August 2019 (version 1.28.0)

1.28.0 Update

Hi!

Welcome to the new DeepScan updates!

We just have started the Enterprise plan for users interested in using DeepScan on private sources behind the firewall.

Please kindly go ahead with the highlights for the latest release.

Release Summary

This version includes a number of updates that we hope you've found some of them helpful.
The key highlights are:

New Rules

New rules introduced in this release. We have enhanced our Vue rules regarding possible memory leaks such as REACT_MISSING_CLEANUP_IN_LIFECYCLE.

Check the new rules!

Enterprise Plan

Now we introduce a new Enterprise plan!

The Enterprise plan is best for organizations hosting their code on their own servers. It is the suite of packages that includes:

  • On-premise server: The core application that powers our hosted DeepScan installations
  • Editor plugins: Stand-alone plugins and extensions for IntelliJ IDEA, Eclipse and VS Code
  • SonarQube plugin: A SonarQube plugin which enables you to inspect JavaScript and TypeScript using DeepScan in your SonarQube platform
  • Node.js package: A Node.js package which enables you to run DeepScan in the command line or programmatically

Please refer to this documentation for more details.

ESLint Integration

Since the July release, we have supported the ESLint analysis.

By the security concerns, it only supports the pre-defined ESLint plugins. In this release, we added more plugins to support users having analysis problems.

And to prevent false alarms about importing modules, we are ignoring some ESLint rules regarding it. For more information, please see the Using ESLint guide.

ECMAScript 2019 Support

We've checked ECMAScript 2019 (ES10) features and added support for built-in APIs such as Array.prototype.flat().

Now we fully support ECMAScript 2019!

Analysis Improvements

  • Recognize React props accesses going through object destructuring with the rest pattern

Security Fixes

We restricted the permission of some team level APIs to team member only. This prevents all public access to the team dashboard so that only team members can access the team's information such as private projects' statistics.

We much appreciate Wouter Baan for his help and will continue to put in place steps to improve the security.

Miscellaneous

  • CONSTANT_CONDITION is enhanced to skip alarms on defensive type checking of React props having PropTypes declarations
  • Do not detect UNUSED_IMPORT and UNUSED_REQUIRE alarms when the variable is used as the JSX factory of well-known non-React frameworks

Bug Fixes

  • Pull request check fails when one of repository owners' token has expired
  • Names including uppercase letters are incorrectly recognized as Vue directives
  • Some MISSING_ELSE_KEYWORD alarms are missed when if statements occur in sequence

Thank You

Thank you to the following folks who help to make DeepScan better:

  • Nimrod Becker kindly reported our pull request problems regarding an expired token