Skip to content

build(deps-dev)(deps-dev): bump eslint-plugin-sonarjs from 4.1.0 to 4.2.0 in the development-dependencies group#2538

Merged
pethers merged 1 commit into
mainfrom
dependabot/npm_and_yarn/development-dependencies-6ac8210a80
Jul 14, 2026
Merged

build(deps-dev)(deps-dev): bump eslint-plugin-sonarjs from 4.1.0 to 4.2.0 in the development-dependencies group#2538
pethers merged 1 commit into
mainfrom
dependabot/npm_and_yarn/development-dependencies-6ac8210a80

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor

Bumps the development-dependencies group with 1 update: eslint-plugin-sonarjs.

Updates eslint-plugin-sonarjs from 4.1.0 to 4.2.0

Changelog

Sourced from eslint-plugin-sonarjs's changelog.

Release Guide

SonarJS currently has two distinct release targets:

Target Artifact Main workflow Notes
Standard SonarQube analyzer Maven/JAR release artifacts .github/workflows/automated-release.yml This is the normal SonarJS release flow.
SQAA (previously A3S) Docker image for LanguageAnalyzerService .github/workflows/docker-sqaa.yml Manual SQAA-only entry point and fallback.

Terminology

  • SQAA is the current name for what older docs and repository names still call A3S.
  • Some external identifiers still keep the legacy a3s name for compatibility. The important ones are:
    • the Docker repository path a3s/analysis/javascript
    • packages/grpc/src/proto/language_analyzer.proto with option java_package = "com.sonarsource.a3s.analyzer.grpc";
  • Do not rename those compatibility-sensitive identifiers as part of a routine release.

Standard SonarQube Analyzer Release

This is the regular SonarJS analyzer release. It produces the standard SonarQube analyzer artifacts and can also automate the SQAA handoff using the same build number.

Entry points

  1. Start .github/workflows/automated-release.yml.
  2. That workflow orchestrates the release and then calls .github/workflows/release.yml for the actual artifact publication.
  3. After the release succeeds, .github/workflows/bump-versions.yml opens the next development iteration PR.

What .github/workflows/automated-release.yml does

The SonarJS workflow is a thin wrapper around SonarSource/release-github-actions/.github/workflows/automated-release.yml@v1 with SonarJS-specific inputs:

  • project name SonarJS
  • plugin name javascript
  • Jira project JS
  • optional SQC and SQS integration PRs
  • optional SQAA integration, enabled in the SonarJS wrapper and implemented by a custom local workflow
  • SLVS, SLVSCODE, SLE, and SLI integration tickets enabled
  • the generic release-github-actions SQAA integration explicitly disabled, because SonarJS uses analysis/js_ts_image_tag instead of gradle/sonar-plugins.versions.toml

The reusable workflow performs the following steps:

  1. Freeze the target branch.
  2. Run the releasability checks with SonarSource/gh-action_releasability@v3.
  3. Resolve the release version with get-release-version.
  4. Resolve the Jira version with get-jira-version.
  5. Generate Jira-based release notes with get-jira-release-notes unless explicit notes were provided.
  6. Create the REL Jira ticket with create-jira-release-ticket.
  7. Publish the GitHub release with publish-github-release.
  8. Unfreeze the branch.
  9. Release the Jira version, create the next Jira version, and move the REL ticket to Technical Release Done.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the development-dependencies group with 1 update: [eslint-plugin-sonarjs](https://github.com/SonarSource/SonarJS).


Updates `eslint-plugin-sonarjs` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/SonarSource/SonarJS/releases)
- [Changelog](https://github.com/SonarSource/SonarJS/blob/master/docs/RELEASE.md)
- [Commits](https://github.com/SonarSource/SonarJS/commits)

---
updated-dependencies:
- dependency-name: eslint-plugin-sonarjs
  dependency-version: 4.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Dependency updates javascript JavaScript dependencies labels Jul 14, 2026
@dependabot
dependabot Bot requested a review from pethers as a code owner July 14, 2026 18:50
@dependabot dependabot Bot added dependencies Dependency updates javascript JavaScript dependencies labels Jul 14, 2026
@github-actions github-actions Bot added the infrastructure CI/CD and build infrastructure label Jul 14, 2026
@pethers
pethers merged commit 2e5b3c3 into main Jul 14, 2026
15 checks passed
@pethers
pethers deleted the dependabot/npm_and_yarn/development-dependencies-6ac8210a80 branch July 14, 2026 19:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Dependency updates infrastructure CI/CD and build infrastructure javascript JavaScript dependencies

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant