Warning: React version specified in eslint-plugin-react-settings must be a valid semver version

strider · January 13, 2025, 6:16pm

Must-share information (formatted with Markdown):

which versions are you using (SonarQube Server / Community Build, Scanner, Plugin, and any relevant extension): * Community Edition v10.7 (96327)
how is SonarQube deployed: zip, Docker, Helm: Docker
what are you trying to achieve: Running Sonarqube scanner in a Jenkins pipeline without any errors/warnings
what have you tried so far to achieve this: locally running eslint does not produce the error/warning

I am getting this Warning message when the sonarqube scanner runs in my Jenkins pipeline:

Warning: React version specified in eslint-plugin-react-settings must be a valid semver version, or “detect”; got “^17”

I have a .eslintrc file with this setup:

“settings”: {
“react”: {
“version”: “detect”
},

My package.json file has:

“react”: “^17”,

With “detect” option in eslinrc, it should pickup the installed version of react. This works fine locally with eslint but is failing with the sonarqube scanner

Colin · January 14, 2025, 5:24pm

Hey there.

At what point do you get this warning? Can you share what’s happening before and after you get this message? Basically, a more complete log sample, please.

strider · January 14, 2025, 6:02pm

Hi Colin,

So in a nutshell, our Jenkins pipeline for our React frontend goes like this:
→ npm i → npm run test (playwright) → Dependency Checker → Sonarqube Scanner

When Sonarqube scanner runs these are the command parameters:

/bin/sonar-scanner -Dsonar.projectKey=FRONTEND -Dsonar.projectVersion=170 -Dsonar.sources=. -Dsonar.exclusions=dependency-check-report.xml,tests/,webpack/,server/,config/,*.config.js,node_modules/,coverage/ -Dsonar.coverage.exclusions= -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info

I can provide a log around where the warning/error is issued:

…
INFO: Sensor JavaScript/TypeScript analysis [javascript]
INFO: Detected os: Linux arch: amd64 alpine: false. Platform: LINUX_X64
INFO: Using embedded Node.js runtime.
INFO: Using Node.js executable: ‘/root/.sonar/js/node-runtime/node’.
INFO: Memory configuration: OS (515601 MB), Node.js (4144 MB).
INFO: Found 0 tsconfig.json file(s):
INFO: Creating TypeScript program
INFO: TypeScript configuration file /tmp/tmp-136905-L5CFcU8VT4yg
INFO: 179 source files to be analyzed
INFO: Starting analysis with current program
INFO: 4/179 files analyzed, current file: src/components/Base/MenuItemWithTooltip/styled.js
ERROR: Warning: React version specified in eslint-plugin-react-settings must be a valid semver version, or “detect”; got “^17”
INFO: Analyzed 179 file(s) with current program
INFO: 179/179 source files have been analyzed
INFO: Hit the cache for 0 out of 179
INFO: Miss the cache for 179 out of 179: ANALYSIS_MODE_INELIGIBLE [179/179]
INFO: Sensor JavaScript/TypeScript analysis [javascript] (done) | time=24716ms
INFO: Sensor JavaScript inside YAML analysis [javascript]
…

If you need further log context let me know and I can provide it. Thanks for the help

eric.morand · January 23, 2025, 4:21pm

@strider , thanks for the report and the log.

You discovered a bug in the eslint-plugin-react library that our analyzer uses to implement some React rules. Your declared version ^17 is a perfectly valid semver constraint, as confirmed there, and by the semver package that eslint-plugin-react uses for that matter:

console.log(semver.coerce('^17'));

SemVer {
  options: {},
  loose: false,
  includePrerelease: false,
  raw: '17.0.0',
  major: 17,
  minor: 0,
  patch: 0,
  prerelease: [],
  build: [],
  version: '17.0.0'
}

There is a bug in the React plugin that makes it fail with ^17 (and any other constraint that does not contain only digits and dots). Not really surprising, considering that it is visually obvious that this code will fail as soon as the first part is not a number:

github.com/jsx-eslint/eslint-plugin-react

lib/util/version.js

e6b5b4119


      
                // https://github.com/eslint/eslint/issues/11989
                if (err.code === 'ENOTDIR') {
                  // virtual filename could be recursive
                  return resolveBasedir(dirname);
                }
              }
            }
            return process.cwd();
          }
          
          function convertConfVerToSemver(confVer) {
            const fullSemverString = /^[0-9]+\.[0-9]+$/.test(confVer) ? `${confVer}.0` : confVer;
            return semver.coerce(fullSemverString.split('.').map((part) => Number(part)).join('.'));
          }
          
          let defaultVersion = ULTIMATE_LATEST_SEMVER;
          
          function resetDefaultVersion() {
            defaultVersion = ULTIMATE_LATEST_SEMVER;
          }

Since you discovered the bug, you may want to open the issue in their repository and/or propose a PR - and enjoy the deserved glory . We would, of course, back you up to try and make the issue noticed by the maintainers. But if you prefer, we can take care of opening the issue ourselves.

Let me know.

strider · January 24, 2025, 4:04pm

Hi Eric,

Thank you for responding.

Prior to opening this topic here on the sonarqube community, I had already reached out to the eslint-react-plugin maintainer (Jordan Harband) as you can see in the GitHub issue:

github.com/jsx-eslint/eslint-plugin-react

[Bug]: Warning: React version specified in eslint-plugin-react-settings must be a valid semver version, or "detect"; got “^17”

opened 12:44PM - 28 Nov 24 UTC

Redirts

bug

### Is there an existing issue for this? - [x] I have searched the existing iss…ues and my issue is unique - [x] My issue appears in the command-line and not only in the text editor ### Description Overview I am getting this Warning message: Warning: React version specified in eslint-plugin-react-settings must be a valid semver version, or "detect"; got “^17” I have a .eslintrc file with this setup: "settings": { "react": { "version": "detect" }, ### Expected Behavior This plugin should be able to cope with carets which are part of the semver specification ### eslint-plugin-react version v7.37.2 ### eslint version v8.57.0 ### node version v20.10.0

Based on your feedback I went back to that issue and asked Jordan for feedback and he does not agree with your interpretation of the root cause of the issue.

Care to assist me in finding a consensus? I would appreciate it if you could reply back on that GitHub issue, if possible.

Many thanks

eric.morand · January 24, 2025, 4:30pm

Well, I’m proven wrong: I double-checked and ranges are not part of Semantic Versioning specification.

The issue is definitely on our side, when our plugin reads the version from the project manifest (package.json). It is passing the version verbatim to the React plugin; instead, it should coerce the version using the semver package to guarantee that the version sent to eslint-plugin-react is Semantic Versioning compatible.

I opened a Jira ticket about the issue.

Thanks a lot for reporting the issue. I think you can close the eslint-plugin-react GitHub issue and add a link to this thread, for future reference.

Eric.

system · February 5, 2025, 9:34am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.