern matching meziantou/Meziantou.Analyzer#819

Full Changelog: meziantou/Meziantou.Analyzer@2.0.208...2.0.209

2.0.208

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.208

Full Changelog: meziantou/Meziantou.Analyzer@2.0.207...2.0.208

2.0.207

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.207

What's Changed

• Apply repository configuration by @​meziantou in Apply repository configuration meziantou/Meziantou.Analyzer#817

Full Changelog: meziantou/Meziantou.Analyzer@2.0.206...2.0.207

2.0.206

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.206

What's Changed

• Simplify msbuild properties by @​meziantou in Simplify msbuild properties meziantou/Meziantou.Analyzer#816

Full Changelog: meziantou/Meziantou.Analyzer@2.0.205...2.0.206

2.0.205

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.205

What's Changed

• MA0053 takes ctor visibility into account to determine if a class should be sealed by @​meziantou in MA0053 takes ctor visibility into account to determine if a class should be sealed meziantou/Meziantou.Analyzer#815

Full Changelog: meziantou/Meziantou.Analyzer@2.0.204...2.0.205

2.0.204

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.204

What's Changed

• Convert sln to slnx by @​meziantou in Convert sln to slnx meziantou/Meziantou.Analyzer#814

Full Changelog: meziantou/Meziantou.Analyzer@2.0.203...2.0.204

2.0.203

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.203

Full Changelog: meziantou/Meziantou.Analyzer@2.0.202...2.0.203

2.0.202

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.202

What's Changed

• Add a rule to check parameters in attributes are valid by @​meziantou in Add a rule to check parameters in attributes are valid meziantou/Meziantou.Analyzer#809

Full Changelog: meziantou/Meziantou.Analyzer@2.0.201...2.0.202

Commits viewable in compare view.

Updated SonarAnalyzer.CSharp from 10.10.0.116381 to 10.15.0.120848.

Release notes

Sourced from SonarAnalyzer.CSharp's releases.

10.15

False Positive

• NET-2198 - Fix S1905 FP: Cast of default! expression is required
• NET-2197 - Fix S1905 FP: stackalloc and Span conversions
• NET-1641 - Fix S1905 FP: casting IEnumerable<string?> to IEnumerable<string>
• NET-2157 - Fix S2589 FP: Don't raise an issue after a delegate is invoked
• NET-2073 - Fix S2699 FP: Add support for FsCheck property tests
• NET-1537 - Fix S6964 FP: Don't raise on properties annotated with the BindRequiredAttribute

Improvement

• NET-2112 - Consider ExplodedNodes relevant if a successor would be relevant
• NET-2183 - SE: Set constraint on operation when learning from IsPattern

False Negative

• NET-429 - Fix S4275 FN: Support partial properties

Task

• NET-2208 - Update RSpec before release

10.14

Hey everyone,

This release mostly focuses on mitigating (NET-2196) a performance regression that was introduced in 10.13.

Improvement

• NET-2196 - Fix path algorithm for execution flows to mitigate performance regression
• NET-2177 - Improve how the Symbolic Execution engine handles exception paths
• NET-2135 - Support xUnit V3
• NET-2163 - Provide Interface for other plugins to add rules to VB.NET SonarWay profile

False Negative

• NET-235 - Fix S2053: Adjust required salt length to be 32 bytes

Task

• NET-2170 - Update RSPEC before 10.14 release

10.13

Hello everyone,

In this release, we've focused on:

• False positive fixes
• Enhancing S2259's secondary locations to provide clearer, step-by-step explanations of null pointer dereferences issues.

False Positives

• NET-2099 - Fix S3885 FP: Do not raise in ResolutionEventHandler
• NET-2023 - Fix S3257 FP: Array with target-typed new
• NET-1646 - Fix S3267 FP: Loops should be simplified with LINQ expressions
• NET-1588 - Fix S1066 FP: Combination of dynamic and out should not raise
• NET-882 - Fix S3257 FP: Don't raise for C# 10 and later when there's explicit delegate creation

Improvements

• NET-2095 - Improve incremental PR analysis path detection
• SE: S2259 - Improve secondary locations

10.12

This release brings the VB version of S6418 and a few FP and FN fixes.

New Rule

• NET-1379 - New Rule: Implement S6418 Hard-coded secrets are security-sensitive for VB.NET

False Positive

• NET-1526 - Fix S3267 FP: Only raise on IEnumerable

False Negative

• NET-1260 - Fix S1215 FN: GC.GetTotalMemory(forceFullCollection: true) should not be called
• NET-1258 - Fix S6678 FN: Lowercase placeholders in interpolated string
• NET-1255 - Fix S3267 FN: Logical operators are not supported

Task

• NET-2060 - Update RSPEC before 11.12 release

10.11

Hello everyone!
In this release we fixed a bunch of false positives and false negatives.
Additionally this version adds support for telemetry in order to gather information on feature usage. Telemetry, requires scanner 10.2.0 or greater.

False Positive

• NET-1522 - Fix S2068 FP: Do not raise on password:secret
• NET-1149 - Fix S3626 FP: Add exception when return statement is preceding local functions

False Negative

• NET-1263 - Fix S1871 FN: Nested if .. else if chain
• NET-1256 - S2068: Remove word boundary(\b) from regex
• NET-1254 - Fix S3878 FN: When params are passed as array through an attribute
• NET-1252 - FN S1168: Support IndexerDeclaration and ConversionOperatorDeclaration
• NET-459 - Fix S1168 FN: Add support for partial indexers

10.10.1

Bugfix release to fix combability with SonarQube Cloud + a simplification to the ProfileRegistrar

Task

• NET-1463 - Update RSPEC before 10.10.1 release
• NET-1461 - Make CSharpSonarWayProfile be compatible and simplify ProfileRegistrar

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[what-the-diff]

PR Summary

• Updated the Meziantou.Analyzer package version
  The version of the Meziantou.Analyzer package, a tool that assists in code review by checking for common code issues, has been updated for optimization and enhanced functionality.

• Upgraded the SonarAnalyzer.CSharp package version
  The version of the SonarAnalyzer.CSharp package, which helps detecting bugs and security vulnerabilities in the codebase, has been elevated. This improvement will likely result in more secure and robust code.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.