sonar-cryptography icon indicating copy to clipboard operation
sonar-cryptography copied to clipboard
Published 1 month ago verified publisher icon cbomkit

Bump sonar.java.version from 8.10.0.38194 to 8.14.1.39293

Open dependabot[bot] opened this issue 7 months ago • 0 comments

Bumps sonar.java.version from 8.10.0.38194 to 8.14.1.39293. Updates org.sonarsource.java:sonar-java-plugin from 8.10.0.38194 to 8.14.1.39293

Release notes

Sourced from org.sonarsource.java:sonar-java-plugin's releases.

8.14.1.39293

Release notes - SonarJava - 8.14.1

Improvement

SONARJAVA-5352 Fix discrepancies between MQR and severity for Java rules

8.14.0.39102

Release notes - SonarJava - 8.14

False Positive

SONARJAVA-4334 S6207 should not raise on constructors where the value of a parameter has been changed before assignment to the component

SONARJAVA-4376 FP S2129: With incomplete semantics, MethodMatcher matches the wrong method instead of nothing

SONARJAVA-4473 FP in rule S2384 when class only has private constructors

SONARJAVA-4481 False positive in rule S6207: records constructors with annotations are not redundant

SONARJAVA-4543 FP in rule S5778 with Enum final methods

SONARJAVA-4748 FP in S6833 when controller contains methods annotated with and without @​ResponseBody

SONARJAVA-4881 FP on S2230 for @​Transactional on protected and package-private methods

SONARJAVA-4901 S6856 should not raise when the `ModelAttribute` of the parameter refers to a model attribute defined in a parent class

SONARJAVA-4917 FP in the S6857(SpEL rule) when used with Map

SONARJAVA-4964 S1941: FP when lambda expression is present

SONARJAVA-5101 FP in S5860 when Regex are used in Lambdas

SONARJAVA-5274 FP for S1123 on record fields

SONARJAVA-5400 FP S6241 and S6242 when the builder is S3CrtAsyncClientBuilder

SONARJAVA-5436 S108 Should suggest adding a comment as a fix to empty block

SONARJAVA-5437 S1186 Suggest adding a comment to suppress warnings on empty methods.

SONARJAVA-5480 S2699 Does not recognized assertions invoked via Spring's AssertableApplicationContext

SONARJAVA-5496 FP java:S6856 when using Spring property injection “${…}”

SONARJAVA-5547 FP on S2699 when using org.springframework.util.Assert methods

Task

... (truncated)

Commits
  • c57798d SONARJAVA-5352 Bump the version to 8.14.1 (#5168)
  • 506488e SONARJAVA-5352 Fix discrepancies between MQR and severity for Java rules (#5167)
  • e295300 SONARJAVA-5513 Update rule metadata (#5146)
  • 5e97012 SONARJAVA-5513 Update rule metadata (#5145)
  • 0541e93 SONARJAVA-5550 Add some pom configuration to cleanup build logs and improve b...
  • fe250d7 SONARJAVA-5551 Create GitHub action to update rule metadata. (#5139)
  • b2d7a8b SONARJAVA-5547 Fix S2699 for springframework.util.Assert (#5135)
  • 31a7a38 SONARJAVA-4881 With Spring 6, @​Transactional and @​Async annotated methods don...
  • 5b4f8f3 SONARJAVA-4543 S5778 does not report on final Enum methods (#5131)
  • ea22ed1 Revert "SONARJAVA-5522 DefaultInitializedFieldCheck handles underscores in fl...
  • Additional commits viewable in compare view

Updates org.sonarsource.java:java-checks-testkit from 8.10.0.38194 to 8.14.1.39293

Release notes

Sourced from org.sonarsource.java:java-checks-testkit's releases.

8.14.1.39293

Release notes - SonarJava - 8.14.1

Improvement

SONARJAVA-5352 Fix discrepancies between MQR and severity for Java rules

8.14.0.39102

Release notes - SonarJava - 8.14

False Positive

SONARJAVA-4334 S6207 should not raise on constructors where the value of a parameter has been changed before assignment to the component

SONARJAVA-4376 FP S2129: With incomplete semantics, MethodMatcher matches the wrong method instead of nothing

SONARJAVA-4473 FP in rule S2384 when class only has private constructors

SONARJAVA-4481 False positive in rule S6207: records constructors with annotations are not redundant

SONARJAVA-4543 FP in rule S5778 with Enum final methods

SONARJAVA-4748 FP in S6833 when controller contains methods annotated with and without @​ResponseBody

SONARJAVA-4881 FP on S2230 for @​Transactional on protected and package-private methods

SONARJAVA-4901 S6856 should not raise when the `ModelAttribute` of the parameter refers to a model attribute defined in a parent class

SONARJAVA-4917 FP in the S6857(SpEL rule) when used with Map

SONARJAVA-4964 S1941: FP when lambda expression is present

SONARJAVA-5101 FP in S5860 when Regex are used in Lambdas

SONARJAVA-5274 FP for S1123 on record fields

SONARJAVA-5400 FP S6241 and S6242 when the builder is S3CrtAsyncClientBuilder

SONARJAVA-5436 S108 Should suggest adding a comment as a fix to empty block

SONARJAVA-5437 S1186 Suggest adding a comment to suppress warnings on empty methods.

SONARJAVA-5480 S2699 Does not recognized assertions invoked via Spring's AssertableApplicationContext

SONARJAVA-5496 FP java:S6856 when using Spring property injection “${…}”

SONARJAVA-5547 FP on S2699 when using org.springframework.util.Assert methods

Task

... (truncated)

Commits
  • c57798d SONARJAVA-5352 Bump the version to 8.14.1 (#5168)
  • 506488e SONARJAVA-5352 Fix discrepancies between MQR and severity for Java rules (#5167)
  • e295300 SONARJAVA-5513 Update rule metadata (#5146)
  • 5e97012 SONARJAVA-5513 Update rule metadata (#5145)
  • 0541e93 SONARJAVA-5550 Add some pom configuration to cleanup build logs and improve b...
  • fe250d7 SONARJAVA-5551 Create GitHub action to update rule metadata. (#5139)
  • b2d7a8b SONARJAVA-5547 Fix S2699 for springframework.util.Assert (#5135)
  • 31a7a38 SONARJAVA-4881 With Spring 6, @​Transactional and @​Async annotated methods don...
  • 5b4f8f3 SONARJAVA-4543 S5778 does not report on final Enum methods (#5131)
  • ea22ed1 Revert "SONARJAVA-5522 DefaultInitializedFieldCheck handles underscores in fl...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar May 26 '25 05:05 dependabot[bot]