10.18.0

What's Changed

• JS-381 Prepare next development iteration by @zglicz in #4908
• JS-420 [DO NOT SQUASH] Fix ITs: plugin_qa_sq_dev & eslint_plugin_test by @kebetsi in #4914
• JS-383 Update embedded node to v22.11.0 by @zglicz in #4909
• JS-412 Rewrite count-rules into ESM format by @zglicz in #4911
• JS-363 - Support environment variable for setting skipNodeProvisioning by @ericmorand-sonarsource in #4912
• JS-417 Add releasability check by @zglicz in #4915
• JS-415 Create rule S1291 (no-sonar-comments): Track uses of "NOSONAR" comments by @yassin-kammoun-sonarsource in #4910
• JS-416 Add renovate config by @saberduck in #4919
• JS-425 Remove check on file path length by @vdiez in #4924
• Update all non-major dependencies by @renovate in #4923
• JS-370 Add Node.js amd64 alpine into the multi plugin by @vdiez in #4916
• JS-423 Update license to SONAR Source-Available License v1.0 (SSALv1) by @yassin-kammoun-sonarsource in #4922
• JS-371 - Deprecate Node.js 18 by @ericmorand-sonarsource in #4913
• JS-359 Create rule S6418 (hardcoded-secrets): Hard-coded secrets are security-sensitive (broken) by @kebetsi in #4920
• JS-367 Survive runtime failures on saving malformed issues by @yassin-kammoun-sonarsource in #4928
• JS-433 Update parent POM to 82.0.0.2314 by @yassin-kammoun-sonarsource in #4932
• JS-431 Update S2068 (no-hardcoded-passwords): Adapt documentation to focus only on passwords by @yassin-kammoun-sonarsource in #4931
• JS-431 Update S2068 (no-hardcoded-passwords): Fix schema by @vdiez in #4933
• JS-435 Clear dependencies cache when a package.json is modified. by @zglicz in #4934
• JS-416 Update renovate config by @saberduck in #4929
• Update dependency typedoc to v0.27.1 by @renovate in #4939
• JS-458 Fix missing constructor for nullable argument by @saberduck in #4957
• Update dependency prettier to v3.4.1 by @renovate in #4937
• JS-428 Update dependency typescript to v5.7.2 by @renovate in #4940
• JS-459 Update husky command by @zglicz in #4958
• JS-382 Update rule metadata by @saberduck in #4959

Full Changelog: 10.17.0.28100...10.18.0.28572

This release will be part of SonarQube Server 10.8 and SonarQube Community Build 24.12

10.17.0

Major Infra Changes

Improved SonarLint performance.
Migrated codebase to ESM from CommonJS.
Introduced bundling.

What's Changed

• JS-341 Use external library for HTTP requests by @ilia-kebets-sonarsource in #4855
• ESLINTJS-58 Change homepage URL for eslint-plugin-sonarjs npm package by @vdiez in #4860
• JS-272 Improve S3776 (cognitive-complexity): Do not increase complexity on short-circuiting and null coalescing by @yassin-kammoun-sonarsource in #4862
• Fix CVE-2024-47764 by @yassin-kammoun-sonarsource in #4865
• JS-345 Migrate from CommonJS to ESModules by @vdiez in #4863
• JS-360: Emit the ESLint plugin package as a CommonJS module by @ericmorand-sonarsource in #4871
• JS-362 Enable SonarJaRED to consume SonarJS ASTs without SonarArmor by @yassin-kammoun-sonarsource in #4878
• JS-355 Fix SQ coverage by @vdiez in #4881
• SONARARMOR-458 Fix end-to-end tests for Jasmin by @malte-skoruppa-sonarsource in #4883
• JS-372 Introduce caches to improve SonarLint performance by @zglicz in #4874
• JS-379 Lazily perform full file traversal if necessary by @zglicz in #4887
• JS-385 Fix SonarLint ITS by @vdiez in #4889
• JS-379 Merge file traversals to count project size and tsconfigs together by @zglicz in #4888
• Fix S5693: Resolve false positive for multer storage engine init by @vdiez in #4886
• JS-391 Babel presets as package names instead of paths by @vdiez in #4891
• JS-402 Fix PRAnalysisTest by @vdiez in #4895
• JS-403 Improve S125 test: Cover decorators and JSX by @vdiez in #4896
• JS-400 Single entrypoint for worker and server by @vdiez in #4893
• JS-401 Fix Babel plugin and preset imports by @vdiez in #4898
• JS-405 Simplify vue parser by @zglicz in #4900
• JS-406 S1607 for tests should extend TestFileCheck by @zglicz in #4902
• JS-390 Refactor HTTP layer in BridgeServerImpl by @saberduck in #4899
• JS-380 Bundle bridge using esbuild by @zglicz in #4901
• JS-409 CssRulingTest change mvn verify -> mvn test by @zglicz in #4903

Full Changelog: 10.16.0.27621...10.17.0.28100

This release will be part of SonarQube 10.8

10.16.0

What's Changed

• JS-232 Introduce the analyzer property sonar.scanner.skipNodeProvisioning by @yassin-kammoun-sonarsource in #4820
• JS-238 Fix response.ast serialization with node 20.13 by @zglicz in #4822
• JS-85 Update usages of old apis by @zglicz in #4821
• JS-19 Do not deploy Node.js embedded runtime when sonar.scanner.skipNodeProvisioning is set by @yassin-kammoun-sonarsource in #4826
• JS-231 Deprecate the analyzer property sonar.nodejs.forceHost by @yassin-kammoun-sonarsource in #4823
• JS-329 Upgrade TypeScript to 5.6.2 by @saberduck in #4816
• JS-24 Exclude require declarations from copy-paste detection by @yassin-kammoun-sonarsource in #4828
• JS-67 Fix FP S4782 (no-redundant-optional): Ignore when "exactOptionalPropertyTypes" is enabled by @yassin-kammoun-sonarsource in #4829
• JS-261 Update easy deps by @zglicz in #4825
• ESLINTJS-53 Fix incompatibilities with ESLint 9 by @vdiez in #4818
• ESLINTJS-49 Rule no-implicit-dependencies doesn't work by @ericmorand-sonarsource in #4819
• Remove mapping between Sonar and ESLint keys by @vdiez in #4832
• JS-70 More descriptive log when extracting node fails by @zglicz in #4834
• JS-234 Update S5332: Add "schemas.microsoft.com" to the list of host exceptions by @yassin-kammoun-sonarsource in #4838
• JS-261 Update more dependencies by @zglicz in #4835
• JS-239 Update S1301 (no-small-switch): Align the implementation with the rule description by @yassin-kammoun-sonarsource in #4841
• JS-255 Restore cognitive complexity calculation at file level by @yassin-kammoun-sonarsource in #4833
• JS-259 Do not warn against active Node.js versions by @yassin-kammoun-sonarsource in #4842
• JS-73 Update S2933 (prefer-readonly): Add to Sonar way quality profile by @yassin-kammoun-sonarsource in #4846
• JS-74 Update S6747 (no-unknown-property): Enable the rule only on React projects by @yassin-kammoun-sonarsource in #4844
• JS-228 Update S6477 (jsx-key): Enable the rule only on React projects by @yassin-kammoun-sonarsource in #4845
• Fix FP S1128 (unused-import): Ignore imported symbols with v-prefixed used as Vue.js directives by @yassin-kammoun-sonarsource in #4843
• ESLINTJS-56 Improve the performances of package manifest search by @ericmorand-sonarsource in #4840
• JS-145 Fix FP S6847 (no-noninteractive-element-interactions): Reduce the set of handlers to consider by @yassin-kammoun-sonarsource in #4849
• Fix CVE-2024-7254 by @yassin-kammoun-sonarsource in #4850
• ESLINTJS-50 Fix "sonarjs/prefer-enum-initializers" with newer versions of typescript-eslint by @vdiez in #4848
• JS-340 Search package.json files on demand by @vdiez in #4853

Full Changelog: 10.15.0.27423...10.16.0.27621

This release will be part of SonarQube 10.7

10.15.0

Major features

• 6 new adaptability rules (https://sonarsource.atlassian.net/browse/MMF-3931)

What's Changed

• Update release.yml: Fix slack channel by @vdiez in #4674
• Prepare next development iteration by @vdiez in #4675
• BUILD-4873 Disable GitHub issue creation by @Wohops in #4676
• Resolve JS-147 - Adapt SonarJS to the next ESLint Plugin by @ericmorand-sonarsource in #4677
• Resolve JS-81- Options Schemas required for ESLint v9 by @ericmorand-sonarsource in #4679
• Resolve JS-150 by @ericmorand-sonarsource in #4680
• Change trigger type of perf task to manual by @saberduck in #4682
• Resolve JS-151 - Add explicit meta.schema to the configurable rules that are missing it by @ericmorand-sonarsource in #4683
• JS-148 Fix deprecations by @zglicz in #4681
• Use Cirrus cache for Orchestrator by @saberduck in #4696
• JS-161 Separate bridge from sonar-javascript-plugin by @saberduck in #4697
• JS-162 Create API module by @saberduck in #4704
• JS-157 Generate protobuf definition of ESTree by @ilia-kebets-sonarsource in #4700
• JS-163 New Java API to process files during the analysis by @saberduck in #4706
• JS-174 Generate Java classes for deserialization of ESTree by @saberduck in #4714
• JS-154: Bridge sends AST to plugin as multipart/form-data by @ilia-kebets-sonarsource in #4711
• JS-158 Prepare generator to produce Java classes by @saberduck in #4723
• JS-170 Bundle SonarJS with Node.js Runtime on Linux ARM64 Platform by @yassin-kammoun-sonarsource in #4726
• JS-164 Improve S5122: Detect origin reflection by @yassin-kammoun-sonarsource in #4724
• JS-158 Geneate Java API for ESTree by @saberduck in #4725
• JS-159 Send real AST using protobufjs by @ilia-kebets-sonarsource in #4716
• JS-160 Create Java based AST by @saberduck in #4731
• JS-160 Add fail-safe in case of deserialization error by @quentin-jaquier-sonarsource in #4736
• JS-166 The AST should be serialized and sent to the plugin only when at least one consumer is listening by @ilia-kebets-sonarsource in #4733
• JS-186 ESTree AST should not be serialized when Armor is disabled by @quentin-jaquier-sonarsource in #4737
• JS-155 SonarJS exposes entry point to the parser for testing by @quentin-jaquier-sonarsource in #4734
• Do not serialize the AST if the skipAst flag is set by @ilia-kebets-sonarsource in #4738
• Serialize the AST for all file extensions by @ilia-kebets-sonarsource in #4739
• JS-185 Do not crash for protobuf exceptions by @quentin-jaquier-sonarsource in #4740
• JS-193 Add missing body property to static block by @ilia-kebets-sonarsource in #4741
• JS-195 Add literal to ExportAllDeclaration's exported property type by @ilia-kebets-sonarsource in #4743
• JS-188 Directive can be used as a Statement by @quentin-jaquier-sonarsource in #4742
• Update S4649: Clarify how to use the rule property "ignoreFontFamilies" by @yassin-kammoun-sonarsource in #4744
• Update rules count by @ilia-kebets-sonarsource in #4745
• JS-209 Catch IllegalStateException when saving highlights and cpd tokens by @vdiez in #4746
• JS-210 Do not print the full stack trace in case of InvalidProtocolBufferException during Protobuf parsing in the plugin by @quentin-jaquier-sonarsource in #4749
• JS-191 Import rules from eslint-plugin-sonarjs by @vdiez in #4747
• Remove Burgr related stuff - as we're decomissioning it by @ilia-kebets-sonarsource in #4751
• JS-230 Java ESTree AST should correctly build array expressions and patterns with empty elements by @quentin-jaquier-sonarsource in #4753
• JS-225 Release eslint-plugin-sonarjs by @vdiez in #4752
• Update new rule template by @vdiez in #4754
• JS-229 Fix eslint-plugin-sonarjs release action by @vdiez in #4755
• Use new docs URL by @vdiez in #4756
• JS-236 Add eslint-plugin-sonarjs compatibility with ESLint 9 by @vdiez in #4758
• Create README for eslint-plugin-sonarjs by @vdiez in #4759
• Fix Typedoc task by @vdiez in #4760
• Add name to ESLint recommended config by @vdiez in #4761
• JS-185 Deeply nested ASTs should be de-serialized correctly by @quentin-jaquier-sonarsource in #4762
• SONARARMOR-98 SonarArmor JS/TS rules should be in Sonar Way profile by @quentin-jaquier-sonarsource in #4764
• Update license headers to include 2024 by @Wohops in #4768
• JS-276 Ruling is executable with parameters by @ilia-kebets-sonarsource in #4766
• JS-283 Use repository to determine AnalysisMode by @saberduck in #4771
• Update the package.json bugs URL by @ilia-kebets-sonarsource in #4765
• Release eslint-plugin-sonarjs version 2.0.0 with tag latest by @vdiez in #4773
• Resolves JS-278 by @ericmorand-sonarsource in #4769
• Fix SonarQube issue 9eccec63 by @ericmorand-sonarsource in #4776
• Fix eslint-plugin-sonarjs release action by @vdiez in #4775
• JS-295 List of rules is created automatically by @vdiez in #4778
• JS-284 Rule parameter schema should be available statically in meta file by @vdiez in #4772
• Promote Release 2.0.1 by @ericmorand-sonarsource in #4781
• BUILD-6088 Create Security.md by @SamirM-BE in #4774
• JS-299 List nodes that need to be supported in TS by @ericmorand-sonarsource in #4785
• Fix ESLint plugin type dependencies by @vdiez in #4782
• JS-280 Support unknown nodes in AST protobuf file by @vdiez in #4786
• JS-304 Support TSAsExpression nodes by @ericmorand-sonarsource in #4788
• Remove estree.proto file duplication by @vdiez in #4787
• ESLINTJS-52 Argument of type 'Config' is not assignable to parameter … by @ericmorand-sonarsource in #4790
• JS-305 Support TSNonNullExpression nodes by @ilia-kebets-sonarsource in #4792
• JS-307 Support TSSatisfiesExpression nodes by @ilia-kebets-sonarsource in #4791
• JS-308 Support TSTypeAssertion nodes by @ilia-kebets-sonarsource in #4793
• JS-306 Support TSParameterProperty nodes by @ilia-kebets-sonarsource in #4794
• Do not log when serializing unsupported nodes, only for unknown ones by @ilia-kebets-sonarsource in #4796
• Fix compilation errors: also delete packages/jsts/src/rules/lib/ in _:bridge:clear script by @ilia-kebets-sonarsource in #4800
• JS-312 Create rule S1607 (no-skipped-tests): Tests should not be skipped without providing a reason by @yassin-kammoun-sonarsource in #4797
• Remove deprecated GitHub actions by @ilia-kebets-sonarsource in #4801
• JS-312 Improve S1607 (no-skipped-tests): Allow explanation comments adjacent to the disabled test by @yassin-kammoun-sonarsource in #4804
• JS-59: Create rule S7059 (no-async-constructor): Constructors should not contain asynchronous operations by @vdiez in #4798
• JS-323 Create rule S6627 (no-internal-api-use): Users should not use internal APIs by ...

10.14.0

What's Changed

• [JS-4] Add rule S5257 (no-table-as-layout) by @vdiez in #4661
• Add rule S5264(object-alt-content) by @vdiez in #4665
• [JS-9] Rename rule S6855 to S4084 by @vdiez in #4667
• [JS-11] Rename rule S6854 to S1090 by @vdiez in #4666
• Resolve JS-3 Stricter rule implementation for detecting a valid header by @zglicz in #4662
• [JS-10] Rename rule S6849 to S5254 by @vdiez in #4668
• Resolve JS-6 Implement S5260 in js/ts by @zglicz in #4669

Full Changelog: 10.13.2.25981...10.14.0.26080

This release will be part of SonarQube 10.6

milestone: https://github.com/SonarSource/SonarJS/milestone/89?closed=1

10.13.2

• skip the whole file when we have incorrect text range for token

10.13.1

What's Changed

• Remove usage of deprecated APIs by @saberduck in #4646
• Issue 4459 - Improve the global expect tests by @ericmorand-sonarsource in #4630
• Change min required Node.JS version to 18.17.0 by @saberduck in #4652
• Ignore runtime errors when saving CPD tokens by @saberduck in #4654

Full Changelog: 10.13.0.25911...10.13.1.25965

10.13.0

What's Changed

• Use Java 17 by @saberduck in #4575
• Upgrade Sonarsource/vault-action-wrapper to latest version by @Wohops in #4577
• Use more memory for the CI: 10cores/40GB and set the Jest maxWorkers to 8 (#cores-2) by @saberduck in #4583
• Align S6850 documentation with the RSPEC one by @ericmorand-sonarsource in #4581
• Fix vulnerabilities: bump commons-compress version to 1.26 by @ericmorand-sonarsource in #4588
• Remove performance monitoring code by @vdiez in #4576
• Update orchestrator to 4.9.0.1920 by @saberduck in #4585
• Fix issues related to Java v17 bump by @ilia-kebets-sonarsource in #4589
• Fix quality gate by @saberduck in #4590
• Update DEV doc: use Java 17 by @vdiez in #4593
• Perf test with JMH by @saberduck in #4578
• Fix S5332: Add reserved domain patterns to EXCEPTION_TOP_HOSTS list by @vdiez in #4597
• Change log level of line Failed to parse file ... from error to warn by @ericmorand-sonarsource in #4602
• Disable type-checking for Vue.js by @vdiez in #4595
• Remove getObjectExpressionProperty in favor of getProperty by @zglicz in #4601
• Remove support for Node.JS 16 by @saberduck in #4606
• Fix engines in package.json after dropping Node.JS 16 support by @saberduck in #4607
• Analysis should not fail when highlighting has invalid text range by @saberduck in #4604
• Update usage of Stylelint, although without moving to v16 by @zglicz in #4608
• Use previously implemented YAML predicate to ignore Helm Chart YAML files by @yassin-kammoun-sonarsource in #4610
• Improve synchronization between Node.js parent process and worker thread by @vdiez in #4603
• Do not count LOCs for CSS files indexed as test files by @vdiez in #4617
• Resolve issue #3667 - CSS parser error on invisible character <0x200b> by @ericmorand-sonarsource in #4605
• Update TypeScript 5.4 and typescript-eslint 7.3.1 by @saberduck in #4613
• Add additional logs when embedded Node.js is not available by @zglicz in #4618
• Reduce log severity to warning for unfound ESLint reports by @yassin-kammoun-sonarsource in #4622
• Skip embedded Node.js runtime deployment if sonar.nodejs.executable is set by @ilia-kebets-sonarsource in #4616
• Resolve issue #4459: Fix FP S2699 (Tests should include assertions): global expect() aren't detected by @ericmorand-sonarsource in #4628
• Update typescript-eslint and other deps by @saberduck in #4625
• Add S6957 (eslint-plugin-react/no-deprecated) extracted from S1874 (deprecation) by @yassin-kammoun-sonarsource in #4619
• Resolve issue #4507 by @ericmorand-sonarsource in #4629
• Disable ucfg rule for JS embedded in HTML files by @ilia-kebets-sonarsource in #4074
• Create rule S6958: No literal call by @ilia-kebets-sonarsource in #4638
• Change message to suggest upgrading to LTS version and not mention minimum version by @saberduck in #4611
• Create rule S6959: "Array.reduce()" calls should include an initial value by @yassin-kammoun-sonarsource in #4626
• Fix FP S6754 (hook-use-state): Ignore state variables without a setter by @yassin-kammoun-sonarsource in #4637
• Resolve issue #4631: Fix FP S2699 (assertions-in-tests): Add support for supertest by @ericmorand-sonarsource in #4636
• Fix SQ raised issue by @ilia-kebets-sonarsource in #4642
• Update eslint-plugin-sonarjs version by @zglicz in #4643
• Update for release by @zglicz in #4644

New Contributors

• @Wohops made their first contribution in #4577
• @zglicz made their first contribution in #4601

Full Changelog: 10.12.0.25537...10.13.0.25911

This release will be part of SonarQube 10.5

Milestone: https://github.com/SonarSource/SonarJS/milestone/86

10.12.0

This release

Improve Top Dismissed JS/TS Rules (https://sonarsource.atlassian.net/browse/MMF-2934)

What's Changed

• Allow minimatch to match hidden folders by @vdiez in #4502
• Improve S4123 (no-invalid-await): Improve documentation about edge cases and add test to confirm that S4123 honours JSDoc directives by @ericmorand-sonarsource in #4538
• Fix FP S6594 (sonar-prefer-regexp-exec): Ignore match count use case by @yassin-kammoun-sonarsource in #4540
• Fix FP S2871 (no-alphabetical-sort): Rework the rule to emit a dedicated message for arrays of strings by @ericmorand-sonarsource in #4539
• Fix FP S4323 (use-type-alias): Ignore nullable types by @yassin-kammoun-sonarsource in #4543
• Fix FP S4123 (no-invalid-await): Ignore function calls for functions whose definition have JSdoc with a returns tag by @ilia-kebets-sonarsource in #4544
• Fix FP S3800 (function-return-type): Exception for sanitation functions by @ericmorand-sonarsource in #4548
• Fix FP S1848 (constructor-for-side-effects): Make exception for AWS CDK resources by @yassin-kammoun-sonarsource in #4554
• Fix S6661 (prefer-object-spread): Disable for projects that don't support the object spread syntax and improve rule description by @ilia-kebets-sonarsource in #4552
• Fix FP S6479 (no-array-index-key) - Allow keys combining index and other values by @ericmorand-sonarsource in #4556
• Fix FP S6647 (no-useless-constructor): Ignore decorated classes and classes inheriting protected constructors by @yassin-kammoun-sonarsource in #4546
• Fix FP S1186 (no-empty-function): Ignore noop-like functions, arrows, and constructors by @yassin-kammoun-sonarsource in #4557
• Add rule S2004: Functions should not be nested too deeply by @yassin-kammoun-sonarsource in #4559
• Fix FP S6582 (prefer-optional-chain): Update description and severity by @yassin-kammoun-sonarsource in #4562
• Fix FP S6544 (no-misused-promises) - Set checkVoidReturn.arguments=false by @ericmorand-sonarsource in #4561
• Fix FP S3776 (cognitive-complexity): Ignore nested functions and default values by @yassin-kammoun-sonarsource in #4566
• Improve S2004 (no-nested-functions): Increase default threshold to four nested functions by @yassin-kammoun-sonarsource in #4570
• Fix FP S6606 (prefer-nullish-coalescing): When the first argument s boolean | undefined by @ericmorand-sonarsource in #4565

New Contributors

• @ericmorand-sonarsource made their first contribution in #4538

Full Changelog: 10.11.1.25225...10.12.0.25537

This release will be part of SonarQube 10.5

https://github.com/SonarSource/SonarJS/milestone/84?closed=1

10.11.1

• Fix missing requiredForLanguages metadata in manifest

This release will be part of SonarQube 10.4