Skip to content

Bump org.sonarsource.php:sonar-php-plugin from 3.38.0.12239 to 3.58.0.16263#131

Open
dependabot[bot] wants to merge 3 commits into
mainfrom
dependabot/maven/org.sonarsource.php-sonar-php-plugin-3.58.0.16263
Open

Bump org.sonarsource.php:sonar-php-plugin from 3.38.0.12239 to 3.58.0.16263#131
dependabot[bot] wants to merge 3 commits into
mainfrom
dependabot/maven/org.sonarsource.php-sonar-php-plugin-3.58.0.16263

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 12, 2026

Copy link
Copy Markdown
Contributor

Bumps org.sonarsource.php:sonar-php-plugin from 3.38.0.12239 to 3.58.0.16263.

Release notes

Sourced from org.sonarsource.php:sonar-php-plugin's releases.

3.58.0.16263

Update rules metdata and improve S4790 detection

3.57.0.15976

Rule metadata update

3.56.0.15870

Release notes - SonarPHP - 3.56

Bug

SONARPHP-1801 Add "type" field to Psalm rules and fix PsalmReportTest SONARPHP-1806 S117 false positive and S116 false negative on PHP 8 constructor property promotion

3.55.0.15704

Release notes - SonarPHP - 3.55

False Positive

SONARPHP-1795 S4833 should exclude framework bootstrap files and return-value usage SONARPHP-1796 S1192: Suppress string duplication issues in framework patterns, test files, and SQL/HTML contexts SONARPHP-1797 S4833 should not flag require/include of non-namespaced / procedural files

3.54.0.15452

Release notes - SonarPHP - 3.54

False Positive

SONARPHP-1537 S1068 should not raise on private static singleton SONARPHP-1609 S2699 shouldn't flag tests with "DoesNotPerformAssertions" attribute SONARPHP-1695 S1172 should not raise on magic function SONARPHP-1721 S1155 An issue should not be raised even if empty() is used

3.53.0.15220

Release notes - SonarPHP - 3.53

Rotations of binary signing keys

3.52.0.15197

Release notes - SonarPHP - 3.52

False Positive

SONARPHP-1673 S1192 should not raise on "importmap.php" SONARPHP-1674 S101 should not raise for generated classes for Yii DB migration SONARPHP-1675 S100 should adapt to Wordpress naming conventions SONARPHP-1680 S1448 should not raise on classes that are entity of a database SONARPHP-1681 S2003 and S4833 should not raise on Laravel-generated code

Improvement

SONARPHP-1738 Update S3776 Cognitive Complexity to account for PHP pipe operator SONARPHP-1754 Improve Wordpress Framework detection SONARPHP-1761 Drop set of deprecated hotspots SONARPHP-1762 Migrate Pilot Group of Hotspots to Vulnerabilities

... (truncated)

Commits
  • ac4e517 SONARPHP-1839 S4790: suppress when hash is used as a WordPress cache key (#1731)
  • 57e8fb8 SONARPHP-1840 S4790: suppress when hash output is truncated by substr/mb_subs...
  • f3f5e35 SONARPHP-1851 Update rule metadata (#1729)
  • 49e5644 SONARPHP-1850 Update rule metadata (#1727)
  • b5a8779 SONARPHP-1847 Update rule metadata (#1725)
  • fe7f136 SONARPHP-1846 Disable slack notification on rule metadata update (#1724)
  • a989d26 Update rule metadata (#1720)
  • f7fd84c Update Gradle dependencies to v9.5.1 (#1722)
  • 0ffb31b Update sonar-plugin-api to v13.8.0.4399 (#1723)
  • ae04cb5 Update all non-major dependencies (#1721)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [org.sonarsource.php:sonar-php-plugin](https://github.com/SonarSource/sonar-php) from 3.38.0.12239 to 3.58.0.16263.
- [Release notes](https://github.com/SonarSource/sonar-php/releases)
- [Commits](SonarSource/sonar-php@3.38.0.12239...3.58.0.16263)

---
updated-dependencies:
- dependency-name: org.sonarsource.php:sonar-php-plugin
  dependency-version: 3.58.0.16263
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jun 12, 2026
@dependabot dependabot Bot added the java Pull requests that update java code label Jun 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

Status: Ready

Development

Successfully merging this pull request may close these issues.

1 participant