10.17.0

Major Infra Changes

Improved SonarLint performance.
Migrated codebase to ESM from CommonJS.
Introduced bundling.

What's Changed

• JS-341 Use external library for HTTP requests by @ilia-kebets-sonarsource in #4855
• ESLINTJS-58 Change homepage URL for eslint-plugin-sonarjs npm package by @vdiez in #4860
• JS-272 Improve S3776 (cognitive-complexity): Do not increase complexity on short-circuiting and null coalescing by @yassin-kammoun-sonarsource in #4862
• Fix CVE-2024-47764 by @yassin-kammoun-sonarsource in #4865
• JS-345 Migrate from CommonJS to ESModules by @vdiez in #4863
• JS-360: Emit the ESLint plugin package as a CommonJS module by @ericmorand-sonarsource in #4871
• JS-362 Enable SonarJaRED to consume SonarJS ASTs without SonarArmor by @yassin-kammoun-sonarsource in #4878
• JS-355 Fix SQ coverage by @vdiez in #4881
• SONARARMOR-458 Fix end-to-end tests for Jasmin by @malte-skoruppa-sonarsource in #4883
• JS-372 Introduce caches to improve SonarLint performance by @zglicz in #4874
• JS-379 Lazily perform full file traversal if necessary by @zglicz in #4887
• JS-385 Fix SonarLint ITS by @vdiez in #4889
• JS-379 Merge file traversals to count project size and tsconfigs together by @zglicz in #4888
• Fix S5693: Resolve false positive for multer storage engine init by @vdiez in #4886
• JS-391 Babel presets as package names instead of paths by @vdiez in #4891
• JS-402 Fix PRAnalysisTest by @vdiez in #4895
• JS-403 Improve S125 test: Cover decorators and JSX by @vdiez in #4896
• JS-400 Single entrypoint for worker and server by @vdiez in #4893
• JS-401 Fix Babel plugin and preset imports by @vdiez in #4898
• JS-405 Simplify vue parser by @zglicz in #4900
• JS-406 S1607 for tests should extend TestFileCheck by @zglicz in #4902
• JS-390 Refactor HTTP layer in BridgeServerImpl by @saberduck in #4899
• JS-380 Bundle bridge using esbuild by @zglicz in #4901
• JS-409 CssRulingTest change mvn verify -> mvn test by @zglicz in #4903

Full Changelog: 10.16.0.27621...10.17.0.28100

This release will be part of SonarQube 10.8

10.16.0

What's Changed

• JS-232 Introduce the analyzer property sonar.scanner.skipNodeProvisioning by @yassin-kammoun-sonarsource in #4820
• JS-238 Fix response.ast serialization with node 20.13 by @zglicz in #4822
• JS-85 Update usages of old apis by @zglicz in #4821
• JS-19 Do not deploy Node.js embedded runtime when sonar.scanner.skipNodeProvisioning is set by @yassin-kammoun-sonarsource in #4826
• JS-231 Deprecate the analyzer property sonar.nodejs.forceHost by @yassin-kammoun-sonarsource in #4823
• JS-329 Upgrade TypeScript to 5.6.2 by @saberduck in #4816
• JS-24 Exclude require declarations from copy-paste detection by @yassin-kammoun-sonarsource in #4828
• JS-67 Fix FP S4782 (no-redundant-optional): Ignore when "exactOptionalPropertyTypes" is enabled by @yassin-kammoun-sonarsource in #4829
• JS-261 Update easy deps by @zglicz in #4825
• ESLINTJS-53 Fix incompatibilities with ESLint 9 by @vdiez in #4818
• ESLINTJS-49 Rule no-implicit-dependencies doesn't work by @ericmorand-sonarsource in #4819
• Remove mapping between Sonar and ESLint keys by @vdiez in #4832
• JS-70 More descriptive log when extracting node fails by @zglicz in #4834
• JS-234 Update S5332: Add "schemas.microsoft.com" to the list of host exceptions by @yassin-kammoun-sonarsource in #4838
• JS-261 Update more dependencies by @zglicz in #4835
• JS-239 Update S1301 (no-small-switch): Align the implementation with the rule description by @yassin-kammoun-sonarsource in #4841
• JS-255 Restore cognitive complexity calculation at file level by @yassin-kammoun-sonarsource in #4833
• JS-259 Do not warn against active Node.js versions by @yassin-kammoun-sonarsource in #4842
• JS-73 Update S2933 (prefer-readonly): Add to Sonar way quality profile by @yassin-kammoun-sonarsource in #4846
• JS-74 Update S6747 (no-unknown-property): Enable the rule only on React projects by @yassin-kammoun-sonarsource in #4844
• JS-228 Update S6477 (jsx-key): Enable the rule only on React projects by @yassin-kammoun-sonarsource in #4845
• Fix FP S1128 (unused-import): Ignore imported symbols with v-prefixed used as Vue.js directives by @yassin-kammoun-sonarsource in #4843
• ESLINTJS-56 Improve the performances of package manifest search by @ericmorand-sonarsource in #4840
• JS-145 Fix FP S6847 (no-noninteractive-element-interactions): Reduce the set of handlers to consider by @yassin-kammoun-sonarsource in #4849
• Fix CVE-2024-7254 by @yassin-kammoun-sonarsource in #4850
• ESLINTJS-50 Fix "sonarjs/prefer-enum-initializers" with newer versions of typescript-eslint by @vdiez in #4848
• JS-340 Search package.json files on demand by @vdiez in #4853

Full Changelog: 10.15.0.27423...10.16.0.27621

This release will be part of SonarQube 10.7

10.15.0

Major features

• 6 new adaptability rules (https://sonarsource.atlassian.net/browse/MMF-3931)

What's Changed

• Update release.yml: Fix slack channel by @vdiez in #4674
• Prepare next development iteration by @vdiez in #4675
• BUILD-4873 Disable GitHub issue creation by @Wohops in #4676
• Resolve JS-147 - Adapt SonarJS to the next ESLint Plugin by @ericmorand-sonarsource in #4677
• Resolve JS-81- Options Schemas required for ESLint v9 by @ericmorand-sonarsource in #4679
• Resolve JS-150 by @ericmorand-sonarsource in #4680
• Change trigger type of perf task to manual by @saberduck in #4682
• Resolve JS-151 - Add explicit meta.schema to the configurable rules that are missing it by @ericmorand-sonarsource in #4683
• JS-148 Fix deprecations by @zglicz in #4681
• Use Cirrus cache for Orchestrator by @saberduck in #4696
• JS-161 Separate bridge from sonar-javascript-plugin by @saberduck in #4697
• JS-162 Create API module by @saberduck in #4704
• JS-157 Generate protobuf definition of ESTree by @ilia-kebets-sonarsource in #4700
• JS-163 New Java API to process files during the analysis by @saberduck in #4706
• JS-174 Generate Java classes for deserialization of ESTree by @saberduck in #4714
• JS-154: Bridge sends AST to plugin as multipart/form-data by @ilia-kebets-sonarsource in #4711
• JS-158 Prepare generator to produce Java classes by @saberduck in #4723
• JS-170 Bundle SonarJS with Node.js Runtime on Linux ARM64 Platform by @yassin-kammoun-sonarsource in #4726
• JS-164 Improve S5122: Detect origin reflection by @yassin-kammoun-sonarsource in #4724
• JS-158 Geneate Java API for ESTree by @saberduck in #4725
• JS-159 Send real AST using protobufjs by @ilia-kebets-sonarsource in #4716
• JS-160 Create Java based AST by @saberduck in #4731
• JS-160 Add fail-safe in case of deserialization error by @quentin-jaquier-sonarsource in #4736
• JS-166 The AST should be serialized and sent to the plugin only when at least one consumer is listening by @ilia-kebets-sonarsource in #4733
• JS-186 ESTree AST should not be serialized when Armor is disabled by @quentin-jaquier-sonarsource in #4737
• JS-155 SonarJS exposes entry point to the parser for testing by @quentin-jaquier-sonarsource in #4734
• Do not serialize the AST if the skipAst flag is set by @ilia-kebets-sonarsource in #4738
• Serialize the AST for all file extensions by @ilia-kebets-sonarsource in #4739
• JS-185 Do not crash for protobuf exceptions by @quentin-jaquier-sonarsource in #4740
• JS-193 Add missing body property to static block by @ilia-kebets-sonarsource in #4741
• JS-195 Add literal to ExportAllDeclaration's exported property type by @ilia-kebets-sonarsource in #4743
• JS-188 Directive can be used as a Statement by @quentin-jaquier-sonarsource in #4742
• Update S4649: Clarify how to use the rule property "ignoreFontFamilies" by @yassin-kammoun-sonarsource in #4744
• Update rules count by @ilia-kebets-sonarsource in #4745
• JS-209 Catch IllegalStateException when saving highlights and cpd tokens by @vdiez in #4746
• JS-210 Do not print the full stack trace in case of InvalidProtocolBufferException during Protobuf parsing in the plugin by @quentin-jaquier-sonarsource in #4749
• JS-191 Import rules from eslint-plugin-sonarjs by @vdiez in #4747
• Remove Burgr related stuff - as we're decomissioning it by @ilia-kebets-sonarsource in #4751
• JS-230 Java ESTree AST should correctly build array expressions and patterns with empty elements by @quentin-jaquier-sonarsource in #4753
• JS-225 Release eslint-plugin-sonarjs by @vdiez in #4752
• Update new rule template by @vdiez in #4754
• JS-229 Fix eslint-plugin-sonarjs release action by @vdiez in #4755
• Use new docs URL by @vdiez in #4756
• JS-236 Add eslint-plugin-sonarjs compatibility with ESLint 9 by @vdiez in #4758
• Create README for eslint-plugin-sonarjs by @vdiez in #4759
• Fix Typedoc task by @vdiez in #4760
• Add name to ESLint recommended config by @vdiez in #4761
• JS-185 Deeply nested ASTs should be de-serialized correctly by @quentin-jaquier-sonarsource in #4762
• SONARARMOR-98 SonarArmor JS/TS rules should be in Sonar Way profile by @quentin-jaquier-sonarsource in #4764
• Update license headers to include 2024 by @Wohops in #4768
• JS-276 Ruling is executable with parameters by @ilia-kebets-sonarsource in #4766
• JS-283 Use repository to determine AnalysisMode by @saberduck in #4771
• Update the package.json bugs URL by @ilia-kebets-sonarsource in #4765
• Release eslint-plugin-sonarjs version 2.0.0 with tag latest by @vdiez in #4773
• Resolves JS-278 by @ericmorand-sonarsource in #4769
• Fix SonarQube issue 9eccec63 by @ericmorand-sonarsource in #4776
• Fix eslint-plugin-sonarjs release action by @vdiez in #4775
• JS-295 List of rules is created automatically by @vdiez in #4778
• JS-284 Rule parameter schema should be available statically in meta file by @vdiez in #4772
• Promote Release 2.0.1 by @ericmorand-sonarsource in #4781
• BUILD-6088 Create Security.md by @SamirM-BE in #4774
• JS-299 List nodes that need to be supported in TS by @ericmorand-sonarsource in #4785
• Fix ESLint plugin type dependencies by @vdiez in #4782
• JS-280 Support unknown nodes in AST protobuf file by @vdiez in #4786
• JS-304 Support TSAsExpression nodes by @ericmorand-sonarsource in #4788
• Remove estree.proto file duplication by @vdiez in #4787
• ESLINTJS-52 Argument of type 'Config' is not assignable to parameter … by @ericmorand-sonarsource in #4790
• JS-305 Support TSNonNullExpression nodes by @ilia-kebets-sonarsource in #4792
• JS-307 Support TSSatisfiesExpression nodes by @ilia-kebets-sonarsource in #4791
• JS-308 Support TSTypeAssertion nodes by @ilia-kebets-sonarsource in #4793
• JS-306 Support TSParameterProperty nodes by @ilia-kebets-sonarsource in #4794
• Do not log when serializing unsupported nodes, only for unknown ones by @ilia-kebets-sonarsource in #4796
• Fix compilation errors: also delete packages/jsts/src/rules/lib/ in _:bridge:clear script by @ilia-kebets-sonarsource in #4800
• JS-312 Create rule S1607 (no-skipped-tests): Tests should not be skipped without providing a reason by @yassin-kammoun-sonarsource in #4797
• Remove deprecated GitHub actions by @ilia-kebets-sonarsource in #4801
• JS-312 Improve S1607 (no-skipped-tests): Allow explanation comments adjacent to the disabled test by @yassin-kammoun-sonarsource in #4804
• JS-59: Create rule S7059 (no-async-constructor): Constructors should not contain asynchronous operations by @vdiez in #4798
• JS-323 Create rule S6627 (no-internal-api-use): Users should not use internal APIs by ...

10.14.0

What's Changed

• [JS-4] Add rule S5257 (no-table-as-layout) by @vdiez in #4661
• Add rule S5264(object-alt-content) by @vdiez in #4665
• [JS-9] Rename rule S6855 to S4084 by @vdiez in #4667
• [JS-11] Rename rule S6854 to S1090 by @vdiez in #4666
• Resolve JS-3 Stricter rule implementation for detecting a valid header by @zglicz in #4662
• [JS-10] Rename rule S6849 to S5254 by @vdiez in #4668
• Resolve JS-6 Implement S5260 in js/ts by @zglicz in #4669

Full Changelog: 10.13.2.25981...10.14.0.26080

This release will be part of SonarQube 10.6

milestone: https://github.com/SonarSource/SonarJS/milestone/89?closed=1

10.13.2

• skip the whole file when we have incorrect text range for token

10.13.1

What's Changed

• Remove usage of deprecated APIs by @saberduck in #4646
• Issue 4459 - Improve the global expect tests by @ericmorand-sonarsource in #4630
• Change min required Node.JS version to 18.17.0 by @saberduck in #4652
• Ignore runtime errors when saving CPD tokens by @saberduck in #4654

Full Changelog: 10.13.0.25911...10.13.1.25965

10.13.0

What's Changed

• Use Java 17 by @saberduck in #4575
• Upgrade Sonarsource/vault-action-wrapper to latest version by @Wohops in #4577
• Use more memory for the CI: 10cores/40GB and set the Jest maxWorkers to 8 (#cores-2) by @saberduck in #4583
• Align S6850 documentation with the RSPEC one by @ericmorand-sonarsource in #4581
• Fix vulnerabilities: bump commons-compress version to 1.26 by @ericmorand-sonarsource in #4588
• Remove performance monitoring code by @vdiez in #4576
• Update orchestrator to 4.9.0.1920 by @saberduck in #4585
• Fix issues related to Java v17 bump by @ilia-kebets-sonarsource in #4589
• Fix quality gate by @saberduck in #4590
• Update DEV doc: use Java 17 by @vdiez in #4593
• Perf test with JMH by @saberduck in #4578
• Fix S5332: Add reserved domain patterns to EXCEPTION_TOP_HOSTS list by @vdiez in #4597
• Change log level of line Failed to parse file ... from error to warn by @ericmorand-sonarsource in #4602
• Disable type-checking for Vue.js by @vdiez in #4595
• Remove getObjectExpressionProperty in favor of getProperty by @zglicz in #4601
• Remove support for Node.JS 16 by @saberduck in #4606
• Fix engines in package.json after dropping Node.JS 16 support by @saberduck in #4607
• Analysis should not fail when highlighting has invalid text range by @saberduck in #4604
• Update usage of Stylelint, although without moving to v16 by @zglicz in #4608
• Use previously implemented YAML predicate to ignore Helm Chart YAML files by @yassin-kammoun-sonarsource in #4610
• Improve synchronization between Node.js parent process and worker thread by @vdiez in #4603
• Do not count LOCs for CSS files indexed as test files by @vdiez in #4617
• Resolve issue #3667 - CSS parser error on invisible character <0x200b> by @ericmorand-sonarsource in #4605
• Update TypeScript 5.4 and typescript-eslint 7.3.1 by @saberduck in #4613
• Add additional logs when embedded Node.js is not available by @zglicz in #4618
• Reduce log severity to warning for unfound ESLint reports by @yassin-kammoun-sonarsource in #4622
• Skip embedded Node.js runtime deployment if sonar.nodejs.executable is set by @ilia-kebets-sonarsource in #4616
• Resolve issue #4459: Fix FP S2699 (Tests should include assertions): global expect() aren't detected by @ericmorand-sonarsource in #4628
• Update typescript-eslint and other deps by @saberduck in #4625
• Add S6957 (eslint-plugin-react/no-deprecated) extracted from S1874 (deprecation) by @yassin-kammoun-sonarsource in #4619
• Resolve issue #4507 by @ericmorand-sonarsource in #4629
• Disable ucfg rule for JS embedded in HTML files by @ilia-kebets-sonarsource in #4074
• Create rule S6958: No literal call by @ilia-kebets-sonarsource in #4638
• Change message to suggest upgrading to LTS version and not mention minimum version by @saberduck in #4611
• Create rule S6959: "Array.reduce()" calls should include an initial value by @yassin-kammoun-sonarsource in #4626
• Fix FP S6754 (hook-use-state): Ignore state variables without a setter by @yassin-kammoun-sonarsource in #4637
• Resolve issue #4631: Fix FP S2699 (assertions-in-tests): Add support for supertest by @ericmorand-sonarsource in #4636
• Fix SQ raised issue by @ilia-kebets-sonarsource in #4642
• Update eslint-plugin-sonarjs version by @zglicz in #4643
• Update for release by @zglicz in #4644

New Contributors

• @Wohops made their first contribution in #4577
• @zglicz made their first contribution in #4601

Full Changelog: 10.12.0.25537...10.13.0.25911

This release will be part of SonarQube 10.5

Milestone: https://github.com/SonarSource/SonarJS/milestone/86

10.12.0

This release

Improve Top Dismissed JS/TS Rules (https://sonarsource.atlassian.net/browse/MMF-2934)

What's Changed

• Allow minimatch to match hidden folders by @vdiez in #4502
• Improve S4123 (no-invalid-await): Improve documentation about edge cases and add test to confirm that S4123 honours JSDoc directives by @ericmorand-sonarsource in #4538
• Fix FP S6594 (sonar-prefer-regexp-exec): Ignore match count use case by @yassin-kammoun-sonarsource in #4540
• Fix FP S2871 (no-alphabetical-sort): Rework the rule to emit a dedicated message for arrays of strings by @ericmorand-sonarsource in #4539
• Fix FP S4323 (use-type-alias): Ignore nullable types by @yassin-kammoun-sonarsource in #4543
• Fix FP S4123 (no-invalid-await): Ignore function calls for functions whose definition have JSdoc with a returns tag by @ilia-kebets-sonarsource in #4544
• Fix FP S3800 (function-return-type): Exception for sanitation functions by @ericmorand-sonarsource in #4548
• Fix FP S1848 (constructor-for-side-effects): Make exception for AWS CDK resources by @yassin-kammoun-sonarsource in #4554
• Fix S6661 (prefer-object-spread): Disable for projects that don't support the object spread syntax and improve rule description by @ilia-kebets-sonarsource in #4552
• Fix FP S6479 (no-array-index-key) - Allow keys combining index and other values by @ericmorand-sonarsource in #4556
• Fix FP S6647 (no-useless-constructor): Ignore decorated classes and classes inheriting protected constructors by @yassin-kammoun-sonarsource in #4546
• Fix FP S1186 (no-empty-function): Ignore noop-like functions, arrows, and constructors by @yassin-kammoun-sonarsource in #4557
• Add rule S2004: Functions should not be nested too deeply by @yassin-kammoun-sonarsource in #4559
• Fix FP S6582 (prefer-optional-chain): Update description and severity by @yassin-kammoun-sonarsource in #4562
• Fix FP S6544 (no-misused-promises) - Set checkVoidReturn.arguments=false by @ericmorand-sonarsource in #4561
• Fix FP S3776 (cognitive-complexity): Ignore nested functions and default values by @yassin-kammoun-sonarsource in #4566
• Improve S2004 (no-nested-functions): Increase default threshold to four nested functions by @yassin-kammoun-sonarsource in #4570
• Fix FP S6606 (prefer-nullish-coalescing): When the first argument s boolean | undefined by @ericmorand-sonarsource in #4565

New Contributors

• @ericmorand-sonarsource made their first contribution in #4538

Full Changelog: 10.11.1.25225...10.12.0.25537

This release will be part of SonarQube 10.5

https://github.com/SonarSource/SonarJS/milestone/84?closed=1

10.11.1

• Fix missing requiredForLanguages metadata in manifest

This release will be part of SonarQube 10.4

10.11.0

This release

1/ Fail-fast
Misconfigurations now cause analysis failure, this includes missing or incompatible Node.js runtime.
There are also new and more detailed warnings, including new warnings in the UI.

2/ Added support for TypeScript 5.3

3/ Drop support for Node.js v14

4/ Added 5 new adaptability rules:

• S6859: Imports should not use absolute paths
• S6861: Mutable variables should not be exported
• S2187: Test files should contain at least one test case
• S1444: Public "static" fields should be read-only
• S5973: Tests should be stable

What's Changed

• Add rule S6859 (eslint-plugin-import/no-absolute-path): Imports should not use absolute paths by @ilia-kebets-sonarsource in #4439
• Create rule S6861 (eslint-plugin-import/no-mutable-exports): Mutable variables should not be exported by @yassin-kammoun-sonarsource in #4441
• Create rule S2187: Test files should contain at least one test case by @yassin-kammoun-sonarsource in #4442
• Drop support for Node.js 14 by @saberduck in #4447
• Upgrade TS 5.3 and ESLint by @saberduck in #4451
• Create rule S1444: Public "static" fields should be read-only by @yassin-kammoun-sonarsource in #4453
• Create rule S5973: Tests should be stable by @ilia-kebets-sonarsource in #4443
• Do not fail silently by @vdiez in #4450
• Add documentation on how to write tests for rules depending on package.json dependencies by @ilia-kebets-sonarsource in #4454
• Add more analysis warnings by @vdiez in #4455
• Upgrade typescript-eslint by @saberduck in #4452

Full Changelog: 10.10.0.24774...10.11.0.25043

This release will be part of SonarQube 10.4

https://github.com/SonarSource/SonarJS/milestone/83?closed=1