Remove .NET 3.5 dependency from SonarAnalyzer.sln

[Corniel]

When I try to build the SonarAnalyzer.sln locally that fails (I recently got a new PC, on my previous one it worked). There are a lot of issues, But the big on seems to be that I didn't install the .NET 3.5 SDK (SP1). I tried, and didn't work (I rebooted because I was asked to, but no result). I successfully installed the 3.5 developer tools.

The more fundamental issue here, however, is obviously that I think that a solution like SonarAnalyzer should not depend on .NET 3.5 anymore (introduced in 2007), as we're in 2020 now.

C:\code\sonar-dotnet\sonaranalyzer-dotnet> msbuild .\SonarAnalyzer.sln                                        
Microsoft (R) Build Engine version 16.4.0+e901037fe for .NET Framework                                                     
Copyright (C) Microsoft Corporation. All rights reserved.                                                                  

Building the projects in this solution one at a time. To enable parallel build, please add the "-m" switch.                
Build started 24/02/2020 14:07:58.                                                                                         
Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" on node 1 (default targets).                         
ValidateSolutionConfiguration:                                                                                             
  Building solution configuration "Debug|Any CPU".                                                                         
Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (1) is building "C:\code\sonar-dotnet\sonaranalyzer- 
dotnet\src\SonarAnalyzer.Vsix\SonarAnalyzer.Vsix.csproj" (2) on node 1 (default targets).                                  
Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Vsix\SonarAnalyzer.Vsix.csproj" (2) is building "C:\c 
ode\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.VisualBasic\SonarAnalyzer.VisualBasic.csproj" (3:2) on node 1 (def 
ault targets).                                                                                                             
GenerateResxFromRspec:                                                                                                     
  Generating resx files from Rspec...                                                                                      
  %WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe -NonInteractive -ExecutionPolicy Unrestricted -command "  & { .. 
  \..\..\scripts\rspec\rspec2resx.ps1 vbnet  C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.VisualBasic\../.. 
  /rspec/vbnet C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.VisualBasic\RspecStrings.resx } "               
  ..\..\..\scripts\rspec\rspec2resx.ps1 : The term '..\..\..\scripts\rspec\rspec2resx.ps1' is not recognized as the name   
  of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included,      
  verify that the path is correct and try again.                                                                           
  At line:1 char:7                                                                                                         
  +   & { ..\..\..\scripts\rspec\rspec2resx.ps1 vbnet  C:\code\sonar-dotn ...                                              
  +       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                                                            
      + CategoryInfo          : ObjectNotFound: (..\..\..\scripts\rspec\rspec2resx.ps1:String) [], CommandNotFoundExcept   
     ion                                                                                                                   
      + FullyQualifiedErrorId : CommandNotFoundException                                                                   

C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.VisualBasic\SonarAnalyzer.VisualBasic.csproj : error NU1403: P 
ackage content hash validation failed for Microsoft.CodeAnalysis.Analyzers.1.1.0. The package is different than the last r 
estore.                                                                                                                    
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.VisualBasic\SonarAnalyzer.VisualBasic.csproj : error NU1403:   
Done Building Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.VisualBasic\SonarAnalyzer.VisualBasic.c 
sproj" (default targets) -- FAILED.                                                                                        

Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Vsix\SonarAnalyzer.Vsix.csproj" (2) is building "C:\c 
ode\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.CSharp\SonarAnalyzer.CSharp.csproj" (4:2) on node 1 (default targe 
ts).                                                                                                                       
GenerateResxFromRspec:                                                                                                     
  Generating resx files from Rspec...                                                                                      
  %WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe -NonInteractive -ExecutionPolicy Unrestricted -command "  & { .. 
  \..\..\scripts\rspec\rspec2resx.ps1 cs  C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.CSharp\../../rspec/c 
  s C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.CSharp\RspecStrings.resx } "                               
  ..\..\..\scripts\rspec\rspec2resx.ps1 : The term '..\..\..\scripts\rspec\rspec2resx.ps1' is not recognized as the name   
  of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included,      
  verify that the path is correct and try again.                                                                           
  At line:1 char:7                                                                                                         
  +   & { ..\..\..\scripts\rspec\rspec2resx.ps1 cs  C:\code\sonar-dotnet\ ...                                              
  +       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                                                            
      + CategoryInfo          : ObjectNotFound: (..\..\..\scripts\rspec\rspec2resx.ps1:String) [], CommandNotFoundExcept   
     ion                                                                                                                   
      + FullyQualifiedErrorId : CommandNotFoundException                                                                   

FetchCBDEBinaries:                                                                                                         
  windows\dotnet-symbolic-execution.exe: binaries exist? True                                                              
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.CSharp\SonarAnalyzer.CSharp.csproj : error NU1403: Package con 
tent hash validation failed for Microsoft.CodeAnalysis.Analyzers.1.1.0. The package is different than the last restore.    
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.CSharp\SonarAnalyzer.CSharp.csproj : error NU1403:             
Done Building Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.CSharp\SonarAnalyzer.CSharp.csproj" (de 
fault targets) -- FAILED.                                                                                                  

Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Vsix\SonarAnalyzer.Vsix.csproj" (2) is building "C:\c 
ode\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Common\SonarAnalyzer.Common.csproj" (5:2) on node 1 (default targe 
ts).                                                                                                                       
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Common\SonarAnalyzer.Common.csproj : error NU1403: Package con 
tent hash validation failed for Microsoft.CodeAnalysis.Analyzers.1.1.0. The package is different than the last restore.    
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Common\SonarAnalyzer.Common.csproj : error NU1403:             
Done Building Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Common\SonarAnalyzer.Common.csproj" (de 
fault targets) -- FAILED.                                                                                                  

Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Vsix\SonarAnalyzer.Vsix.csproj" (2) is building "C:\c 
ode\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.CFG\SonarAnalyzer.CFG.csproj" (6:2) on node 1 (default targets).   
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.CFG\SonarAnalyzer.CFG.csproj : error NU1403: Package content h 
ash validation failed for Microsoft.CodeAnalysis.Analyzers.1.1.0. The package is different than the last restore.          
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.CFG\SonarAnalyzer.CFG.csproj : error NU1403:                   
Done Building Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.CFG\SonarAnalyzer.CFG.csproj" (default  
targets) -- FAILED.                                                                                                        

Done Building Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Vsix\SonarAnalyzer.Vsix.csproj" (defaul 
t targets) -- FAILED.                                                                                                      

Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (1) is building "C:\code\sonar-dotnet\sonaranalyzer- 
dotnet\src\SonarAnalyzer.Utilities\SonarAnalyzer.Utilities.csproj" (7) on node 1 (default targets).                        
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Utilities\SonarAnalyzer.Utilities.csproj : error NU1403: Packa 
ge content hash validation failed for Microsoft.CodeAnalysis.Analyzers.1.1.0. The package is different than the last resto 
re.                                                                                                                        
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Utilities\SonarAnalyzer.Utilities.csproj : error NU1403:       
Done Building Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Utilities\SonarAnalyzer.Utilities.cspro 
j" (default targets) -- FAILED.                                                                                            

Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (1) is building "C:\code\sonar-dotnet\sonaranalyzer- 
dotnet\tests\SonarAnalyzer.UnitTest\SonarAnalyzer.UnitTest.csproj" (8) on node 1 (default targets).                        
Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\SonarAnalyzer.UnitTest\SonarAnalyzer.UnitTest.csproj" (8) is buil 
ding "C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.RuleDescriptorGenerator\SonarAnalyzer.RuleDescriptorGene 
rator.csproj" (9:2) on node 1 (default targets).                                                                           
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.RuleDescriptorGenerator\SonarAnalyzer.RuleDescriptorGenerator. 
csproj : error NU1403: Package content hash validation failed for Microsoft.CodeAnalysis.Analyzers.1.1.0. The package is d 
ifferent than the last restore.                                                                                            
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.RuleDescriptorGenerator\SonarAnalyzer.RuleDescriptorGenerator. 
csproj : error NU1403:                                                                                                     
Done Building Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.RuleDescriptorGenerator\SonarAnalyzer.R 
uleDescriptorGenerator.csproj" (default targets) -- FAILED.                                                                

Done Building Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\SonarAnalyzer.UnitTest\SonarAnalyzer.UnitTest.cspro 
j" (default targets) -- FAILED.                                                                                            

Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (1) is building "C:\code\sonar-dotnet\sonaranalyzer- 
dotnet\its\ReviewDiffs\ReviewDiffs.csproj" (10) on node 1 (default targets).                                               
GenerateTargetFrameworkMonikerAttribute:                                                                                   
Skipping target "GenerateTargetFrameworkMonikerAttribute" because all output files are up-to-date with respect to the inpu 
t files.                                                                                                                   
CoreGenerateAssemblyInfo:                                                                                                  
Skipping target "CoreGenerateAssemblyInfo" because all output files are up-to-date with respect to the input files.        
CoreCompile:                                                                                                               
Skipping target "CoreCompile" because all output files are up-to-date with respect to the input files.                     
CopyFilesToOutputDirectory:                                                                                                
  ReviewDiffs -> C:\code\sonar-dotnet\sonaranalyzer-dotnet\its\ReviewDiffs\bin\Debug\netcoreapp2.1\ReviewDiffs.dll         
Done Building Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\its\ReviewDiffs\ReviewDiffs.csproj" (default targets).    

Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (1) is building "C:\code\sonar-dotnet\sonaranalyzer- 
dotnet\tests\CBDE\CBDEFails\CBDEFails.csproj" (11) on node 1 (default targets).                                            
GenerateBindingRedirects:                                                                                                  
  No suggested binding redirects from ResolveAssemblyReferences.                                                           
GenerateTargetFrameworkMonikerAttribute:                                                                                   
Skipping target "GenerateTargetFrameworkMonikerAttribute" because all output files are up-to-date with respect to the inpu 
t files.                                                                                                                   
CoreCompile:                                                                                                               
Skipping target "CoreCompile" because all output files are up-to-date with respect to the input files.                     
_CopyAppConfigFile:                                                                                                        
Skipping target "_CopyAppConfigFile" because all output files are up-to-date with respect to the input files.              
CopyFilesToOutputDirectory:                                                                                                
  CBDEFails -> C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\CBDE\CBDEFails\bin\Debug\CBDEFails.exe                      
Done Building Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\CBDE\CBDEFails\CBDEFails.csproj" (default targets). 

Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (1) is building "C:\code\sonar-dotnet\sonaranalyzer- 
dotnet\tests\CBDE\CBDESucceedsWithIncorrectResults\CBDESucceedsWithIncorrectResults.csproj" (12) on node 1 (default target 
s).                                                                                                                        
Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\CBDE\CBDESucceedsWithIncorrectResults\CBDESucceedsWithIncorrectRe 
sults.csproj" (12) is building "C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\CBDE\CBDEArguments\CBDEArguments.csproj" ( 
13:2) on node 1 (default targets).                                                                                         
GenerateTargetFrameworkMonikerAttribute:                                                                                   
Skipping target "GenerateTargetFrameworkMonikerAttribute" because all output files are up-to-date with respect to the inpu 
t files.                                                                                                                   
CoreCompile:                                                                                                               
Skipping target "CoreCompile" because all output files are up-to-date with respect to the input files.                     
CopyFilesToOutputDirectory:                                                                                                
  CBDEArguments -> C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\CBDE\CBDEArguments\bin\Debug\CBDEArguments.dll          
Done Building Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\CBDE\CBDEArguments\CBDEArguments.csproj" (default t 
argets).                                                                                                                   

GenerateBindingRedirects:                                                                                                  
  No suggested binding redirects from ResolveAssemblyReferences.                                                           
GenerateTargetFrameworkMonikerAttribute:                                                                                   
Skipping target "GenerateTargetFrameworkMonikerAttribute" because all output files are up-to-date with respect to the inpu 
t files.                                                                                                                   
CoreCompile:                                                                                                               
Skipping target "CoreCompile" because all output files are up-to-date with respect to the input files.                     
_CopyFilesMarkedCopyLocal:                                                                                                 
  Touching "C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\CBDE\CBDESucceedsWithIncorrectResults\obj\Debug\CBDESucceedsWi 
  thIncorrectResults.csproj.CopyComplete".                                                                                 
_CopyAppConfigFile:                                                                                                        
Skipping target "_CopyAppConfigFile" because all output files are up-to-date with respect to the input files.              
CopyFilesToOutputDirectory:                                                                                                
  CBDESucceedsWithIncorrectResults -> C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\CBDE\CBDESucceedsWithIncorrectResult 
  s\bin\Debug\CBDESucceedsWithIncorrectResults.exe                                                                         
Done Building Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\CBDE\CBDESucceedsWithIncorrectResults\CBDESucceedsW 
ithIncorrectResults.csproj" (default targets).                                                                             

Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (1) is building "C:\code\sonar-dotnet\sonaranalyzer- 
dotnet\tests\XXE\Mscorlib3.5Mock\mscorlib.csproj" (14) on node 1 (default targets).                                        
C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets 
(1175,5): error MSB3645: .NET Framework v3.5 Service Pack 1 was not found. In order to target ".NETFramework,Version=v3.5" 
, .NET Framework v3.5 Service Pack 1 or later must be installed. [C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\XXE\Msco 
rlib3.5Mock\mscorlib.csproj]                                                                                               
C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets 
(1175,5): error MSB3644: The reference assemblies for .NETFramework,Version=v3.5 were not found. To resolve this, install  
the Developer Pack (SDK/Targeting Pack) for this framework version or retarget your application. You can download .NET Fra 
mework Developer Packs at https://aka.ms/msbuild/developerpacks [C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\XXE\Mscor 
lib3.5Mock\mscorlib.csproj]                                                                                                
Done Building Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\XXE\Mscorlib3.5Mock\mscorlib.csproj" (default targe 
ts) -- FAILED.                                                                                                             

Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (1) is building "C:\code\sonar-dotnet\sonaranalyzer- 
dotnet\tests\XXE\Mscorlib4.0Mock\mscorlib.csproj" (15) on node 1 (default targets).                                        
GenerateTargetFrameworkMonikerAttribute:                                                                                   
Skipping target "GenerateTargetFrameworkMonikerAttribute" because all output files are up-to-date with respect to the inpu 
t files.                                                                                                                   
CoreGenerateAssemblyInfo:                                                                                                  
Skipping target "CoreGenerateAssemblyInfo" because all output files are up-to-date with respect to the input files.        
CoreCompile:                                                                                                               
Skipping target "CoreCompile" because all output files are up-to-date with respect to the input files.                     
CopyFilesToOutputDirectory:                                                                                                
  mscorlib -> C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\XXE\Mscorlib4.0Mock\bin\Debug\net40\mscorlib.dll             
Done Building Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\XXE\Mscorlib4.0Mock\mscorlib.csproj" (default targe 
ts).                                                                                                                       

Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (1) is building "C:\code\sonar-dotnet\sonaranalyzer- 
dotnet\tests\XXE\Mscorlib4.0MockWithIo\mscorlib.csproj" (16) on node 1 (default targets).                                  
GenerateTargetFrameworkMonikerAttribute:                                                                                   
Skipping target "GenerateTargetFrameworkMonikerAttribute" because all output files are up-to-date with respect to the inpu 
t files.                                                                                                                   
CoreGenerateAssemblyInfo:                                                                                                  
Skipping target "CoreGenerateAssemblyInfo" because all output files are up-to-date with respect to the input files.        
CoreCompile:                                                                                                               
Skipping target "CoreCompile" because all output files are up-to-date with respect to the input files.                     
CopyFilesToOutputDirectory:                                                                                                
  mscorlib -> C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\XXE\Mscorlib4.0MockWithIo\bin\Debug\net40\mscorlib.dll       
Done Building Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\XXE\Mscorlib4.0MockWithIo\mscorlib.csproj" (default 
 targets).                                                                                                                 

Done Building Project "C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (default targets) -- FAILED.           

Build FAILED.                                                                                                              

"C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (default target) (1) ->                                      
"C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Vsix\SonarAnalyzer.Vsix.csproj" (default target) (2) ->       
"C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.VisualBasic\SonarAnalyzer.VisualBasic.csproj" (default target 
) (3:2) ->                                                                                                                 
(ResolvePackageAssets target) ->                                                                                           
  C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.VisualBasic\SonarAnalyzer.VisualBasic.csproj : error NU1403: 
 Package content hash validation failed for Microsoft.CodeAnalysis.Analyzers.1.1.0. The package is different than the last 
 restore.                                                                                                                  
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.VisualBasic\SonarAnalyzer.VisualBasic.csproj : error NU1403:   

"C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (default target) (1) ->                                      
"C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Vsix\SonarAnalyzer.Vsix.csproj" (default target) (2) ->       
"C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.CSharp\SonarAnalyzer.CSharp.csproj" (default target) (4:2) -> 
  C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.CSharp\SonarAnalyzer.CSharp.csproj : error NU1403: Package c 
ontent hash validation failed for Microsoft.CodeAnalysis.Analyzers.1.1.0. The package is different than the last restore.  
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.CSharp\SonarAnalyzer.CSharp.csproj : error NU1403:             

"C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (default target) (1) ->                                      
"C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Vsix\SonarAnalyzer.Vsix.csproj" (default target) (2) ->       
"C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Common\SonarAnalyzer.Common.csproj" (default target) (5:2) -> 
  C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Common\SonarAnalyzer.Common.csproj : error NU1403: Package c 
ontent hash validation failed for Microsoft.CodeAnalysis.Analyzers.1.1.0. The package is different than the last restore.  
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Common\SonarAnalyzer.Common.csproj : error NU1403:             

"C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (default target) (1) ->                                      
"C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Vsix\SonarAnalyzer.Vsix.csproj" (default target) (2) ->       
"C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.CFG\SonarAnalyzer.CFG.csproj" (default target) (6:2) ->       
  C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.CFG\SonarAnalyzer.CFG.csproj : error NU1403: Package content 
 hash validation failed for Microsoft.CodeAnalysis.Analyzers.1.1.0. The package is different than the last restore.        
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.CFG\SonarAnalyzer.CFG.csproj : error NU1403:                   

"C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (default target) (1) ->                                      
"C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Utilities\SonarAnalyzer.Utilities.csproj" (default target) (7 
) ->                                                                                                                       
  C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Utilities\SonarAnalyzer.Utilities.csproj : error NU1403: Pac 
kage content hash validation failed for Microsoft.CodeAnalysis.Analyzers.1.1.0. The package is different than the last res 
tore.                                                                                                                      
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.Utilities\SonarAnalyzer.Utilities.csproj : error NU1403:       

"C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (default target) (1) ->                                      
"C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\SonarAnalyzer.UnitTest\SonarAnalyzer.UnitTest.csproj" (default target) (8 
) ->                                                                                                                       
"C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.RuleDescriptorGenerator\SonarAnalyzer.RuleDescriptorGenerator 
.csproj" (default target) (9:2) ->                                                                                         
  C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.RuleDescriptorGenerator\SonarAnalyzer.RuleDescriptorGenerato 
r.csproj : error NU1403: Package content hash validation failed for Microsoft.CodeAnalysis.Analyzers.1.1.0. The package is 
 different than the last restore.                                                                                          
C:\code\sonar-dotnet\sonaranalyzer-dotnet\src\SonarAnalyzer.RuleDescriptorGenerator\SonarAnalyzer.RuleDescriptorGenerator. 
csproj : error NU1403:                                                                                                     

"C:\code\sonar-dotnet\sonaranalyzer-dotnet\SonarAnalyzer.sln" (default target) (1) ->                                      
"C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\XXE\Mscorlib3.5Mock\mscorlib.csproj" (default target) (14) ->             
(GetReferenceAssemblyPaths target) ->                                                                                      
  C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targe 
ts(1175,5): error MSB3645: .NET Framework v3.5 Service Pack 1 was not found. In order to target ".NETFramework,Version=v3. 
5", .NET Framework v3.5 Service Pack 1 or later must be installed. [C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\XXE\Ms 
corlib3.5Mock\mscorlib.csproj]                                                                                             
  C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targe 
ts(1175,5): error MSB3644: The reference assemblies for .NETFramework,Version=v3.5 were not found. To resolve this, instal 
l the Developer Pack (SDK/Targeting Pack) for this framework version or retarget your application. You can download .NET F 
ramework Developer Packs at https://aka.ms/msbuild/developerpacks [C:\code\sonar-dotnet\sonaranalyzer-dotnet\tests\XXE\Msc 
orlib3.5Mock\mscorlib.csproj]                                                                                              

    0 Warning(s)                                                                                                           
    8 Error(s)                                                                                                             

[andrei-epure-sonarsource]

This was introduced in this PR.

Rule S2755 detects XXE vulnerabilities (which got shipped in the latest release 8.4) depending on the target .NET Framework.

.NET Framework 3.5 Service Pack 1 Mainstream Support End Date is 10/10/2023 and Extended Support End Date is in October 2028. That means vulnerable applications are still out there, and we're here to help.

Lifecycle dates are applicable to .NET 3.5 SP1 when running on Windows 10 version 1809, Windows Server 2019 or later. On older versions of Windows, .NET 3.5 SP1 adopts the lifecycle of the underlying Windows OS. Support for the .NET Framework 3.x versions prior to 3.5 SP1 ended on July 12th, 2011. .NET 3.5 SP1 is the only supported service pack level after this date.

And given #3149, we will keep that dependency (we need it for regressions tests).

[andrei-epure-sonarsource]

I agree it's a bit annoying 😞

[andrei-epure-sonarsource]

although we should remove the dependency from the solution csproj (the UTs should not depend on that). to run the ITs, though, it will be necessary.

[Corniel]

@andrei-epure-sonarsource : Obviously, it is important to support .NET 3.5 for vulnerabilities. :) But, and that is my point, it is now hard (I didn't succeed yet) to build the solution and make contributions.