Mirrors/sonarqube
1
0
Fork 0
mirror of https://github.com/SonarSource/sonarqube.git synced 2024-08-30 17:55:19 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
31,330 Commits 62 Branches 239 Tags 995 MiB
8aef311126
Commit Graph

338 Commits

Author SHA1 Message Date
Christian Köberl
c2e02a8945 Upgrade postgresql jdbc driver version to 42.2.19 
42.2.15 - 42.2.17 have an issue with older PosgreSQL versions.
See https://github.com/pgjdbc/pgjdbc/issues/1868
 2021-03-09 20:07:44 +00:00
Tobias Trabelsi
8f61434c75 update tomcat 2021-03-08 20:07:54 +00:00
Zipeng WU
9a4cafe8c6 SONAR-14499 Support schema validation for JSON property types 2021-02-26 20:07:40 +00:00
Zipeng WU
2d917e6c5c SONAR-14223,SONAR-14298,SONAR-14319,SONAR-14339,SONAR-14344,SONAR-14366,SONAR-14425,SONAR-14427,SONAR-14452,SONAR-14469,SONAR-14476,SONAR-14477,SONAR-14481 Update language analyzers 2021-02-15 20:07:04 +00:00
Duarte Meneses
f09c5b908b SONAR-14146 Support MS SQL 2019 database 2021-02-12 20:07:13 +00:00
Jacek
9cf5cda493 SONAR-14455 Upgrade Elasticsearch client dependencies to 7.10.2 2021-02-11 20:07:09 +00:00
Tobias Trabelsi
7994bfbfea updated kotlin libs to 1.4.21 2021-02-09 20:07:16 +00:00
Zipeng WU
bfd3509fb4 SONAR-14372 move alm validation endpoint to CE 2021-02-04 20:07:08 +00:00
Malena Ebert
5444298f34 Revert "Quickfix to workaround JFrog issue" 
This reverts commit 4193b1a468253406aa47596d4e25679ac23fdd79.
 2021-02-02 20:07:49 +00:00
Malena Ebert
09bd0ca18c Quickfix to workaround JFrog issue 2021-01-29 20:07:55 +00:00
Duarte Meneses
95463ad2a8 SONAR-14360 Update jackson dependency to v2.10.0201202 2021-01-22 20:32:59 +00:00
Malena Ebert
cbe9ef6132 Update SonarQube plugin 2021-01-15 20:32:07 +00:00
Malena Ebert
d5f70ef407 Update OWASP dependency check plugin 2021-01-15 20:32:07 +00:00
Malena Ebert
e966f1257d Update node plugin 2021-01-15 20:32:07 +00:00
Malena Ebert
2e503b7b51 Update artifactory plugin 2021-01-15 20:32:07 +00:00
Malena Ebert
54cd6f875d Update protobuf plugin 
* partially supports Gradle configuration cache (requires Gradle 6.6+).
 2021-01-15 20:32:07 +00:00
Malena Ebert
d92fed7038 Set gradle wrapper distribution type 2021-01-15 20:32:07 +00:00
Mathieu Suen
2cd3d3d4d3 SONAR-14252 Upgade language analyzer 2020-12-09 20:07:20 +00:00
Tobias Trabelsi
18c7df8a1b [OWASP] Findings of the night 
* updated tomcat to version 8.5.60

* supressed CVE-2020-25649
 2020-12-08 20:07:03 +00:00
Mathieu Suen
6b9d918dc5 SONAR-14219,SONAR-14217,SONAR-14209,SONAR-14220 Upgrade analyzer plugin 2020-12-04 20:06:50 +00:00
Malena Ebert
ee1e85d5f8 Update Junit 2020-12-03 20:06:38 +00:00
Malena Ebert
634999d822 BUILD Switch time tracker plugin. 
The recent used time tracker plugin is not maintained anymore and it is using gradle features, which will be removed in the next versions.
 2020-12-03 20:06:38 +00:00
Duarte Meneses
37587a03da SONAR-14033 Refactor storage of applications 2020-11-28 20:06:15 +00:00
Jacek
a8ec651e57 Update orchestrator version to 3.34 
By default this version is disabling force authentication for 8.6 and greater.
Also it allows to enable default behaviour, which will be used.
 2020-11-26 20:06:29 +00:00
Julien Lancelot
bf875f8edd SONAR-13992 Upgrade Apache httpclient to 4.5.13 2020-11-25 20:06:26 +00:00
Mathieu Suen
5bd4a2096a SONAR-14174, SONAR-14150, SONAR-14148, SONAR-14151, SONAR-14163, 
SONAR-14164, SONAR-14149, SONAR-14153, SONAR-14152, SONAR-14173, SONAR-14174 Language plugin upgrade for 8.6.
 2020-11-24 20:06:34 +00:00
Malena Ebert
10cd062ff1 BUILD Fix unauthorized builds with artifactory repo 
Due to a misbehavior in artifactory, the wrong http status code is returned and the build will stop immediately. This happens if you access a virtual repository which contains a repository which requires authentication.

As a workaround a virtual repository is used, which does not include non-public repositories.

https://www.jfrog.com/jira/browse/RTFACT-13797
 2020-11-17 20:06:17 +00:00
Julien Lancelot
3de0d3b54f SONAR-13991 Fix SSF-128 2020-11-06 20:05:24 +00:00
Michal Duda
8493c2b1bb SONAR-13979 Fail when sonar.search.host or sonar.search.port are defined in DCE 
- Orchestrator upgrade was required as by default it was setting these properties
 2020-11-05 20:06:21 +00:00
Jacek
f4751bd135 SONAR-12686 upgrade es client to 7.9.3 and move to HTTP 
- add should minimum match eq 1 to user index queries
ES 7.X changed behaviour in case filter query with bool it defaults to '0'
https://www.elastic.co/guide/en/elasticsearch/reference/7.x/breaking-changes-7.0.html#_the_filter_context_has_been_removed

- fix issue index routing param
ES 7.X helped discover this bug as new setting has been auto configured which is 'index.number_of_routing_shards'.
This has changed how documents are distributed across shards depending on how many shards the index has.

Without that change issues docs has been incorrectly routed to the same shard hash as projects and it worked no matter what routing key you used projectUuid or auth_projectUuid.

- update ngram and edge_ngram names to match with es 7.x
nGram and edgeNgram has been deprecated in favour of ngram and edge_ngram
https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#deprecated-ngram-edgengram-token-filter-cannot-be-used

- remove `_all : enabled` usage from UT
This field was already deprecated in 6.X, now it has been removed.
https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#all-meta-field-removed

- add Elasticsearch High Level REST client dependency

- use sonar.search.port for ES HTTP

- main process use ES Rest client to check ES status

- sonar.cluster.search.hosts has HTTP ports on APP nodes
also sonar.search.port and sonar.search.host MUST be configured on each Search node with the host and HTTP port of the current node

- use Elasticsearch high level rest client

- use in EsTester

- use as primary es client

- use indices api to get all indices name instead of cluster api

- use cluster health api to check cluster state

- support raw requests for 'nodes/_stats' and '_cluster/stats'

- support raw requests for 'indices/_stats'

- leave netty4plugin as testCompile dependency it is used in UTs

- all ES non-test calls go through EsClient class

- add rest client ES profiling
 2020-11-05 20:06:21 +00:00
Malena Ebert
c7dd48e8ef Update node version used by gradle 2020-11-02 20:05:28 +00:00
Malena Ebert
53de04965d Move OWASP suppression files to private folder 2020-11-02 20:05:28 +00:00
Jeremy Davis
3a72d3f37b SONAR-14001 SONAR-14010 SONAR-14030 SONAR-14032 SONAR-14050 SONAR-14052 SONAR-14053 SONAR-14054 SONAR-14055 SONAR-14056 Upgrade analyzers 2020-10-29 20:05:02 +00:00
Jacek
61438004e8 SONAR-13913 Upgrade Orchestrator version to 3.31 2020-10-28 20:08:35 +00:00
Tobias Trabelsi
0511b3ab3a SONAR-14044 update mybatis 2020-10-27 20:08:12 +00:00
Jacek
70ff2cdb4d SONAR-13937 Upgrade sonar-css to 1.3.1.1642 2020-10-21 20:08:07 +00:00
Julien Lancelot
cededc9472 Revert "SONAR-13913 Remove tables and indexes clean up used in Integration Tests" 
This reverts commit 6d13dd2f
 2020-10-21 20:08:07 +00:00
Duarte Meneses
9e93ddbf33 Improve validation build logging 2020-10-20 20:08:05 +00:00
Julien Lancelot
8844917734 SONAR-13913 Remove tables and indexes clean up used in Integration Tests 
* SONAR-13913 Remove usage of Orchestrator#resetData

* Remove ProjectAnalysisRule

* Upgrade to Orchestrator 3.31

* SONAR-13913 Remove BackendCleanup class

* Remove code related to no more existing tables
 2020-10-20 20:08:04 +00:00
Jacek
4cb73ff2ff SONAR-13937 Fix SSF-126 2020-10-19 20:09:11 +00:00
Pierre Guillot
6e00489798 SONAR-13980 upgrade postgresql jdbc driver version to 42.2.17 2020-10-14 20:07:56 +00:00
Jeremy Davis
ca8e5e694d SONAR-13944 Upgrade RPG analyzer 2020-10-08 20:08:02 +00:00
Jeremy Davis
601e5d3477 SONAR-13931 SONAR-13932 SONAR-13933 Upgrade analyzers for java, php and flex 2020-10-07 20:07:44 +00:00
Pierre
1fc3db7125 upgrade okhttp library version to latest 2020-10-06 20:07:39 +00:00
Malena Ebert
a5ba90ff48 SONAR-13912 Add owasp_check_task to Cirrus CI. 2020-10-02 20:07:42 +00:00
Simon Brandhof
e59875122c SONAR-13905 enable OWASP Dependency Check tool 2020-10-02 20:07:42 +00:00
Jeremy Davis
d7856168ba SONAR-13914 SONAR-13928 analysis updates 2020-10-02 20:07:41 +00:00
Pierre
9468eff878 SONAR-13905 upgrade common-io version 2020-10-01 20:07:44 +00:00
Philippe Perrin
afa7ea94fa SONAR-13914 Upgrade analyzers 2020-10-01 20:07:44 +00:00
Jeremy Davis
d3bc0ba74c SONAR-13662 
SONAR-13833
SONAR-13907
SONAR-13909
SONAR-13910
Upgrade analyzers
 2020-09-30 20:07:46 +00:00
Simon Brandhof
4b3d914bf5 Upgrade Gradle plugins 2020-09-28 20:07:24 +00:00
Simon Brandhof
ad7d964270 SONAR-13905 upgrade Hazelcast from 3.12.7 to 3.12.9 
to mitigate the vulnerabilities brought by the bundled
jackson-core dependency.

The release notes of 3.12.8 and 3.12.9 highlights only bug-fixes:
https://docs.hazelcast.org/docs/rn/index.html#3-12-9
 2020-09-28 20:07:24 +00:00
Simon Brandhof
552f5bbe1d SONAR-13905 upgrade Tomcat from 8.5.56 zo 8.5.58 
The main reason is to fix potential vulnerabilities:

- CVE-2020-13934 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13934
- CVE-2020-13935 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13935

Release notes: http://tomcat.apache.org/tomcat-8.5-doc/changelog.html
 2020-09-28 20:07:23 +00:00
Jacek
d94d9a9f4a SONAR-13644 load bundled plugins from 'lib/extension' directory 2020-09-18 20:07:13 +00:00
Pierre Guillot
8d9c4602c5 update postgresql jdbc driver version 2020-09-03 20:07:20 +00:00
Jeremy Davis
b36c8c9a1a SONAR-13833 Upgrade Java analyzer to 6.7.0.23054 2020-09-01 20:06:55 +00:00
Jeremy Davis
7bfa8e8ffc SONAR-13829 Upgrade Python analyzer to 3.1.0.7619 2020-09-01 20:06:55 +00:00
Duarte Meneses
da15a52568 SONAR-13792 Embed sonar-scm-svn 2020-08-28 20:06:52 +00:00
Duarte Meneses
87bb21e6bb SONAR-13792 Embed sonar-scm-git 2020-08-28 20:06:52 +00:00
Tibor Blenessy
de358ad58c SONAR-13576 Remove sonar-typescript-plugin (#2920) 
* SONAR-13576 Remove sonar-typescript-plugin

* Update sonar-javascript-plugin to 6.3.0.12464
 2020-07-21 20:05:29 +00:00
Julien Lancelot
74b4533439 SONAR-13563 Update sonar-java to 6.5.1.22586 2020-07-03 20:05:22 +00:00
Julien Lancelot
21683403c0 SONAR-13563 Update sonar-java to 6.5.1.22584 and sonar-cobol to 4.5.1.4460 2020-07-02 20:05:53 +00:00
Julien Lancelot
4332ad2aef SONAR-13563 Revert sonar-cobol-plugin to 4.4.0.3403 2020-07-01 20:05:53 +00:00
Duarte Meneses
43ca941541 SONAR-13495 Release and embed Git 1.12.0.2034 and SVN 1.10.0.1917 plugins 2020-06-30 20:05:42 +00:00
sns-seb
3376451d7a SONAR-13563 Update analyzers to latest releases 2020-06-30 20:05:41 +00:00
Simon Brandhof
6b806ebf8e Upgrade Jackson Dataformat dependencies to 2.10.4 2020-06-22 20:04:33 +00:00
Simon Brandhof
a6327e0ebb Upgrade Hazelcast to 3.12.7 
Bug-fixes listed in https://docs.hazelcast.org/docs/rn/index.html#3-12-7
 2020-06-22 20:04:33 +00:00
Simon Brandhof
5ca7450823 Upgrade PostgreSQL driver to 42.2.14 
Fixes potential vulnerability CVE-2020-13692
 2020-06-22 20:04:33 +00:00
Simon Brandhof
1b68517f36 Upgrade jjwt to 0.11.2 2020-06-22 20:04:33 +00:00
Simon Brandhof
29fbfe91f4 Upgrade Tomcat to 8.5.56 
The vulnerability https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-9484
is not exploitable but it generates a false-positive in SCA reports.
Upgrading kills the noise.
 2020-06-22 20:04:33 +00:00
Simon Brandhof
f21a11a263 Upgrade commons-io to 2.7 
Avoids vulnerability https://issues.apache.org/jira/browse/IO-556
 2020-06-22 20:04:33 +00:00
sns-seb
2573f34567 SONAR-13496 Update sonar-javascript, sonar-python to latest release(s) 2020-06-02 20:05:09 +00:00
Wouter Admiraal
9c58e36328 SONAR-13340 Update sonar-csharp and sonar-vbnet to latest release 2020-04-28 20:03:32 +00:00
Wouter Admiraal
b9a07d9731 SONAR-13330 Update sonar-scm-git to latest release 2020-04-27 20:04:00 +00:00
Malena Ebert
8a8d20d901 SONAR-13329 Update sonar-cfamily-plugin latest release 2020-04-27 20:04:00 +00:00
Malena Ebert
21ed5de95d SONAR-13326 Update sonar security plugins to latest release 2020-04-27 20:04:00 +00:00
Wouter Admiraal
ec3fd47e6c SONAR-13325 Update sonar-jacoco to latest release 2020-04-24 20:03:29 +00:00
sns-seb
09efd91833 SONAR-13315 Update sonar-cfamily, sonar-csharp, sonar-vbnet, sonar-java, sonar-python to latest release(s) 2020-04-20 20:03:21 +00:00
Evgeny Mandrikov
302447df10 Upgrade Gradle to 6.3 2020-04-16 20:03:49 +00:00
Simon Brandhof
d88d0e1a3e Fix the upgrade of the Gradle Artifactory plugin to 4.15.1 
The configuration of private subprojects must be fixed
in order to correct set the properties like "build.name"
on private artifacts.
 2020-04-06 20:03:39 +00:00
sns-seb
43f800cbf6 SONAR-13263 Upgrade plugins 2020-04-03 20:03:31 +00:00
Evgeny Mandrikov
3ff51cc358 Gradle scripts should use plugins block 
It was de-incubated (promoted) in Gradle 5.0
and in particular it can't contain duplicate IDs.
 2020-03-31 20:03:36 +00:00
Evgeny Mandrikov
ecb724151b Replace Gradle plugin 'com.moowork.node' by 'com.github.node-gradle.node' 
The latter one is actively maintained fork
of the not anymore maintained former.
In particular the former does not support Gradle 6.x.
 2020-03-31 20:03:36 +00:00
Simon Brandhof
505bea6f4d SONAR-13155 upgrade sonar-channel to 4.2 
This project is no longer maintained. V4.2 is the latest, released
in 2014. It is probably similar to 4.1 and does not bring changes.
The reason is that this lib was a module of the sonarqube repository
at that time.
 2020-03-25 20:03:54 +00:00
Simon Brandhof
471eec1dfa SONAR-13155 upgrade Artifactory plugin to 4.15.1 
Changelog contains mainly bug-fixes and preparation of Gradle 6 support
https://www.jfrog.com/jira/browse/GAP-305?jql=project%20%3D%20GAP%20AND%20fixVersion%20in%20(4.11.0%2C%204.12.0%2C%204.14.1%2C%204.15.0%2C%204.15.1)%20ORDER%20BY%20priority%20DESC%2C%20updated%20DESC
 2020-03-25 20:03:54 +00:00
Simon Brandhof
ac71f9c2f0 SONAR-13155 add command to run yarn security audit 2020-03-25 20:03:54 +00:00
Simon Brandhof
eb1fc30c39 SONAR-13155 add a comment about lib diffutils 2020-03-25 20:03:54 +00:00
Simon Brandhof
58d6800b29 SONAR-13155 upgrade jackson-bind 2020-03-25 20:03:54 +00:00
Simon Brandhof
d8316b23db SONAR-13155 add Gradle command to list all dependency trees 
`./gradlew allDependencies` lists the trees of dependencies of
all subprojects. This is convenient when investigating the
impacts of a dependency upgrade.
 2020-03-21 20:04:03 +00:00
Simon Brandhof
7af9ac7424 SONAR-13155 use the official Maven coordinates of Oracle driver 
'com.oracle.jdbc:ojdbc8' was the coordinates of the artifact manually
deployed to SonarSource repository.
 2020-03-21 20:04:03 +00:00
Simon Brandhof
979d9e55a0 SONAR-13155 upgrade Tomcat from 8.5.51 to 8.5.53 
Bug-fixes listed in http://tomcat.apache.org/tomcat-8.5-doc/changelog.html
 2020-03-21 20:04:03 +00:00
Simon Brandhof
c534b92bf9 SONAR-13155 upgrade testing dependencies 2020-03-21 20:04:03 +00:00
Simon Brandhof
c7857d32e1 SONAR-13155 upgrade OkHttp from 3.14.2 to 3.14.7 
Bug-fixes listed in https://square.github.io/okhttp/changelog_3x/
 2020-03-21 20:04:03 +00:00
Simon Brandhof
c607b1bb6a SONAR-13155 upgrade SQLServer driver to 7.4.1 
* Supports NTLM authentication mode.
* Updated Microsoft Azure Key Vault SDK for Java, version 1.2.1

See https://docs.microsoft.com/en-us/sql/connect/jdbc/release-notes-for-the-jdbc-driver?view=sql-server-ver15#-741
 2020-03-21 20:04:02 +00:00
Simon Brandhof
570e3aaaf4 SONAR-13155 upgrade Hazelcast from 3.12.3 to 3.12.6 
Multiple bug-fixes:
https://docs.hazelcast.org/docs/rn/index.html
 2020-03-21 20:04:02 +00:00
Simon Brandhof
f84f7c6ec3 SONAR-13155 upgrade protobuf-java from 3.10 to 3.11.4 
No major changes
https://github.com/protocolbuffers/protobuf/releases
 2020-03-21 20:04:02 +00:00
Simon Brandhof
4ae5d15353 SONAR-13155 upgrade gson from 2.8.5 to 2.8.6 
No major changes
https://github.com/google/gson/blob/master/CHANGELOG.md
 2020-03-21 20:04:02 +00:00
Simon Brandhof
1b854b3c1b SONAR-13155 do not suggest major upgrades of dependencies 2020-03-21 20:04:02 +00:00
Simon Brandhof
a6c6aefe4b SONAR-13155 upgrade httpclient from 4.5.10 to 4.5.12 
Bug-fixes listed in https://archive.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.5.x.txt
 2020-03-21 20:04:02 +00:00
Simon Brandhof
620e3ea047 SONAR-13155 upgrade jgit from 5.6 to 5.7 
See https://projects.eclipse.org/projects/technology.jgit/releases/5.7.0/
 2020-03-21 20:04:02 +00:00