Skip to content

Releases: SonarSource/SonarJS

8.8.0

21 Jan 15:08
@yassin-kammoun-sonarsource yassin-kammoun-sonarsource
8.8.0.17228
a381593
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
8.8.0

In this release, we deprecated Node.js 12 support for JavaScript, TypeScript, and CSS analyses. It will still be possible to run analyses on Node.js 12 until complete end of support which is planned for August 2022. In the meantime, users are highly encouraged to upgrade their setup to Node.js 16 LTS. Last but not least, this release also includes fixes for a few FPs tickets.

  • Deprecating Node.js 12 support for JS/TS/CSS analyses (#2927)
  • S3735: Promises should be ignored (#2928)
  • S2259: Optional chaining should be ignored (#2930)

Part of SonarQube 9.3

Assets 2
Loading

8.7.0

13 Dec 15:20
@vilchik-elena vilchik-elena
8.7.0.17093
22771f9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
8.7.0

In this release we change the approach to the analysis of TypeScript files. Before we were relying on tsconfig files to get the list of concerned files, which was not always reliable (due to dependencies in those files). Now we build the program, which provides us with the list of files. Due to this change more files could be analyzed now. Also since this release if you want to analyze TS files, at least one tsconfig.json should be present in the project directory.

This new approach is not applied if there is at least one .vue file with TypeScript script.

  • Program-based analysis of TypeScript (fixed #2073)

  • Fixes to support Aura Lightning Components (#2885)

  • Support directories in references in tsconfig (#2815)

  • Rely on Java 11

Full Changelog: 8.6.0.16913...8.7.0.17094
Full issue list: https://github.com/SonarSource/SonarJS/milestone/47?closed=1

Assets 2
Loading

8.6.0

16 Nov 09:44
@saberduck saberduck
8.6.0.16913
701a9ce
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
8.6.0

In this release, we merged CSS analysis, which was previously provided by the sonar-css plugin into the single plugin together with JS and TS analysis.

As usual it contains a bunch of bugfixes. See milestone for details https://github.com/SonarSource/SonarJS/issues?q=is%3Aclosed+milestone%3A8.6

Assets 2
Loading

8.5.0

01 Nov 09:42
@saberduck saberduck
8.5.0.16762
c558025
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
8.5.0

This release contains 8 new rules covering common pitfalls when writing JS unit tests

  • S2699 Tests should include assertions
  • S2970 Assertions should be complete
  • S3415 Assertion arguments should be passed in the correct order
  • S5863 Assertions should not be given twice the same argument
  • S5958 Tests should check which exception is thrown
  • S6079 Tests should not execute any code after "done()" is called
  • S6080 Mocha timeout should be disabled by setting it to "0".
  • S6092 Chai assertions should have only one reason to succeed

We now also support TypeScript 4.4

As usual, we also include minor improvements and bugfixes.
Full list of fixed issues: https://github.com/SonarSource/SonarJS/milestone/45?closed=1

Assets 2
Loading

8.4.0

10 Sep 08:54
@vilchik-elena vilchik-elena
8.4.0.16431
a11eb10
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
8.4.0

One more bunch of rules targeting regular expressions (MMF-2480):

  • S5869 Character classes in regular expressions should not contain the same character twice
  • S6019 Reluctant quantifiers in regular expressions should be followed by an expression that can't match the empty string
  • S6351 Regular expressions with the global flag should be used with caution
  • S5843 Regular expressions should not be too complicated
  • S5867 Regular expressions with Unicode property escapes should set Unicode flag
  • S5842 Repeated patterns in regular expressions should not match the empty string
  • S6353 Regular expression quantifiers and character classes should be used concisely
  • S5852 Using slow regular expressions is security-sensitive
Assets 2
Loading

8.3.0

16 Aug 10:21
@saberduck saberduck
8.3.0.16208
dd8dc95
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
8.3.0
  • Support for wildcards in coverage report paths #578
  • Drop of deprecated properties for TypeScript (JavaScript properties should be used instead)
  • Many fixes for false positives
  • Upgrade of dependencies

Full list of fixed issues: https://github.com/SonarSource/SonarJS/milestone/42?closed=1

@codyebberson, thanks for the contribution! (#2755)

Contributors

codyebberson and typescript-eslint
Assets 2
Loading

8.2.0

04 Aug 09:08
@yassin-kammoun-sonarsource yassin-kammoun-sonarsource
8.2.0.16042
af5374d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
8.2.0
  • Add code quality rules for regular expressions (MMF-2443)
    • S5850 Alternatives in regular expressions should be grouped when used with anchors (#2695)
    • S5856 Regular expressions should be syntactically valid (#2692)
    • S5860 Names of regular expressions named groups should be used (#2693)
    • S5868 Unicode Grapheme Clusters should be avoided inside regex character classes (#2690)
    • S6035 Single-character alternations in regular expressions should be replaced with character classes (#2694)
    • S6323 Alternation in regular expressions should not contain empty alternatives (#2700)
    • S6324 Regular expressions should not contain control characters (#2699)
    • S6325 Regular expression literals should be used when possible (#2698)
    • S6326 Regular expressions should not contain multiple spaces (#2697)
    • S6328 Replacement strings should reference existing regular expression groups (#2696)
    • S6331 Regular expressions should not contain empty groups (#2691)
    • Support precise issue location for regular expressions (#2712) (#2721)
    • Add syntax highlighting for regular expression literals (#2717)
  • Upgrade eslint-plugin-sonarjs dependency: 0.9.0, 0.9.1 (#2680)
Assets 2
Loading

8.1.0

24 Jun 12:17
@saberduck saberduck
8.1.0.15788
5f6b8aa
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
8.1.0
  • new rule S6299 hotspot for Vue DOM-XSS
  • syntax highlighting for template element in Vue SFC files
Assets 2
Loading

8.0.0

07 Jun 15:48
@saberduck saberduck
8.0.0.15689
e265054
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
8.0.0
  • remove Java based parser (and custom rules API)
  • support TypeScript 4.3
  • new hotspot rule for Angular DOM XSS
Assets 2
Loading

7.4.4

03 Jun 08:21
@vilchik-elena vilchik-elena
7.4.4.15624
481b2e6
Compare
Choose a tag to compare
7.4.4

Bugfix to parse .vue files with TypeScript code

Assets 2
Loading