Update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
softprops/action-gh-release	action	patch	v2.2.0 -> v2.2.1
org.scala-lang:scala3-library_3	dependencies	patch	3.6.2 -> 3.6.3
com.github.spotbugs:spotbugs-annotations (source)	dependencies	minor	4.8.6 -> 4.9.0
com.github.spotbugs	plugin	minor	6.0.27 -> 6.1.2
com.diffplug.spotless	plugin	major	6.25.0 -> 7.0.2

---

Release Notes

softprops/action-gh-release (softprops/action-gh-release)

v2.2.1

Compare Source

What's Changed

Bug fixes 🐛

• fix: big file uploads by @​xen0n in https://github.com/softprops/action-gh-release/pull/562

Other Changes 🔄

• chore(deps): bump @​types/node from 22.10.1 to 22.10.2 by @​dependabot in https://github.com/softprops/action-gh-release/pull/559
• chore(deps): bump @​types/node from 22.10.2 to 22.10.5 by @​dependabot in https://github.com/softprops/action-gh-release/pull/569
• chore: update error and warning messages for not matching files in files field by @​ytimocin in https://github.com/softprops/action-gh-release/pull/568

New Contributors

• @​ytimocin made their first contribution in https://github.com/softprops/action-gh-release/pull/568

Full Changelog: softprops/action-gh-release@v2.2.0...v2.2.1

scala/scala3 (org.scala-lang:scala3-library_3)

v3.6.3

Compare Source

spotbugs/spotbugs (com.github.spotbugs:spotbugs-annotations)

v4.9.0

Compare Source

Added

• Updated the SuppressFBWarnings annotation to support finer grained bug suppressions (#​3102)
• SimpleDateFormat, DateTimeFormatter, FastDateFormat string check for bad combinations of flag formatting (#​637)
• New detector ResourceInMultipleThreadsDetector and introduced new bug type:
  • AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of unsafe resource access in multiple threads.

Fixed

• Do not consider Records as Singletons (#​2981)
• Keep a maximum of 10000 cached analysis entries for plugin's analysis engines (#​3025)
• Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when calling own methods (#​2957)
• Check the actual caught exceptions (instead of their common type) when analyzing multi-catch blocks (#​2968)
• System property findbugs.refcomp.reportAll is now being used. For some new conditions, it will emit an experimental warning (#​2988)
• -version flag prints the version to the standard output (#​2797)
• Revert the changes from (#​2894) to get HTML stylesheets to work again (#​2969)
• Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the synchronization is in a called method (#​3045)
• Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by Spring AOT (#​3059)
• Detect failure to close RocksDB's ReadOptions (#​3069)
• Fix FP EI_EXPOSE_REP when there are multiple immutable assignments (#​3023)
• Fixed false positive NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin, handle Kotlin's Intrinsics.checkNotNullParameter() (#​3094)
• Fixed some CWE mappings (#​3124)
• Recognize some classes as immutable, fixing EI_EXPOSE and MS_EXPOSE FPs (#​3137)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with TestNG's @​BeforeClass. (#​3152)
• Fixed detector FindReturnRef not finding references exposed from nested and inner classes (#​2042)
• Fix call graph, include non-parametric void methods (#​3160)
• Fix multiple reporting of identical bugs messing up statistics (#​3185)
• Added missing comma between line number and confidence when describing matching and mismatching bugs for tests (#​3187)
• Fixed method matchers with array types (#​3203)
• Fix SARIF report's message property in Exception to meet the standard (#​3197)
• Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called finalize() but not with the correct signature. (#​3207)
• Fixed an error in the detection of bridge methods causing analysis crashes (#​3208)
• Fixed detector ThrowingExceptions by removing false positive reports, such as synthetic methods (lambdas), methods which inherited their exception specifications and methods which call throwing methods (#​2040)
• Do not report DP_DO_INSIDE_DO_PRIVILEGED, DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in code targeting Java 17 and above, since it advises the usage of deprecated method (#​1515).
• Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive for a builder delegating to another builder (#​3235)

Cleanup

• Cleanup thread issue and regex issue in test-harness (#​3130)
• Remove extra blank lines and remove public from interface objects as inherently already public (#​3131)
• Fix order of modifiers on properties/methods and ensure correct location in file (#​3132, #​3177)
• Return objects directly instead of creating more garbage collection by defining them (#​3133, #​3175)
• Restrict the constructor of abstract classes visibility to protected (#​3178)
• Cleanup double initialization and fix comments referring to findbugs instead of spotbugs(#​3134)
• Use diamond operator in constructor calls of Collections (#​3176)
• Use Collection.isEmpty() or String.isEmpty() to test for emptiness (#​3180, #​3219)
• Use method references instead of lambdas where possible (#​3179)
• Move default clauses to the end of switches (#​3222)
• Remove unnecessary throws declarations (#​3220)
• Use Boolean.parseBoolean() for string-to-boolean conversion. (#​3217)
• Rename shadowing fields (#​3221)
• Combine catch blocks with the same body (#​3223)
• Merge conditions of nested ifs (#​3231)
• Use non deprecated 'getDottedClassName' instead of 'toDottedClassName'(#​3251)
• Use try with resources where possible (#​3253)

Changed

• Bump up Java version to 11

---

Configuration

📅 Schedule: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (80281fb) to head (de5ffc4).

Additional details and impacted files

@@              Coverage Diff               @@
##               main      #247       +/-   ##
==============================================
+ Coverage     85.71%   100.00%   +14.28%     
+ Complexity        4         3        -1     
==============================================
  Files             3         1        -2     
  Lines             7         4        -3     
==============================================
- Hits              6         4        -2     
+ Misses            1         0        -1     

Flag	Coverage Δ
integration-tests-macos-latest	100.00% <ø> (ø)
integration-tests-ubuntu-latest	100.00% <ø> (ø)
integration-tests-windows-latest	100.00% <ø> (ø)
unit-tests-macos-latest	?
unit-tests-ubuntu-latest	?
unit-tests-windows-latest	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

build