Skip to content

chore(deps): bump eslint-plugin-sonarjs from 4.1.0 to 4.2.0#26

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/eslint-plugin-sonarjs-4.2.0
Open

chore(deps): bump eslint-plugin-sonarjs from 4.1.0 to 4.2.0#26
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/eslint-plugin-sonarjs-4.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown
Contributor

Bumps eslint-plugin-sonarjs from 4.1.0 to 4.2.0.

Changelog

Sourced from eslint-plugin-sonarjs's changelog.

Release Guide

SonarJS currently has two distinct release targets:

Target Artifact Main workflow Notes
Standard SonarQube analyzer Maven/JAR release artifacts .github/workflows/automated-release.yml This is the normal SonarJS release flow.
SQAA (previously A3S) Docker image for LanguageAnalyzerService .github/workflows/docker-sqaa.yml Manual SQAA-only entry point and fallback.

Terminology

  • SQAA is the current name for what older docs and repository names still call A3S.
  • Some external identifiers still keep the legacy a3s name for compatibility. The important ones are:
    • the Docker repository path a3s/analysis/javascript
    • packages/grpc/src/proto/language_analyzer.proto with option java_package = "com.sonarsource.a3s.analyzer.grpc";
  • Do not rename those compatibility-sensitive identifiers as part of a routine release.

Standard SonarQube Analyzer Release

This is the regular SonarJS analyzer release. It produces the standard SonarQube analyzer artifacts and can also automate the SQAA handoff using the same build number.

Entry points

  1. Start .github/workflows/automated-release.yml.
  2. That workflow orchestrates the release and then calls .github/workflows/release.yml for the actual artifact publication.
  3. After the release succeeds, .github/workflows/bump-versions.yml opens the next development iteration PR.

What .github/workflows/automated-release.yml does

The SonarJS workflow is a thin wrapper around SonarSource/release-github-actions/.github/workflows/automated-release.yml@v1 with SonarJS-specific inputs:

  • project name SonarJS
  • plugin name javascript
  • Jira project JS
  • optional SQC and SQS integration PRs
  • optional SQAA integration, enabled in the SonarJS wrapper and implemented by a custom local workflow
  • SLVS, SLVSCODE, SLE, and SLI integration tickets enabled
  • the generic release-github-actions SQAA integration explicitly disabled, because SonarJS uses analysis/js_ts_image_tag instead of gradle/sonar-plugins.versions.toml

The reusable workflow performs the following steps:

  1. Freeze the target branch.
  2. Run the releasability checks with SonarSource/gh-action_releasability@v3.
  3. Resolve the release version with get-release-version.
  4. Resolve the Jira version with get-jira-version.
  5. Generate Jira-based release notes with get-jira-release-notes unless explicit notes were provided.
  6. Create the REL Jira ticket with create-jira-release-ticket.
  7. Publish the GitHub release with publish-github-release.
  8. Unfreeze the branch.
  9. Release the Jira version, create the next Jira version, and move the REL ticket to Technical Release Done.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [eslint-plugin-sonarjs](https://github.com/SonarSource/SonarJS) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/SonarSource/SonarJS/releases)
- [Changelog](https://github.com/SonarSource/SonarJS/blob/master/docs/RELEASE.md)
- [Commits](https://github.com/SonarSource/SonarJS/commits)

---
updated-dependencies:
- dependency-name: eslint-plugin-sonarjs
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants