RELEASE @W-17615470@: Conducting v5.0.0 beta.1 release

.eslintrc.json

@@ -12,7 +12,10 @@
 		"project": "./tsconfig.json"
 	},
 	"rules": {
-		"@typescript-eslint/no-unused-vars": ["error", {"argsIgnorePattern": "^_"}],
+		"@typescript-eslint/no-unused-vars": ["error", {
+			"argsIgnorePattern": "^_",
+			"varsIgnorePattern": "^_",
+			"caughtErrorsIgnorePattern": "^_"}],
 		"@typescript-eslint/unbound-method": ["error", {"ignoreStatic":  true}]
 	},
 	"plugins": [

.github/ISSUE_TEMPLATE/0-code_analyzer_bug.yml

@@ -0,0 +1,128 @@
+name: Report a Bug with a code-analyzer command
+description: Report an issue with a code-analyzer command.
+title: "[BUG][code-analyzer] <YOUR_TITLE_HERE>"
+labels: []
+body:
+  - type: dropdown
+    attributes:
+      label: Have you tried to resolve this issue yourself first?
+      description: |
+        Oftentimes, you can resolve `code-analyzer` issues on your own. Follow these steps:
+        1. Read the error message.
+        2. Read [Salesforce Code Analyzer](https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/code-analyzer.html) documentation.
+        3. Double-check the command that you ran. Ensure that items like file names, method names, and category names are correctly spelled and cased.
+        4. Verify that your code is syntactically valid.
+        5. Verify that the error is reproducible on another machine.
+        6. Check open and closed [issues](https://github.com/forcedotcom/sfdx-scanner/issues) to see if your issue is already logged.
+
+        **I confirm that I have gone through these steps and still have an issue to report.**
+        <sup>(You must select "Yes" to create an issue.)</sup>
+      options:
+        - ''
+        - "Yes"
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Bug Description
+      description: Provide a clear and concise description of what the bug is and include the exact command that you ran.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Output / Logs
+      description: Attach any output or logs here
+      placeholder: |
+        Add log output here or drag files here.
+  - type: textarea
+    attributes:
+      label: Steps To Reproduce
+      description: List out the steps that you used to reproduce the bug behavior. Be as specific and clear as possible.
+      placeholder: |
+        1. I first do ...
+        2. Then I do ...
+        3. Lastly, I do ...
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected Behavior
+      description: Provide a clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Operating System
+      description: |
+        What is your machine's operating system?
+      placeholder: |
+        Example: MacOS Sonoma 14.4.1
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Salesforce CLI Version
+      description: |
+        What do you get from the command "sf --version"?
+      placeholder: |
+        Example: @salesforce/cli/2.40.7 darwin-arm64 node-v20.12.2
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Code Analyzer Plugin (code-analyzer) Version
+      description: |
+        What do you get from the command "sf plugins"?
+      placeholder: |
+        Example: code-analyzer 5.0.0-beta.0
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Node Version
+      description: |
+        What do you get from the command "node --version"?
+      placeholder: |
+        Example: v23.4.0
+    validations:
+      required: false
+  - type: input
+    attributes:
+      label: Java Version
+      description: |
+        What do you get from the command "java -version"?
+      placeholder: |
+        Example: openjdk version "11.0.17.0.1" 2022-10-18 LTS
+    validations:
+      required: false
+  - type: input
+    attributes:
+      label: Python Version
+      description: |
+        What do you get from the command "python --version"?
+      placeholder: |
+        Example: Python 3.11.8
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Additional Context (Screenshots, Files, etc)
+      description: Add any other context about the problem.
+      placeholder: |
+        Drag any files or screenshots you have here.
+  - type: textarea
+    attributes:
+      label: Workaround
+      description: What ways have you found to sidestep the problem? If you haven't found a workaround, what have you tried so far?
+  - type: dropdown
+    attributes:
+      label: Urgency
+      description: What is the severity of the problem?
+      options:
+        - Low
+        - Moderate
+        - High
+        - Critical
+      default: 0
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/0-scanner_run_bug.yml → .github/ISSUE_TEMPLATE/1-scanner_run_bug.yml

@@ -1,6 +1,6 @@
 name: Report a Bug with scanner run
 description: Report an issue with the scanner run command.
-title: "[BUG] <YOUR_TITLE_HERE>"
+title: "[BUG][scanner run] <YOUR_TITLE_HERE>"
 labels: []
 body:
 - type: dropdown

.github/ISSUE_TEMPLATE/1-scanner_run_dfa_bug.yml → .github/ISSUE_TEMPLATE/2-scanner_run_dfa_bug.yml

@@ -1,6 +1,6 @@
 name: Report a Bug with scanner run dfa
 description: Report an issue with the scanner run dfa command.
-title: "[BUG] <YOUR_TITLE_HERE>"
+title: "[BUG][scanner run dfa] <YOUR_TITLE_HERE>"
 labels: []
 body:
 - type: dropdown

.github/ISSUE_TEMPLATE/2-scanner_run_false_result.yml → .github/ISSUE_TEMPLATE/3-scanner_run_false_result.yml

@@ -1,6 +1,6 @@
 name: Report a False Result with scanner run
 description: Report false results in scanner run scan reports. If you're submitting your managed package for AppExchange security review, include documentation of your false results with your submission.
-title: "[False Result] <YOUR_TITLE_HERE>"
+title: "[False Result][scanner run] <YOUR_TITLE_HERE>"
 labels: []
 body:
 - type: dropdown

.github/ISSUE_TEMPLATE/3-scanner_run_dfa_false_result.yml → .github/ISSUE_TEMPLATE/4-scanner_run_dfa_false_result.yml

@@ -1,6 +1,6 @@
 name: Report a False Result with scanner run dfa
 description: Report false results returned in scanner run dfa scan reports. If you're submitting for AppExchange security review, include documentation of your false results with your submission.
-title: "[False Result] <YOUR_TITLE_HERE>"
+title: "[False Result][scanner run dfa] <YOUR_TITLE_HERE>"
 labels: []
 body:
 - type: textarea

.github/workflows/apply-npm-tag-to-version.yml

@@ -0,0 +1,54 @@
+name: apply-npm-tag-to-version
+on:
+  workflow_dispatch:
+    inputs:
+      package_name:
+        description: 'Select Package Name:'
+        required: true
+        type: choice
+        options:
+          - '@salesforce/plugin-code-analyzer'
+          - '@salesforce/sfdx-scanner'
+      tag_name:
+        description: 'Tag Name (ex: latest):'
+        required: true
+        type: string
+      version:
+        description: 'Version (ex: 4.8.0):'
+        required: true
+        type: string
+      confirm:
+        description: 'Check this box to confirm that you understand that applying a tag using this action is only recommended for emergency rollback situations and that you understand the consequences.'
+        required: true
+        type: boolean
+
+jobs:
+  publish_package:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 'lts/*'
+
+      - name: Fail if not confirmed
+        if: ${{ github.event.inputs.confirm != 'true' }}
+        run: |
+          echo "::error::You did not confirm, so dist-tag not called."
+          exit 1
+
+      - name: Validate package name (sanity check)
+        if: ${{ github.event.inputs.package_name != '@salesforce/plugin-code-analyzer' && github.event.inputs.package_name != '@salesforce/sfdx-scanner' }}
+        run: |
+          echo "Invalid package name. Please choose one of the allowed package names."
+          exit 1
+
+      - name: Prepare NPM Credentials
+        run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc
+
+      - name: Apply tag
+        run: |
+          echo "You have confirmed that using this action is only recommended for emergency rollback situations and that you are responsible for manually applying the ${{ github.event.inputs.tag_name }} tag to ${{ github.event.inputs.package_name }}@${{ github.event.inputs.version }}."
+          echo "Applying tag..."
+          npm dist-tag add ${{ github.event.inputs.package_name }}@${{ github.event.inputs.version }} ${{ github.event.inputs.tag_name }}

.github/workflows/create-release-branch.yml

@@ -37,9 +37,6 @@ jobs:
           git checkout -b $INTERIM_BRANCH_NAME
           # Immediately push the interim branch with no changes, so GraphQL can push to it later.
           git push --set-upstream origin $INTERIM_BRANCH_NAME
-      # Update our dependencies.
-      - run: |
-          yarn upgrade
       # Use the GraphQL API to create a signed commit with the various changes.
       - name: Commit to interim branch
         run: |
@@ -50,11 +47,10 @@ jobs:
           MESSAGE="Preparing for v$NEW_VERSION release."
           # GraphQL needs the latest versions of the files we changed, as Base64 encoded strings.
           NEW_PACKAGE="$(cat package.json | base64)"
-          NEW_YARN_LOCK="$(cat yarn.lock | base64)"
           gh api graphql -F message="$MESSAGE" -F oldOid=`git rev-parse HEAD` -F branch="$BRANCH" \
-          -F newPackage="$NEW_PACKAGE" -F newYarnLock="$NEW_YARN_LOCK" \
+          -F newPackage="$NEW_PACKAGE" \
           -f query='
-            mutation ($message: String!, $oldOid: GitObjectID!, $branch: String!, $newPackage: Base64String!, $newYarnLock: Base64String!) {
+            mutation ($message: String!, $oldOid: GitObjectID!, $branch: String!, $newPackage: Base64String!) {
               createCommitOnBranch(input: {
                 branch: {
                   repositoryNameWithOwner: "forcedotcom/sfdx-scanner",
@@ -68,9 +64,6 @@ jobs:
                     {
                       path: "package.json",
                       contents: $newPackage
-                    }, {
-                      path: "yarn.lock",
-                      contents: $newYarnLock
                     }
                   ]
                 },

.github/workflows/publish-to-npm.yml

@@ -79,6 +79,9 @@ jobs:
         with:
           distribution: 'temurin'
           java-version: '11' # For now, Java version is hardcoded.
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '>=3.10'
       # Install SF, and the release candidate version.
       - run: npm install -g @salesforce/cli
       - run: sf plugins install @salesforce/plugin-code-analyzer@latest-beta-rc

.gitignore

@@ -160,3 +160,5 @@ pmd-cataloger/bin
 sfge*.log.gz
 
 npm-shrinkwrap.json
+
+.npmrc

package.json

@@ -1,45 +1,45 @@
 {
 	"name": "@salesforce/plugin-code-analyzer",
 	"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
-	"version": "5.0.0-beta.0",
+	"version": "5.0.0-beta.1",
 	"author": "Salesforce Code Analyzer Team",
 	"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
 	"dependencies": {
 		"@oclif/core": "^3.3.2",
-		"@salesforce/code-analyzer-core": "0.20.2",
-		"@salesforce/code-analyzer-engine-api": "0.16.1",
-		"@salesforce/code-analyzer-eslint-engine": "0.17.0",
-		"@salesforce/code-analyzer-flowtest-engine": "0.16.2",
-		"@salesforce/code-analyzer-pmd-engine": "0.17.1",
-		"@salesforce/code-analyzer-regex-engine": "0.16.2",
-		"@salesforce/code-analyzer-retirejs-engine": "0.16.2",
+		"@salesforce/code-analyzer-core": "0.22.0",
+		"@salesforce/code-analyzer-engine-api": "0.17.0",
+		"@salesforce/code-analyzer-eslint-engine": "0.19.0",
+		"@salesforce/code-analyzer-flowtest-engine": "0.17.0",
+		"@salesforce/code-analyzer-pmd-engine": "0.19.0",
+		"@salesforce/code-analyzer-regex-engine": "0.17.0",
+		"@salesforce/code-analyzer-retirejs-engine": "0.17.0",
 		"@salesforce/core": "^5",
 		"@salesforce/sf-plugins-core": "^5.0.4",
-		"@salesforce/ts-types": "^2.0.9",
+		"@salesforce/ts-types": "^2.0.12",
 		"@types/js-yaml": "^4.0.9",
-		"@types/node": "^22.5.5",
-		"ansis": "^3.2.0",
-		"fast-glob": "^3.3.2",
+		"@types/node": "^22.10.9",
+		"ansis": "^3.9.0",
+		"fast-glob": "^3.3.3",
 		"js-yaml": "^4.1.0",
 		"ts-node": "^10",
 		"tslib": "^2"
 	},
 	"devDependencies": {
-		"@eslint/js": "^8.57",
-		"@oclif/plugin-help": "^5",
-		"@salesforce/cli-plugins-testkit": "^5.3.8",
-		"@types/jest": "^29.5.12",
+		"@eslint/js": "^8.57.1",
+		"@oclif/plugin-help": "^6.2.22",
+		"@salesforce/cli-plugins-testkit": "^5.3.39",
+		"@types/jest": "^29.5.14",
 		"@types/tmp": "^0.2.6",
-		"@typescript-eslint/eslint-plugin": "^7.2.0",
-		"@typescript-eslint/parser": "^7.2.0",
-		"eslint": "^8.57",
-		"eslint-plugin-sf-plugin": "^1.17.4",
+		"@typescript-eslint/eslint-plugin": "^8.21.0",
+		"@typescript-eslint/parser": "^8.21.0",
+		"eslint": "^8.57.1",
+		"eslint-plugin-sf-plugin": "^1.20.14",
 		"jest": "^29.7.0",
 		"jest-junit": "^16.0.0",
-		"oclif": "^4.0.3",
+		"oclif": "^4.17.17",
 		"tmp": "^0.2.3",
-		"ts-jest": "^29.1.4",
-		"typescript": "^5.4.5"
+		"ts-jest": "^29.2.5",
+		"typescript": "^5.7.3"
 	},
 	"engines": {
 		"node": ">=20.0.0"

src/lib/models/ConfigModel.ts

@@ -164,7 +164,7 @@ abstract class YamlFormatter {
 	private getDefaultRuleFor(engineName: string, ruleName: string): Rule|null {
 		try {
 			return this.allDefaultRules.getRule(engineName, ruleName);
-		} catch (e) {
+		} catch (_e) {
 			// istanbul ignore next
 			return null;
 		}

src/lib/utils/FileUtil.ts

@@ -4,7 +4,7 @@ export async function exists(filename: string): Promise<boolean> {
 	try {
 		await fs.promises.access(filename, fs.constants.F_OK);
 		return true;
-	} catch (e) {
+	} catch (_e) {
 		return false;
 	}
 }