Hymir is a Java based IIIF Server. It is based on "IIIF Image API Java Libraries" and "IIIF Presentation API Java Libraries" projects (see https://github.com/dbmdz)
Fixed SARIF format to be compatible with Github code scanning API requirements (#1630)
Fixed
Fixed immutable classes in java.net.* as being flagged as EI (#1653
Classes containing only static methods with setter-like names are no longer considered as mutable (#1601)
Handle all immutable collections in the Guava library as immutable (#1601)
Classes annotated with @Immutable or @jdk.internal.ValueBased are considered as immutable (#1601)
All classes in packages java.time and java.math are now correctly handled as immutable (#1601)
4.4.0 - 2021-08-12
Fixed
Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE (#600 and #1338)
Inconsistent bug description on EQ_COMPARING_CLASS_NAMES (#1523)
Add a declaration of charset encoding in generated reports (#1623)
Fixed regression in Bug Info view for Eclipse 2021-03+ (#1477)
Added
New detector FindBadEndOfStreamCheck for new bug type EOS_BAD_END_OF_STREAM_CHECK. This bug is reported whenever the return value of java.io.FileInputStream.read() or java.io.FileReader.read() is first converted to byte/int and only thereafter checked against -1. (See SEI CERT rule FIO08-J)
4.3.0 - 2021-07-01
Fixed
MS_EXPOSE_REP and EI_EXPOSE_REP are now reported for code returning a reference to a mutable object indirectly (e.g. via a local variable)
Changed
Bump ObjectWeb ASM from 9.1 to 9.2 supporting JDK 18 (#1591)
Fixed SARIF format to be compatible with Github code scanning API requirements (#1630)
Fixed
Fixed immutable classes in java.net.* as being flagged as EI (#1653
Classes containing only static methods with setter-like names are no longer considered as mutable (#1601)
Handle all immutable collections in the Guava library as immutable (#1601)
Classes annotated with @Immutable or @jdk.internal.ValueBased are considered as immutable (#1601)
All classes in packages java.time and java.math are now correctly handled as immutable (#1601)
4.4.0 - 2021-08-12
Fixed
Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE (#600 and #1338)
Inconsistent bug description on EQ_COMPARING_CLASS_NAMES (#1523)
Add a declaration of charset encoding in generated reports (#1623)
Fixed regression in Bug Info view for Eclipse 2021-03+ (#1477)
Added
New detector FindBadEndOfStreamCheck for new bug type EOS_BAD_END_OF_STREAM_CHECK. This bug is reported whenever the return value of java.io.FileInputStream.read() or java.io.FileReader.read() is first converted to byte/int and only thereafter checked against -1. (See SEI CERT rule FIO08-J)
4.3.0 - 2021-07-01
Fixed
MS_EXPOSE_REP and EI_EXPOSE_REP are now reported for code returning a reference to a mutable object indirectly (e.g. via a local variable)
Changed
Bump ObjectWeb ASM from 9.1 to 9.2 supporting JDK 18 (#1591)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps
version.spotbugs
from 4.2.3 to 4.4.2. Updatesspotbugs-annotations
from 4.2.3 to 4.4.2Release notes
Sourced from spotbugs-annotations's releases.
... (truncated)
Changelog
Sourced from spotbugs-annotations's changelog.
... (truncated)
Commits
c0382dc
release v4.4.24e1db5c
docs: organize entries in the CHANGELOG2b7a08d
build(deps): bump mockito-core from 3.12.4 to 4.0.0c0a94ce
build(deps): bump com.github.spotbugs from 5.0.0-beta.1 to 5.0.0-beta.2e256ea5
fix: MutableClasses: add java.util.regex.Patternb221290
fix format5b1ad9b
remove try06b1378
fix resource leak due to Files.liste3fc40d
Fix Issue #1642a6878ed
build(deps): bump checker-qual from 3.18.0 to 3.18.1Updates
spotbugs
from 4.2.3 to 4.4.2Release notes
Sourced from spotbugs's releases.
... (truncated)
Changelog
Sourced from spotbugs's changelog.
... (truncated)
Commits
c0382dc
release v4.4.24e1db5c
docs: organize entries in the CHANGELOG2b7a08d
build(deps): bump mockito-core from 3.12.4 to 4.0.0c0a94ce
build(deps): bump com.github.spotbugs from 5.0.0-beta.1 to 5.0.0-beta.2e256ea5
fix: MutableClasses: add java.util.regex.Patternb221290
fix format5b1ad9b
remove try06b1378
fix resource leak due to Files.liste3fc40d
Fix Issue #1642a6878ed
build(deps): bump checker-qual from 3.18.0 to 3.18.1Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)