Hymir is a Java based IIIF Server. It is based on "IIIF Image API Java Libraries" and "IIIF Presentation API Java Libraries" projects (see https://github.com/dbmdz)
Do not emit false positives of MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR and MC_OVERRIDABLE_METHOD_CALL_IN_CLONE for final classes (#1812). @danielnorberg
Reports cannot be created on Windows platform (#1842) @KengoTODA
Rule DCN_NULLPOINTER_EXCEPTION covers catching NullPointerExceptions in accordance with SEI Cert rule ERR08-J (#1740)
Multiple types of report can be generated in batch. Set multiple commandline options for report configuration like -html=report/spotbugs.html -xml:withMessages=report/spotbugs.xml.
New rule REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS to detect public methods instantiating a class they get in their parameter. This rule based on the SEI CERT rule SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields. (#SEC05-J)
Do not emit false positives of MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR and MC_OVERRIDABLE_METHOD_CALL_IN_CLONE for final classes (#1812). @danielnorberg
Reports cannot be created on Windows platform (#1842) @KengoTODA
Rule DCN_NULLPOINTER_EXCEPTION covers catching NullPointerExceptions in accordance with SEI Cert rule ERR08-J (#1740)
Multiple types of report can be generated in batch. Set multiple commandline options for report configuration like -html=report/spotbugs.html -xml:withMessages=report/spotbugs.xml.
New rule REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS to detect public methods instantiating a class they get in their parameter. This rule based on the SEI CERT rule SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields. (#SEC05-J)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps
version.spotbugs
from 4.2.3 to 4.5.2. Updatesspotbugs-annotations
from 4.2.3 to 4.5.2Release notes
Sourced from spotbugs-annotations's releases.
... (truncated)
Changelog
Sourced from spotbugs-annotations's changelog.
... (truncated)
Commits
0c8b4d1
Update CHANGELOG.md94d81f1
docs: fix category in the CHANGELOGf29e292
Fixed typo in the dated46acbf
build(deps): bump log4j-slf4j18-impl from 2.15.0 to 2.16.0ba7eb96
Release 4.5.2 to address CVE-2021-44228c84b263
build(deps): bump log4j-slf4j18-impl from 2.14.1 to 2.15.022fba92
fix: updated RV_01_TO_INT to include float and long (#1851)1f8f6d0
build(deps): bump com.github.spotbugs from 5.0.1 to 5.0.2 (#1860)bef25f0
build(deps): bump com.github.spotbugs from 5.0.0-rc.1 to 5.0.18023af6
prepare for the next developmentUpdates
spotbugs
from 4.2.3 to 4.5.2Release notes
Sourced from spotbugs's releases.
... (truncated)
Changelog
Sourced from spotbugs's changelog.
... (truncated)
Commits
0c8b4d1
Update CHANGELOG.md94d81f1
docs: fix category in the CHANGELOGf29e292
Fixed typo in the dated46acbf
build(deps): bump log4j-slf4j18-impl from 2.15.0 to 2.16.0ba7eb96
Release 4.5.2 to address CVE-2021-44228c84b263
build(deps): bump log4j-slf4j18-impl from 2.14.1 to 2.15.022fba92
fix: updated RV_01_TO_INT to include float and long (#1851)1f8f6d0
build(deps): bump com.github.spotbugs from 5.0.1 to 5.0.2 (#1860)bef25f0
build(deps): bump com.github.spotbugs from 5.0.0-rc.1 to 5.0.18023af6
prepare for the next developmentDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)