fix(deps): update sonarqube plugins upgrades (minor) #44
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alaudaa-renovate
bot
force-pushed
the
renovate/sonarqube-plugins-minor
branch
11 times, most recently
from
7010d3c to
be7ab79
Compare
alaudaa-renovate
bot
force-pushed
the
renovate/sonarqube-plugins-minor
branch
3 times, most recently
from
83c10b3 to
3c25e54
Compare
alaudaa-renovate
bot
force-pushed
the
renovate/sonarqube-plugins-minor
branch
6 times, most recently
from
e519a75 to
062fc30
Compare
alaudaa-renovate
bot
force-pushed
the
renovate/sonarqube-plugins-minor
branch
2 times, most recently
from
df7b499 to
b114dc2
Compare
alaudaa-renovate
bot
force-pushed
the
renovate/sonarqube-plugins-minor
branch
6 times, most recently
from
0e86747 to
9136cb1
Compare
alaudaa-renovate
bot
force-pushed
the
renovate/sonarqube-plugins-minor
branch
from
9136cb1 to
9bf34df
Compare
alaudaa-renovate
bot
force-pushed
the
renovate/sonarqube-plugins-minor
branch
11 times, most recently
from
4ed61ab to
246f6c2
Compare
alaudaa-renovate
bot
force-pushed
the
renovate/sonarqube-plugins-minor
branch
9 times, most recently
from
c26072d to
dcf2fc1
Compare
alaudaa-renovate
bot
force-pushed
the
renovate/sonarqube-plugins-minor
branch
from
dcf2fc1 to
df39ce5
Compare
![kiloconnect[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
There was a problem hiding this comment.
✅ No Issues Found
X files reviewed | Confidence: 95% | Recommendation: Merge
Review Details
Files: source/build.gradle, source/gradle.properties
Checked: Security, dependency compatibility, version consistency
Analysis:
This Renovate Bot PR safely updates SonarQube plugin dependencies from older versions to newer minor versions. All updates are:
- From official SonarSource organization
- Following semantic versioning (minor upgrades)
- Within the same major version series
- Consistent with plugin API version update (11.0.0.2664 → 11.4.0.2922)
Updated Plugins:
- Language analyzers: Java, JavaScript, Python, PHP, Kotlin, Scala, Ruby, C#, VB.NET, Flex, HTML
- Security and quality tools: JaCoCo, XML, IAC, Text plugins
- All version updates appear to be minor/patch level with no breaking changes
Security Assessment:
- No security vulnerabilities introduced
- All dependencies sourced from official SonarSource repositories
- Version patterns consistent with upstream releases
The changes are routine dependency updates that maintain compatibility while bringing bug fixes and improvements from the latest plugin versions.
alaudaa-renovate
bot
force-pushed
the
renovate/sonarqube-plugins-minor
branch
2 times, most recently
from
fb6484e to
6952e35
Compare
✅ No Issues Found2 files reviewed | Confidence: 95% | Recommendation: Merge Review DetailsFiles: source/build.gradle, source/gradle.properties Checked: Security, dependency compatibility, version consistency, breaking changes Analysis:
Updated Plugins (19 total):
Security Assessment:
Compatibility Assessment:
The changes are routine dependency updates that maintain compatibility while bringing bug fixes and improvements from the latest plugin versions. Safe to merge. |
alaudaa-renovate
bot
force-pushed
the
renovate/sonarqube-plugins-minor
branch
3 times, most recently
from
2971112 to
23215ad
Compare
alaudaa-renovate
bot
force-pushed
the
renovate/sonarqube-plugins-minor
branch
from
23215ad to
90dd18e
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.26.1.9976->2.38.0.102791.48.1.18410->1.53.0.169932.12.2.6335->2.15.0.75132.22.1.6674->2.23.0.63595.7.1.26730->5.16.0.299402.4.0.2018->2.6.0.36653.41.0.12692->3.54.0.1545211.2.0.34013->11.7.1.369888.8.0.37665->8.19.0.15868.18.0.40025->8.22.0.418951.3.0.1538->1.4.0.49463.18.0.5605->3.22.0.70112.14.0.5032->2.16.0.600910.4.0.108396->10.18.0.13150010.4.0.108396->10.18.0.1315001.18.2.1879->1.21.0.19971.18.1.375->1.22.0.199211.0.0.2664->11.4.0.292211.0.0.2664->11.4.0.2922Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
SonarSource/sonar-xml (org.sonarsource.xml:sonar-xml-plugin)
v2.15.0.7513Compare Source
Release notes - SonarXML - 2.15
False Positive
SONARXML-221 [S5604] Should not raise on items containing tools:node="remove"
Task
SONARXML-293 Use develocity in GHA build
SONARXML-297 Update rules metadata
v2.14.2.7437Compare Source
Release notes - SonarXML - 2.14.2
Bug
SONARXML-168 Unable to parse XML file when attribute is too long
Task
SONARXML-271 Update parent POM and company name
SONARXML-272 Update sonar-analyzer-commons
SONARXML-273 Update sonar-plugin-api
SONARXML-275 Build with Java 21
SONARXML-279 Update rule metadata
SONARXML-283 Prevent script injection S7630
SONARXML-284 Update parent pom to 85.0.0.3035
SONARXML-291 Update parent pom to 86.0.0.3040
SONARXML-292 Prepare next development iteration 2.14.2
False Negative
SONARXML-183 [S5344] Add detection of passwords in Web.config files
SONARXML-264 FN on S2068 in appSettings in web.config of .NET Web Applications
SONARXML-274 S3330 Does not detect missing httpOnlyCookies in .NET's web.config
SONARXML-277 Add XML to S5734 (MIME sniffing attacks) and detect it in IIS config
v2.14.1.7429Compare Source
Release notes - SonarXML - 2.14.1
Task
SONARXML-283 Prevent script injection S7630
SONARXML-284 Update parent pom to 85.0.0.3035
v2.14.0.7419Compare Source
Release notes - SonarXML - 2.14
Bug
SONARXML-168 Unable to parse XML file when attribute is too long
Task
SONARXML-242 Update Slack notification in .github/workflows/slack_notify.yml
SONARXML-243 Bump orchestrator to version 5.5 or greater
SONARXML-246 Use "sonar.scanner.skipJreProvisioning" in integration tests
SONARXML-250 Ignore test fixtures for SCA scanning
SONARXML-253 Update GH release and releasability actions
SONARXML-254 Create Github action to prepare next development iteration.
SONARXML-255 Delete ws_scan_task
SONARXML-257 Migrate Cirrus build to Github action
SONARXML-258 Migrate QA task to GitHub action
SONARXML-259 Migrate ruling tasks to GitHub actions
SONARXML-261 Create PR cleanup action
SONARXML-268 Finalize CI migration
SONARXML-269 Use correct build number in the promote job
SONARXML-271 Update parent POM and company name
SONARXML-272 Update sonar-analyzer-commons
SONARXML-273 Update sonar-plugin-api
SONARXML-275 Build with Java 21
SONARXML-279 Update rule metadata
False Negative
SONARXML-183 [S5344] Add detection of passwords in Web.config files
SONARXML-264 FN on S2068 in appSettings in web.config of .NET Web Applications
SONARXML-274 S3330 Does not detect missing httpOnlyCookies in .NET's web.config
SONARXML-277 Add XML to S5734 (MIME sniffing attacks) and detect it in IIS config
Epic
SONARXML-256 Migrate Cirrus CI tasks to GitHub Actions
v2.13.1.6351Compare Source
Release notes - SonarXML - 2.13.1
Task
SONARXML-287 Prepare next development iteration 2.13.1
SONARXML-288 Prepare 2.13.1
v2.13.0.5938Compare Source
Release notes - SonarXML - 2.13
This release brings a new rule from the M8 category of OWASP Mobile Top 10 to SonarXML: S7207.
What's Changed
Full Changelog: SonarSource/sonar-xml@2.12.0.5749...2.13.0.5938
SonarSource/sonar-kotlin (org.sonarsource.kotlin:sonar-kotlin-plugin)
v2.23.0.6359Compare Source
SonarSource/sonar-cayc-stats-plugin (org.sonarsource.plugins.cayc:sonar-cayc-plugin)
v2.6.0.3665Compare Source
What's Changed
Full Changelog: SonarSource/sonar-cayc-stats-plugin@2.5.0.2588...2.6.0.3665
v2.5.0.2588Compare Source
What's Changed
Full Changelog: SonarSource/sonar-cayc-stats-plugin@2.2.0.619...2.5.0.2588
SonarSource/sonar-php (org.sonarsource.php:sonar-php-plugin)
v3.54.0.15452Compare Source
Release notes - SonarPHP - 3.54
False Positive
SONARPHP-1537 S1068 should not raise on private static singleton
SONARPHP-1609 S2699 shouldn't flag tests with "DoesNotPerformAssertions" attribute
SONARPHP-1695 S1172 should not raise on magic function
SONARPHP-1721 S1155 An issue should not be raised even if empty() is used
v3.53.0.15220Compare Source
Release notes - SonarPHP - 3.53
Rotations of binary signing keys
v3.52.0.15197Compare Source
Release notes - SonarPHP - 3.52
False Positive
SONARPHP-1673 S1192 should not raise on "importmap.php"
SONARPHP-1674 S101 should not raise for generated classes for Yii DB migration
SONARPHP-1675 S100 should adapt to Wordpress naming conventions
SONARPHP-1680 S1448 should not raise on classes that are entity of a database
SONARPHP-1681 S2003 and S4833 should not raise on Laravel-generated code
Improvement
SONARPHP-1738 Update S3776 Cognitive Complexity to account for PHP pipe operator
SONARPHP-1754 Improve Wordpress Framework detection
SONARPHP-1761 Drop set of deprecated hotspots
SONARPHP-1762 Migrate Pilot Group of Hotspots to Vulnerabilities
v3.51.0.15001Compare Source
Release notes - SonarPHP - 3.51
New Feature
SONARPHP-1729 Support Pipe operator (PHP 8.5 feature)
SONARPHP-1734 Support void cast (PHP 8.5 feature)
SONARPHP-1735 Support final property promotion (PHP 8.5 feature)
SONARPHP-1736 Support Closures in constant expressions (PHP 8.5 feature)
False Positive
SONARPHP-1534 S1192 should not report an issue on Laravel-like validation strings
SONARPHP-1541 S1172 should not raise an issue on $subject parameter for before, after and around methods
SONARPHP-1581 S2830 should not flag default values of constructor parameters
v3.50.0.14927Compare Source
Release notes - SonarPHP - 3.50
v3.49.0.13624Compare Source
Release notes - SonarPHP - 3.49
Improvement
SONARPHP-1692 Optimize keyword parsing by replacing regex-based logic
v3.48.0.13483Compare Source
Release notes - SonarPHP - 3.48
Rule meta data updates
v3.47.0.13433Compare Source
Release notes - SonarPHP - 3.47
Maintenance release, rule meta data updates
v3.46.1.15272Compare Source
Rotations of binary signing keys
v3.46.0.13151Compare Source
Release notes - SonarPHP - 3.46
False Positive
SONARPHP-1631 S6328: Do not raise on escape sequences that are using numbers
Improvement
SONARPHP-1643 Error level log should be used only for non-recoverable error that stop the analyzer
v3.45.0.12991Compare Source
Fixes rules descriptions to MQR.
v3.44.0.12898Compare Source
Release notes - SonarPHP - 3.44
Improvement
SONARPHP-1626 S1541 should detect `elseif` clauses
v3.43.0.12862Compare Source
Release notes - SonarPHP - 3.43
False Positive
SONARPHP-1577 S4144 should not report an issue on method/function using the __FUNCTION__ constant
SONARPHP-1590 S1192 should not raise for HTML tags
Bug
SONARPHP-1605 PHP parser should support array merges in static variables
v3.42.2.15271Compare Source
Rotations of binary signing keys
v3.42.1.12942Compare Source
Release notes - SonarPHP - 3.42.1
Improvement
SONARPHP-1633 Fix discrepancies between MQR and severity for PHP rules
v3.42.0.12795Compare Source
Release notes - SonarPHP - 3.42
Bug
SONARPHP-1600 Parser should support match statements in unary expressions
SonarSource/sonar-javascript (org.sonarsource.javascript:sonar-javascript-plugin)
v11.7.1.36988: 11.7.1Compare Source
Rotation of binary signing keys
What's Changed
Full Changelog: SonarSource/SonarJS@11.7.0.36965...11.7.1.36988
v11.7.0.36965: 11.7.0Compare Source
What's Changed
New Contributors
Full Changelog: SonarSource/SonarJS@11.6.0.36606...11.7.0.36965
v11.6.0.36606: 11.6.0Compare Source
What's Changed
New Contributors
Full Changelog: SonarSource/SonarJS@11.5.0.35357...11.6.0.36606
v11.5.0.35357: 11.5.0Compare Source
What's Changed
Full Changelog: SonarSource/SonarJS@11.4.0.34681...11.5.0.35357
v11.4.1.34873: 11.4.1Compare Source
Full Changelog: SonarSource/SonarJS@11.4.0.34681...11.4.1.34873
v11.4.0.34681: 11.4.0Compare Source
What's Changed
eslint-plugin-unicornselected rules by @zglicz in https://github.com/SonarSource/SonarJS/pull/5692Full Changelog: SonarSource/SonarJS@11.3.0.34350...11.4.0.34681
v11.3.0.34350: 11.3.0Compare Source
What's Changed
jsx-ast-utilswithjsx-ast-utils-xby @guilhermesimoes in https://github.com/SonarSource/SonarJS/pull/5625New Contributors
Full Changelog: SonarSource/SonarJS@11.2.0.34013...11.3.0.34350
SonarSource/sonar-java-symbolic-execution (org.sonarsource.java:sonar-java-symbolic-execution-plugin)
v8.19.0.1586Compare Source
Release notes - JavaSE - 8.19
Bug
JAVASE-145 Change project key for sonar-java-symbolic-execution on SQC EU and US to be consistent with Next
Task
JAVASE-13 Prepare next development iteration
[JAVASE-153](https://sonarso
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Renovate Bot.