Bump analyzer-commons and orchestrator versions; cleanup pom.xml (#1052)

andrea-guarino-sonarsource · web-flow · commit 5c084c00d42a · 2022-01-11T17:31:59.000+01:00
diff --git a/check-license-compliance.sh b/check-license-compliance.sh
@@ -3,4 +3,5 @@ set -euo pipefail
 
 # See https://xtranet.sonarsource.com/display/DEV/Open+Source+Licenses
 
-mvn org.codehaus.mojo:license-maven-plugin:aggregate-add-third-party
+mvn org.codehaus.mojo:license-maven-plugin:aggregate-add-third-party \
+  -Dlicense.overrideUrl=file://$(pwd)/override-dep-licenses.properties
diff --git a/override-dep-licenses.properties b/override-dep-licenses.properties
@@ -0,0 +1,4 @@
+# Override license defined in parent POM
+# See check-license-compatibility.sh
+
+com.google.code.gson--gson--2.8.9=apache_v2
diff --git a/pom.xml b/pom.xml
@@ -90,11 +90,12 @@
     <maven.project.version>2.2.1</maven.project.version>
     <mockito.version>3.9.0</mockito.version>
     <sonar.version>8.9.0.43852</sonar.version>
-    <sonar.orchestrator.version>3.35.1.2719</sonar.orchestrator.version>
-    <sonar-analyzer-commons.version>1.21.0.829</sonar-analyzer-commons.version>
+    <sonar.orchestrator.version>3.36.0.63</sonar.orchestrator.version>
+    <sonar-analyzer-commons.version>1.22.0.848</sonar-analyzer-commons.version>
     <sonarlint-core.version>6.0.0.32513</sonarlint-core.version>
     <sslr.version>1.23</sslr.version>
     <protobuf.version>3.17.3</protobuf.version>
+    <woodstox.version>6.2.7</woodstox.version>
   </properties>
 
   <dependencyManagement>
@@ -136,16 +137,12 @@
         <artifactId>sonar-regex-parsing</artifactId>
         <version>${sonar-analyzer-commons.version}</version>
       </dependency>
+      <!-- used by StaxParser, CoberturaParser and TestSuiteParser -->
       <dependency>
         <groupId>org.codehaus.staxmate</groupId>
         <artifactId>staxmate</artifactId>
         <version>2.0.1</version>
       </dependency>
-      <dependency>
-        <groupId>org.sonarsource.orchestrator</groupId>
-        <artifactId>sonar-orchestrator</artifactId>
-        <version>${sonar.orchestrator.version}</version>
-      </dependency>
       <dependency>
         <groupId>commons-lang</groupId>
         <artifactId>commons-lang</artifactId>
@@ -156,18 +153,25 @@
         <artifactId>commons-io</artifactId>
         <version>${commons.io.version}</version>
       </dependency>
+      <!-- used by StaxParser and CoberturaParser -->
       <dependency>
         <groupId>org.codehaus.woodstox</groupId>
         <artifactId>woodstox-core-lgpl</artifactId>
         <version>${woodstox.version}</version>
       </dependency>
       <dependency>
-        <groupId>ch.qos.logback</groupId>
-        <artifactId>logback-classic</artifactId>
-        <version>${logback.version}</version>
+        <groupId>com.google.guava</groupId>
+        <artifactId>guava</artifactId>
+        <version>30.1.1-jre</version>
       </dependency>
 
       <!-- test dependencies -->
+      <dependency>
+        <groupId>org.sonarsource.orchestrator</groupId>
+        <artifactId>sonar-orchestrator</artifactId>
+        <version>${sonar.orchestrator.version}</version>
+        <scope>test</scope>
+      </dependency>
       <dependency>
         <groupId>org.sonarsource.sonarqube</groupId>
         <artifactId>sonar-testing-harness</artifactId>
@@ -211,26 +215,25 @@
         <scope>provided</scope>
       </dependency>
       <dependency>
-        <groupId>com.google.guava</groupId>
-        <artifactId>guava</artifactId>
-        <version>30.1.1-jre</version>
+        <groupId>ch.qos.logback</groupId>
+        <artifactId>logback-classic</artifactId>
+        <version>${logback.version}</version>
+        <scope>test</scope>
       </dependency>
-
-
-      <!-- provided dependencies -->
       <dependency>
         <groupId>org.sonarsource.sonarqube</groupId>
-        <artifactId>sonar-plugin-api</artifactId>
+        <artifactId>sonar-plugin-api-impl</artifactId>
         <version>${sonar.version}</version>
-        <scope>provided</scope>
+        <scope>test</scope>
       </dependency>
+
+      <!-- provided dependencies -->
       <dependency>
         <groupId>org.sonarsource.sonarqube</groupId>
-        <artifactId>sonar-plugin-api-impl</artifactId>
+        <artifactId>sonar-plugin-api</artifactId>
         <version>${sonar.version}</version>
-        <scope>test</scope>
+        <scope>provided</scope>
       </dependency>
-
     </dependencies>
   </dependencyManagement>
 
diff --git a/python-checks/src/test/resources/checks/regex/duplicatesInCharacterClassCheck.py b/python-checks/src/test/resources/checks/regex/duplicatesInCharacterClassCheck.py
@@ -81,8 +81,8 @@ def compliant(input):
     re.match(r"[aa", input)  # Check should not run on syntactically invalid regexen
     re.match(r"(?U)[\wä]", input)  # False negative because we don't support Unicode characters in \w and \W
     re.match(r"[[a-z&&b-e]c]", input)  # FN because we don't support intersections
-    re.match(r"(?i)[A-_d-{]", input)  # FN because we ignore case insensitivity unless both ends of the ranges are letters
-    re.match(r"(?i)[A-z_]", input)  # FN because A-z gets misinterpreted as A-Za-z due to the way we handle case insensitivity
+    re.match(r"(?i)[A-_d-{]", input)  # Noncompliant
+    re.match(r"(?i)[A-z_]", input)  # Noncompliant
     re.match(r"[\abc]", input)
     re.match(r'[\s\'"\:\{\}\[\],&\*\#\?]', input)
     re.match(r"[0-9\\d]", input)  # Compliant
