Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump org.sonarsource.java:java-frontend from 7.30.1.34514 to 7.33.0.35775 #173

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump org.sonarsource.java:java-frontend from 7.30.1.34514 to 7.33.0.35775 #173

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 9, 2024

Bumps org.sonarsource.java:java-frontend from 7.30.1.34514 to 7.33.0.35775.

Release notes

Sourced from org.sonarsource.java:java-frontend's releases.

7.33.0.35775

Release notes - SonarJava - 7.33

False Negative

SONARJAVA-4770 S2438 FN on arguments whose concrete type is Thread

Task

SONARJAVA-4918 Update dependencies + prepare for next development iteration 7.33.0-SNAPSHOT

SONARJAVA-4922 Upgrade sonar-plugin-api and fix IndexedFile issue

SONARJAVA-4924 Remove deprecated method ExpressionUtils.getEnclosingElement

Improvement

SONARJAVA-4858 S5344: Add support for detection of two additional insecure PasswordEncoders

SONARJAVA-4863 S2092: Support detection of missing secure cookie flag for Spring

SONARJAVA-4864 S3330: Support detection of missing http-only cookie flag for Spring

SONARJAVA-4866 S2077: Support detection of formatted SQL queries in Spring

SONARJAVA-4871 S5122: Support detection of Permissive CORS policies for Spring

SONARJAVA-4875 S4502: Support detection of CSRF Protection for Spring

SONARJAVA-4880 S5804: Support detection of User Enumeration for Spring

SONARJAVA-4882 S5876: Support detection of Session Fixation for Spring

SONARJAVA-4883 S4423: Support detection of TLS Protocol Downgrades for Spring programmatically

SONARJAVA-4884 S4507: Support detection of enabled Debug Features in Spring programmatically

SONARJAVA-4885 S5693: Support detection of Excessive File Upload Size Limit for Spring programmatically

SONARJAVA-4921 Update Java parser version to ECJ 3.37.0

7.32.0.35531

Release notes - SonarJava - 7.32

Bug

SONARJAVA-4756 NumberFormatException in AbstractPrintfChecker.getIndex(String param)

SONARJAVA-4873 Wrong quickfix in S1066

... (truncated)

Commits
  • 0614cc7 Use SQ 10.3 in CI builds to avoid flickering issues bug in SQ 10.4 (temporary...
  • 283b1bb Add spring-3.2 module to be ignored in ws scan task (#4757)
  • b8d676a Update rule metadata and parent POM version (#4755)
  • b49599b SONARJAVA-4880 S5804: Support detection of User Enumeration for Spring (#4753)
  • 26ef2ab SONARJAVA-4922 Upgrade sonar-plugin-api and fix IndexedFile issue (#4752)
  • 38a69d4 SONARJAVA-4866 S2077: Support detection of formatted SQL queries in Spring (#...
  • f7286e5 SONARJAVA-4883 S4423: Support detection of TLS Protocol Downgrades for Spring...
  • f68bf12 Update CODEOWNERS (#4751)
  • ab438c1 SONARJAVA-4921 Batch parser always fallback to file by file mode for missing ...
  • facde99 SONARJAVA-4921 Update Java parser version to ECJ 3.37.0
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump org.sonarsource.java:java-frontend
084bc92 
Bumps [org.sonarsource.java:java-frontend](https://github.com/SonarSource/sonar-java) from 7.30.1.34514 to 7.33.0.35775.
- [Release notes](https://github.com/SonarSource/sonar-java/releases)
- [Commits](SonarSource/sonar-java@7.30.1.34514...7.33.0.35775)

---
updated-dependencies:
- dependency-name: org.sonarsource.java:java-frontend
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 9, 2024
@dependabot dependabot bot mentioned this pull request Apr 9, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants