Bump SonarAnalyzer.CSharp from 8.38.0.46746 to 9.4.0.72892

[dependabot]

Bumps SonarAnalyzer.CSharp from 8.38.0.46746 to 9.4.0.72892.

Release notes

Sourced from SonarAnalyzer.CSharp's releases.

9.4

Release 9.4 brings one new rule for C# and four new rules for VB.NET. It also brings improvements by migrating two more rules to the new symbolic execution engine, fixing false positives, and improving memory allocation.

Thanks to @​sharwell for his contribution by reporting 7438. Thanks to @​Corniel for his contribution by implementing new rule S2925 in 7342.

New Rules

• 7305 - [VB.NET] New rule S3966: Objects should not be disposed more than once
• 7304 - [VB.NET] New rule S1944: Invalid casts should not be made
• 7303 - [VB.NET] New rule S4158: Empty collections should not be accessed or iterated
• 7342 - [C#, VB.NET] New Rule: S2925 Do not use Thread.Sleep() in a test

Improvements

• 7302 - [C#] Migrate S3966 to the new Symbolic Execution engine
• 7300 - [C#] Migrate S4158 to the new Symbolic Execution engine
• 7301 - [C#] Improve S1944: Rule now detects more issues
• 7322 - [C#] Symbolic Execution: Learn NotNull from ??= for nullable types
• 7267 - [C#, VB.NET] Symbolic Execution: Add BinaryOperation for literals: division, remainder, xor
• 7435 - [C#] Improve S4635: Update issue message
• 7365 - [C#] Improve S2198: Update issue message
• 7337 - Update RSPEC before 9.4 release

False Positives

• 4261 - [C#] Fix S4158 FP: When a collection was filled by using delegates
• 2147 - [C#] Fix S4158 FP: Variable instance mismatch
• 7308 - [C#] Fix S3655 FP: Recognize ??= for nullable types
• 6179 - [C#, VB.NET] Fix S4158 FP: When the collection was filled during for loops, was reported to be empty

Performance

• 7438 - Memory allocation improvement: HasMatchingScope should not allocate a new delegate on every call

9.3

Improvements

• 7318 - [C#, VB.NET] Improve S2437: message - replace silly with unnecessary

False Positive

• 7286 - [C#] Fix S6605 and S6617 FP: Should not be applied to expressions used by EntityFramework

9.2

This release brings a new implementation of S3949 rule, that is now part of SonarWay again.

New features

• 7147 - [VB.NET] New rule S3949: Integral operations should not overflow - for VB.NET
• 7239 - [C#] Rule S6613: implement CodeFix

False Positive fixes

• 7104 - [C#] Fix S2259 FP: Conditional access checked for bool
• 3491 - [C#] Fix S3949 FP: Do not report inside GetHashCode

Improvements

... (truncated)

Commits

• eefdd88 Update RSPEC before 9.4 release (#7460)
• 6cde32d Update message of S4635 (#7435)
• b6ce681 Migrate S4158: Do not report on method references (#7453)
• 6dceab4 Migrate S4158: Passing as argument removes constraint (#7433)
• 897430c Migrate S4158: Support Dictionary Setter (#7418)
• 5d2ab8e Migrate S3699: Implement ShouldExecute for VB.NET (#7449)
• 7546630 Update NuGet.Packaging to 6.6.1 (#7456)
• b00af07 Migrate S4158: Support Enumerable.Count extension (#7452)
• 95cd5d8 Update RSPECs as part of the LayC migration (sixth batch) (#7454)
• ecb72c6 S4158 FP: Collection filled in a for loop reported to be empty (#7447)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[pull-request-quantifier-deprecated]

This PR has 2 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +1 -1
Percentile : 0.8%

Total files changed: 1

Change summary by file extension:
.csproj : +1 -1

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detected.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.

[dependabot]

Superseded by #2007.