Merge v2.1.2 to SQ-10 #2714
Merged
Merge v2.1.2 to SQ-10 #2714
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps `sonar.version` from 9.9.0.65466 to 9.9.4.87374. Updates `org.sonarsource.sonarqube:sonar-plugin-api-impl` from 9.9.0.65466 to 9.9.4.87374 - [Release notes](https://github.com/SonarSource/sonarqube/releases) - [Commits](SonarSource/sonarqube@9.9.0.65466...9.9.4.87374) Updates `org.sonarsource.sonarqube:sonar-testing-harness` from 9.9.0.65466 to 9.9.4.87374 - [Release notes](https://github.com/SonarSource/sonarqube/releases) - [Commits](SonarSource/sonarqube@9.9.0.65466...9.9.4.87374) --- updated-dependencies: - dependency-name: org.sonarsource.sonarqube:sonar-plugin-api-impl dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.sonarsource.sonarqube:sonar-testing-harness dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
use SQ 9.9.4.87374 for testing
- Java 11 is no longer supported as scanner runtime environment. The minimum required version of Java is now Java 17.
- Node.js 16 actions are deprecated. Update actions to use Node.js 20
- new rules in Cppcheck 2.13.0 - constParameterPointer - constParameterReference - constVariablePointer - constVariableReference - knownPointerToBool - pointerOutOfBoundsCond - useStandardLibrary - update unit test - update rule creation - use Cppcheck v2.13.0 - use CWEC v4.13 - add new .CFG files: cppcheck-lib.cfg emscripten.cfg ginac.cfg icu.cfg ntl.cfg pcre.cfg wxsqlite3.cfg wxsvg.cfg
Bumps [io.cucumber:gherkin](https://github.com/cucumber/gherkin) from 27.0.0 to 28.0.0. - [Release notes](https://github.com/cucumber/gherkin/releases) - [Changelog](https://github.com/cucumber/gherkin/blob/main/CHANGELOG.md) - [Commits](cucumber/gherkin@v27.0.0...v28.0.0) --- updated-dependencies: - dependency-name: io.cucumber:gherkin dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Cppcheck v2.13.0 support
…pendabot/maven/io.cucumber-gherkin-28.0.0 Bump io.cucumber:gherkin from 27.0.0 to 28.0.0
Bumps [org.apache.maven.plugins:maven-shade-plugin](https://github.com/apache/maven-shade-plugin) from 3.5.1 to 3.5.2. - [Release notes](https://github.com/apache/maven-shade-plugin/releases) - [Commits](apache/maven-shade-plugin@maven-shade-plugin-3.5.1...maven-shade-plugin-3.5.2) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-shade-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…pendabot/maven/org.apache.maven.plugins-maven-shade-plugin-3.5.2 Bump org.apache.maven.plugins:maven-shade-plugin from 3.5.1 to 3.5.2
- use tag llvmorg-19-init - new ClangTidy rules: - bugprone-casting-through-void - bugprone-chained-comparison - bugprone-compare-pointer-to-member-virtual-function - bugprone-empty-catch - bugprone-inc-dec-in-conditions - bugprone-incorrect-enable-if - bugprone-multi-level-implicit-pointer-conversion - bugprone-multiple-new-in-one-expression - bugprone-non-zero-enum-to-bool-conversion - bugprone-optional-value-conversion - bugprone-switch-missing-default-case - bugprone-unique-ptr-array-mismatch - bugprone-unsafe-functions - bugprone-unused-local-non-trivial-variable - cert-msc24-c - cert-msc33-c - clang-analyzer-core.BitwiseShift - clang-analyzer-core.uninitialized.NewArraySize - clang-analyzer-cplusplus.PlacementNew - clang-analyzer-cplusplus.PureVirtualCall - clang-analyzer-cplusplus.StringChecker - clang-analyzer-fuchsia.HandleChecker - clang-analyzer-optin.core.EnumCastOutOfRange - clang-analyzer-security.cert.env.InvalidPtr - clang-analyzer-security.insecureAPI.decodeValueOfObjCType - clang-analyzer-unix.Errno - clang-analyzer-unix.StdCLibraryFunctions - clang-analyzer-webkit.NoUncountedMemberChecker - clang-analyzer-webkit.RefCntblBaseVirtualDtor - clang-analyzer-webkit.UncountedLambdaCapturesChecker - clang-diagnostic-android-unversioned-fallback - clang-diagnostic-apinotes - clang-diagnostic-array-parameter - clang-diagnostic-atomic-access - clang-diagnostic-auto-decl-extensions - clang-diagnostic-c++11-narrowing-const-reference - clang-diagnostic-c++23-default-comp-relaxed-constexpr - clang-diagnostic-c++23-extensions - clang-diagnostic-c++23-lambda-attributes - clang-diagnostic-c++26-extensions - clang-diagnostic-c++2c-extensions - clang-diagnostic-c23-compat - clang-diagnostic-c23-extensions - clang-diagnostic-c2x-compat - clang-diagnostic-cast-function-type-strict - clang-diagnostic-coro-non-aligned-allocation-function - clang-diagnostic-delayed-template-parsing-in-cxx20 - clang-diagnostic-deprecate-lax-vec-conv-all - clang-diagnostic-deprecated-builtins - clang-diagnostic-deprecated-literal-operator - clang-diagnostic-deprecated-module-dot-map - clang-diagnostic-deprecated-non-prototype - clang-diagnostic-deprecated-redundant-constexpr-static-def - clang-diagnostic-deprecated-static-analyzer-flag - clang-diagnostic-dxil-validation - clang-diagnostic-eager-load-cxx-named-modules - clang-diagnostic-enum-constexpr-conversion - clang-diagnostic-excessive-regsave - clang-diagnostic-experimental-header-units - clang-diagnostic-format-overflow - clang-diagnostic-format-overflow-non-kprintf - clang-diagnostic-format-truncation - clang-diagnostic-format-truncation-non-kprintf - clang-diagnostic-generic-type-extension - clang-diagnostic-gnu-line-marker - clang-diagnostic-gnu-null-pointer-arithmetic - clang-diagnostic-gnu-offsetof-extensions - clang-diagnostic-gnu-pointer-arith - clang-diagnostic-gnu-statement-expression-from-macro-expansion - clang-diagnostic-hip-omp-target-directives - clang-diagnostic-hlsl-extensions - clang-diagnostic-ignored-gch - clang-diagnostic-include-angled-in-module-purview - clang-diagnostic-incompatible-function-pointer-types-strict - clang-diagnostic-incompatible-ms-pragma-section - clang-diagnostic-invalid-feature-combination - clang-diagnostic-invalid-static-assert-message - clang-diagnostic-invalid-unevaluated-string - clang-diagnostic-invalid-utf8 - clang-diagnostic-knl-knm-isa-support-removed - clang-diagnostic-mathematical-notation-identifier-extension - clang-diagnostic-microsoft-init-from-predefined - clang-diagnostic-microsoft-string-literal-from-predefined - clang-diagnostic-misexpect - clang-diagnostic-missing-multilib - clang-diagnostic-module-include-translation - clang-diagnostic-multi-gpu - clang-diagnostic-nan-infinity-disabled - clang-diagnostic-nonportable-private-apinotes-path - clang-diagnostic-nonportable-private-system-apinotes-path - clang-diagnostic-objc-duplicate-category-definition - clang-diagnostic-openacc - clang-diagnostic-openmp-extensions - clang-diagnostic-openmp-target-exception - clang-diagnostic-overriding-option - clang-diagnostic-packed-non-pod - clang-diagnostic-padded-bitfield - clang-diagnostic-pre-c++23-compat - clang-diagnostic-pre-c++23-compat-pedantic - clang-diagnostic-pre-c++26-compat - clang-diagnostic-pre-c++26-compat-pedantic - clang-diagnostic-pre-c++2c-compat - clang-diagnostic-pre-c++2c-compat-pedantic - clang-diagnostic-pre-c23-compat - clang-diagnostic-pre-c23-compat-pedantic - clang-diagnostic-read-only-types - clang-diagnostic-reserved-module-identifier - clang-diagnostic-return-local-addr - clang-diagnostic-sarif-format-unstable - clang-diagnostic-single-bit-bitfield-constant-conversion - clang-diagnostic-sloc-usage - clang-diagnostic-source-uses-openacc - clang-diagnostic-switch-default - clang-diagnostic-sync-alignment - clang-diagnostic-tautological-negation-compare - clang-diagnostic-thread-safety-reference-return - clang-diagnostic-unaligned-qualifier-implicit-cast - clang-diagnostic-undefined-arm-streaming - clang-diagnostic-undefined-arm-za - clang-diagnostic-undefined-arm-zt0 - clang-diagnostic-unknown-directives - clang-diagnostic-unreachable-code-generic-assoc - clang-diagnostic-unsafe-buffer-usage - clang-diagnostic-vla-cxx-extension - clang-diagnostic-vla-extension-static-assert - cppcoreguidelines-avoid-capturing-lambda-coroutines - cppcoreguidelines-avoid-do-while - cppcoreguidelines-avoid-reference-coroutine-parameters - cppcoreguidelines-misleading-capture-default-by-value - cppcoreguidelines-missing-std-forward - cppcoreguidelines-no-suspend-with-lock - cppcoreguidelines-noexcept-destructor - cppcoreguidelines-noexcept-move-operations - cppcoreguidelines-noexcept-swap - cppcoreguidelines-rvalue-reference-param-not-moved - cppcoreguidelines-use-default-member-init - hicpp-ignored-remove-result - llvmlibc-inline-function-decl - misc-coroutine-hostile-raii - misc-header-include-cycle - misc-include-cleaner - modernize-type-traits - modernize-use-constraints - modernize-use-starts-ends-with - modernize-use-std-numbers - modernize-use-std-print - performance-avoid-endl - performance-enum-size - performance-noexcept-destructor - performance-noexcept-swap - readability-avoid-nested-conditional-operator - readability-avoid-return-with-void-value - readability-avoid-unconditional-preprocessor-if - readability-operators-representation - readability-redundant-casting - readability-redundant-inline-specifier - readability-reference-to-constructed-temporary - new Clang Static Analyzer rules - BitwiseShift - EnumCastOutOfRange - security.cert.env.InvalidPtr - unix.Errno - unix.StdCLibraryFunctions - add VisualStudio project for development/debugging - diagnostic.json: using name 'Summary' instead of 'Text' for description
…upport LLVM 19 support
Bumps [com.fasterxml.woodstox:woodstox-core](https://github.com/FasterXML/woodstox) from 6.6.0 to 6.6.1. - [Commits](FasterXML/woodstox@woodstox-core-6.6.0...woodstox-core-6.6.1) --- updated-dependencies: - dependency-name: com.fasterxml.woodstox:woodstox-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…ayed in the report. Corrected CxxSquidSensor's saveViolations function to allow creation of new issues with a source other than "cxx", enabling reporting of detection results based on CustomCxxRulesDefinition, ensuring proper display of custom sources on the web server. Signed-off-by: qinyong <[email protected]>
…pendabot/maven/com.fasterxml.woodstox-woodstox-core-6.6.1 Bump com.fasterxml.woodstox:woodstox-core from 6.6.0 to 6.6.1
Bumps [org.mockito:mockito-core](https://github.com/mockito/mockito) from 5.10.0 to 5.11.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v5.10.0...v5.11.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
…pendabot/maven/org.mockito-mockito-core-5.11.0 Bump org.mockito:mockito-core from 5.10.0 to 5.11.0
Support correct repository (description) for CustomCxxRulesDefinition
Optimize scope in pom files
- language is a leftover from having two plugins: one C, one C++
…sDefinition fix CustomCxxRulesDefinition, remove language
Bumps [com.googlecode.plist:dd-plist](https://github.com/3breadt/dd-plist) from 1.27 to 1.28. - [Release notes](https://github.com/3breadt/dd-plist/releases) - [Commits](3breadt/dd-plist@v1.27.0...v1.28.0) --- updated-dependencies: - dependency-name: com.googlecode.plist:dd-plist dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) from 2.16.1 to 2.16.2. - [Commits](https://github.com/FasterXML/jackson/commits) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…pendabot/maven/com.googlecode.plist-dd-plist-1.28 Bump com.googlecode.plist:dd-plist from 1.27 to 1.28
…pendabot/maven/com.fasterxml.jackson.core-jackson-databind-2.16.2 Bump com.fasterxml.jackson.core:jackson-databind from 2.16.1 to 2.16.2
Bumps [org.sonarsource.scanner.maven:sonar-maven-plugin](https://github.com/SonarSource/sonar-scanner-maven) from 3.10.0.2594 to 3.11.0.3922. - [Release notes](https://github.com/SonarSource/sonar-scanner-maven/releases) - [Commits](SonarSource/sonar-scanner-maven@3.10.0.2594...3.11.0.3922) --- updated-dependencies: - dependency-name: org.sonarsource.scanner.maven:sonar-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
…pendabot/maven/org.sonarsource.scanner.maven-sonar-maven-plugin-3.11.0.3922 Bump org.sonarsource.scanner.maven:sonar-maven-plugin from 3.10.0.2594 to 3.11.0.3922
…pendabot/maven/org.sonarsource.scanner.maven-sonar-maven-plugin-4.0.0.4121 Bump org.sonarsource.scanner.maven:sonar-maven-plugin from 3.11.0.3922 to 4.0.0.4121
Bumps [com.google.guava:guava](https://github.com/google/guava) from 33.2.0-jre to 33.2.1-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…pendabot/maven/com.google.guava-guava-33.2.1-jre Bump com.google.guava:guava from 33.2.0-jre to 33.2.1-jre
Bumps [org.apache.maven.plugins:maven-jar-plugin](https://github.com/apache/maven-jar-plugin) from 3.4.1 to 3.4.2. - [Release notes](https://github.com/apache/maven-jar-plugin/releases) - [Commits](apache/maven-jar-plugin@maven-jar-plugin-3.4.1...maven-jar-plugin-3.4.2) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-jar-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.6.1 to 3.7.1. - [Release notes](https://github.com/apache/maven-dependency-plugin/releases) - [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.6.1...maven-dependency-plugin-3.7.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-dependency-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps `sonar.version` from 9.9.5.90363 to 9.9.6.92038. Updates `org.sonarsource.sonarqube:sonar-plugin-api-impl` from 9.9.5.90363 to 9.9.6.92038 - [Release notes](https://github.com/SonarSource/sonarqube/releases) - [Commits](SonarSource/sonarqube@9.9.5.90363...9.9.6.92038) Updates `org.sonarsource.sonarqube:sonar-testing-harness` from 9.9.5.90363 to 9.9.6.92038 - [Release notes](https://github.com/SonarSource/sonarqube/releases) - [Commits](SonarSource/sonarqube@9.9.5.90363...9.9.6.92038) --- updated-dependencies: - dependency-name: org.sonarsource.sonarqube:sonar-plugin-api-impl dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.sonarsource.sonarqube:sonar-testing-harness dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [com.fasterxml.woodstox:woodstox-core](https://github.com/FasterXML/woodstox) from 6.6.2 to 7.0.0. - [Commits](FasterXML/woodstox@woodstox-core-6.6.2...woodstox-core-7.0.0) --- updated-dependencies: - dependency-name: com.fasterxml.woodstox:woodstox-core dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps `junit-jupiter.version` from 5.10.2 to 5.10.3. Updates `org.junit.jupiter:junit-jupiter-engine` from 5.10.2 to 5.10.3 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](junit-team/junit5@r5.10.2...r5.10.3) Updates `org.junit.jupiter:junit-jupiter-api` from 5.10.2 to 5.10.3 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](junit-team/junit5@r5.10.2...r5.10.3) --- updated-dependencies: - dependency-name: org.junit.jupiter:junit-jupiter-engine dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.junit.jupiter:junit-jupiter-api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…pendabot/maven/org.apache.maven.plugins-maven-jar-plugin-3.4.2 Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2
…pendabot/maven/org.apache.maven.plugins-maven-dependency-plugin-3.7.1 Bump org.apache.maven.plugins:maven-dependency-plugin from 3.6.1 to 3.7.1
…pendabot/maven/sonar.version-9.9.6.92038 Bump sonar.version from 9.9.5.90363 to 9.9.6.92038
…pendabot/maven/com.fasterxml.woodstox-woodstox-core-7.0.0 Bump com.fasterxml.woodstox:woodstox-core from 6.6.2 to 7.0.0
…pendabot/maven/junit-jupiter.version-5.10.3 Bump junit-jupiter.version from 5.10.2 to 5.10.3
Bumps [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) from 2.17.1 to 2.17.2. - [Commits](https://github.com/FasterXML/jackson/commits) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…pendabot/maven/com.fasterxml.jackson.core-jackson-databind-2.17.2 Bump com.fasterxml.jackson.core:jackson-databind from 2.17.1 to 2.17.2
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.26.0 to 3.26.3. - [Release notes](https://github.com/assertj/assertj/releases) - [Commits](assertj/assertj@assertj-build-3.26.0...assertj-build-3.26.3) --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…pendabot/maven/org.assertj-assertj-core-3.26.3 Bump org.assertj:assertj-core from 3.26.0 to 3.26.3
Bumps [io.cucumber:gherkin](https://github.com/cucumber/gherkin) from 28.0.0 to 29.0.0. - [Release notes](https://github.com/cucumber/gherkin/releases) - [Changelog](https://github.com/cucumber/gherkin/blob/main/CHANGELOG.md) - [Commits](cucumber/gherkin@v28.0.0...v29.0.0) --- updated-dependencies: - dependency-name: io.cucumber:gherkin dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
- C5262 - C5266 - C5267 - C5301 - C5302 - C6030 - C6065 - C6392 - C6393 - C6394 - C6395 - C6396 - C6397 - C6398 - C26459 - C26479 - C26831 - C26832 - C26833 - C26835 - C26837 - C26861 - C26862 - C26863 - C26864
…pendabot/maven/io.cucumber-gherkin-29.0.0 Bump io.cucumber:gherkin from 28.0.0 to 29.0.0
…-2022-version-17.9 Visual Studio 2022 v17.9 warnings support
…92038 use SQ 9.9.6.92038 for testing
|
❤️ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change is