Release notes
*Sourced from [Microsoft.CodeAnalysis.Analyzers's releases](https://github.com/dotnet/roslyn-analyzers/releases).*
> ## v2.9.7
> Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Works with VS 2017.9 or later.
>
> Contains following important changes on top of the v2.9.6 release
>
> ### Fixes
> - CA5390: Do Not Hard Code Encryption Key -- improved performance
> - Rules tracking property values -- now handling assignments such as `foo.Bar = Singletons.Bar ?? throw new Exception();`
> ### Added
> - Security
> - CA5401: Do not use CreateEncryptor with non-default IV
> - CA5402: Use CreateEncryptor with the default IV
> - CA5403: Do not hard-code certificate
Commits
- [`89f1193`](https://github.com/dotnet/roslyn-analyzers/commit/89f1193364ef535a508f63e89d7c0e701b52c45c) Merge pull request [#2987](https://github-redirect.dependabot.com/dotnet/roslyn-analyzers/issues/2987) from LLLXXXCCC/DoNotHardCodeEncryptionKey
- [`f8fdccd`](https://github.com/dotnet/roslyn-analyzers/commit/f8fdccd67f1eb34c9fb2363d42a87c0c46607d6b) Fix formatting error.
- [`fe462a4`](https://github.com/dotnet/roslyn-analyzers/commit/fe462a4eee9a5334c8ec10bbf5630e9ad956bc1c) Merge branch '2.9.x' into DoNotHardCodeEncryptionKey
- [`3a1d5a0`](https://github.com/dotnet/roslyn-analyzers/commit/3a1d5a0af8dc31076eeb16d785bcc004899b53ca) Remove constant char array out of SourceInfos.
- [`e410fcd`](https://github.com/dotnet/roslyn-analyzers/commit/e410fcde097ea33c75578828f8b2588cc37d0122) Merge pull request [#2981](https://github-redirect.dependabot.com/dotnet/roslyn-analyzers/issues/2981) from dotpaul/bump
- [`66de91a`](https://github.com/dotnet/roslyn-analyzers/commit/66de91a8e2460c2471f9facb6686e6d2390f8a78) Addressing review feedback
- [`0163821`](https://github.com/dotnet/roslyn-analyzers/commit/0163821e0a8adae731b9cbec61d082f1e8743975) Post-release activities for 2.9.6
- [`aa3797e`](https://github.com/dotnet/roslyn-analyzers/commit/aa3797e74bd539d05e00d0a7e9e8f3c5be87169c) Merge pull request [#2967](https://github-redirect.dependabot.com/dotnet/roslyn-analyzers/issues/2967) from dotpaul/cherrypick
- [`f21d049`](https://github.com/dotnet/roslyn-analyzers/commit/f21d049feaf49718d094f513e8d63cc8af2424f8) Fix violations of RS0030 (Do not used banned APIs)
- [`c72c633`](https://github.com/dotnet/roslyn-analyzers/commit/c72c633d630e85e5c3998348b708f6b65810693b) Move version number to Versions.props
- Additional commits viewable in [compare view](https://github.com/dotnet/roslyn-analyzers/compare/v2.9.6...v2.9.7)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Bumps Microsoft.CodeAnalysis.Analyzers from 2.9.6 to 2.9.7.
Release notes
*Sourced from [Microsoft.CodeAnalysis.Analyzers's releases](https://github.com/dotnet/roslyn-analyzers/releases).* > ## v2.9.7 > Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Works with VS 2017.9 or later. > > Contains following important changes on top of the v2.9.6 release > > ### Fixes > - CA5390: Do Not Hard Code Encryption Key -- improved performance > - Rules tracking property values -- now handling assignments such as `foo.Bar = Singletons.Bar ?? throw new Exception();` > ### Added > - Security > - CA5401: Do not use CreateEncryptor with non-default IV > - CA5402: Use CreateEncryptor with the default IV > - CA5403: Do not hard-code certificateCommits
- [`89f1193`](https://github.com/dotnet/roslyn-analyzers/commit/89f1193364ef535a508f63e89d7c0e701b52c45c) Merge pull request [#2987](https://github-redirect.dependabot.com/dotnet/roslyn-analyzers/issues/2987) from LLLXXXCCC/DoNotHardCodeEncryptionKey - [`f8fdccd`](https://github.com/dotnet/roslyn-analyzers/commit/f8fdccd67f1eb34c9fb2363d42a87c0c46607d6b) Fix formatting error. - [`fe462a4`](https://github.com/dotnet/roslyn-analyzers/commit/fe462a4eee9a5334c8ec10bbf5630e9ad956bc1c) Merge branch '2.9.x' into DoNotHardCodeEncryptionKey - [`3a1d5a0`](https://github.com/dotnet/roslyn-analyzers/commit/3a1d5a0af8dc31076eeb16d785bcc004899b53ca) Remove constant char array out of SourceInfos. - [`e410fcd`](https://github.com/dotnet/roslyn-analyzers/commit/e410fcde097ea33c75578828f8b2588cc37d0122) Merge pull request [#2981](https://github-redirect.dependabot.com/dotnet/roslyn-analyzers/issues/2981) from dotpaul/bump - [`66de91a`](https://github.com/dotnet/roslyn-analyzers/commit/66de91a8e2460c2471f9facb6686e6d2390f8a78) Addressing review feedback - [`0163821`](https://github.com/dotnet/roslyn-analyzers/commit/0163821e0a8adae731b9cbec61d082f1e8743975) Post-release activities for 2.9.6 - [`aa3797e`](https://github.com/dotnet/roslyn-analyzers/commit/aa3797e74bd539d05e00d0a7e9e8f3c5be87169c) Merge pull request [#2967](https://github-redirect.dependabot.com/dotnet/roslyn-analyzers/issues/2967) from dotpaul/cherrypick - [`f21d049`](https://github.com/dotnet/roslyn-analyzers/commit/f21d049feaf49718d094f513e8d63cc8af2424f8) Fix violations of RS0030 (Do not used banned APIs) - [`c72c633`](https://github.com/dotnet/roslyn-analyzers/commit/c72c633d630e85e5c3998348b708f6b65810693b) Move version number to Versions.props - Additional commits viewable in [compare view](https://github.com/dotnet/roslyn-analyzers/compare/v2.9.6...v2.9.7)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)