Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump com.github.spotbugs:spotbugs-annotations from 4.7.3 to 4.8.5 #59

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 1, 2024

Bumps com.github.spotbugs:spotbugs-annotations from 4.7.3 to 4.8.5.

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

SpotBugs 4.8.5

CHANGELOG

Fixed

CHECKSUM

file checksum (sha256)
spotbugs-4.8.5-javadoc.jar c8abae80768a5cd98bb09d13ae8baee1258efaf673e4c21688a581a8bc55cbe6
spotbugs-4.8.5-sources.jar c21daa57e931c0ea342de685884251e198ea3a48993a6d4c0ac8a9513fc8dd89
spotbugs-4.8.5.tgz c514054fd8f81f242ac6d64871d30bdb7b79cb49be7bd6b58067484efae8bfa0
spotbugs-4.8.5.zip a4b7bad5bb8d2d3cdc42b07d6cdd2a0d7864c0b24732120426d0002df4a9dd0f
spotbugs-annotations-4.8.5-javadoc.jar 5e35895e56ea0c2c4beb71a5b6962070d7a7092a79297419482c123c14324096
spotbugs-annotations-4.8.5-sources.jar b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar 6e63acb693f156e4fb79151b88f9eebe731b4da65fe12843503613e0d6e6f68d
spotbugs-ant-4.8.5-javadoc.jar b2807de49cc2e6d733285be3c22a4ef5a51cc95e266b6b93174fc41968eb7738
spotbugs-ant-4.8.5-sources.jar 9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar 4b0809797d9e05685ef97ec92c9ae1fdabf9e63368948a66badd934183b807d0
test-harness-4.8.5-javadoc.jar f5c977da2391ef6b7237e3b89a9be56ff82fdbe4d7c59c4f1f854e79fb28142d
test-harness-4.8.5-sources.jar 76788749afa9e2a8d6c39231f683bd8e3faab26947975c751c0ab0fbdfc3c17a
test-harness-4.8.5.jar 04c7c8e778a1688ab9636ab58b55f1236ae99bb5428a934a7ba0f54857263c74
test-harness-core-4.8.5-javadoc.jar 9258f6be3c3a1a4103b268b3c528a7ed0530c54b83d10bccb3c20aed6e38d2ec
test-harness-core-4.8.5-sources.jar f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.5.jar 30c2b71900f38b77fb0e4a788b8ae1ea5b9e54f42636111576e338085c9c53dd
test-harness-jupiter-4.8.5-javadoc.jar 18e10f9ae7f4c88a8a7790d4ea5e9422901c6a84a768e6961b6d8ce2bc07b9ea
test-harness-jupiter-4.8.5-sources.jar 0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.5.jar 94c5ceecb79b93f5e357b5d9805f0a7a22536a52c70a376182faa14923d86021

SpotBugs 4.8.4

CHANGELOG

Fixed

  • Fix FP in SE_PREVENT_EXT_OBJ_OVERWRITE when the if statement checking for null value, checking multiple variables or the method exiting in the if branch with an exception. (#2750)
  • Fix possible null value in taxonomies of SARIF output (#2744)
  • Fix executionSuccessful flag in SARIF report being set to false when bugs were found (#2116)
  • Move information contained in the SARIF property exitSignalName to exitCodeDescription (#2739)
  • Do not report SE_NO_SERIALVERSIONID or other serialization issues for records (#2793)
  • Added support for CONSTANT_Dynamic (#2759)
  • Ignore generic variable types when looking for BC_UNCONFIRMED_CAST_OF_RETURN_VALUE (#1219)
  • Do not report BC_UNCONFIRMED_CAST for Java 21's type switches (#2813)
  • Remove AppleExtension library (note: menus slightly changed) (#2823)
  • Fix false positive NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE even if Objects.requireNonNull is used. (#651, #456)
  • Fixed error preventing SpotBugs from reporting FE_FLOATING_POINT_EQUALITY (#2843)
  • Fixed NP_LOAD_OF_KNOWN_NULL_VALUE and RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE false positives in try-with-resources generated finally blocks (#2844)

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.8.5 - 2024-05-03

Fixed

  • Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED with eager instances (#2932)
  • Fix FPs when looking for multiple initialization of Singletons (#2934)
  • Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches when switch instruction is TABLESWITCH(#2736)
  • Fix FP SE_BAD_FIELD for record fields ([#2935]spotbugs/spotbugs#2935)

4.8.4 - 2024-04-07

Fixed

  • Fix FP in SE_PREVENT_EXT_OBJ_OVERWRITE when the if statement checking for null value, checking multiple variables or the method exiting in the if branch with an exception. (#2750)
  • Fix possible null value in taxonomies of SARIF output (#2744)
  • Fix executionSuccessful flag in SARIF report being set to false when bugs were found (#2116)
  • Move information contained in the SARIF property exitSignalName to exitCodeDescription (#2739)
  • Do not report SE_NO_SERIALVERSIONID or other serialization issues for records (#2793)
  • Added support for CONSTANT_Dynamic (#2759)
  • Ignore generic variable types when looking for BC_UNCONFIRMED_CAST_OF_RETURN_VALUE (#1219)
  • Do not report BC_UNCONFIRMED_CAST for Java 21's type switches (#2813)
  • Remove AppleExtension library (note: menus slightly changed) (#2823)
  • Fix false positive NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE even if Objects.requireNonNull is used. (#651, #456)
  • Fixed error preventing SpotBugs from reporting FE_FLOATING_POINT_EQUALITY (#2843)
  • Fixed NP_LOAD_OF_KNOWN_NULL_VALUE and RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE false positives in try-with-resources generated finally blocks (#2844)
  • Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches (#2828)
  • Update UnreadFields detector to ignore warnings for fields with certain annotations (#574)
  • Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with @​PostConstruct, @​BeforeEach, etc. (#2872 #2870 #453)
  • Do not report DLS_DEAD_LOCAL_STORE for Hibernate bytecode enhancements (#2865)
  • Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positives due to source code formatting (#2874)
  • Added more nullability annotations in TypeQualifierResolver (#2558 #2694)
  • Improved the bug description for VA_FORMAT_STRING_USES_NEWLINE when using text blocks, check the usage of String.formatted() (#2881)
  • Fixed crash in ValueRangeAnalysisFactory when looking for redundant conditions used in assertions #2887)
  • Revert again commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
  • Fixed false positive MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR when referencing but not calling an overridable method (#2837)
  • Update the filter XSD namespace and location for the upcoming 4.8.4 release (#2909)

Added

  • New detector MultipleInstantiationsOfSingletons and introduced new bug types:
    • SING_SINGLETON_HAS_NONPRIVATE_CONSTRUCTOR is reported in case of a non-private constructor,
    • SING_SINGLETON_IMPLEMENTS_CLONEABLE is reported in case of a class directly implementing the Cloneable interface,
    • SING_SINGLETON_INDIRECTLY_IMPLEMENTS_CLONEABLE is reported when a class indirectly implements the Cloneable interface,
    • SING_SINGLETON_IMPLEMENTS_CLONE_METHOD is reported when a class does not implement the Cloneable interface, but has a clone() method,
    • SING_SINGLETON_IMPLEMENTS_SERIALIZABLE is reported when a class directly or indirectly implements the Serializable interface and
    • SING_SINGLETON_GETTER_NOT_SYNCHRONIZED is reported when the instance-getter method of the singleton class is not synchronized. (See SEI CERT MSC07-J)
  • Extend FindOverridableMethodCall detector with new bug type: MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT. It's reported when an overridable method is called from readObject(), according to SEI CERT rule SER09-J. Do not invoke overridable methods from the readObject() method.

Changed

  • Minor cleanup in connection with slashed and dotted names (#2805)

Build

  • Fix sonar coverage for project (#2796)
  • Upgraded the build to compile bug samples using Java 21 language features (#2813)

... (truncated)

Commits
  • 1dbd799 release v4.8.5
  • 3d69e18 fix(deps): update dependency com.google.errorprone:error_prone_annotations to...
  • 0a55a48 fix(deps): update dependency org.checkerframework:checker-qual to v3.43.0 (#2...
  • 73f951c fix(deps): update dependency com.google.guava:guava to v33.2.0-jre (#2977)
  • 7120077 chore(deps): update plugin com.github.spotbugs to v6.0.13 (#2974)
  • bdc61bd fix(deps): update dependency checkstyle to v10.16.0 (#2973)
  • 3f79bad fix(deps): update dependency org.testng:testng to v7.10.2 (#2972)
  • bebfdf8 Fix FPs with multiple initialization of Singletons (#2951)
  • e8a364a fix(deps): update dependency org.apache.bcel:bcel to v6.9.0 (#2971)
  • dd05438 fix(deps): update dependency com.google.errorprone:error_prone_annotations to...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [com.github.spotbugs:spotbugs-annotations](https://github.com/spotbugs/spotbugs) from 4.7.3 to 4.8.5.
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.7.3...4.8.5)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-annotations
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants