Sonar Community Roundup, March 9 - March 15

Hello Sonar Community!

Like every week we want to spend some time saying thanks to everyone who prompted interesting discussions and gave us feedback on Sonar products that will help us continuously improve.

SonarQube:

  • Thanks @jonesbusy for letting us know that Project Import doesn’t work if you’ve set the New Code Period for a project to a non-deafult value on the target instance. We’re going to update the documentation.

SonarLint:

What a uh… week. SonarLint for IntelliJ had a rough release with 10.4.0, which means our users had a rough week. We really appreciate every single error report, and your continued patience as we work through this. Late Thursday we released 10.4.1, which fixes all the issues we’ve identified so far. If you’re still having problems after you upgrade, please don’t hesitate to drop us a line (again)! This week also saw hiccups in SonarLint for VSCode, and early next week we’re planning to publish a pre-release artifact with more extensive logging to help us pin down the problems. If you’re having problems with SonarLint for VSCode, please do install this version and send us your logs! And now, thank you to everyone who reported issues:

@fcsonar, @das_jogi, @Raheel_Butt, @hexeberlin, @Chronium, @TSB04, @kreake, @michaud-f, @IMAD_OUCHAIB, @sbouchet, @stef38, @Fabio_Chiari, @Martin_Lemnian, @Pavel_Zdanovich, @Todd_Flora, @rosi, @OhnishiHiroshi, @comanl, @Jesus_Cantero_Ferron, @alejnadrafs, @vasraz, @Thomas_Sheckells, @ianbrandt, @smzerehpoush, @bangtri, @MingNiu, @Petr_Nehez, @BubblingXuYijie, @JohnTheRipper552, @TasMot, @mka, @kdebisschop, @asggo, @orwtech, @Quoc_Pham, @Vencel_Csorba, @CXwudi, @apis, @damien-saussac_wln, @nicolasrosa, @Chakravarthi_Noothi, @George_Liatsos, @bskaarup, @ng-life, @hoangdd, @zarechny58, @LudmilaDragomir, @alyu, @gabs, @Alain_Ramirez_Cabrej, @saric, @Gordon_Force, @Fine_Kuo, @MehdiJavan, @tom.lindsey, @Gregory_Wolf, @foerste, @AnudeepHitachiEnergy, @Philipp_Uhlmann, @Rebse, @vahan-uncrowd, @tomassurek-ext54162, @KevinJCross, @Jonathan_Zollinger, @dacha, @perttumyry, @diegocs96, @Andrei_d, @itenev, @Alejandro_Martinez, @Gollum23, @Anna_Cerbaro, @FreddySquall, @Andrey_Andreev, @tschindler, @Axel_de_Velp, @rodrigoreis, @trinhpham, @gbrinkmann, @mkomko, @degree, @dbs_fs, @surecloud-jleite, @Artem_Kropotov, @DRodrigues17, @Rad_Andrei, @morayke, @MSCHYNS_RJF, @yaseen_sanderwale, @Nicolas_JOUVE, @jesus_david_ramirez, @KarlaDell, @ericmiddleton and @pemola

SonarCloud:

Rule and Language improvements

  • @MCMattia found that false positives were reported by cpp:S3519 with an ASSERT calling a function defined in another file. CPP-4723 is aimed at addressing the limitation.

  • cpp:S6003 should ignore objects constructed using designated initializers. Thanks for the heads-up @mtnpke! CPP-5105

  • Thank you @kyris for telling us about a few false-positives related to pattern matching. We knew about a few of them, but a couple (SONARJAVA-4904, SONARJAVA-4907, SONARJAVA-4908) were new! This is a big help to improve our support of Java 21. :pray:

  • Thanks @wozitto for submitting a PR to add additional domain exceptions to javascript:S5332. A PR with your changes hass already been merged!

  • Kudos to @Anas_Khouja for pointing us to a funky failure when parsing the NodeJS version. We have more questions but we can still get a PR made. :slight_smile:

  • It’s a long-running complaint that “normal” rules aren’t applied to Java test code, and @slawekjaranowski pointed out how useful it would be for java:S1874 to detect the use of deprecated code in tests. We’ve created SONARJAVA-4905 to address which rules are applied where.

Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.

Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.

Colin, @ganncamp, and @leith.darawsheh

5 Likes