fix(deps): update analyzer dependencies (major)#1913
Open
renovate[bot] wants to merge 1 commit intomasterfrom
Open
fix(deps): update analyzer dependencies (major)#1913renovate[bot] wants to merge 1 commit intomasterfrom
renovate[bot] wants to merge 1 commit intomasterfrom
Conversation
SummaryAnalyzed PR #1913 which updates multiple SonarSource analyzer dependencies to major versions across 6 Maven configuration files, including sonar-javascript-plugin, sonar-plugin-api, sonar-java-plugin, and others. What reviewers should knowSummaryThis PR updates multiple SonarSource analyzer dependencies to major versions. The changes span 6 Maven configuration files with version bumps for:
What reviewers should check
All changes are purely dependency version updates in Maven configuration files with no code modifications.
|
|
Renovate Jira issue ID: SLCORE-2234 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
11.8.0.37897→12.1.0.394349.9.0.65466→26.3.0.12048725.3.0.104237→26.3.0.1204879.9.0.65466→26.3.0.1204879.14.0.375→13.5.0.43197.16.0.30901→8.26.0.42915Release Notes
SonarSource/sonar-javascript (org.sonarsource.javascript:sonar-javascript-plugin)
v12.1.0.39434Compare Source
Release notes - SonarJS - 12.1
Feature
JS-1341 Consolidate web analysis into a single WebSensor, replacing JsTsSensor + HtmlSensor + YamlSensor + CssRuleSensor
JS-1355 Merge CssRuling and JsTsRuling into a single unified ruling test
False Positive
JS-1122 Fix FP on S2310: Array splice with compensating counter decrement pattern
JS-1154 Fix FP on S6827: Dynamic anchor content via prop spreading or component composition
JS-1178 Fix FP on S7739: JSON Schema if-then-else validation constructs
JS-1244 Fix FP on S6747: Styled-JSX jsx and global attributes flagged as unknown
JS-1255 Fix FP on S4325: Type assertions narrowing generic/union return types
JS-1301 Fix FP on S3800: Functions with consistent return types flagged as mixed
JS-1307 Fix FP on S3516: Functions with intentional invariant returns for chaining
JS-1309 Fix FP on S6544: Promise existence checks for lazy initialization patterns
JS-1310 Fix FP on S6544: async functions used for side effects with void expectation
JS-1321 Fix FP on S101: Dollar sign prefix convention for internal types not recognized
JS-1322 Fix FP on S7723: Object() used for type coercion not object creation
JS-1360 Fix FP on S1119: Labels for multi-level loop exits in nested iteration
JS-1361 Fix FP on S1119: Labels used for control flow within switch statements
JS-1364 Fix FP on S2234: MD5/crypto algorithm parameter rotation patterns
JS-1381 Fix FP on S6598: Interface used as defineEmits type argument in Vue <script setup>
JS-1386 Fix FP on S6767: Props reported unused when entire props object is passed to a helper function
JS-1387 Fix FP on S6767: Props reported unused when spread into another object or JSX element
JS-1388 Fix FP on S6767: Props reported unused when accessed via dynamic bracket notation
JS-1395 Fix FP on S1143: Void returns as guard clauses in finally blocks
JS-1396 Fix FP on S1143: Guard clause throws in finally after cleanup
Bug
JS-1429 Fix S4030: crash when linting Svelte use: directives
v12.0.0.38664Compare Source
Release notes - SonarJS - 12.0
False Positive
JS-1096 Fix FP on S6324: Control chars in RFC/standards-compliant validation patterns
JS-1099 Fix FP on S6324: Control chars in regex for ANSI escape sequence matching
JS-1100 Fix FP on S6819: Inline SVGs with ARIA roles flagged despite valid use cases
JS-1101 Fix FP on S6819: role="img" flagged on non-image visual content and containers
JS-1102 Fix FP on S6819: Custom table widgets with legitimate ARIA roles
JS-1103 Fix FP on S1848: Framework constructors with DOM initialization side effects
JS-1108 Fix FP on S7739: Custom Promise/Thenable implementations with required then method
JS-1112 Fix FP on S2699: Database operations that validate through exceptions
JS-1113 Fix FP on S7759: Polyfill fallback using Date#getTime() for Date.now()
JS-1114 Fix FP on S3504: TypeScript ambient 'declare var' not runtime declarations
JS-1115 Fix FP on S4335: string & {} and number & {} patterns for type autocomplete
JS-1116 Fix FP on S4335: Intersections with {} in generic type manipulation patterns
JS-1120 Fix FP on S2310: Iterator variable reassignment in for-of/for-in loops
JS-1121 Fix FP on S2310: Intentional loop counter skip-ahead in parsing code
JS-1123 Fix FP on S7718: Minified code with auto-generated catch parameter names
JS-1124 Fix FP on S7718: Semantically meaningful catch parameter names flagged
JS-1135 Fix FP on S3735: Union types containing Promise and void/undefined
JS-1155 Fix FP on S6661: Custom 'assign' functions flagged as Object.assign
JS-1173 Fix S2301 false positive for boolean parameters in JSX contexts
JS-1176 Fix FP on S5256: Reusable table wrapper components flagged incorrectly
JS-1177 Fix FP on S7739: Validation library 'then' config property flagged incorrectly
JS-1179 Fix FP on S5850: Regex anchors with alternation for trimming operations
JS-1303 Fix FP on S6440: underscore-prefixed components flagged despite being valid FC
Bug
JS-1192 Do not crash when semver fails to get minimum version of react
Improvement
JS-168 Fix S4328 (no-implicit-dependencies): Support query parameters
JS-290 Fix FP S4165 (
no-redundant-assignments)JS-627 Fix FP S2699 (
assertions-in-tests): support other test librariesTask
JS-1158 remove failing projects
JS-1159 fix issues
JS-1160 Fix bump-versions workflow to update revision property
JS-1161 fix issues with project
JS-1162 Add new projects 2026-01-26
JS-1163 Add new projects 2026-01-26
JS-1164 Add new projects 2026-01-26
JS-1165 Add new projects 2026-01-27
JS-1166 Add new projects 2026-01-27
JS-1167 remove broken projects, fixed install and added retry around checkout…
JS-1168 Automate eslint-plugin-sonarjs changelog update
JS-1169 Skip eslint-plugin label for external/decorated rules
JS-1172 Add new projects 2026-01-28
JS-1174 Fix SQ quality gate
JS-1175 fix projects
JS-1183 Add new projects 2026-01-28
JS-1184 Add new projects 2026-01-28
JS-1187 Always bundle API classes in the final artifact
JS-1188 remoe failing projects
JS-1189 Add A3S Docker workflow for Repox publishing
JS-1194 feat(S2077): Add use getFullyQualifiedname & add sqlite3
JS-1195 Add new projects 2026-01-30
JS-1196 Add new projects 2026-01-30
JS-1197 feat: add branded types for Unix path handling
JS-1198 Fix S2234 performance issue with complex destructuring patterns
JS-1203 Add Tailwind CSS v4 at-rules to S4662 ignore list
JS-1204 Add new projects 2026-02-02
JS-1205 Add new projects 2026-02-02
JS-1207 Skip minified/bundled JavaScript embedded in HTML/YAML files
JS-1208 feat(S6418): Add support for MemberExpression
JS-1209 feat(S6437): Add support for express-session
JS-1210 Add new projects 2026-02-03
JS-1211 Add new projects 2026-02-03
JS-1212 Add ACLI Jira formatting guide for Claude
JS-1213 Remove raw types
JS-1214 feat (S5247): Add support for Swig
JS-1215 Use aggregate option to report JaCoCo coverage
JS-1216 feat: add test execution reporting for SonarCloud
JS-1218 Simplified sourcefile store
JS-1219 Add ignoreFunctions option to S4653 (unit-no-unknown)
JS-1222 Clean up failing projects
JS-1223 Add new projects 2026-02-06
JS-1229 S3799: Enable allowObjectPatternsAsParameters to fix Playwright FPs
JS-1230 Revert "Update dependency eslint to v10"
JS-1232 Add AWS TLS PFS policies to the valid ones
JS-1234 Use new jacoco aggregate report paths property
JS-1298 Allow bot PRs to trigger eslint-plugin Jira labeling
JS-1311 PoC: Babel parserOverride for TC39 module declarations
JS-1312 Fix ESLint plugin release action
JS-1313 Test: Re-enable rspec-maven-plugin for rule data generation
JS-1314 drop mavenCentralSync and update slack channel
JS-1317 Fix changelog workflow permissions by using default GITHUB_TOKEN
JS-1318 add annotation
JS-1327 Update CssMetricsTest expected ncloc for SonarHtml 3.24
JS-1329 Fix promote job being skipped on non-schedule builds
JS-1332 Fix implementation value for decorated rules in meta.ts
JS-1333 fix(S7790): Prevent references to target FQNs from raising
JS-1336 Fix infinite loop in getFullyQualifiedNameTS when import is shadowed
JS-1338 Remove obsolete release.yml workflow
JS-1339 Fix Jira labeling workflow failing on PR titles with backticks
JS-1340 Add sonar.javascript.createTSProgramForOrphanFiles flag
SonarSource/sonarqube (org.sonarsource.sonarqube:sonar-scanner-protocol)
v26.3.0.120487Compare Source
v26.2.0.119303See details in the community announcement, and more in the release notes.
v26.1.0.118079Compare Source
See details in the community announcement, and more in the release notes.
v25.12.0.117093See details in the community announcement, and more in the release notes.
v25.11.0.114957Compare Source
See details in the community announcement, and more in the release notes.
v25.10.0.114319Compare Source
See details in the community announcement, and more in the release notes.
v25.9.0.112764Compare Source
See details in the community announcement, and more in the release notes.
v25.8.0.112029Compare Source
See details in the community announcement, and more in the release notes.
v25.7.0.110598Compare Source
See details in the community announcement, and more in the release notes.
v25.6.0.109173Compare Source
See details in the community announcement, and more in the release notes.
v25.5.0.107428Compare Source
See details in the community announcement, and more in the release notes.
v25.4.0.105899Compare Source
See details in the community announcement, and more in the release notes.
v25.3.0.104237Compare Source
See details in the community announcement, and more in the release notes.
v25.2.0.102705Compare Source
See details in the community announcement, and more in the release notes.
v25.1.0.102122Compare Source
See details in the community announcement, and more in the release notes.
v24.12.0.100206Compare Source
See details in the community announcement, and more in the release notes.
v10.7.0.96327Compare Source
See details in the official announcement.
You'll find more in the community announcement, and full details in the release notes.
v10.6.0.92116Compare Source
See details in the official announcement.
You'll find more in the community announcement, and full details in the release notes.
v10.5.1.90531Compare Source
See details in the community announcement and more in the release notes.
v10.5.0.89998Compare Source
See details in the official announcement.
You'll find more in the community announcement, and full details in the release notes.
v10.4.1.88267Compare Source
See details in the community announcement, and more in the release notes.
v10.4.0.87286See details in the official announcement.
You'll find more in the community announcement, and full details in the release notes.
v10.3.0.82913Compare Source
See details in the official announcement.
You'll find more in the community announcement, and full details in the release notes.
v10.2.1.78527Compare Source
See details in the community announcement, and more in the release notes.
v10.2.0.77647Compare Source
See details in the official announcement.
You'll find more in the community announcement, and full details in the release notes.
v10.1.0.73491See details in the official announcement.
You'll find more in the community announcement, and full details in the release notes.
v10.0.0.68432See details in the official announcement.
You'll find more in the community announcement, and full details in the release notes.
v9.9.8.100196Compare Source
See details in the community announcement, and more in the release notes.
v9.9.7.96285Compare Source
See details in the community announcement, and more in the release notes.
v9.9.6.92038Compare Source
See details in the community announcement, and more in the release notes.
v9.9.5.90363Compare Source
See details in the community announcement, and more in the release notes.
v9.9.4.87374Compare Source
See details in the community announcement, and more in the release notes.
v9.9.3.79811Compare Source
See details in the community announcement, and more in the release notes.
v9.9.2.77730Compare Source
See details in the community announcement, and more in the release notes.
v9.9.1.69595Compare Source
See details in the community announcement, and more in the release notes.
SonarSource/sonar-plugin-api (org.sonarsource.api.plugin:sonar-plugin-api)
v13.5.0.4319What's Changed
Full Changelog: SonarSource/sonar-plugin-api@13.4.3.4290...13.5.0.4319
v13.4.3.4290Compare Source
What's Changed
Full Changelog: SonarSource/sonar-plugin-api@13.4.2.4284...13.4.3.4290
v13.4.2.4284Compare Source
What's Changed
Full Changelog: SonarSource/sonar-plugin-api@13.4.1.4276...13.4.2.4284
v13.4.1.4276Compare Source
What's Changed
Full Changelog: SonarSource/sonar-plugin-api@13.4.0.3221...13.4.1.4276
v13.4.0.3221Compare Source
What's Changed
Full Changelog: SonarSource/sonar-plugin-api@13.3.0.3209...13.4.0.3221
v13.3.0.3209Compare Source
What's Changed
New Contributors
Full Changelog: SonarSource/sonar-plugin-api@13.2.0.3137...13.3.0.3209
v13.2.0.3137Compare Source
What's Changed
New Contributors
Full Changelog: SonarSource/sonar-plugin-api@13.1.0.3124...13.2.0.3137
v13.1.0.3124Compare Source
What's Changed
New Contributors
Full Changelog: SonarSource/sonar-plugin-api@13.0.0.3026...13.1.0.3124
v13.0.0.3026Compare Source
v12.0.0.2960Compare Source
What's Changed
New Contributors
Full Changelog: SonarSource/sonar-plugin-api@11.4.0.2922...12.0.0.2960
v11.4.0.2922Compare Source
PLUGINAPI-142 [BE] Modify the Plugin API to support OWASP Mobile Top 10 2024 issues
PLUGINAPI-130 Remove deprecated extension points ProfileImporter and ProfileExporter
PLUGINAPI-135 Deprecate org.sonar.api.web.UserRole
PLUGINAPI-136 Deprecate org.sonar.api.issues.DefaultTransitions
PLUGINAPI-139 Add the Plugin API version for SQS 2025.2 LTA
v11.3.0.2824Compare Source
What's Changed
v11.2.0.2797Compare Source
PLUGINAPI-122 Standard severities need to be mapped to all the five impact severities
v11.1.0.2693Compare Source
PLUGINAPI-110 Remove deprecation on security hotspots
v11.0.0.2664Compare Source
Version 11.0 Release Notes
v10.14.0.2599Compare Source
PLUGINAPI-106 Remove deprecation on RuleType, Rule Severity since 10.x version
v10.13.0.2560Compare Source
Task
PLUGINAPI-103 Revert addition of impacts on ActiveRules
Improvement
PLUGINAPI-102 Deprecate components Qualifiers, Scope and ResourceType
PLUGINAPI-104 Change the name of the metric high_impact_accepted_issues
PLUGINAPI-105 Deprecate ‘reliability_issues' ‘maintainability_issues’, ‘security_issues', ‘new_reliability_issues' ‘new_maintainability_issues’ and ‘new_security_issues'
v10.12.0.2522Compare Source
PLUGINAPI-101 Add impacts to LoadedActiveRule
v10.11.0.2468Compare Source
PLUGINAPI-100 Move Software Quality Metrics to 5 levels
v10.10.0.2391Compare Source
New Feature
PLUGINAPI-98 Add new security standard for STIG
v10.9.0.2362Compare Source
New Feature
PLUGINAPI-95 Allow sensors to contribute extra telemetry properties
Improvement
PLUGINAPI-96 Update third-party dependencies
v10.8.0.2329Compare Source
Release notes - Sonar Plugin API - 10.8
Improvement
PLUGINAPI-92 Do not fail on unknown rule parameters
PLUGINAPI-94 Make it possible to not require response example on an endpoint to be set
v10.7.0.2191Compare Source
PLUGINAPI-88 Deprecate metrics of old taxonomy
PLUGINAPI-89 Introduce metrics 'new_reliablity_issues', 'new_security_issues' and 'new_maintainability_issues'
PLUGINAPI-90 Change domain for metrics
v10.6.0.2114Compare Source
PLUGINAPI-82 Add clean code taxonomy metrics for branch overview page
PLUGINAPI-83 Fix Javadoc for CoreMetrics SECURITY_ISSUES, MAINTAINABILITY_ISSUES, RELIABILITY_ISSUES
PLUGINAPI-84 Deprecate metric high_impact_accepted_issues
v10.5.0.2090Compare Source
PLUGINAPI-72 Deprecate Status/Resolution in favour of issueStatus
v10.4.0.2064Compare Source
PLUGINAPI-74 - Update promotion step
PLUGINAPI-76 - Javadoc for org.sonar.api.config.Configuration is wrong
PLUGINAPI-77 - Deprecate Confirm transition
PLUGINAPI-79 - Add new metric pull_request_fixed_issues
PLUGINAPI-80 - Add new metrics new_accepted_issues and high_impact_accepted_issues
v10.3.0.1951Compare Source
PLUGINAPI-70 Add new resolution 'Accepted' and default transition 'Accept'
PLUGINAPI-71 Replace won't fix metric with accepted
v10.2.0.1908Compare Source
What's Changed
Task
PLUGINAPI-65 Change order of selection for best impact selection for backmapping
PLUGINAPI-67 Remove CCT and Impacts from security hotspots
Improvement
PLUGINAPI-68 Introduce email property type
v10.1.0.809Compare Source
What's Changed
Bug
PLUGINAPI-61 Fix description for sqale_index metric
New Feature
PLUGINAPI-56 Allow to define Clean Code Attribute on Rule Definition
PLUGINAPI-57 Allow to define Clean Code Attribute on ExternalRule and AdHocRule
PLUGINAPI-58 Allow to define default Impact on Rule Definition and override Impact on issue
PLUGINAPI-60 Allow to define Impact on ExternalIssue and AdHocRule
Task
PLUGINAPI-59 Deprecate RuleType and Severity
PLUGINAPI-62 Revert Rule Characteristics
PLUGINAPI-63 Changes on Clean Code taxonomy
PLUGINAPI-64 Mark external issue cleanCodeAttribute and impacts as @Beta
v10.0.0.695Compare Source
What's Changed
Bug
PLUGINAPI-24 Invalid module-info.class file in the jar
Documentation
PLUGINAPI-28 Add Javadoc to ServletFilter and HttpFilter
Task
PLUGINAPI-10 Deprecate or remove product related APIs
PLUGINAPI-33 Remove deprecated classes and methods
PLUGINAPI-44 Move test utilities to the test-fixtures module
PLUGINAPI-48 Deprecate 'ServletFilter.Builder#staticResourcePatterns'
PLUGINAPI-50 Deprecate CWE years
Improvement
PLUGINAPI-14 Remove mentions of SonarQube in rule repositories
v9.17.0.587Compare Source
What's Changed
v9.16.0.560Compare Source
What's Changed
v9.15.0.435Compare Source
What's Changed
Added
SonarSource/sonar-java (org.sonarsource.java:sonar-java-plugin)
v8.26.0.42915Compare Source
Release notes - SonarJava - 8.26
False Positive
SONARJAVA-4960 FP S1854 wrongly report issues when the semantic is not complete
SONARJAVA-5975 FP on S6856 when the ModelAttribute is a class / record
[SONARJAVA-5985](https://sonarsource.atlassian.net/browse/SONAR
Configuration
📅 Schedule: Branch creation - "after 7am every weekday,before 7pm every weekday" in timezone CET, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.