Releases: SonarSource/SonarJS
Releases · SonarSource/SonarJS
7.0.0
All rules rely on TypeScript parser.
6.7.0.14237
Update rule metadata (#2346)
6.6.0.13923
Many new rules related to cryptography (see MMF-1894 ) and many rules migrated to ESLint parser
6.5.0.13383
Update rule metadata (#2175)
SonarJS 6.2.2
Bugfix release:
- Fix potential security vulnerability where eslint-bridge component opens http server on all local interface (0.0.0.0) (SSF-122)
SonarJS 6.4.1
Bugfix release:
- Filtering out huge files is now applied only to JS/TS.
SonarJS 6.4
New rules:
- S2598: File uploads should be restricted (formidable)
- S4502: Disabling CSRF protection is security-sensitive
- S4507: Delivering code in production with debug features activated is security-sensitive
- S5689: Recovering fingerprints from web application technologies should not be possible
- S5691: Statically serving hidden files is security-sensitive
- S5693: Allowing requests with excessive content length is security-sensitive
Improved rules:
- S5122: now raised only when permissive CORS policy is obvious; Support for
cors
middleware.
Deprecated rules:
Changes in the requirements:
- The plugin now requires Node.js 10
- The plugin no longer relies on user-provided TypeScript: TypeScript is now shipped with the analyzer.
- Support for solution-style
tsconfig
s - Very large files are now excluded from analysis by default (property
sonar.javascript.maxFileSize
controls the threshold)
6.3.0.12464
Hardening and bugfixes
Analyzer for JavaScript/TypeScript 6.2.1
Fix bug in SonarLint when analyzing JS file before TS file (#1680)
SonarJS 6.2
Hi,
This release adds 31 rules for TypeScript which were available for JavaScript:
- Rule S1119: Labels should not be used
- Rule S128: Switch cases should end with an unconditional "break" statement
- Rule S1529: Bitwise operators should not be used in boolean contexts
- Rule S134: Control flow statements "if", "for", "while", "switch" and "try" should not be nested too deeply
- Rule S3973: A conditionally executed single line should be denoted by indentation
- Rule S2392: Variables should be used in the blocks where they are declared
- Rule S3524: Braces and parentheses should be used consistently with arrow functions
- Rule S3317: Default export names and file names should match
- Rule S3499: Shorthand object properties should be grouped at the beginning or end of an object declaration
- Rule S3514: Destructuring syntax should be used for assignments
- Rule S3513: "arguments" should not be accessed directly
- Rule S2310: Loop counters should not be assigned to from within the loop body
- Rule S2692: "indexOf" checks should not be for positive numbers
- Rule S1994: "for" loop increment clauses should modify the loops' counters
- Rule S2137: Special identifiers should not be bound or assigned
- Rule S1515: Functions should not be defined inside loops
- Rule S2427: The base should be provided to "parseInt"
- Rule S2208: Wildcard imports should not be used
- Rule S888: Equality operators should not be used in "for" loop termination conditions
- Rule S1530: Function declarations should not be made within blocks
- Rule S1848: Objects should not be created to be dropped immediately without being used
- Rule S1539: "strict" mode should be used with caution
- Rule S1128: Unnecessary imports should be removed
- Rule S1472: Function call arguments should not start on new lines
- Rule S1219: "switch" statements should not contain non-case labels
- Rule S100: Function and method names should comply with a naming convention
- Rule S124: Track comments matching a regular expression
- Rule S1134: Track uses of "FIXME" tags
- Rule S1067: Expressions should not be too complex
- Rule S1135: Track uses of "TODO" tags
- Rule S126: "if ... else if" constructs should end with "else" clauses
Finally, this version may also significantly reduce the analysis time for big projects.
We hope you will like this new version.