Bump Microsoft.CodeAnalysis.FxCopAnalyzers from 2.9.4 to 3.3.0 in /src #32

dependabot · 2020-09-08T04:09:54Z

Bumps Microsoft.CodeAnalysis.FxCopAnalyzers from 2.9.4 to 3.3.0.

Release notes

Sourced from Microsoft.CodeAnalysis.FxCopAnalyzers's releases.

v3.3.0

Pre-release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.

Contains following important changes on top of v3.0.0 release

The new security rules CA2350-CA2362 can help find vulnerabilities related to DataSet and DataTable security guidance.

Feature

Editorconfig based file/directory level options configuration. See details here

Bug Fixes

Many bug fixes, including performance fixes.

Various tainted data rules: Don't report tainted data flowing into non-sink method parameters, when other tainted data does flow into a sink parameter.

Additional analyzers/fixers

Added

Design

CA1002: Do not expose generic lists

CA1005: Avoid excessive parameters on generic types

CA1045: Do not pass types by reference

CA1046: Do not overload equality operator on reference types

CA1047: Do not declare protected member in sealed type -- Enabled by default

CA1070: Do not declare event fields as virtual -- Enabled by default

Interoperability

CA1417: Do not use 'OutAttribute' on string parameters for P/Invokes -- Enabled by default

Naming

CA1700: Do not name enum values 'Reserved'

CA1713: Events should not have 'Before' or 'After' prefix -- Enabled by default

Performance

CA1805: Do not initialize unnecessarily -- Enabled by default

CA1830: Prefer strongly-typed Append and Insert method overloads on StringBuilder -- Enabled by default

CA1831: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default

CA1832: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default

CA1833: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default

CA1834: Consider using 'StringBuilder.Append(char)' when applicable -- Enabled by default

CA1835: Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync' -- Enabled by default

CA1836: Prefer IsEmpty over Count -- Enabled by default

CA1837: Use 'Environment.ProcessId' -- Enabled by default

CA1838: Avoid 'StringBuilder' parameters for P/Invokes

Publish

IL3000: Avoid using accessing Assembly file path when publishing as a single-file -- Enabled by default

IL3001: Avoid using accessing Assembly file path when publishing as a single-file -- Enabled by default

Reliability

CA2014: Do not use stackalloc in loops -- Enabled by default

CA2015: Do not define finalizers for types derived from MemoryManager -- Enabled by default

CA2016: Forward the 'CancellationToken' parameter to methods that take one -- Enabled by default

Security

CA2109: Review visible event handlers

CA2350: Do not use DataTable.ReadXml() with untrusted data

Commits

0a95f9e Merge pull request #3882 from Evangelink/CA1812-vbnet
ccbb33e Merge pull request #3982 from Youssef1313/patch-5
0a764ab Merge pull request #3973 from Evangelink/resource-whitespaces
d9302b6 Apply suggestion
f83f93e Merge branch 'master' into resource-whitespaces
b4c1099 Update summary
2e7f7e2 Update summary
ba19417 Fix summary
af00e64 Fix incorrect doc comment
2208884 Merge pull request #3972 from Evangelink/CA1024-task
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [Microsoft.CodeAnalysis.FxCopAnalyzers](https://github.com/dotnet/roslyn-analyzers) from 2.9.4 to 3.3.0. - [Release notes](https://github.com/dotnet/roslyn-analyzers/releases) - [Changelog](https://github.com/dotnet/roslyn-analyzers/blob/master/PostReleaseActivities.md) - [Commits](dotnet/roslyn-analyzers@v2.9.4...v3.3.0) Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Sep 8, 2020

wjk merged commit 863c60e into master Sep 8, 2020

wjk deleted the dependabot/nuget/src/Microsoft.CodeAnalysis.FxCopAnalyzers-3.3.0 branch September 8, 2020 11:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump Microsoft.CodeAnalysis.FxCopAnalyzers from 2.9.4 to 3.3.0 in /src #32

Bump Microsoft.CodeAnalysis.FxCopAnalyzers from 2.9.4 to 3.3.0 in /src #32

dependabot bot commented on behalf of github Sep 8, 2020

Bump Microsoft.CodeAnalysis.FxCopAnalyzers from 2.9.4 to 3.3.0 in /src #32

Bump Microsoft.CodeAnalysis.FxCopAnalyzers from 2.9.4 to 3.3.0 in /src #32

Conversation

dependabot bot commented on behalf of github Sep 8, 2020

v3.3.0

Feature

Bug Fixes

Additional analyzers/fixers

Added