[PR #3969] [CLOSED] Bump Microsoft.CodeAnalysis.FxCopAnalyzers from 2.9.8 to 3.3.0 #9794

Closed
opened 2026-02-07 06:08:37 +03:00 by OVERLORD · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/jellyfin/jellyfin/pull/3969
Author: @dependabot[bot]
Created: 8/24/2020
Status: Closed

Base: masterHead: dependabot/nuget/Microsoft.CodeAnalysis.FxCopAnalyzers-3.3.0


📝 Commits (1)

  • 1415049 Bump Microsoft.CodeAnalysis.FxCopAnalyzers from 2.9.8 to 3.3.0

📊 Changes

24 files changed (+24 additions, -24 deletions)

View changed files

📝 Emby.Dlna/Emby.Dlna.csproj (+1 -1)
📝 Emby.Drawing/Emby.Drawing.csproj (+1 -1)
📝 Emby.Notifications/Emby.Notifications.csproj (+1 -1)
📝 Emby.Photos/Emby.Photos.csproj (+1 -1)
📝 Emby.Server.Implementations/Emby.Server.Implementations.csproj (+1 -1)
📝 Jellyfin.Api/Jellyfin.Api.csproj (+1 -1)
📝 Jellyfin.Data/Jellyfin.Data.csproj (+1 -1)
📝 Jellyfin.Drawing.Skia/Jellyfin.Drawing.Skia.csproj (+1 -1)
📝 Jellyfin.Server.Implementations/Jellyfin.Server.Implementations.csproj (+1 -1)
📝 Jellyfin.Server/Jellyfin.Server.csproj (+1 -1)
📝 MediaBrowser.Common/MediaBrowser.Common.csproj (+1 -1)
📝 MediaBrowser.Controller/MediaBrowser.Controller.csproj (+1 -1)
📝 MediaBrowser.LocalMetadata/MediaBrowser.LocalMetadata.csproj (+1 -1)
📝 MediaBrowser.MediaEncoding/MediaBrowser.MediaEncoding.csproj (+1 -1)
📝 MediaBrowser.Model/MediaBrowser.Model.csproj (+1 -1)
📝 MediaBrowser.Providers/MediaBrowser.Providers.csproj (+1 -1)
📝 MediaBrowser.XbmcMetadata/MediaBrowser.XbmcMetadata.csproj (+1 -1)
📝 tests/Jellyfin.Api.Tests/Jellyfin.Api.Tests.csproj (+1 -1)
📝 tests/Jellyfin.Common.Tests/Jellyfin.Common.Tests.csproj (+1 -1)
📝 tests/Jellyfin.Controller.Tests/Jellyfin.Controller.Tests.csproj (+1 -1)

...and 4 more files

📄 Description

Bumps Microsoft.CodeAnalysis.FxCopAnalyzers from 2.9.8 to 3.3.0.

Release notes

Sourced from Microsoft.CodeAnalysis.FxCopAnalyzers's releases.

v3.3.0

Pre-release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.

Contains following important changes on top of v3.0.0 release

The new security rules CA2350-CA2362 can help find vulnerabilities related to DataSet and DataTable security guidance.

Feature

Editorconfig based file/directory level options configuration. See details here

Bug Fixes

  • Many bug fixes, including performance fixes.
  • Various tainted data rules: Don't report tainted data flowing into non-sink method parameters, when other tainted data does flow into a sink parameter.

Additional analyzers/fixers

Added

  • Design
    • CA1002: Do not expose generic lists
    • CA1005: Avoid excessive parameters on generic types
    • CA1045: Do not pass types by reference
    • CA1046: Do not overload equality operator on reference types
    • CA1047: Do not declare protected member in sealed type -- Enabled by default
    • CA1070: Do not declare event fields as virtual -- Enabled by default
  • Interoperability
    • CA1417: Do not use 'OutAttribute' on string parameters for P/Invokes -- Enabled by default
  • Naming
    • CA1700: Do not name enum values 'Reserved'
    • CA1713: Events should not have 'Before' or 'After' prefix -- Enabled by default
  • Performance
    • CA1805: Do not initialize unnecessarily -- Enabled by default
    • CA1830: Prefer strongly-typed Append and Insert method overloads on StringBuilder -- Enabled by default
    • CA1831: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
    • CA1832: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
    • CA1833: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
    • CA1834: Consider using 'StringBuilder.Append(char)' when applicable -- Enabled by default
    • CA1835: Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync' -- Enabled by default
    • CA1836: Prefer IsEmpty over Count -- Enabled by default
    • CA1837: Use 'Environment.ProcessId' -- Enabled by default
    • CA1838: Avoid 'StringBuilder' parameters for P/Invokes
  • Publish
    • IL3000: Avoid using accessing Assembly file path when publishing as a single-file -- Enabled by default
    • IL3001: Avoid using accessing Assembly file path when publishing as a single-file -- Enabled by default
  • Reliability
    • CA2014: Do not use stackalloc in loops -- Enabled by default
    • CA2015: Do not define finalizers for types derived from MemoryManager -- Enabled by default
    • CA2016: Forward the 'CancellationToken' parameter to methods that take one -- Enabled by default
  • Security
    • CA2109: Review visible event handlers
    • CA2350: Do not use DataTable.ReadXml() with untrusted data
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/jellyfin/jellyfin/pull/3969 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 8/24/2020 **Status:** ❌ Closed **Base:** `master` ← **Head:** `dependabot/nuget/Microsoft.CodeAnalysis.FxCopAnalyzers-3.3.0` --- ### 📝 Commits (1) - [`1415049`](https://github.com/jellyfin/jellyfin/commit/1415049fd781e649c19e11a5a5c62194cc42bca9) Bump Microsoft.CodeAnalysis.FxCopAnalyzers from 2.9.8 to 3.3.0 ### 📊 Changes **24 files changed** (+24 additions, -24 deletions) <details> <summary>View changed files</summary> 📝 `Emby.Dlna/Emby.Dlna.csproj` (+1 -1) 📝 `Emby.Drawing/Emby.Drawing.csproj` (+1 -1) 📝 `Emby.Notifications/Emby.Notifications.csproj` (+1 -1) 📝 `Emby.Photos/Emby.Photos.csproj` (+1 -1) 📝 `Emby.Server.Implementations/Emby.Server.Implementations.csproj` (+1 -1) 📝 `Jellyfin.Api/Jellyfin.Api.csproj` (+1 -1) 📝 `Jellyfin.Data/Jellyfin.Data.csproj` (+1 -1) 📝 `Jellyfin.Drawing.Skia/Jellyfin.Drawing.Skia.csproj` (+1 -1) 📝 `Jellyfin.Server.Implementations/Jellyfin.Server.Implementations.csproj` (+1 -1) 📝 `Jellyfin.Server/Jellyfin.Server.csproj` (+1 -1) 📝 `MediaBrowser.Common/MediaBrowser.Common.csproj` (+1 -1) 📝 `MediaBrowser.Controller/MediaBrowser.Controller.csproj` (+1 -1) 📝 `MediaBrowser.LocalMetadata/MediaBrowser.LocalMetadata.csproj` (+1 -1) 📝 `MediaBrowser.MediaEncoding/MediaBrowser.MediaEncoding.csproj` (+1 -1) 📝 `MediaBrowser.Model/MediaBrowser.Model.csproj` (+1 -1) 📝 `MediaBrowser.Providers/MediaBrowser.Providers.csproj` (+1 -1) 📝 `MediaBrowser.XbmcMetadata/MediaBrowser.XbmcMetadata.csproj` (+1 -1) 📝 `tests/Jellyfin.Api.Tests/Jellyfin.Api.Tests.csproj` (+1 -1) 📝 `tests/Jellyfin.Common.Tests/Jellyfin.Common.Tests.csproj` (+1 -1) 📝 `tests/Jellyfin.Controller.Tests/Jellyfin.Controller.Tests.csproj` (+1 -1) _...and 4 more files_ </details> ### 📄 Description Bumps [Microsoft.CodeAnalysis.FxCopAnalyzers](https://github.com/dotnet/roslyn-analyzers) from 2.9.8 to 3.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dotnet/roslyn-analyzers/releases">Microsoft.CodeAnalysis.FxCopAnalyzers's releases</a>.</em></p> <blockquote> <h2>v3.3.0</h2> <p>Pre-release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.</p> <p>Contains following important changes on top of v3.0.0 release</p> <p>The new security rules CA2350-CA2362 can help find vulnerabilities related to <a href="https://go.microsoft.com/fwlink/?linkid=2132227">DataSet and DataTable security guidance</a>.</p> <h2>Feature</h2> <p>Editorconfig based file/directory level options configuration. See details <a href="https://docs.microsoft.com/visualstudio/code-quality/configure-fxcop-analyzers#vs2019-163-and-later--fxcopanalyzers-package-version-33x-and-later">here</a></p> <h2>Bug Fixes</h2> <ul> <li>Many bug fixes, including performance fixes.</li> <li>Various tainted data rules: Don't report tainted data flowing into non-sink method parameters, when other tainted data does flow into a sink parameter.</li> </ul> <h2>Additional analyzers/fixers</h2> <h3>Added</h3> <ul> <li>Design <ul> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1002">CA1002</a>: Do not expose generic lists</li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1005">CA1005</a>: Avoid excessive parameters on generic types</li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1045">CA1045</a>: Do not pass types by reference</li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1046">CA1046</a>: Do not overload equality operator on reference types</li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1047">CA1047</a>: Do not declare protected member in sealed type -- <strong>Enabled by default</strong></li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1070">CA1070</a>: Do not declare event fields as virtual -- <strong>Enabled by default</strong></li> </ul> </li> <li>Interoperability <ul> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1417">CA1417</a>: Do not use 'OutAttribute' on string parameters for P/Invokes -- <strong>Enabled by default</strong></li> </ul> </li> <li>Naming <ul> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1700">CA1700</a>: Do not name enum values 'Reserved'</li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1713">CA1713</a>: Events should not have 'Before' or 'After' prefix -- <strong>Enabled by default</strong></li> </ul> </li> <li>Performance <ul> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1805">CA1805</a>: Do not initialize unnecessarily -- <strong>Enabled by default</strong></li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1830">CA1830</a>: Prefer strongly-typed Append and Insert method overloads on StringBuilder -- <strong>Enabled by default</strong></li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1831">CA1831</a>: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- <strong>Enabled by default</strong></li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1832">CA1832</a>: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- <strong>Enabled by default</strong></li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1833">CA1833</a>: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- <strong>Enabled by default</strong></li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1834">CA1834</a>: Consider using 'StringBuilder.Append(char)' when applicable -- <strong>Enabled by default</strong></li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1835">CA1835</a>: Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync' -- <strong>Enabled by default</strong></li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1836">CA1836</a>: Prefer IsEmpty over Count -- <strong>Enabled by default</strong></li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1837">CA1837</a>: Use 'Environment.ProcessId' -- <strong>Enabled by default</strong></li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca1838">CA1838</a>: Avoid 'StringBuilder' parameters for P/Invokes</li> </ul> </li> <li>Publish <ul> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/il3000">IL3000</a>: Avoid using accessing Assembly file path when publishing as a single-file -- <strong>Enabled by default</strong></li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/il3001">IL3001</a>: Avoid using accessing Assembly file path when publishing as a single-file -- <strong>Enabled by default</strong></li> </ul> </li> <li>Reliability <ul> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca2014">CA2014</a>: Do not use stackalloc in loops -- <strong>Enabled by default</strong></li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca2015">CA2015</a>: Do not define finalizers for types derived from MemoryManager<!-- raw HTML omitted --> -- <strong>Enabled by default</strong></li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca2016">CA2016</a>: Forward the 'CancellationToken' parameter to methods that take one -- <strong>Enabled by default</strong></li> </ul> </li> <li>Security <ul> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca2109">CA2109</a>: Review visible event handlers</li> <li><a href="https://docs.microsoft.com/visualstudio/code-quality/ca2350">CA2350</a>: Do not use DataTable.ReadXml() with untrusted data</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dotnet/roslyn-analyzers/commit/0a95f9e9a53519ee3cd59b9cf96be6326ef9955b"><code>0a95f9e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/dotnet/roslyn-analyzers/issues/3882">#3882</a> from Evangelink/CA1812-vbnet</li> <li><a href="https://github.com/dotnet/roslyn-analyzers/commit/ccbb33e34b180c6502062c0cf263d6e48ae6a799"><code>ccbb33e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/dotnet/roslyn-analyzers/issues/3982">#3982</a> from Youssef1313/patch-5</li> <li><a href="https://github.com/dotnet/roslyn-analyzers/commit/0a764abed306e32593c14e5799ca59a707984e6b"><code>0a764ab</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/dotnet/roslyn-analyzers/issues/3973">#3973</a> from Evangelink/resource-whitespaces</li> <li><a href="https://github.com/dotnet/roslyn-analyzers/commit/d9302b6dbe1b4ad7fd996492e07e9b60bc77343c"><code>d9302b6</code></a> Apply suggestion</li> <li><a href="https://github.com/dotnet/roslyn-analyzers/commit/f83f93e9f11d91434f4ca8e47e2bd2130054625b"><code>f83f93e</code></a> Merge branch 'master' into resource-whitespaces</li> <li><a href="https://github.com/dotnet/roslyn-analyzers/commit/b4c10992858cdd3e32579dbf0338de510d76c244"><code>b4c1099</code></a> Update summary</li> <li><a href="https://github.com/dotnet/roslyn-analyzers/commit/2e7f7e2a2c62df8e8dba7d481f02ace8ef63a36d"><code>2e7f7e2</code></a> Update summary</li> <li><a href="https://github.com/dotnet/roslyn-analyzers/commit/ba194172c72aa372783ab8a89fd460a756c0df7d"><code>ba19417</code></a> Fix summary</li> <li><a href="https://github.com/dotnet/roslyn-analyzers/commit/af00e6464c6cec848c0021dbc197be0287c21b5a"><code>af00e64</code></a> Fix incorrect doc comment</li> <li><a href="https://github.com/dotnet/roslyn-analyzers/commit/2208884c0578e21cb3ff993435bcdec504d18ed5"><code>2208884</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/dotnet/roslyn-analyzers/issues/3972">#3972</a> from Evangelink/CA1024-task</li> <li>Additional commits viewable in <a href="https://github.com/dotnet/roslyn-analyzers/compare/v2.9.8...v3.3.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.CodeAnalysis.FxCopAnalyzers&package-manager=nuget&previous-version=2.9.8&new-version=3.3.0)](https://help.github.com/articles/configuring-automated-security-fixes) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
OVERLORD added the pull-request label 2026-02-07 06:08:37 +03:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/jellyfin#9794