Update Gradle dependencies to v11

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
org.sonarsource.sonarlint.core:sonarlint-rpc-impl (source)	10.34.1.83453 → 11.3.0.85510
org.sonarsource.sonarlint.core:sonarlint-rpc-java-client (source)	10.34.1.83453 → 11.3.0.85510
org.sonarsource.sonarlint.core:sonarlint-core (source)	10.34.1.83453 → 11.3.0.85510

---

Configuration

📅 Schedule: (in timezone CET)

• Branch creation
  • "before 4am on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonar-review-alpha]

Summary

This PR updates the SonarLint Core libraries from v10.34.1 to v11.3.0 via a single-line change to the Gradle version catalog (gradle/libs.versions.toml). Since all three packages listed in the description (sonarlint-core, sonarlint-rpc-impl, sonarlint-rpc-java-client) reference this same version variable, they all get bumped together. This is a major version upgrade that may bring breaking API changes or behavioral shifts in the SonarLint integration.

What reviewers should know

Key areas to review:

• Build compatibility: Verify the SonarLint v11 APIs are compatible with how the plugin currently uses them. Look for any deprecation warnings or changed method signatures in the sonar-php-plugin code.
• Plugin functionality: Since SonarLint is used for analyzing PHP code quality, check if the upgrade changes how issues are reported or if any analysis rules have changed.
• Testing: The upgrade should be validated with test builds and potentially run against sample PHP projects to ensure analysis output remains correct.

Nothing to worry about:

• The version change is isolated to one configuration line, so integration risk is minimal
• This appears to be a routine dependency update from Renovate with no custom modifications

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[sonar-review-alpha]

The change is a single version bump in the version catalog — no production code is touched. All three upgraded libraries (sonarlint-core, sonarlint-rpc-java-client, sonarlint-rpc-impl) are declared exclusively in integrationTestImplementation scope in its/plugin/build.gradle.kts, so there is no runtime risk to the plugin itself.

The only real risk is integration test compilation. The IT tests bind tightly to the SonarLint RPC API through positional constructors with many arguments and a full SonarLintRpcClientDelegate interface implementation. If v11 added or removed parameters anywhere in that surface area, the tests will fail to compile. There are no companion source changes in this PR to adapt to any such API evolution. Reviewers should confirm the CI build (specifically the integration test compilation step) passes cleanly before merging.

🗣️ Give feedback

[sonar-review-alpha]

MockSonarLintRpcClientDelegate implements SonarLintRpcClientDelegate with ~25 @Override methods, and SonarLintUtils.featureFlagsForStandaloneMode() constructs FeatureFlagsDto with 11 positional boolean arguments. Both are brittle against interface changes and constructor-signature changes between major versions.

This PR contains no corresponding source edits, so if v11 added or removed any abstract methods or constructor parameters, the integration tests will fail to compile. Confirm that the IT test compilation step is green in CI before merging.

• Mark as noise

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: gradle/libs.versions.toml

Command failed: ./gradlew -Dorg.gradle.jvmargs=-Xms512m -Xmx512m --console=plain --dependency-verification lenient -q properties

FAILURE: Build failed with an exception.

* Where:
Settings file '/tmp/renovate/repos/github/SonarSource/sonar-php/settings.gradle.kts' line: 21

* What went wrong:
Plugin [id: 'org.sonarsource.cloud-native.common-settings'] was not found in any of the following sources:

- Gradle Core Plugins (plugin is not in 'org.gradle' namespace)
- Included Builds (No included builds contain this plugin)
- Plugin Repositories (plugin dependency must include a version number for this source)

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights from a Build Scan (powered by Develocity).
> Get more help at https://help.gradle.org.

BUILD FAILED in 43s

[sonar-review-alpha]

The version catalog update is the right single place to change, but the lock files were not regenerated — the build will fail as-is with dependency locking active.

🗣️ Give feedback

[sonar-review-alpha]

The its/plugin/gradle.lockfile still pins all SonarLint transitive dependencies (sonarlint-core, sonarlint-rpc-impl, sonarlint-rpc-java-client, and 10 others) to 10.34.1.83453. With resolutionStrategy.activateDependencyLocking() active, Gradle will reject the new version at dependency resolution and the build will fail before even reaching compilation.

Run ./gradlew --write-locks (across all affected subprojects, at minimum :its:plugin) to regenerate the lock files against 11.2.0.85396.

• Mark as noise

[sonar-review-alpha]

Both previously flagged issues remain unresolved and the PR is not yet ready to merge.

One additional observation: the PR description lists the target version as 11.2.2.85453, but the actual diff bumps sonarlint to 11.3.0.85510. This is likely because Renovate rebased to a newer release after the PR description was generated — not a bug in the change itself, but worth confirming the intended target version.

🗣️ Give feedback

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube