build(deps): bump SonarAnalyzer.CSharp from 9.19.0.84025 to 9.21.0.86780

[dependabot]

Bumps SonarAnalyzer.CSharp from 9.19.0.84025 to 9.21.0.86780.

Release notes

Sourced from SonarAnalyzer.CSharp's releases.

9.21

New Rules

• 8771 - [C#] New rule S6678: Use PascalCase for named placeholders
• 8770 - [C#] New rule S6674: Log message template should be syntactically correct
• 8768 - [C#] New rule S2629: Logging templates should be constant
• 8767 - [C#] New rule S6677: Named placeholders should be unique
• 8766 - [C#] New rule S6667: Exceptions should be passed as an argument when logging in a catch clause
• 8765 - [C#] New rule S6668: Logging arguments should be passed to the correct parameter

Improvements

• The following rules were promoted to the SonarWay profile: S127, S1244, S1696, S1192, S1994, S2701, S2955

Bug Fixes

• 8787 - [C#] Fix AD0001: SonarAnalyzer.Rules.CSharp.SymbolicExecutionRunner throws an exception on unknown Numeric Constraints

False Positive

• 8823 - [C#] Fix S2701 FP: avoid raising for xUnit Assert.True()
• 6772 - [C#] Fix S4507 FP: Error raised on .NET 7 although the debug feature is deactivated

9.20

Hey everyone!

This release brings a vast number of improvements. The main focus lies on improving the capabilities of our Symbolic Execution engine, which results in much more accurate findings. The biggest visible impact is a significant reduction in false positives around loops for the rules S2583 and S2589.

And a big thank you to @​rcatley for their external contribution!

Bug Fixes

• 8642 - [C#] Exception in SonarAnalyzer.Rules.CSharp.SymbolicExecutionRunner

False Positive

• 8678 - [C#, VB.NET] Fix S2583 FP: Variable Updated in Catch Block
• 8028 - [C#, VB.NET] Fix S2583 FP: Loop with manually incremented counter
• 8449 - [C#, VB.NET] Fix S2589 FP: Change this condition so that it does not always evaluate to 'True'
• 8495 - [C#, VB.NET] Fix S2583/S2589 FP: Return inside lock and using causes FP after the block
• 8428 - [C#, VB.NET] Fix S2583/S2589 FP: For loop with Array.Length
• 8483 - [C#, VB.NET] Fix S4158 FP: Should not report on HashSet.UnionWith for readonly fields.
• 8739 - [C#] Fix S4049 FP: Do not raise on methods with generic parameters
• 8638 - [C#] Fix S2386 & S3887 FP: should not be raised for FrozenDictionary and FrozenSet
• 8611 - [C#] Fix S2372 FP: Add support for method invocations (@​rcatley)
• 8567 - [C#] Fix S2325 FP: Primary Constructor Support

False Negative

• 8486 - [C#] Fix S2589 FN: Tuple binary operations (comparison)

Improvements

• 8010 - [C#, VB.NET] S2589: Improve message in the case of null propagating operator
• 7866 - [C#, VB.NET] SE: Allow collection tracking even when S4158 is not active
• 8499 - [C#] SE: Learn number constraints from relational pattern
• 8651 - Update RSPEC before 9.20 release

Commits

• b05eb80 Rule S6668: Handle the rule exceptions (#8848)
• afbce35 Update RSPEC for 9.21 Release (#8838)
• 88b80ab Improve S6678: Change primary and secondary locations (#8836)
• 7ae6c9a Promote 7 rules to SonarWay (#8806)
• c0d6a61 New rule S6674: Log message template should be syntactically correct (#8818)
• 4fe2a8b New rule S6668: Logging arguments should be passed to the correct parameter (...
• b0d5ee0 .NET ITs: Move .NET5 code to CSharpLatest (#8808)
• 95a7dca Fix S2701 FP: avoid raising for xUnit Assert.True() (#8823)
• beb30d9 S125: Add FP Repro for #8819 (#8821)
• f96478a Template rules update after peach validation part#2 (#8820)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

@dependabot merge

[dependabot]

Sorry, only users with push access can use that command.

[dependabot]

Superseded by #221.