Hymir is a Java based IIIF Server. It is based on "IIIF Image API Java Libraries" and "IIIF Presentation API Java Libraries" projects (see https://github.com/dbmdz)
Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE (#600 and #1338)
Inconsistent bug description on EQ_COMPARING_CLASS_NAMES (#1523)
Add a declaration of charset encoding in generated reports (#1623)
Fixed regression in Bug Info view for Eclipse 2021-03+ (#1477)
Added
New detector FindBadEndOfStreamCheck for new bug type EOS_BAD_END_OF_STREAM_CHECK. This bug is reported whenever the return value of java.io.FileInputStream.read() or java.io.FileReader.read() is first converted to byte/int and only thereafter checked against -1. (See SEI CERT rule FIO08-J)
4.3.0 - 2021-07-01
Fixed
MS_EXPOSE_REP and EI_EXPOSE_REP are now reported for code returning a reference to a mutable object indirectly (e.g. via a local variable)
Changed
Bump ObjectWeb ASM from 9.1 to 9.2 supporting JDK 18 (#1591)
Function mutableSignature() improved and factored out from the MutableStaticFields detector
Added
New bugs MS_EXPOSE_BUF, EI_EXPOSE_BUF, EI_EXPOSE_STATIC_BUF2 and EI_EXPOSE_BUF2 by the FindReturnRef detector to detect cases where buffers or their backing arrays are exposed (see SEI CERT rule FIO05-J)
MS_EXPOSE_REP, EI_EXPOSE_REP, EI_EXPOSE_STATIC_REP2 and EI_EXPOSE_REP2 now report for shallowly copied arrays (using clone()) of mutable objects
Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE (#600 and #1338)
Inconsistent bug description on EQ_COMPARING_CLASS_NAMES (#1523)
Add a declaration of charset encoding in generated reports (#1623)
Fixed regression in Bug Info view for Eclipse 2021-03+ (#1477)
Added
New detector FindBadEndOfStreamCheck for new bug type EOS_BAD_END_OF_STREAM_CHECK. This bug is reported whenever the return value of java.io.FileInputStream.read() or java.io.FileReader.read() is first converted to byte/int and only thereafter checked against -1. (See SEI CERT rule FIO08-J)
4.3.0 - 2021-07-01
Fixed
MS_EXPOSE_REP and EI_EXPOSE_REP are now reported for code returning a reference to a mutable object indirectly (e.g. via a local variable)
Changed
Bump ObjectWeb ASM from 9.1 to 9.2 supporting JDK 18 (#1591)
Function mutableSignature() improved and factored out from the MutableStaticFields detector
Added
New bugs MS_EXPOSE_BUF, EI_EXPOSE_BUF, EI_EXPOSE_STATIC_BUF2 and EI_EXPOSE_BUF2 by the FindReturnRef detector to detect cases where buffers or their backing arrays are exposed (see SEI CERT rule FIO05-J)
MS_EXPOSE_REP, EI_EXPOSE_REP, EI_EXPOSE_STATIC_REP2 and EI_EXPOSE_REP2 now report for shallowly copied arrays (using clone()) of mutable objects
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps
version.spotbugs
from 4.2.3 to 4.4.0. Updatesspotbugs-annotations
from 4.2.3 to 4.4.0Release notes
Sourced from spotbugs-annotations's releases.
... (truncated)
Changelog
Sourced from spotbugs-annotations's changelog.
Commits
02c21e1
chore: release 4.4.09b8c6a7
ci: migrate ReadTheDocs App with GitHub Actionsea0b850
Update CHANGELOG.mde8d7300
Fix #1477 by removing invalid NO_BACKGROUND style542545b
build: attach Eclipse plugin to GitHub Releases9868ac4
build(deps): bump checker-qual from 3.16.0 to 3.17.0 (#1633)e13334a
Declare character encodings in HTMLd86f677
Update CHANGELOG.md84ea0cf
Declare character encodings in HTMLd43d81a
Fix #1523, solving inconsistency in SpotBugs Bug Description of EQ_COMPARING_...Updates
spotbugs
from 4.2.3 to 4.4.0Release notes
Sourced from spotbugs's releases.
... (truncated)
Changelog
Sourced from spotbugs's changelog.
Commits
02c21e1
chore: release 4.4.09b8c6a7
ci: migrate ReadTheDocs App with GitHub Actionsea0b850
Update CHANGELOG.mde8d7300
Fix #1477 by removing invalid NO_BACKGROUND style542545b
build: attach Eclipse plugin to GitHub Releases9868ac4
build(deps): bump checker-qual from 3.16.0 to 3.17.0 (#1633)e13334a
Declare character encodings in HTMLd86f677
Update CHANGELOG.md84ea0cf
Declare character encodings in HTMLd43d81a
Fix #1523, solving inconsistency in SpotBugs Bug Description of EQ_COMPARING_...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)