fix(deps): update dependencies

[renovate[bot]]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
KubernetesClient	14.0.2 -> 14.0.12
Microsoft.CodeAnalysis	4.9.2 -> 4.11.0
Microsoft.CodeAnalysis.CSharp	4.9.2 -> 4.11.0
Microsoft.CodeAnalysis.CSharp.Workspaces	4.9.2 -> 4.11.0
Microsoft.CodeAnalysis.Common	4.9.2 -> 4.11.0
Microsoft.CodeAnalysis.Workspaces.MSBuild	4.9.2 -> 4.11.0
Microsoft.Extensions.Hosting (source)	8.0.0 -> 8.0.1
Microsoft.Extensions.Hosting.Abstractions (source)	8.0.0 -> 8.0.1
Roslynator.Analyzers	4.12.3 -> 4.12.9
SonarAnalyzer.CSharp (source)	9.25.1.91650 -> 9.32.0.97167
System.Reflection.MetadataLoadContext (source)	8.0.0 -> 8.0.1

---

Release Notes

kubernetes-client/csharp (KubernetesClient)

v14.0.12

What's Changed

• update InternalsVisibleTo usage by @​WeihanLi in https://github.com/kubernetes-client/csharp/pull/1577
• configure write permission for draft release action by @​WeihanLi in https://github.com/kubernetes-client/csharp/pull/1582
• Configure permissions for codeql action by @​WeihanLi in https://github.com/kubernetes-client/csharp/pull/1583

Full Changelog: https://github.com/kubernetes-client/csharp/compare/v14.0.8...v14.0.12

dotnet/runtime (Microsoft.Extensions.Hosting)

v8.0.1: .NET 8.0.1

Release

dotnet/roslynator (Roslynator.Analyzers)

v4.12.9

Fixed

• Fix analyzer RCS1090 (PR)
• Fix analyzer RCS1124 (PR)
• [CLI] Fix command generate-doc (PR, PR)

Changed

• Update analyzer RCS1077 (PR)
  • Do not suggest to change list.FirstOrDefault(predicate) to list.Find(predicate). Performance gain is negligible and actually FirstOrDefault can be even faster on .NET 9 (see related issue for more details).

v4.12.8

Fixed

• Fix analyzer RCS0053 (PR)
• Fix analyzer RCS1223 (PR)
• Fix analyzer RCS1140 (PR)
• Fix analyzer RCS1096 (PR)
• [CLI] Improve removing of unused symbols (PR)
• [CLI] Fix command generate-doc (PR)

v4.12.7

Fixed

• Fix analyzer RCS1202 (PR)
• Fix analyzer RCS1246 (PR)
• Fix analyzer RCS1140 (PR)
• Fix analyzer RCS1077 (PR)

Changed

• Add support for duck-typed awaitables and task-like types for Task/Async-related analyzers (PR)
  • Affects the following analyzers:
    • RCS1046
    • RCS1047
    • RCS1090
    • RCS1174
    • RCS1229
    • RCS1261
  • Affects refactoring RR0209

v4.12.6

Added

• Analyzer RCS1077 now suggests to use Order instead of OrderBy (PR)

Fixed

• Fix analyzer RCS0053 (PR)
• Fix analyzer RCS0056 (PR)
• Fix analyzer RCS1181 (PR)
• Fix analyzer RCS0005 (PR)
• Fix analyzer RCS1181 (PR)

v4.12.5

Fixed

• Fix analyzer RCS1182 (PR)
• Fix analyzer RCS1198 (PR)
• Fix analyzer RCS1214 (PR)
• Fix analyzer RCS1018 (PR)
• Fix analyzer RCS1264 (PR)
• Fix analyzer RCS0053 (PR)
• Fix analyzer RCS0056 (PR)

Changed

• Bump Roslyn to 4.11.0 (PR)
  • Applies to CLI and testing library.

Removed

• [CLI] Remove support for .NET SDK 6 (PR)

v4.12.4

Fixed

• Fix analyzer RCS1108 (PR)
• Fix analyzer RCS1201 (PR)
• Fix analyzer RCS0012 (PR)
• [CLI] Fix duplicate analyzers (PR)

SonarSource/sonar-dotnet (SonarAnalyzer.CSharp)

v9.32.0.97167: 9.32

Compare Source

This rule includes the promotion of 4 rules to Sonar-way, the deprecation of 1 rule and 2 FP fixes.

Rule Promotions and Deprecations

• 9644 - Modify S2387: Deprecate rule
• 9643 - Modify S4050: Promote to Sonar-way
• 9642 - Modify S2674: Promote to Sonar-way
• 9641 - Modify S3993: Promote to Sonar-way
• 9640 - Modify S4052: Promote to Sonar-way

False Positive

• 9590 - [C#] Fix S6966 FP: EntityFrameworks IDbContextFactory CreateDbContext method is preferred over its Async counterpart
• 8300 - [C#] Fix S3431 FP: Don't raise if assertions are done in catch or finally

v9.31.0.96804: 9.31

Compare Source

This release focuses on improving the SonarQube plugin for the .NET analyzers.

Improvements

• 9558 - SQ Plugin: Load STIG standard after ACOMMONS-11 is done
• 8503 - SQ Plugin: Align logging for not indexed files
• 7798 - SQ Plugin: Remove the sonar runtime checks for versions prior 9.9
• 7115 - SQ Plugin: Replace org.sonar.api.utils.log.Logger
• 4687 - SQ Plugin: Add xunit report paths in products UI
• 4685 - SQ Plugin: Remove deprecated import of integration test coverage from plugins
• 3102 - SQ Plugin: Replace usages of deprecated Build.setProfile in the integration tests
• 8032 - SQ Plugin: Update the plugin to store the hash for the .cshtml files to enable incremental PR analysis

v9.30.0.95878: 9.30

Compare Source

Hello, everyone. In this release, we worked on hardening our live variable analysis, which improved the analyzer's accuracy.

False Positives

• 9473 - Fix S1854 FP: Raises when a variable is reassigned in a using body after it has been already assigned in using statement
• 9472 - Fix S1854 FP: Raises when a variable is assigned in the switch statement and not used in the first case
• 9471 - Fix S1854 FP: Raises when a variable is assigned in expression that is part of the ternary condition
• 9468 - Fix S1854 FP: Throw should connect to outer catch
• 9466 - Fix S1854 FP: Throw should visit finally

v9.29.0.95321: 9.29

Compare Source

This release includes a lot of false positive and false negative fixes.

Improvements

• 2120 - [C#] Improve S3247: Rule should recommend pattern matching for new C# instead of as
• 9465 - Update RSPEC before 9.29 release

False Positive

• 7522 - [C#] Fix S1104 FP: Do not report in Unity3D serializable classes
• 6990 - [C#] Fix S1144 FP: Event with a concrete sender
• 3842 - [C#] Fix S1144 FP: Ignore unused Deconstruct methods
• 8239 - [C#] Fix S1450 FP: When field is assigned value in event handler
• 9494 - [C#] Fix S1694 FP: Abstract class with field or constructor
• 9421 - [C#] Fix S1694 FP: Protected abstract methods
• 3605 - [C#] Fix S2219 FP: Is operator used for pattern matching
• 8266 - [C#] Fix S2259 FP: SE engine doesn't take into account element existence collection methods
• 9485 - [C#] Fix S3247 FP: Should not report on member access objects
• 6343 - [C#] Fix S3963 FP: Static constructor with conditional and no static field initialization
• 7961 - [C#, VB.NET] Fix S2699 FP: Support Moq

False Negative

• 9491 - [C#] Fix S3247 FN: When cast expression contains parentheses
•   223 - [C#] Fix S3247 FN: Rule should catch more duplicated cast

v9.28.0.94264: 9.28

Compare Source

False Positive

• 9432 - [C#] Fix S1144 FP: Unused fields in class with StructLayout when struct is in deep hierarchy class
• 9379 - [C#] Fix S1144 FP: Diagnostic doesn't respect reflection with DynamicallyAccessedMembers attribute
• 8342 - [C#] Fix S1144 FP: Private Attributes
• 7068 - [C#] Fix S4144 FP: when type constraints are used
• 3050 - [C#] Fix S1479 FP: Single line case clause should be ignored
• 9447 - [C#] Fix S1854 FP: Value used in catch or when should LiveIn for all try blocks
• 9440 - [C#] Fix S1854 FP: Value used in finally should LiveIn for all try blocks
• 4948 - [C#] Fix S1854 FP: Value used in finally should LiveIn after throw
• 6894 - [C#, VB.NET] Fix S3878 FP: When non-object array is passed to object[] params as first argument
• 6893 - [C#, VB.NET] Fix S3878 FP: when a params argument is named

False Negative

• 8719 - [C#, VB.NET] Fix S2583/S2589 FN: try-catch in loop, LVA purges symbol prematurely
• 4940 - [C#] Fix S1854 FN: Proper support of try/catch statements
• 1255 - [C#] Fix S1871 FN: Support single line conditional block

v9.27.0.93347: 9.27

Compare Source

This release includes a ton of false positive and false negative fixes. We would also like to thank @​sagi1623 for his contribution in #​8464, which fixed three issues 🚀.

Improvements

• RSPEC change - Rule S1694: Promoted to SonarWay
• 9390 - Rule S6608: Benchmark is benchmarking the wrong things
• 8795 - [C#] Improve S1694: Remove part about protected constructor
• 5417 - Enable multiple project level issues
• 9372 - Update RSPEC before 9.27 release

False Positive

• 9247 - [C#] Fix S2629 FP: Constant fields in interpolated string
• 9241 - [C#, VB.NET] Fix S2094 FP: Allow empty queries
• 9106 - [C#] Fix S3459 FP: Backing field with ref property
• 8522 - [C#, VB.NET] Fix S3220 FP: Rule does not take into account generics
• 8436 - [C#] Fix S3253 FP: Don't raise for primary constructor in type declarations without parameters when they inherit from types with parameters
• 8199 - [C#, VB.NET] Fix S2737 FP: Raised when exception filter is used
• 8025 - [C#] Fix S2325 FP: Partial method implementations
• 7521 - [C#] Fix S2743 FP: Should not raise when base type is generic
• 7137 - [VB.NET] Fix S1654 FP: Do not report on event handlers, interfaces and overrides

False Negative

• 9002 - [C#, VB.NET] Fix S6931 FN: Route templates starting with ~/
• 6644 - [C#] Fix S2190 FN: No issues raised if recursion is inside an EventDeclaration by @​sagi1623
• 6643 - [C#] Fix S2190 FN: No issues raised if recursion is inside a ConversionOperatorDeclaration by @​sagi1623
• 6642 - [C#] Fix S2190 FN: No issues raised if recursion is inside an indexer by @​sagi1623
• 4081 - [C#] Fix S2743 FN: Static fields of nested class inside generic class

v9.26.0.92422: 9.26

Compare Source

New Rules

• 8871 - [C#] New rule S6932: Use model binding instead of reading raw request data
• 8992 - [C#] New rule S4347: Secure random number generators must not output predictable values
• 8996 - [C#] New rule S6781: JWT secret keys should not be disclosed
• 8982 - [C#] New rule S6377: XML signatures should be verified securely
• 8998 - [C#] New rule S5344: Passwords should not be stored in plain-text or with a fast hashing algorithm

Bug Fixes

• 8577 - Fix S2234 Bug: AD0001 is thrown due to referencing a location outside of the current compilation

Improvements

• 9282 - [C#] S6964: Issue is reported on the attribute instead of the property

False Positive

• 9360 - [C#] Fix S6964 FP: Properties decorated with the [BindNever] attribute
• 9337 - [C#] Fix S6964 FP: Add more attributes to the exclusions
• 9336 - [C#] Fix S6966 FP: Don't raise on XmlReader and XmlWriter methods
• 9331 - [C#] Fix S6964 FP: Property with a default value
• 9285 - [C#] Fix S6964 FP: Do not raise in properties with required modifier
• 9284 - [C#] Fix S6964 FP: Should not raise for reference properties in nullable context
• 9275 - [C#] Fix S6964 FP: Don't raise on properties annotated with the JsonRequiredAttribute
• 9269 - [C#] Fix S6966 FP: EntityFrameworks DbContext/DBSet Add/AddRange methods are preferred over their Async counterpart
• 9265 - [C#] Fix S6966 FP: MongoDB Find can not be replaced by FindAsync
• 9252 - [C#] Fix S6934 FP: Abstract Controller base class
• 8985 - [C#] Fix S6934 FP: Attributes implementing IRouteTemplateProvider or inheriting from RouteAttribute

False Negative

• 9263 - [C#] Fix S6964 FN: Rule should raise in case of value type property annotated with RequiredAttribute

---

Configuration

📅 Schedule: Branch creation - "after 9pm,before 6am" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.