Hello Sonar Community!
Summer is almost here, isn’t it time for you all to go on vacation and leave us alone? 
Just kidding. But hey, if you’re out there, tell us your summer plans. City break? Beach? Visiting a new country? I’m headed to Paris Pride at the end of the month (happy Pride Month to those who celebrate, and heck, to those who don’t) but I don’t have anything else planned. I’m looking for ideas. 
Back to business – It’s been a big week here in the Community, with lots of help and guidance from you, our members, to improve our products and your experience with them.
We’re grateful when you take the time to do that, so like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarQube:
- Earlier this year @ThornableGumpture reported a vulnerability that has been fixed in SonarQube 9.9.4 and SonarQube 10.4. Thanks for keeping our community safe.
SonarLint:
- When SonarQube sends information about changed Taint Vulnerabilities to SonarLint for Eclipse, we assume that at least one file with such a Taint Vulnerability is currently opened in the editor. That’s not always a safe assumption and leads to an error. Thanks for the report @gnl42! SLE-877
SonarCloud:
-
Some issue messages include HTML tags, which aren’t being escaped correctly when Azure DevOps pull requests are decorated with issues. We’ll fix that up. Thanks @Manuel.P!
-
We forgot to adjust the Lines of Code tooltip for dark mode. Thanks, @LeviateK! We’ll work on that.
-
Keyboard shortcuts have never been my thing, but some users (@ganncamp especially) love them. @voidpointer let us know that all arrow keys aren’t working as expected when browsing (and trying to edit) issues. We’ll fix that in both SonarCloud and SonarQube (SONAR-22362)
Rule & Language Improvements:
-
web:S6853has an unclear issue message as reported by @m-gallesio. We’ll fix it to make it more clear what needs to be done. SONARHTML-254 -
Thanks @kiran2k for letting us know that our COBOL analyzer doesn’t support
SUPPRESS WHEN LOW-VALUESsyntax. SONARCOBOL-1703 -
kotlin:S6313should respect theandroidx.annotation.VisibleForTestingannotation as reported by @jayasuryat! SONARKT-391 -
Shoutout to @Sedictious for your feedback and interesting conversation about
cpp:S3741. We’ve identified at least one improvement: CPP-5383 -
python:S1717is flagging on file paths, which doesn’t make sense. Thanks @sodul. SONARPY-1906 -
We’re considering adding support for custom signatures to
java:S2259following feedback from @Bhathiya. SONARJAVA-5022 -
EF Core supports private setters as a way to make properties set via the constructor read-only. But @mjconrad let us know that
csharpsquid:S1144doesn’t. sonar-dotnet#9416 -
Similarly, Vitest supports creating data-driven test cases with template strings in
it.each, andtypescript:S2187should too. Thanks @hpierre74. JS-180
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.
@Colin, @ganncamp, and @leith.darawsheh