Bump SonarAnalyzer.CSharp from 9.19.0.84025 to 9.20.0.85982

[dependabot]

Bumps SonarAnalyzer.CSharp from 9.19.0.84025 to 9.20.0.85982.

Release notes

Sourced from SonarAnalyzer.CSharp's releases.

9.20

Hey everyone!

This release brings a vast number of improvements. The main focus lies on improving the capabilities of our Symbolic Execution engine, which results in much more accurate findings. The biggest visible impact is a significant reduction in false positives around loops for the rules S2583 and S2589.

And a big thank you to @​rcatley for their external contribution!

Bug Fixes

• 8642 - [C#] Exception in SonarAnalyzer.Rules.CSharp.SymbolicExecutionRunner

False Positive

• 8678 - [C#, VB.NET] Fix S2583 FP: Variable Updated in Catch Block
• 8028 - [C#, VB.NET] Fix S2583 FP: Loop with manually incremented counter
• 8449 - [C#, VB.NET] Fix S2589 FP: Change this condition so that it does not always evaluate to 'True'
• 8495 - [C#, VB.NET] Fix S2583/S2589 FP: Return inside lock and using causes FP after the block
• 8428 - [C#, VB.NET] Fix S2583/S2589 FP: For loop with Array.Length
• 8483 - [C#, VB.NET] Fix S4158 FP: Should not report on HashSet.UnionWith for readonly fields.
• 8739 - [C#] Fix S4049 FP: Do not raise on methods with generic parameters
• 8638 - [C#] Fix S2386 & S3887 FP: should not be raised for FrozenDictionary and FrozenSet
• 8611 - [C#] Fix S2372 FP: Add support for method invocations (@​rcatley)
• 8567 - [C#] Fix S2325 FP: Primary Constructor Support

False Negative

• 8486 - [C#] Fix S2589 FN: Tuple binary operations (comparison)

Improvements

• 8010 - [C#, VB.NET] S2589: Improve message in the case of null propagating operator
• 7866 - [C#, VB.NET] SE: Allow collection tracking even when S4158 is not active
• 8499 - [C#] SE: Learn number constraints from relational pattern
• 8651 - Update RSPEC before 9.20 release

Commits

• afd7543 Fix S2583/2589 FP: Return inside lock, using and finally causes FP after the ...
• 4644b28 SE: Learn number constraints from relational pattern (#8773)
• 3ad4377 Fix S2583/S2589 FP: try-finally in loop (#8755)
• e3ef756 Update RSPEC before 9.20 release (#8775)
• 9161bc0 Fix S2583/S2589 FP: try-catch in loop (#8753)
• 5d6b781 SE Loops: Addition for same sign operands (#8760)
• 32f2bdb Coding style: Remove compiler directives (#8757)
• 4f18a86 Support Tuple Binary Operations in Symbolic Execution (#8718)
• 6069617 S2589: Add FP Repro for #8570 (#8759)
• ecf5aea SE: Move CollectionConstraint from S4158 to the engine (part 6) (#8733)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[guibranco]

Automatically approved by gstraccini[bot]

[guibranco]

Thanks for the pull request, gstraccini[bot]

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ +0.00% (target: -1.00%)	✅ ∅

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (6e43905)	559	187	33.45%
Head commit (0591872)	559 (+0)	187 (+0)	33.45% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#158)	0	0	∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

_{You may notice some variations in coverage metrics with the latest Coverage engine update. For more details, visit the documentation}

[sonarcloud]

Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[AppVeyorBot]

✅ Build GuiStracini.Mandae 8.0.341 completed (commit f89d92f747 by @dependabot[bot])