Merge pull request #1556 from forcedotcom/release-4.4.0

RELEASE: @W-16095971@: Conducting v4.4.0 release.

Author: jfeingold35

.eslintrc.json

@@ -13,5 +13,8 @@
 	},
 	"plugins": [
 		"@typescript-eslint"
-	]
+	],
+	"rules": {
+		"sf-plugin/only-extend-SfCommand": "off"
+	}
 }

.github/workflows/create-release-branch.yml

@@ -144,7 +144,9 @@ jobs:
           NEW_VERSION=$(jq -r ".version" package.json)
           git checkout -b release-$NEW_VERSION
           git push --set-upstream origin release-$NEW_VERSION
-          # Output the branch name so we can use it in later jobs.
+          # Now that we're done with the interim branch, delete it.
+          git push -d origin ${NEW_VERSION}-interim
+          # Output the release branch name so we can use it in later jobs.
           echo "branch_name=release-$NEW_VERSION" >> "$GITHUB_OUTPUT"
   # Run all the various tests against the newly created branch.
   test-release-branch:

cli-messaging/build.gradle.kts

@@ -18,7 +18,7 @@ dependencies {
     exclude("junit")
   }
   implementation("com.google.code.gson:gson:2.10.1")
-  implementation("com.google.guava:guava:31.1-jre")
+  implementation("com.google.guava:guava:33.2.1-jre")
 
   testImplementation("org.hamcrest:hamcrest:2.2")
   testImplementation("org.junit.jupiter:junit-jupiter-api:5.9.2")

html-templates/simple.mustache

@@ -65,7 +65,7 @@
 	<script type="text/javascript" language="javascript"
 		src="https://cdn.datatables.net/1.10.21/js/jquery.dataTables.min.js"></script>
 	<script type="text/javascript" language="javascript" src="https://cdn.datatables.net/rowgroup/1.1.2/js/dataTables.rowGroup.min.js"></script>
-    <script type="text/javascript" language="javascript" src="https://cdn.jsdelivr.net/npm/[email protected]/dist/Chart.min.js"></script>
+	<script type="text/javascript" language="javascript" src="https://cdn.jsdelivr.net/npm/[email protected]/dist/Chart.min.js"></script>
 	<script type="text/javascript" class="init">
 
 	// BEGIN - Placeholders filled in by the scanner
@@ -294,11 +294,12 @@
 			});
 		});
 	</script>
+	<title>Salesforce Code Analyzer Report</title>
 </head>
 
 <body>
     <h1 id="reportTitle">Salesforce Code Analyzer Report</h1>
-	<div id="summaryChart"/></div>
+	<div id="summaryChart"></div>
 	<h4 id="summaryFiles"></h4>
 	<h4 id="summaryViolations"></h4>
 	<div class="fw-container">
@@ -319,7 +320,7 @@
 							<th>End Column</th>
 						</tr>
 					</thead>
-					<tbody/>
+					<tbody></tbody>
 				</table>
 			</div>
 		</div>

messages/RetireJsEngine.md

@@ -0,0 +1,11 @@
+# error.couldNotGetZipEntries
+
+Failed to get entries from ZIP file %s. Reason: %s.
+
+# error.couldNotReadEntryData
+
+Failed to read contents of entry %s in ZIP file %s. Reason: %s.
+
+# error.couldNotExtractZip
+
+Failed to extract ZIP file %s. Reason: %s.

messages/run-common.md

@@ -74,10 +74,6 @@ The selected output format doesn't match the output file type. Output format: %s
 
 --projectdir must specify existing paths
 
-# validations.noFilesFoundInTarget
-
-No files were found in the target. --target must contain at least one file.
-
 # info.resolvedTarget
 
 The --target flag wasn't specified so the default target '.' will be used.

package.json

@@ -1,7 +1,7 @@
 {
 	"name": "@salesforce/sfdx-scanner",
 	"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
-	"version": "4.3.2",
+	"version": "4.4.0",
 	"author": "Salesforce Code Analyzer Team",
 	"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
 	"dependencies": {

pmd-appexchange/docs/AvoidCreateElementScriptLinkTag.md

@@ -10,7 +10,9 @@ AvoidCreateElementScriptLinkTag[](#avoidcreateelementscriptlinktag)
 
 **Description:**
 
-   Detects dynamic creation of script or link tags
+Detects dynamic creation of script or link tags
+Note: This rule identifies the `<script>` block where `createElement` is detected; but can only show the line number where the `<script>` tag begins and not the line number for `createElement`.
+That means if there are multiple `createElement` calls with `script` as input, you'll see multiple issues reported with the line number of the `<script>` tag. This is a known issue; developers are expected to go through the `<script>` block to identify the use of `createElement`
 
 **Example(s):**
 

pmd-appexchange/docs/AvoidDisableProtocolSecurity.md

@@ -0,0 +1,18 @@
+AvoidDisableProtocolSecurity[](#avoiddisableprotocolsecurity)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Protocol security setting is disabled
+
+
+**Priority:** Medium (3)
+
+**Description:**
+
+   Detects if "Disable Protocol Security" setting is checked/true
+
+**Example(s):**
+
+   
+

pmd-appexchange/docs/AvoidHardCodedCredentialsInAura.md

@@ -0,0 +1,18 @@
+AvoidHardCodedCredentialsInAura[](#avoidhardcodedcredentialsinaura)
+------------------------------------------------------------------------------------------------------------------------------------------------------
+
+**Violation:**
+
+   Detected use of hard coded credentials in Aura component
+
+
+**Priority:** High (2)
+
+**Description:**
+
+   Detected use of hard coded credentials in Aura component
+
+**Example(s):**
+
+   
+