Post release activities for 2.9.5 package release

.github/ISSUE_TEMPLATE.md

@@ -1,20 +1,20 @@
 #### Analyzer package
 
-Example: [Microsoft.CodeAnalysis.FxCopAnalyzers](https://www.nuget.org/packages/Microsoft.CodeAnalysis.FxCopAnalyzers)
+[Microsoft.CodeAnalysis.FxCopAnalyzers](https://www.nuget.org/packages/Microsoft.CodeAnalysis.FxCopAnalyzers)
 
 #### Package Version
 
-Example: v2.9.5-beta1.final (Latest)
+v2.9.5 (Latest)
 
 #### Diagnostic ID
 
 Example: [CA1716](https://docs.microsoft.com/en-us/visualstudio/code-quality/ca1716-identifiers-should-not-match-keywords)
 
 #### Repro steps
 
-1. One
-1. Two
-1. Three
+1.
+2.
+3.
 
 #### Expected behavior
 

VERSIONING.md

@@ -41,3 +41,4 @@ Sr. No. |  Release Version | Commit Tag       | Commit SHA
 21       | 2.9.4-beta1.final (pre-release)             | v2.9.4-beta1.final          | [3b22a6a](https://github.com/dotnet/roslyn-analyzers/commit/3b22a6a82d450350ab0cf27504adab8d1226b2a8)   | Microsoft.CodeAnalysis.Analyzers, Microsoft.CodeAnalysis.FxCopAnalyzers, Microsoft.CodeAnalysis.Metrics, Microsoft.CodeAnalysis.VersionCheckAnalyzer, Microsoft.CodeQuality.Analyzers, Microsoft.NetCore.Analyzers, Microsoft.NetFramework.Analyzers, Roslyn.Diagnostics.Analyzers, Microsoft.CodeAnalysis.PublicApiAnalyzers, Microsoft.CodeAnalysis.BannedApiAnalyzers, Microsoft.CodeAnalysis.FlowAnalysis.Utilities
 22       | 2.9.4             | v2.9.4          | [a1a198d](https://github.com/dotnet/roslyn-analyzers/commit/a1a198d1c5d2359e93dd4ab4b1c4f7421512724e)   | Microsoft.CodeAnalysis.Analyzers, Microsoft.CodeAnalysis.FxCopAnalyzers, Microsoft.CodeAnalysis.Metrics, Microsoft.CodeAnalysis.VersionCheckAnalyzer, Microsoft.CodeQuality.Analyzers, Microsoft.NetCore.Analyzers, Microsoft.NetFramework.Analyzers, Roslyn.Diagnostics.Analyzers, Microsoft.CodeAnalysis.PublicApiAnalyzers, Microsoft.CodeAnalysis.BannedApiAnalyzers, Microsoft.CodeAnalysis.FlowAnalysis.Utilities
 23       | 2.9.5-beta1.final (pre-release)             | v2.9.5-beta1.final          | [494de6f](https://github.com/dotnet/roslyn-analyzers/commit/494de6f80082746e41d69355535f8dc3bfef494a)   | Microsoft.CodeAnalysis.Analyzers, Microsoft.CodeAnalysis.FxCopAnalyzers, Microsoft.CodeAnalysis.Metrics, Microsoft.CodeAnalysis.VersionCheckAnalyzer, Microsoft.CodeQuality.Analyzers, Microsoft.NetCore.Analyzers, Microsoft.NetFramework.Analyzers, Roslyn.Diagnostics.Analyzers, Microsoft.CodeAnalysis.PublicApiAnalyzers, Microsoft.CodeAnalysis.BannedApiAnalyzers
+24       | 2.9.5             | v2.9.5          | [6c05175](https://github.com/dotnet/roslyn-analyzers/commit/6c05175f91bf7cc463a1b71e1f6773d4afcaa7a1)   | Microsoft.CodeAnalysis.Analyzers, Microsoft.CodeAnalysis.FxCopAnalyzers, Microsoft.CodeAnalysis.Metrics, Microsoft.CodeAnalysis.VersionCheckAnalyzer, Microsoft.CodeQuality.Analyzers, Microsoft.NetCore.Analyzers, Microsoft.NetFramework.Analyzers, Roslyn.Diagnostics.Analyzers, Microsoft.CodeAnalysis.PublicApiAnalyzers, Microsoft.CodeAnalysis.BannedApiAnalyzers, Microsoft.CodeAnalysis.FlowAnalysis.Utilities

eng/Versions.props

@@ -2,9 +2,9 @@
   <PropertyGroup>
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
 
-    <VersionPrefix>2.9.5</VersionPrefix>
+    <VersionPrefix>2.9.6</VersionPrefix>
     <FlowAnalysisUtilitiesVersionPrefix>2.9.7</FlowAnalysisUtilitiesVersionPrefix>
-    <PreReleaseVersionLabel>beta2</PreReleaseVersionLabel>
+    <PreReleaseVersionLabel>beta1</PreReleaseVersionLabel>
 
     <!-- Opt-in repo features -->
     <UsingToolVSSDK>true</UsingToolVSSDK>
@@ -21,7 +21,7 @@
     <!-- Roslyn -->
     <MicrosoftCodeAnalysisVersion>2.9.0</MicrosoftCodeAnalysisVersion>
     <MicrosoftNetCompilersVersion>3.3.1-beta3-final</MicrosoftNetCompilersVersion>
-    <MicrosoftCodeAnalysisFXCopAnalyersVersion>2.9.5-beta1.final</MicrosoftCodeAnalysisFXCopAnalyersVersion>
+    <MicrosoftCodeAnalysisFXCopAnalyersVersion>2.9.5</MicrosoftCodeAnalysisFXCopAnalyersVersion>
     <MicrosoftCodeAnalysisAnalyersVersion>3.0.0-beta2.19218.3+e96bad97</MicrosoftCodeAnalysisAnalyersVersion>
     <CodeStyleAnalyersVersion>3.3.0-beta2-19376-02</CodeStyleAnalyersVersion>
     <MicrosoftCodeAnalysisTestResourcesProprietaryVersion>2.0.0-pre-20160714</MicrosoftCodeAnalysisTestResourcesProprietaryVersion>

src/GenerateAnalyzerRulesets/CodeFixerExtensions.cs

@@ -1,7 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.Collections.Immutable;
-using System.Linq;
 using System.Reflection;
 using System.Runtime.CompilerServices;
 using Microsoft.CodeAnalysis.CodeFixes;
@@ -73,7 +72,7 @@ private static bool HasImplementation(CodeFixProvider fixer)
             if (moveNextMethod != null)
             {
                 MethodBody body = moveNextMethod.GetMethodBody();
-                int? ilInstructionCount = body?.GetILAsByteArray()?.Count();
+                int? ilInstructionCount = body?.GetILAsByteArray()?.Length;
                 return ilInstructionCount != 177;
             }
 

src/MetaCompilation.Analyzers/MetaCompilation.Analyzers.sarif

@@ -5,7 +5,7 @@
     {
       "tool": {
         "name": "MetaCompilation.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {

src/MetaCompilation.Analyzers/UnitTests/Verifiers/DiagnosticVerifier.cs

@@ -106,7 +106,7 @@ private void VerifyDiagnostics(string[] sources, string language, DiagnosticAnal
         /// <param name="expectedResults">Diagnostic Results that should have appeared in the code</param>
         private static void VerifyDiagnosticResults(IEnumerable<Diagnostic> actualResults, DiagnosticAnalyzer analyzer, params DiagnosticResult[] expectedResults)
         {
-            int expectedCount = expectedResults.Count();
+            int expectedCount = expectedResults.Length;
             int actualCount = actualResults.Count();
 
             if (expectedCount != actualCount)

src/Microsoft.CodeAnalysis.Analyzers/Microsoft.CodeAnalysis.Analyzers.sarif

@@ -5,7 +5,7 @@
     {
       "tool": {
         "name": "Microsoft.CodeAnalysis.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -299,7 +299,7 @@
     {
       "tool": {
         "name": "Microsoft.CodeAnalysis.CSharp.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -479,7 +479,7 @@
     {
       "tool": {
         "name": "Microsoft.CodeAnalysis.VisualBasic.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {

src/Microsoft.CodeAnalysis.BannedApiAnalyzers/Microsoft.CodeAnalysis.BannedApiAnalyzers.sarif

@@ -5,7 +5,7 @@
     {
       "tool": {
         "name": "Microsoft.CodeAnalysis.BannedApiAnalyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -14,7 +14,7 @@
     {
       "tool": {
         "name": "Microsoft.CodeAnalysis.CSharp.BannedApiAnalyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -76,7 +76,7 @@
     {
       "tool": {
         "name": "Microsoft.CodeAnalysis.VisualBasic.BannedApiAnalyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {

src/Microsoft.CodeAnalysis.FxCopAnalyzers/Microsoft.CodeAnalysis.FxCopAnalyzers.md

@@ -192,7 +192,7 @@ Sr. No. | Rule ID | Title | Category | Enabled | CodeFix | Description |
 189 | CA5388 | Ensure Sufficient Iteration Count When Using Weak Key Derivation Function | Security | False | False | When deriving cryptographic keys from user-provided inputs such as password, use sufficient iteration count (at least 100k). |
 190 | [CA5389](https://docs.microsoft.com/visualstudio/code-quality/ca5389) | Do Not Add Archive Item's Path To The Target File System Path | Security | False | False | When extracting files from an archive and using the archive item's path, check if the path is safe. Archive path can be relative and can lead to file system access outside of the expected file system target path, leading to malicious config changes and remote code execution via lay-and-wait technique. |
 191 | CA5390 | Do Not Hard Code Encryption Key | Security | False | False | SymmetricAlgorithm's .Key property, or a method's rgbKey parameter, should never be a hardcoded value. |
-192 | CA5391 | Use antiforgery tokens in ASP.NET Core MVC controllers | Security | True | False | Handling a POST, PUT, PATCH, or DELETE request without validating an antiforgery token may be vulnerable to cross-site request forgery attacks. A cross-site request forgery attack can send malicious requests from an authenticated user to your ASP.NET Core MVC controller. |
+192 | CA5391 | Use antiforgery tokens in ASP.NET Core MVC controllers | Security | False | False | Handling a POST, PUT, PATCH, or DELETE request without validating an antiforgery token may be vulnerable to cross-site request forgery attacks. A cross-site request forgery attack can send malicious requests from an authenticated user to your ASP.NET Core MVC controller. |
 193 | CA5392 | Use DefaultDllImportSearchPaths attribute for P/Invokes | Security | False | False | By default, P/Invokes using DllImportAttribute probe a number of directories, including the current working directory for the library to load. This can be a security issue for certain applications, leading to DLL hijacking. |
 194 | CA5393 | Do not use unsafe DllImportSearchPath value | Security | False | False | There could be a malicious DLL in the default DLL search directories. Or, depending on where your application is run from, there could be a malicious DLL in the application's directory. Use a DllImportSearchPath value that specifies an explicit search path instead. The DllImportSearchPath flags that this rule looks for can be configured in .editorconfig. |
 195 | CA5394 | Do not use insecure randomness | Security | False | False | {0} is an insecure random number generator. Use cryptographically secure random number generators when randomness is required for security |

src/Microsoft.CodeAnalysis.FxCopAnalyzers/Microsoft.CodeAnalysis.FxCopAnalyzers.sarif

@@ -5,7 +5,7 @@
     {
       "tool": {
         "name": "Microsoft.CodeAnalysis.VersionCheckAnalyzer",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -29,7 +29,7 @@
     {
       "tool": {
         "name": "Microsoft.CodeQuality.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -1509,7 +1509,7 @@
     {
       "tool": {
         "name": "Microsoft.CodeQuality.CSharp.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -1705,7 +1705,7 @@
     {
       "tool": {
         "name": "Microsoft.CodeQuality.VisualBasic.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -1939,7 +1939,7 @@
     {
       "tool": {
         "name": "Microsoft.NetCore.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -3627,7 +3627,7 @@
           "defaultLevel": "warning",
           "properties": {
             "category": "Security",
-            "isEnabledByDefault": true,
+            "isEnabledByDefault": false,
             "typeName": "UseAutoValidateAntiforgeryToken",
             "languages": [
               "C#",
@@ -3810,7 +3810,7 @@
     {
       "tool": {
         "name": "Microsoft.NetCore.CSharp.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -3960,7 +3960,7 @@
     {
       "tool": {
         "name": "Microsoft.NetCore.VisualBasic.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -4110,7 +4110,7 @@
     {
       "tool": {
         "name": "Microsoft.NetFramework.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -4193,7 +4193,7 @@
     {
       "tool": {
         "name": "Microsoft.NetFramework.CSharp.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -4238,7 +4238,7 @@
     {
       "tool": {
         "name": "Microsoft.NetFramework.VisualBasic.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {

src/Microsoft.CodeAnalysis.VersionCheckAnalyzer/Microsoft.CodeAnalysis.VersionCheckAnalyzer.sarif

@@ -5,7 +5,7 @@
     {
       "tool": {
         "name": "Microsoft.CodeAnalysis.VersionCheckAnalyzer",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {

src/Microsoft.CodeQuality.Analyzers/Microsoft.CodeQuality.Analyzers.sarif

@@ -5,7 +5,7 @@
     {
       "tool": {
         "name": "Humanizer",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -14,7 +14,7 @@
     {
       "tool": {
         "name": "Microsoft.CodeQuality.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -1494,7 +1494,7 @@
     {
       "tool": {
         "name": "Microsoft.CodeQuality.CSharp.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -1690,7 +1690,7 @@
     {
       "tool": {
         "name": "Microsoft.CodeQuality.VisualBasic.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {

src/Microsoft.NetCore.Analyzers/Microsoft.NetCore.Analyzers.md

@@ -99,7 +99,7 @@ Sr. No. | Rule ID | Title | Category | Enabled | CodeFix | Description |
 96 | CA5388 | Ensure Sufficient Iteration Count When Using Weak Key Derivation Function | Security | False | False | When deriving cryptographic keys from user-provided inputs such as password, use sufficient iteration count (at least 100k). |
 97 | [CA5389](https://docs.microsoft.com/visualstudio/code-quality/ca5389) | Do Not Add Archive Item's Path To The Target File System Path | Security | False | False | When extracting files from an archive and using the archive item's path, check if the path is safe. Archive path can be relative and can lead to file system access outside of the expected file system target path, leading to malicious config changes and remote code execution via lay-and-wait technique. |
 98 | CA5390 | Do Not Hard Code Encryption Key | Security | False | False | SymmetricAlgorithm's .Key property, or a method's rgbKey parameter, should never be a hardcoded value. |
-99 | CA5391 | Use antiforgery tokens in ASP.NET Core MVC controllers | Security | True | False | Handling a POST, PUT, PATCH, or DELETE request without validating an antiforgery token may be vulnerable to cross-site request forgery attacks. A cross-site request forgery attack can send malicious requests from an authenticated user to your ASP.NET Core MVC controller. |
+99 | CA5391 | Use antiforgery tokens in ASP.NET Core MVC controllers | Security | False | False | Handling a POST, PUT, PATCH, or DELETE request without validating an antiforgery token may be vulnerable to cross-site request forgery attacks. A cross-site request forgery attack can send malicious requests from an authenticated user to your ASP.NET Core MVC controller. |
 100 | CA5392 | Use DefaultDllImportSearchPaths attribute for P/Invokes | Security | False | False | By default, P/Invokes using DllImportAttribute probe a number of directories, including the current working directory for the library to load. This can be a security issue for certain applications, leading to DLL hijacking. |
 101 | CA5393 | Do not use unsafe DllImportSearchPath value | Security | False | False | There could be a malicious DLL in the default DLL search directories. Or, depending on where your application is run from, there could be a malicious DLL in the application's directory. Use a DllImportSearchPath value that specifies an explicit search path instead. The DllImportSearchPath flags that this rule looks for can be configured in .editorconfig. |
 102 | CA5394 | Do not use insecure randomness | Security | False | False | {0} is an insecure random number generator. Use cryptographically secure random number generators when randomness is required for security |

src/Microsoft.NetCore.Analyzers/Microsoft.NetCore.Analyzers.sarif

@@ -5,7 +5,7 @@
     {
       "tool": {
         "name": "Microsoft.NetCore.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -1693,7 +1693,7 @@
           "defaultLevel": "warning",
           "properties": {
             "category": "Security",
-            "isEnabledByDefault": true,
+            "isEnabledByDefault": false,
             "typeName": "UseAutoValidateAntiforgeryToken",
             "languages": [
               "C#",
@@ -1876,7 +1876,7 @@
     {
       "tool": {
         "name": "Microsoft.NetCore.CSharp.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -2026,7 +2026,7 @@
     {
       "tool": {
         "name": "Microsoft.NetCore.VisualBasic.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {

src/Microsoft.NetFramework.Analyzers/Microsoft.NetFramework.Analyzers.sarif

@@ -5,7 +5,7 @@
     {
       "tool": {
         "name": "Microsoft.NetFramework.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -88,7 +88,7 @@
     {
       "tool": {
         "name": "Microsoft.NetFramework.CSharp.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -133,7 +133,7 @@
     {
       "tool": {
         "name": "Microsoft.NetFramework.VisualBasic.Analyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {

src/PerformanceSensitiveAnalyzers/Microsoft.CodeAnalysis.PerformanceSensitiveAnalyzers.sarif

@@ -5,7 +5,7 @@
     {
       "tool": {
         "name": "Microsoft.CodeAnalysis.CSharp.PerformanceSensitiveAnalyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {
@@ -184,7 +184,7 @@
     {
       "tool": {
         "name": "Microsoft.CodeAnalysis.PerformanceSensitiveAnalyzers",
-        "version": "2.9.5",
+        "version": "2.9.6",
         "language": "en-US"
       },
       "rules": {