spotbugs/spotbugs
### [`v4.7.0`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#470---2022-04-14)
[Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.6.0...4.7.0)
##### Changed
- Updated documentation by adding parenthesis `()` to the negative odd check message ([#1995](https://togithub.com/spotbugs/spotbugs/issues/1995))
- Let the Plugin class implement AutoCloseable so we can release the .jar file ([#2024](https://togithub.com/spotbugs/spotbugs/issues/2024))
##### Fixed
- Fixed reports to truncate existing files before writing new content ([#1950](https://togithub.com/spotbugs/spotbugs/issues/1950))
- Bumped Saxon-HE from 10.6 to 11.3 ([#1955](https://togithub.com/spotbugs/spotbugs/pull/1955), [#1999](https://togithub.com/spotbugs/spotbugs/pull/1999))
- Fixed traversal of nested archives governed by `-nested:true` ([#1930](https://togithub.com/spotbugs/spotbugs/pull/1930))
- Warnings of deprecated System::setSecurityManager calls on Java 17 ([#1983](https://togithub.com/spotbugs/spotbugs/pull/1983))
- Fixed false positive SSD bug for locking on java.lang.Class objects ([#1978](https://togithub.com/spotbugs/spotbugs/issues/1978))
- FindReturnRef throws an IllegalArgumentException unexpectedly ([#2019](https://togithub.com/spotbugs/spotbugs/issues/2019))
- Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 ([#2004](https://togithub.com/spotbugs/spotbugs/pull/2004))
##### Added
- New detector `ThrowingExceptions` and introduced new bug types:
- `THROWS_METHOD_THROWS_RUNTIMEEXCEPTION` is reported in case of a method throwing RuntimeException,
- `THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION` is reported when a method has Exception in its throws clause and
- `THROWS_METHOD_THROWS_CLAUSE_THROWABLE` is reported when a method has Throwable in its throws clause (See [SEI CERT ERR07-J](https://wiki.sei.cmu.edu/confluence/display/java/ERR07-J.+Do+not+throw+RuntimeException%2C+Exception%2C+or+Throwable))
- New rule `PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS` to warn for custom class loaders who do not call their superclasses' `getPermissions()` in their `getPermissions()` method. This rule based on the SEI CERT rule *SEC07-J Call the superclass's getPermissions() method when writing a custom class loader*. ([#SEC07-J](https://wiki.sei.cmu.edu/confluence/display/java/SEC07-J.+Call+the+superclass%27s+getPermissions%28%29+method+when+writing+a+custom+class+loader))
- New rule `USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE` to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on *SEC02-J. Do not base security checks on untrusted sources*. ([#SEC02-J](https://wiki.sei.cmu.edu/confluence/display/java/SEC02-J.+Do+not+base+security+checks+on+untrusted+sources))
- New detector `DontUseFloatsAsLoopCounters` to detect usage of floating-point variables as loop counters (`FL_FLOATS_AS_LOOP_COUNTERS`), according to SEI CERT rules [NUM09-J. Do not use floating-point variables as loop counters](https://wiki.sei.cmu.edu/confluence/display/java/NUM09-J.+Do+not+use+floating-point+variables+as+loop+counters)
- New test detector `ViewCFG` to visualize the control-flow graph for `SpotBugs` developers
Configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, click this checkbox.
This PR contains the following updates:
4.6.0->4.7.0Release Notes
spotbugs/spotbugs
### [`v4.7.0`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#470---2022-04-14) [Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.6.0...4.7.0) ##### Changed - Updated documentation by adding parenthesis `()` to the negative odd check message ([#1995](https://togithub.com/spotbugs/spotbugs/issues/1995)) - Let the Plugin class implement AutoCloseable so we can release the .jar file ([#2024](https://togithub.com/spotbugs/spotbugs/issues/2024)) ##### Fixed - Fixed reports to truncate existing files before writing new content ([#1950](https://togithub.com/spotbugs/spotbugs/issues/1950)) - Bumped Saxon-HE from 10.6 to 11.3 ([#1955](https://togithub.com/spotbugs/spotbugs/pull/1955), [#1999](https://togithub.com/spotbugs/spotbugs/pull/1999)) - Fixed traversal of nested archives governed by `-nested:true` ([#1930](https://togithub.com/spotbugs/spotbugs/pull/1930)) - Warnings of deprecated System::setSecurityManager calls on Java 17 ([#1983](https://togithub.com/spotbugs/spotbugs/pull/1983)) - Fixed false positive SSD bug for locking on java.lang.Class objects ([#1978](https://togithub.com/spotbugs/spotbugs/issues/1978)) - FindReturnRef throws an IllegalArgumentException unexpectedly ([#2019](https://togithub.com/spotbugs/spotbugs/issues/2019)) - Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 ([#2004](https://togithub.com/spotbugs/spotbugs/pull/2004)) ##### Added - New detector `ThrowingExceptions` and introduced new bug types: - `THROWS_METHOD_THROWS_RUNTIMEEXCEPTION` is reported in case of a method throwing RuntimeException, - `THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION` is reported when a method has Exception in its throws clause and - `THROWS_METHOD_THROWS_CLAUSE_THROWABLE` is reported when a method has Throwable in its throws clause (See [SEI CERT ERR07-J](https://wiki.sei.cmu.edu/confluence/display/java/ERR07-J.+Do+not+throw+RuntimeException%2C+Exception%2C+or+Throwable)) - New rule `PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS` to warn for custom class loaders who do not call their superclasses' `getPermissions()` in their `getPermissions()` method. This rule based on the SEI CERT rule *SEC07-J Call the superclass's getPermissions() method when writing a custom class loader*. ([#SEC07-J](https://wiki.sei.cmu.edu/confluence/display/java/SEC07-J.+Call+the+superclass%27s+getPermissions%28%29+method+when+writing+a+custom+class+loader)) - New rule `USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE` to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on *SEC02-J. Do not base security checks on untrusted sources*. ([#SEC02-J](https://wiki.sei.cmu.edu/confluence/display/java/SEC02-J.+Do+not+base+security+checks+on+untrusted+sources)) - New detector `DontUseFloatsAsLoopCounters` to detect usage of floating-point variables as loop counters (`FL_FLOATS_AS_LOOP_COUNTERS`), according to SEI CERT rules [NUM09-J. Do not use floating-point variables as loop counters](https://wiki.sei.cmu.edu/confluence/display/java/NUM09-J.+Do+not+use+floating-point+variables+as+loop+counters) - New test detector `ViewCFG` to visualize the control-flow graph for `SpotBugs` developersConfiguration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.