build(deps): bump SonarAnalyzer.CSharp from 9.19.0.84025 to 9.22.0.87781

[dependabot]

Bumps SonarAnalyzer.CSharp from 9.19.0.84025 to 9.22.0.87781.

Release notes

Sourced from SonarAnalyzer.CSharp's releases.

9.22

New Rules

• 8869 - [C#, VB.NET] New rule S6930: Backslash should be avoided in route templates
• 8844 - [C#] New rule S3416: Loggers should be named for their enclosing types
• 8840 - [C#] New rule S6675: Trace.WriteLineIf should not be used with TraceSwitch levels
• 8847 - [C#] New rule S2139: Exceptions should be either logged or rethrown but not both
• 8845 - [C#] New rule S6664: Too many logging calls within a code block
• 8843 - [C#] New rule S6672: Generic logger injection should match enclosing type
• 8842 - [C#] New rule S6669: Logger field names should comply with a naming convention
• 8841 - [C#] New rule S6670: Trace.Write and Trace.WriteLine should not be used
• 8769 - [C#] New rule S6673: Log message template placeholders should be in the right order
• 8846 - [C#] New rule S1312: Logger fields should be private static readonly [Non-SonarWay]

False Positive

• 8891 - [C#] Fix S2629 FP: Allow concatenation of constants

9.21

New Rules

• 8771 - [C#] New rule S6678: Use PascalCase for named placeholders
• 8770 - [C#] New rule S6674: Log message template should be syntactically correct
• 8768 - [C#] New rule S2629: Logging templates should be constant
• 8767 - [C#] New rule S6677: Named placeholders should be unique
• 8766 - [C#] New rule S6667: Exceptions should be passed as an argument when logging in a catch clause
• 8765 - [C#] New rule S6668: Logging arguments should be passed to the correct parameter

Improvements

• The following rules were promoted to the SonarWay profile: S127, S1244, S1696, S1192, S1994, S2701, S2955

Bug Fixes

• 8787 - [C#] Fix AD0001: SonarAnalyzer.Rules.CSharp.SymbolicExecutionRunner throws an exception on unknown Numeric Constraints

False Positive

• 8823 - [C#] Fix S2701 FP: avoid raising for xUnit Assert.True()
• 6772 - [C#] Fix S4507 FP: Error raised on .NET 7 although the debug feature is deactivated

9.20

Hey everyone!

This release brings a vast number of improvements. The main focus lies on improving the capabilities of our Symbolic Execution engine, which results in much more accurate findings. The biggest visible impact is a significant reduction in false positives around loops for the rules S2583 and S2589.

And a big thank you to @​rcatley for their external contribution!

Bug Fixes

• 8642 - [C#] Exception in SonarAnalyzer.Rules.CSharp.SymbolicExecutionRunner

False Positive

• 8678 - [C#, VB.NET] Fix S2583 FP: Variable Updated in Catch Block
• 8028 - [C#, VB.NET] Fix S2583 FP: Loop with manually incremented counter
• 8449 - [C#, VB.NET] Fix S2589 FP: Change this condition so that it does not always evaluate to 'True'
• 8495 - [C#, VB.NET] Fix S2583/S2589 FP: Return inside lock and using causes FP after the block
• 8428 - [C#, VB.NET] Fix S2583/S2589 FP: For loop with Array.Length
• 8483 - [C#, VB.NET] Fix S4158 FP: Should not report on HashSet.UnionWith for readonly fields.
• 8739 - [C#] Fix S4049 FP: Do not raise on methods with generic parameters
• 8638 - [C#] Fix S2386 & S3887 FP: should not be raised for FrozenDictionary and FrozenSet

... (truncated)

Commits

• ace4c81 Update RSPEC for 9.22 (again) (#8961)
• 28b72bb Update the expected plugin file size (#8958)
• 0418ca4 Rule S3416: include constructors and reduce FPs (#8941)
• 6c6eb0b S2259: Add Repro for #8910 (#8911)
• c272b77 Fix S6673 FP: Argument name contains placeholder name (#8940)
• f0e6c61 AD0001: Fix regex timeout in NamingHelper (#8942)
• c24cc1f Rule S3416: Fix FPs (#8932)
• eea7d8d Fix S6673 FP: Name matching of placeholder names (#8925)
• 7cb5e7a Update rspec before release (#8931)
• e598d71 Fix S2629 FP - constant string concatenation (#8922)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

@dependabot merge

[dependabot]

Sorry, only users with push access can use that command.

[dependabot]

Superseded by #222.