Hello Sonar Community!
It’s been a big week here in the Community, with lots of help and guidance from you, our members, to improve our products and your experience with them. We’re grateful when you take the time to do that, so like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarQube:
- Thanks @TheOnlyAl for providing a great reproducer to help us diagnose an issue with SonarQube and the dependency-check/dependency-check-sonar-plugin, and @rriedel for the original report.
SonarCloud:
- An update to our Javascript/Typescript analysis set the minimum NodeJS version to v18.18, while the Docker image used for our own GitHub Action only had v18.17. We’ve addressed the problem. Thanks for the reports @Franck_Mahieu, @mjgp2, @Agustin_Franco_Di_Ma, @m.despotovic and @eschumm751!
SonarLint:
-
Thanks to reports from @Evgeny_Kurtser and @Ingrid_Guedes_Teles, we’ll fix an issue with SonarLint for IntelliJ that was causing noisy, useless logs. SLI-1370
-
Notifications are accumulating in SonarLint for IntelliJ that can’t be deleted. We’ll fix this with SLI-1366 and SLI-1367. Thanks @mgimeno!
-
@stdedos thinks we could do a better job preventing SonarLint-related files from being checked into source control, and we agree. SLI-1365
Rule & Languages Improvements:
- @javanegmond pointed out that
docker:S6596is being raised on references to previous build stages when the previous stage is unresolvable. We’ll fix this with [SONARIAC-1418]
([SONARIAC-1418] - Jira). - Thanks @sodul for reporting that
python:S5806is being raised when when thefunctionname is used, despite not being a reserved keyword. SONARPY-1756 - We’re missing a pretty basic XSS vulnerability as reported by @Adam_B. We’ve created an internal ticket to make sure this gets tackled.
- Thanks @weelink for your report about
Summaryelements not being handled correctly by our HTML analyzer. SONARHTML-226
What else is new?
- A shoutout to @Vladimir_Shelkovniko who has taken over maintenance of the Community Rust Plugin from @elegoff. Thank you both for your contributions.
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.
@ganncamp, @Colin, and @leith.darawsheh