Update SonarAnalyzer.CSharp to version 9.20 (#27)

neoscie · web-flow · commit de9ef24861d8 · 2024-10-09T16:34:32.000+02:00
diff --git a/.github/workflows/cd-production.yml b/.github/workflows/cd-production.yml
@@ -37,9 +37,10 @@ jobs:
   notify:
     needs: [pack-and-publish]
     runs-on: ubuntu-latest
-    if: ${{ !contains(github.event.release.tag_name, '-alpha.') }}
     steps:
-      - uses: neolution-ch/action-release-notifier@v1
+      - uses: neolution-ch/action-release-notifier@v1.3.0
         with:
           slack-token: ${{ secrets.SLACK_RELEASE_NOTIFIER_TOKEN }}
           slack-channel-ids: ${{ vars.SLACK_CHANNEL_ID_RELEASE_ANNOUNCEMENTS }}
+          ignore-alpha-releases: true
+          ignore-rc-releases: true
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,41 @@ and adheres to a project-specific [Versioning](/README.md).
 
 ## [Unreleased]
 
+### Added
+
+- S2925: "Thread.Sleep" should not be used in tests
+- S3363: Date and time should not be used as a type for primary keys
+- S6561: Avoid using "DateTime.Now" for benchmarking or timing operations
+- S6562: Always set the "DateTimeKind" when creating new "DateTime" instances
+- S6575: Use "TimeZoneInfo.FindSystemTimeZoneById" without converting the timezones with "TimezoneConverter"
+- S6580: Use a format provider when parsing date and time
+- S6588: Use the "UnixEpoch" field instead of creating "DateTime" instances that point to the beginning of the Unix epoch
+- S6607: The collection should be filtered before sorting by using "Where" before "OrderBy"
+- S6609: "Min/Max" properties of "Set" types should be used instead of the "Enumerable" extension methods
+- S6610: "StartsWith" and "EndsWith" overloads that take a "char" should be used instead of the ones that take a "string"
+- S6612: The lambda parameter should be used instead of capturing arguments in "ConcurrentDictionary" methods
+- S6613: "First" and "Last" properties of "LinkedList" should be used instead of the "First()" and "Last()" extension methods
+- S6617: "Contains" should be used instead of "Any" for simple equality checks
+- S6618: "string.Create" should be used instead of "FormattableString"
+- S6640: Using unsafe code blocks is security-sensitive
+- S6797: Blazor query parameter type should be supported
+- S6798: [JSInvokable] attribute should only be used on public methods
+- S6800: Component parameter type should match the route parameter type constraint
+- S6803: Parameters with SupplyParameterFromQuery attribute should be used only in routable components
+
+### Removed
+
+- S2228: Console logging should not be used
+- S2255: Writing cookies is security-sensitive
+- S3884: "CoSetProxyBlanket" and "CoInitializeSecurity" should not be used
+- S4564: ASP.NET HTTP request validation feature should not be disabled
+- S4784: Using regular expressions is security-sensitive
+- S4787: Encrypting data is security-sensitive
+- S4818: Using Sockets is security-sensitive
+- S4823: Using command line arguments is security-sensitive
+- S4829: Reading the Standard Input is security-sensitive
+- S4834: Controlling permissions is security-sensitive
+
 ## [3.1.2] - 2024-10-03
 
 ### Removed
diff --git a/Neolution.CodeAnalysis.TestsRuleset.nuspec b/Neolution.CodeAnalysis.TestsRuleset.nuspec
@@ -13,7 +13,7 @@
     <developmentDependency>true</developmentDependency>
     <dependencies>
       <dependency id="StyleCop.Analyzers.Unstable" version="1.2.0.556" />
-      <dependency id="SonarAnalyzer.CSharp" version="8.56.0.67649" />
+      <dependency id="SonarAnalyzer.CSharp" version="9.20.0.85982" />
     </dependencies>
   </metadata>
   <files>
diff --git a/Neolution.CodeAnalysis.nuspec b/Neolution.CodeAnalysis.nuspec
@@ -13,7 +13,7 @@
     <developmentDependency>true</developmentDependency>
     <dependencies>
       <dependency id="StyleCop.Analyzers.Unstable" version="1.2.0.556" />
-      <dependency id="SonarAnalyzer.CSharp" version="8.56.0.67649" />
+      <dependency id="SonarAnalyzer.CSharp" version="9.20.0.85982" />
     </dependencies>
   </metadata>
   <files>
diff --git a/build/Neolution.CodeAnalysis.globalconfig b/build/Neolution.CodeAnalysis.globalconfig
@@ -254,6 +254,22 @@ dotnet_diagnostic.CA2000.severity = warning
 ; Deprecated code should eventually be removed, but it should not break the current build.
 dotnet_diagnostic.S1133.severity = suggestion
 
+# S6602: "Find" method should be used instead of the "FirstOrDefault" extension
+; It seems like the potential performance gains here will be negative after .NET9: https://github.com/SonarSource/sonar-dotnet/issues/9664
+dotnet_diagnostic.S6602.severity = none
+
+# S6603: The collection-specific "TrueForAll" method should be used instead of the "All" extension
+; Only has a performance gain with "large" collections and has a slightly different syntax when used with Arrays which could lead to confusion.
+dotnet_diagnostic.S6603.severity = none
+
+# S6605: Collection-specific "Exists" method should be used instead of the "Any" extension
+; It seems like the potential performance gains here will be negative after .NET9: https://github.com/SonarSource/sonar-dotnet/issues/9665
+dotnet_diagnostic.S6605.severity = none
+
+# S6608: Prefer indexing instead of "Enumerable" methods on types implementing "IList"
+; Better readability of `First()` and `Last()` are preferred over performance gains
+dotnet_diagnostic.S6608.severity = none
+
 # S107: Methods should not have too many parameters
 dotnet_diagnostic.S107.severity = warning
 
