New detector FindInstanceLockOnSharedStaticData for new bug type SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA. This detector reports a bug if an instance level lock is used to modify a shared static data. (See SEI CERT rule LCK06-J) @gonczmisi
New detector FindInstanceLockOnSharedStaticData for new bug type SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA. This detector reports a bug if an instance level lock is used to modify a shared static data. (See SEI CERT rule LCK06-J)
New rule PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS to warn for custom class loaders who do not call their superclasses' getPermissions() in their getPermissions() method. This rule based on the SEI CERT rule SEC07-J Call the superclass's getPermissions() method when writing a custom class loader. (#SEC07-J)
note on groovy: If using groovy with same group id (already existing condition), an error may occur if not on same version. To alleviate that, make sure groovy artifacts are defined in dependency management in order to force the loaded version correctly on your usage.
note on 4.6.0.1/4.6.0.2: no change, not released. Issue with site distribution via maven release plugin only that is being tested, use 4.6.0.0 only.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
2 years ago
Bumps
spotbugs.versionfrom 4.5.3 to 4.6.0. Updatesspotbugs-annotationsfrom 4.5.3 to 4.6.0Release notes
Sourced from spotbugs-annotations's releases.
Changelog
Sourced from spotbugs-annotations's changelog.
Commits
e2f1577release 4.6.09679dcedocs: add a missing CHANGELOG entry for #19666d6ca37docs: add a missing CHANGELOG entry for #1960f830433build(deps): bump spring-core from 5.3.15 to 5.3.16e52ddadbuild(deps): bump com.diffplug.spotless from 6.2.0 to 6.3.0adc8600build(deps): bump com.github.spotbugs from 5.0.5 to 5.0.65dabbe3build(deps): bump gson from 2.8.9 to 2.9.0a703224build(deps): bump goomph from 3.34.1 to 3.35.0 in /buildSrca0b3350build(deps): bump mockito-core from 4.2.0 to 4.3.139ce75dbuild(deps): bump guiceVersion from 5.0.1 to 5.1.0Updates
spotbugs-maven-pluginfrom 4.5.3.0 to 4.6.0.0Release notes
Sourced from spotbugs-maven-plugin's releases.
Commits
1757c7f[maven-release-plugin] prepare release spotbugs-maven-plugin-4.6.0.07e022d7[pom] Bump remainder to spotbugs 4.6.0aa8a2b1Merge pull request #413 from spotbugs/dependabot/maven/org.codehaus.mojo-vers...c51b51cBump versions-maven-plugin from 2.9.0 to 2.10.0fd7e020Merge pull request #411 from spotbugs/dependabot/maven/mavenVersion-3.8.54b591e2Bump mavenVersion from 3.8.4 to 3.8.53276bfaMerge pull request #412 from spotbugs/dependabot/maven/mavenCoreVersion-3.8.5047836cBump mavenCoreVersion from 3.8.4 to 3.8.54fa6caaMerge pull request #409 from spotbugs/dependabot/maven/com.github.spotbugs-sp...3d45f8fMerge pull request #410 from spotbugs/dependabot/maven/groovyVersion-4.0.1Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)