chore(deps, cpp): update sonarsource.sonarlint-vscode in devcontainer-metadata.json

[philips-software-forest-releaser]

Note

Before merging this PR, please conduct a manual test checking basic functionality of the updated plug-ins. There are limited automated tests for the VS Code Extension updates.

Updates sonarsource.sonarlint-vscode from 4.37.0 to 4.38.1

Release notes

• Bugfix - unable to verify authenticity of the downloaded CFamily analyzer

• Update Python analyzer 5.14.2 -> 5.15

• Update CFamily analyzer 6.75.1 -> 6.76

• Update Text & Secrets analyzer 2.34 -> 2.36

• Update C# analyzer 10.16.2 -> 10.17

• Update IaC analyzer 2.2 -> 2.3

• Update CFamily analyzer 6.73 -> 6.74

• Update IaC analyzer 1.52 -> 2.1

• Update JS/TS/CSS analyzer 11.5 -> 11.6

• Update Python analyzer 5.12 -> 5.13

• Update PHP analyzer 3.51 -> 3.52

• Update Go analyzer 1.29 -> 1.30

• Update Text & Secrets analyzer 2.32 -> 2.33

• Support .slnx projects

• Support one-click generation of Windsurf Cascade hooks for post-generation analysis (beta)

• Stop packaging OmniSharp in platform-specific builds on OpenVSX marketplace. As a workaround, download and install plugin from our releases page to keep analyzing C# code on non-Microsoft IDEs.

• Update IaC analyzer 1.51 -> 1.52

• Update Go analyzer 1.28 -> 1.29

• Update Java analyzer 8.19 -> 8.20

• Update Text & Secrets analyzer 2.31 -> 2.32

• Update IaC analyzer 1.50 -> 1.51

• Update PHP analyzer 3.49 -> 3.50 -> 3.51

• Update Text & Secrets analyzer 2.30 -> 2.31

• Update HTML analyzer 3.19 -> 3.20

• Update Python analyzer 5.11 -> 5.12

• Update JS/TS/CSS analyzer 11.4 -> 11.5, 58 new QuickFixes

• Allow one-click installation of SonarQube MCP Server

Update JS/TS/CSS analyzer 11.3 -> 11.4 -> 11.4.1, Update Node.js min required versions to "^20.12.0 || >=22.11.0"
Update IaC analyzer 1.49 -> 1.50
Update Go analyzer 1.27 -> 1.28
Update Text & Secrets analyzer 2.28 -> 2.29 -> 2.30
Update Python analyzer 5.9 -> 5.10 -> 5.11
Update CFamily analyzer 6.71 -> 6.72 -> 6.73
Update Java analyzer 8.18 -> 8.19

• SonarQube Cloud US region is now generally available

• Support displaying Dependency Risks in the IDE when connected to SonarQube Cloud for eligible organizations

• Update Python analyzer 5.8 -> 5.9

• Update Text & Secrets analyzer 2.27 -> 2.28

• Increase minimal supported VSCode version to 1.99.3

• Introduce ability to disable automatic (on-the-fly) analysis

• Stability improvements due to backend initialization refactoring

• Update CFamily analyzer 6.70 -> 6.71

• Update Java Symbolic Execution analyzer 8.16 -> 8.16.1

• Update Go analyzer 1.26 -> 1.27

• Update JS/TS/CSS analyzer 11.2 -> 11.3

• Update PHP analyzer 3.48 -> 3.49

• Enable analysis of GitHub Actions workflow files in Connected Mode

• Enable text analysis in Connected Mode

• Remove dead showAnalyzerLogs setting

• Update PHP analyzer 3.46 -> 3.47 -> 3.48

• Update Text & Secrets analyzer 2.26 -> 2.27

• Update Python analyzer 5.7 -> 5.8

• Update IaC analyzer 1.48 -> 1.49

• Improve accuracy of automatic binding suggestions

• Support displaying Dependency Risks in the IDE when connected to SonarQube Server versions starting 2025.4

• Update JS/TS/CSS analyzer 11.0 -> 11.1 -> 11.2, Update Node.js min required versions to "^18.20.0 || ^20.12.0 || >=22.11.0"

• Update Java analyzer 8.17 -> 8.18

• Update Python analyzer 5.6 -> 5.7, Individual rules can be suppressed by NOSONAR comment

• Update Go analyzer 1.25 -> 1.26

• Update text and secrets analyzer 2.25 -> 2.26

• Update CFamily analyzer 6.68 -> 6.69 -> 6.70

• Update IaC analyzer 1.47 -> 1.48

• Update C# analyzer 10.14 -> 10.15

• In addition to the traditional PROBLEMS view, it is now possible to browse all SonarQube issues in a dedicated SonarQube view

• Minimal supported Node.js version needed for JS/TS/CSS analysis is 18.20.0, 20.12.0, or 21.4.0

• Update Java analyzer 8.17 -> 8.17.1

• Update text and secrets analyzer 2.24 -> 2.25

• Update Python analyzer 5.5 -> 5.6

• Update C# analyzer 10.12 -> 10.13 -> 10.14

• Move Taint Vulnerabilities and Security Hotspots to a new, SonarQube view

• Update Java analyzer 8.15 -> 8.16 -> 8.17

• Update Go analyzer 1.24 ->1.25

• Update Java Symbolic Execution analyzer 8.15 -> 8.16

• Update JS/TS/CSS analyzer 10.24 -> 11.0

Bugfix release

• Update Python analyzer 5.4 -> 5.5

• Update CFamily analyzer 6.67 -> 6.68

• Update C# analyzer 10.11 -> 10.12

• Contribute Language Model Tools for Copilot Agent. Currently available tools are:

  • Help setting up Connected Mode
  • Exclude given file or folder from local analysis
  • List Security Hotspots detected in the file
  • Analyze a given file

• Update Go analyzer 1.23 -> 1.24

• Update Java analyzer 8.14 -> 8.15

• Update JS/TS/CSS analyzer 10.23 -> 10.24

• Update Go analyzer 1.22.1 -> 1.23 -> 1.23.1

• Update IaC analyzer 1.46 -> 1.47

• Update PHP analyzer 3.45 -> 3.46

• Update CFamily analyzer 6.66 -> 6.67

• Update Java analyzer 8.13 -> 8.14

• Update JS/TS/CSS analyzer 10.22 -> 10.23

• Update Text analyzer 2.22 -> 2.23 -> 2.24

• Update C# analyzer 10.9 -> 10.10 -> 10.10.1

• Update Python analyzer 5.3 -> 5.4

• Update Go analyzer 1.21.1 -> 1.22 -> 1.22.1

• Update IaC analyzer 1.45 -> 1.46

• Update Java analyzer 8.12 -> 8.13

• Update C# analyzer 10.8 -> 10.9

• Update CFamily analyzer 6.65 -> 6.66

• Update Python analyzer 5.2 -> 5.3

Bugfix release

• Update IaC analyzer 1.44 -> 1.45

• Update Java analyzer 8.11 -> 8.12

• Update XML analyzer 2.12 -> 2.13

• Update JS/TS/CSS analyzer 10.21 -> 10.22

• Update Go analyzer 1.21.0 -> 1.21.1

• Update C# analyzer 10.7 -> 10.8

• Update Go analyzer 1.20 -> 1.21

• Update Java analyzer 8.10 -> 8.11

• Update CFamily analyzer 6.64.1 -> 6.65

• Update Text analyzer 2.21.1 -> 2.22

• Prepare for the upcoming launch of the US region of SonarQube Cloud

• Update Go analyzer 1.19 -> 1.20

• Update CFamily analyzer 6.64 -> 6.64.1

• Update C# analyzer 10.6 -> 10.7

• Update PHP analyzer 3.44 -> 3.45

• Update IaC analyzer 1.43 -> 1.44

• Update Python analyzer 5.1.0 -> 5.2.0

• Update Text and Secrets analyzer 2.21.0 -> 2.21.1

• Update Python analyzer 4.26.0 -> 4.26.1 -> 5.0.0 -> 5.1.0

• Update HTML analyzer 3.18 -> 3.19

• Update XML analyzer 2.12.0 -> 2.12.1

• Update JS/TS/CSS analyzer 10.21.0 -> 10.21.1

• Update CFamily analyzer 6.63 -> 6.64

• Download CFamily analyzer separately after install

• Improve performance of git blame operations

• Update Go analyzer 1.18 -> 1.19

• Update PHP analyzer 3.42 -> 3.43 -> 3.44

• Update C# analyzer 10.4 -> 10.5 -> 10.6

• Update CFamily analyzer 6.62 -> 6.63

• Update IaC analyzer 1.41 -> 1.42 -> 1.43

• Update Text analyzer 2.20 -> 2.21

• Update Java analyzer 8.9 -> 8.10

• Update JS/TS/CSS analyzer 10.20 -> 10.21

• Update JS/TS/CSS analyzer 10.19 -> 10.20

• Update CFamily analyzer 6.61 -> 6.62

• Update PHP analyzer 3.40 -> 3.41 -> 3.42

• Update Java analyzer 8.7 -> 8.8 -> 8.9

• Update IaC analyzer 1.39 -> 1.40 -> 1.41

• Update Text analyzer 2.19 -> 2.20

• Update HTML analyzer 3.17 -> 3.18

• Update Python analyzer 4.24 -> 4.25 -> 4.26

• Update C# analyzer 10.3 -> 10.4

For full release notes, see JIRA

• Further performance improvements for JS/TS/CSS analysis
• Eliminate reliance on temporary folders for JS/TS/CSS analysis (some of .sonarlinttmp_* folders)
• Update JS/TS/CSS analyzer 10.18 -> 10.19

For full release notes, see JIRA

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	20		0	0	0.5s
✅ DOCKERFILE	hadolint	2		0	0	0.66s
✅ GHERKIN	gherkin-lint	6		0	0	2.36s
✅ JSON	npm-package-json-lint	yes		no	no	0.52s
✅ JSON	prettier	19	4	0	0	0.6s
✅ JSON	v8r	19		0	0	7.26s
✅ MARKDOWN	markdownlint	11	0	0	0	0.87s
✅ MARKDOWN	markdown-table-formatter	11	0	0	0	0.2s
✅ REPOSITORY	checkov	yes		no	no	17.3s
✅ REPOSITORY	gitleaks	yes		no	no	0.51s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	27.43s
✅ REPOSITORY	secretlint	yes		no	no	1.01s
✅ REPOSITORY	syft	yes		no	no	2.1s
✅ REPOSITORY	trivy	yes		no	no	5.95s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.24s
✅ REPOSITORY	trufflehog	yes		no	no	2.24s
⚠️ SPELL	lychee	77		1	0	11.72s
✅ YAML	prettier	28	0	0	0	1.0s
✅ YAML	v8r	28		0	0	8.11s
✅ YAML	yamllint	28		0	0	0.68s

Detailed Issues

⚠️ SPELL / lychee - 1 error

[ERROR] https://www.contributor-covenant.org/ | Network error: error sending request for url (https://www.contributor-covenant.org/)
[IGNORED] docker://pandoc/extra:3.7.0@sha256:a703d335fa237f8fc3303329d87e2555dca5187930da38bfa9010fa4e690933a | Unsupported: Error creating request client: builder error for url (docker://pandoc/extra:3.7.0@sha256:a703d335fa237f8fc3303329d87e2555dca5187930da38bfa9010fa4e690933a)
[IGNORED] https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer | Unsupported: Error creating request client: builder error for url (vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer)
📝 Summary
---------------------
🔍 Total..........126
✅ Successful.....123
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........0
❓ Unknown..........0
🚫 Errors...........1

Errors in .github/CODE_OF_CONDUCT.md
[ERROR] https://www.contributor-covenant.org/ | Network error: error sending request for url (https://www.contributor-covenant.org/)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx [email protected] --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,DOCKERFILE_HADOLINT,GHERKIN_GHERKIN_LINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-rust:edge ➔ ghcr.io/philips-software/amp-devcontainer-rust:pr-1060

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	548.01 MB	548.01 MB	+46 B (+0%)	🔼
linux/arm64	502.71 MB	502.72 MB	+6.2 kB (+0%)	🔼

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-cpp:edge ➔ ghcr.io/philips-software/amp-devcontainer-cpp:pr-1060

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	683.2 MB	683.2 MB	283 B (0%)	🔽
linux/arm64	665.11 MB	665.11 MB	139 B (0%)	🔽

[github-actions]

Test Results

 5 files  ±0   5 suites  ±0   3m 32s ⏱️ -6s
32 tests ±0  32 ✅ ±0  0 💤 ±0  0 ❌ ±0 
67 runs  ±0  67 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit ed37e77. ± Comparison against base commit 84513fc.

♻️ This comment has been updated with latest results.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Pull Request Report (#1060)

Static measures

Description	Value
Number of added lines	1
Number of deleted lines	1
Number of changed files	1
Number of commits	1
Number of reviews	1
Number of comments (w/o review comments)	5
Number of reviews that contains a comment to resolve	0
Number of reviews that requested a change from the author	0
Number of reviews that approved the Pull Request	1
Get the total number of participants of a Pull Request	4

Time related measures

Description	Value
PR lead time (from creation to close of PR)	8.2 Days
Time that was spend on the branch before the PR was created	0 Sec
Time that was spend on the branch before the PR was merged	1.2 Days
Time to merge after last review	16.6 Min

Status check related measures

Description	Value
Total runtime for last status check run (Workflow for PR)	38.1 Min
Total time spend in last status check run on PR	1.2 Days

[github-actions]

🎉 Hooray! The changes in this pull request went live with the release of v6.6.3 🎉