Bump Microsoft.CodeAnalysis.FxCopAnalyzers from 2.6.3 to 2.9.8

Bumps Microsoft.CodeAnalysis.FxCopAnalyzers from 2.6.3 to 2.9.8.

Release notes

*Sourced from [Microsoft.CodeAnalysis.FxCopAnalyzers's releases](https://github.com/dotnet/roslyn-analyzers/releases).* > ## v2.9.8 > Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Works with VS 2017.9 or later. > > Contains the following important changes on top of the v2.9.7 release. > > ### Fixes > - Fixed performance regression for most analyzers relying on tainted data analysis. Affects rules CA3001-CA3012 and CA5389. > - Improved performance for dataflow analysis rules. > > ## v2.9.7 > Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Works with VS 2017.9 or later. > > Contains following important changes on top of the v2.9.6 release > > ### Fixes > - CA5390: Do Not Hard Code Encryption Key -- improved performance > - Rules tracking property values -- now handling assignments such as `foo.Bar = Singletons.Bar ?? throw new Exception();` > ### Added > - Security > - CA5401: Do not use CreateEncryptor with non-default IV > - CA5402: Use CreateEncryptor with the default IV > - CA5403: Do not hard-code certificate > > ## v2.9.6 > Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Works with VS 2017.9 or later. > > Contains following important bug fix on top of v2.9.5 release: > > - CA2246: https://github-redirect.dependabot.com/dotnet/roslyn-analyzers/issues/2889: AD0001 - NullReferenceException when running CA2246 > > ## v2.9.5 > Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Works with VS 2017.9 or later. > > Contains following important changes on top of v2.9.4 release > > ### Bug Fixes > - **Critical Performance:** Fixed memory leak in flow analysis results cache which leads to OOM exceptions and crashes on large solution. This is applicable for all rules > - **Critical Reliability:** Hardened all the analyzers and fixers from crashes due to `Single` or `SingleOrDefault` invocations. > - CA1065: Fixed false positives caused by breaking changes in the IOperation tree shape for throw operations. > - CA1067: Fixed false positives. > - CA1708: Fix high memory allocations in the rule implementation > - CA1721: Fixed false positives. > - CA2000: Fixed false positives > - CA2234: Fixed false positives > - CA2327: Do not use insecure JsonSerializerSettings -- Fixed InvalidCastException > - CA3147: Mark verb handlers with ValidateAntiForgeryToken -- Now handles Task-based ASP.NET MVC controller action methods > - CA3075: Insecure DTD processing in XML -- Fixed NullReferenceException. > - CA3076: Insecure XSLT script processing -- Fixed ArgumentOutOfRangeException. > - CA5390: Do Not Hard Code Encryption Key -- Treats Encoding.GetBytes() as a potentially hardcoded key. Also considers newer .NET Core 3.0 AesGcm and AesCcm APIs. > > ... (truncated)

Commits

- [`1d07ec7`](https://github.com/dotnet/roslyn-analyzers/commit/1d07ec78d0094b99c4f9f21864bb811e44344b99) Merge pull request [#3062](https://github-redirect.dependabot.com/dotnet/roslyn-analyzers/issues/3062) from dotpaul/fix - [`f2d5870`](https://github.com/dotnet/roslyn-analyzers/commit/f2d5870916d8d73d8593de98f8bc866b8e850be0) Lazily creating CFG - [`070f56b`](https://github.com/dotnet/roslyn-analyzers/commit/070f56b5b17fcd3303dd272bfae51288d0beffdf) Merge pull request [#3050](https://github-redirect.dependabot.com/dotnet/roslyn-analyzers/issues/3050) from LLLXXXCCC/RemoveExtraValueContentAnalysis - [`1a63d89`](https://github.com/dotnet/roslyn-analyzers/commit/1a63d893f974acfbccc3d6d0d04518d9f60ca6e5) Merge pull request [#3058](https://github-redirect.dependabot.com/dotnet/roslyn-analyzers/issues/3058) from mavasani/PerfFixes - [`e6b0441`](https://github.com/dotnet/roslyn-analyzers/commit/e6b0441fa87e5a7534f23adf7e9e2d941501ee8d) Use update instead of Add invocation to handle existing keys - [`3a02a74`](https://github.com/dotnet/roslyn-analyzers/commit/3a02a748bdd3b96a7fde93e1e14298155cbb4a1f) Track the reachable PointsTo values during PointsToAnalysis to ensure that ne... - [`4e94ce4`](https://github.com/dotnet/roslyn-analyzers/commit/4e94ce44b419afd09c571b9462f1300a302502ad) Add more unit tests - couple of these pass prior to this fix and fail with th... - [`efd756e`](https://github.com/dotnet/roslyn-analyzers/commit/efd756e6b97966aa515a68556ea13833731e9e96) Refactor TrackedEntitiesBuilder to not expose the underlying tracked entities... - [`3794cc9`](https://github.com/dotnet/roslyn-analyzers/commit/3794cc9c75e900e33de0c3a0f7c087e02745a1b4) Further optimization to delay merging values until required - [`5f67d69`](https://github.com/dotnet/roslyn-analyzers/commit/5f67d699e066d9c0f4bd1c1ed87e71161ff70728) Performance fix for AnalysisEntityMapAbstractDomain.Merge algorithm - Additional commits viewable in [compare view](https://github.com/dotnet/roslyn-analyzers/compare/v2.6.3...v2.9.8)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in the `.dependabot/config.yml` file in this repo: - Update frequency - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

unoplatform / uado

Bump Microsoft.CodeAnalysis.FxCopAnalyzers from 2.6.3 to 2.9.8 #185