build(deps): bump SonarAnalyzer.CSharp from 8.40.0.48530 to 9.18.0.83559

[dependabot]

Bumps SonarAnalyzer.CSharp from 8.40.0.48530 to 9.18.0.83559.

Release notes

Sourced from SonarAnalyzer.CSharp's releases.

9.18

Hi everyone!

This release focuses on fixing false positives and on general improvements that will be included in the upcoming SonarQube 10.4.

False Positive

• 7792 - [C#, VB.NET] Fix S1125 FP: Type check with System.Object
• 7904 - [C#] Fix S1144 FP: Record method PrintMembers
• 6326 - [C#] Fix S2437 FP: None of the operands is 0
• 7620 - [C#] Fix S6618 FP: Projects targeting runtime lower than .NET 6.0
• 8560 - [C#] Fix S4027 FP: BinaryFormatter. Serialization constructors are obsolete and should not be required

Improvements

• 4993 - [C#] Improve S3925 message to be clear about expected action
• 3604 - [C#] Improve S2971 message to use AsEnumerable in LINQ database query
• 7960 - [C#, VB.NET] Deprecate rule S3884
• 8554 - Update RSPEC before 9.18 release

9.17

Hi everyone!

We are shipping some more improvements to our Symbolic Execution rules reducing the number of false positives.

False Negatives

• 8493 - [C#] Fix S2583/S2589 FN and S2259 FP: Add support for relational pattern

False Positive

• 7665 - [C#, VB.NET] Fix S2259 FP: is not and short-circuit or
• 8382 - [C#, VB.NET] Fix S2589 FP: Custom Equals(null) is wrongly assumed to always return false
• 8504 - [C#, VB.NET] Fix S1104 FP: Should be ignored on classes and structs marked as [Serializable]

9.16

Hello everyone!

For this release, we focused on improving the symbolic execution engine, specifically rules S2589 and S2583, to increase their accuracy. We also deprecated rule S4792.

False Positive

• 8470 - [C#, VB.NET] Fix S2583 FP: Should not raise on double condition
• 8378 - [C#, VB.NET] Fix S2583 FP: Variable Set in Catch Block
• 8140 - [C#, VB.NET] Fix S2583 FP: nested try catch blocks
• 8094 - [C#, VB.NET] Fix S2583/S2589 FP: Delegate can be null when last invocation is removed but comparing the delegate against null gets reported as always false
• 8326 - [C#] Fix S2589 FP: Var pattern should not raise
• 8324 - [C#] Fix S2259 FP: Raising issue in unreachable code when using declaration pattern on unknown value
• 8149 - [C#] Fix S2589 FP: Switch Expression default case with bool literal
• 8011 - [C#] Fix S2589 FP: Rule is erroneously raised on var-type pattern matches that use when clauses
• 8008 - [C#] Fix S2589 FP: Rule is raised on catch-all tuples in switch expressions
• 7057 - [C#] Fix S2583/S2589 FP: When tuple deconstruction is used
• 8489 - [VB.NET] Fix S1172 FP: VB names should not be case sensitive

... (truncated)

Commits

• 3cb326e Update RSPEC before 9.18 release (#8616)
• e11a383 Add UTs for S6444 (#8614)
• 0156ceb Coverage: Quick fix pattern after migration to AWS (#8615)
• 309a304 Improve S2971 to suggest to use AsEnumerable in LINQ database query (#8593)
• 195ae28 Java ITs: Use LATEST_RELEASE SQ version (#8610)
• a597b59 TestFramework: Fix code smells, bump coverage (#8608)
• 3491287 TestFramework: Fix coverage (#8581)
• e1aadba TestFramework: Move test files (#8576)
• 9ed994e TestFramework: Move framework files (#8568)
• 4972c6d TestFramework: Create empty projects (#8565)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

@dependabot merge

[dependabot]

Sorry, only users with push access can use that command.

[dependabot]

Superseded by #215.