search

FraunhoferISST / DataspaceConnector

This is an IDS Connector reference implementation.
https://www.isst.fraunhofer.de/de/geschaeftsfelder/datenwirtschaft/technologien/Dataspace-Connector.html
Apache License 2.0
103 stars 82 forks source link

chore(deps): Bump spotbugs.version from 4.5.3 to 4.6.0 #984

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps spotbugs.version from 4.5.3 to 4.6.0. Updates spotbugs-annotations from 4.5.3 to 4.6.0

Release notes

Sourced from spotbugs-annotations's releases.

SpotBugs 4.6.0

CHANGELOG

Fixed

Added

  • New detector FindInstanceLockOnSharedStaticData for new bug type SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA. This detector reports a bug if an instance level lock is used to modify a shared static data. (See SEI CERT rule LCK06-J) @​gonczmisi

CHECKSUM

file checksum (sha256)
spotbugs-4.6.0-javadoc.jar f38dba26a1e419483b19c3acc35962347a6e5c3d6793729e84a637cef1423c1a
spotbugs-4.6.0-sources.jar 6926fee89be85021a3a58cc8f08c5f706f3696c151dcee38dbaf674b6fa7f357
spotbugs-4.6.0.tgz d357a5920bba4e7964d834de88fe64892ed02b5e1d4f61b8afb5187e4e4cdd04
spotbugs-4.6.0.zip 8486f721d80e62c300fd2db5076badac3d969b596904c23f429c922a03041ac0
spotbugs-annotations-4.6.0-javadoc.jar d001876f444fb41f946218571f6935b008578cdc560d75691951b682578f260c
spotbugs-annotations-4.6.0-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar b7021b4ecbafd9b321bdf06eef2ec4519526e2b39fb7d080f2964308f017435e
spotbugs-ant-4.6.0-javadoc.jar 4d092495bee2eede65dbac444e72a89396dbc78beea15ae588d1d37e853c4cab
spotbugs-ant-4.6.0-sources.jar ce7cfbed848ccb0e3765cec6b9c60c458699aa51f60ad9216cf89dbf38d8d793
spotbugs-ant.jar b866a2a89a03b49e60b5f27e0f5987eb8c12c2d2aefc6e9ddcbcdae345c765db
spotbugs.jar 0c05d399522d4de7630a935eb24b2fef75cabf1867527abffbcd319a94804b5f
test-harness-4.6.0-javadoc.jar e5c5e087a6ae7dd919026dc1dc88e720ce239f73b125e150c15e70a78126574f
test-harness-4.6.0-sources.jar 2c1f5ef929453f3b682c7eb7c1e22db3082b5f74c5a5be439be5dc31dd7a31aa
test-harness-4.6.0.jar 45ca0e944ee5704318d79f67815cde7ca5f7fb22814e325d00e2d25d9b552659
test-harness-core-4.6.0-javadoc.jar 1e6bdfb261bbb17674d4ac94576cb3fb561b207d9b615fdcb575e6c565a03f09
test-harness-core-4.6.0-sources.jar f320f5eb4069e9686b760b2a6a0760989753225f9e9ce1226e3258ec64795d8a
test-harness-core-4.6.0.jar fd1a0c06a5eaff50ed0953d42fb7d69a41031c6a6630ad5e47c38a9f0eaca285
test-harness-jupiter-4.6.0-javadoc.jar 1a0f4bb21a3a2cf100b8b5d6ec6ccf6e54eef2d174e00cc34d54cf7f86d45640
test-harness-jupiter-4.6.0-sources.jar 210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.6.0.jar 18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4
Changelog

Sourced from spotbugs-annotations's changelog.

4.6.0 - 2022-03-08

Fixed

  • Fixed spotbugs build with ecj compiler (#1903)
  • Moved tests from spotbugs project to spotbugs-tests project (#1914)
  • Fixed UI freezes in Eclipse on bug count decorations update (#285)
  • Bumped log4j from 2.17.1 to 2.17.2 (#1960)
  • Bumped gson from 2.8.9 to 2.9.0 (#1960)

Added

  • New detector FindInstanceLockOnSharedStaticData for new bug type SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA. This detector reports a bug if an instance level lock is used to modify a shared static data. (See SEI CERT rule LCK06-J)
  • New rule PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS to warn for custom class loaders who do not call their superclasses' getPermissions() in their getPermissions() method. This rule based on the SEI CERT rule SEC07-J Call the superclass's getPermissions() method when writing a custom class loader. (#SEC07-J)
Commits
  • e2f1577 release 4.6.0
  • 9679dce docs: add a missing CHANGELOG entry for #1966
  • 6d6ca37 docs: add a missing CHANGELOG entry for #1960
  • f830433 build(deps): bump spring-core from 5.3.15 to 5.3.16
  • e52ddad build(deps): bump com.diffplug.spotless from 6.2.0 to 6.3.0
  • adc8600 build(deps): bump com.github.spotbugs from 5.0.5 to 5.0.6
  • 5dabbe3 build(deps): bump gson from 2.8.9 to 2.9.0
  • a703224 build(deps): bump goomph from 3.34.1 to 3.35.0 in /buildSrc
  • a0b3350 build(deps): bump mockito-core from 4.2.0 to 4.3.1
  • 39ce75d build(deps): bump guiceVersion from 5.0.1 to 5.1.0
  • Additional commits viewable in compare view


Updates spotbugs-maven-plugin from 4.5.3.0 to 4.6.0.0

Release notes

Sourced from spotbugs-maven-plugin's releases.

Spotbugs-maven-plugin 4.6.0.0

  • Spotbugs 4.6.0 support
  • Groovy 4.0.1 based

note on groovy: If using groovy with same group id (already existing condition), an error may occur if not on same version. To alleviate that, make sure groovy artifacts are defined in dependency management in order to force the loaded version correctly on your usage.

note on 4.6.0.1/4.6.0.2: no change, not released. Issue with site distribution via maven release plugin only that is being tested, use 4.6.0.0 only.

Commits
  • 1757c7f [maven-release-plugin] prepare release spotbugs-maven-plugin-4.6.0.0
  • 7e022d7 [pom] Bump remainder to spotbugs 4.6.0
  • aa8a2b1 Merge pull request #413 from spotbugs/dependabot/maven/org.codehaus.mojo-vers...
  • c51b51c Bump versions-maven-plugin from 2.9.0 to 2.10.0
  • fd7e020 Merge pull request #411 from spotbugs/dependabot/maven/mavenVersion-3.8.5
  • 4b591e2 Bump mavenVersion from 3.8.4 to 3.8.5
  • 3276bfa Merge pull request #412 from spotbugs/dependabot/maven/mavenCoreVersion-3.8.5
  • 047836c Bump mavenCoreVersion from 3.8.4 to 3.8.5
  • 4fa6caa Merge pull request #409 from spotbugs/dependabot/maven/com.github.spotbugs-sp...
  • 3d45f8f Merge pull request #410 from spotbugs/dependabot/maven/groovyVersion-4.0.1
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.