greatit / maven-great-it-parent

Great-IT company maven parent artifact
0 stars 0 forks source link

Bump com.github.spotbugs:spotbugs-annotations from 4.8.3 to 4.8.6 #57

Open dependabot[bot] opened 2 months ago

dependabot[bot] commented 2 months ago

Bumps com.github.spotbugs:spotbugs-annotations from 4.8.3 to 4.8.6.

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

SpotBugs 4.8.6

CHANGELOG

Fixed

  • Do not report BC_UNCONFIRMED_CAST for Java 21's type switches when the switch instruction is TABLESWITCH (#2782)
  • Do not throw exception when inspecting empty switch statements (#2995)
  • Adjust priority since relaxed mode reports even IGNORED_PRIORITY (#2994)
  • Fix duplicated log4j2 jar in distribution (#3001)

CHECKSUM

file checksum (sha256)
spotbugs-4.8.6-javadoc.jar e0af15063395b5eb8002a896dad1d02da869dbc53a7a4b1eee76e9e0f0444fbc
spotbugs-4.8.6-sources.jar fc38f6b06cf134a6b065e4e73747b17a8d9b107d935c828ebb1b8bee89527da1
spotbugs-4.8.6.tgz b9d4d25e53cd4202b2dc19c549c0ff54f8a72fc76a71a8c40dee94422c67ebea
spotbugs-4.8.6.zip 67cdc52cceb17eae394f8fc3660f21659cf354908f818e4d1f45a6935c2e4425
spotbugs-annotations-4.8.6-javadoc.jar 0f095f2d0c766b3e2c21ebc226b4f228898fa8c141736f7615a47a2e3be14ba7
spotbugs-annotations-4.8.6-sources.jar b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar 4548b74a815ed44f5480ca4f06204a8b00809dc7e5f6a825a9edf18f40377b65
spotbugs-ant-4.8.6-javadoc.jar 58f477c4fc59d8355a6c3ec972f216537baa2d30cb9afd38f16b511a31baaa89
spotbugs-ant-4.8.6-sources.jar 9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar 69fde8787971a26b2372d416015d806bf7df4f847f7121bd5eeef239324cf180
test-harness-4.8.6-javadoc.jar 1a220e01369a892e765f5956a38c7ebf1b54111eba623f5f79f430dd0336f901
test-harness-4.8.6-sources.jar 76788749afa9e2a8d6c39231f683bd8e3faab26947975c751c0ab0fbdfc3c17a
test-harness-4.8.6.jar 04c7c8e778a1688ab9636ab58b55f1236ae99bb5428a934a7ba0f54857263c74
test-harness-core-4.8.6-javadoc.jar 4a88789a52b52b4227d1f8384caa59f12e503dbb4ae266d4b5c3270e977afa35
test-harness-core-4.8.6-sources.jar f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.6.jar 30c2b71900f38b77fb0e4a788b8ae1ea5b9e54f42636111576e338085c9c53dd
test-harness-jupiter-4.8.6-javadoc.jar 49ae6407f1ff6a72a6d49a19b3de55eae791223129ff3b56079f26b3f3a85b1f
test-harness-jupiter-4.8.6-sources.jar 0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.6.jar 94c5ceecb79b93f5e357b5d9805f0a7a22536a52c70a376182faa14923d86021

SpotBugs 4.8.5

CHANGELOG

Fixed

CHECKSUM

file checksum (sha256)
spotbugs-4.8.5-javadoc.jar c8abae80768a5cd98bb09d13ae8baee1258efaf673e4c21688a581a8bc55cbe6
spotbugs-4.8.5-sources.jar c21daa57e931c0ea342de685884251e198ea3a48993a6d4c0ac8a9513fc8dd89
spotbugs-4.8.5.tgz c514054fd8f81f242ac6d64871d30bdb7b79cb49be7bd6b58067484efae8bfa0
spotbugs-4.8.5.zip a4b7bad5bb8d2d3cdc42b07d6cdd2a0d7864c0b24732120426d0002df4a9dd0f
spotbugs-annotations-4.8.5-javadoc.jar 5e35895e56ea0c2c4beb71a5b6962070d7a7092a79297419482c123c14324096

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.8.6 - 2024-06-17

Fixed

  • Do not report BC_UNCONFIRMED_CAST for Java 21's type switches when the switch instruction is TABLESWITCH (#2782)
  • Do not throw exception when inspecting empty switch statements (#2995)
  • Adjust priority since relaxed mode reports even IGNORED_PRIORITY (#2994)
  • Fix duplicated log4j2 jar in distribution (#3001)

4.8.5 - 2024-05-03

Fixed

  • Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED with eager instances (#2932)
  • Fix FPs when looking for multiple initialization of Singletons (#2934)
  • Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches when switch instruction is TABLESWITCH(#2736)
  • Fix FP SE_BAD_FIELD for record fields (#2935)

4.8.4 - 2024-04-07

Fixed

  • Fix FP in SE_PREVENT_EXT_OBJ_OVERWRITE when the if statement checking for null value, checking multiple variables or the method exiting in the if branch with an exception. (#2750)
  • Fix possible null value in taxonomies of SARIF output (#2744)
  • Fix executionSuccessful flag in SARIF report being set to false when bugs were found (#2116)
  • Move information contained in the SARIF property exitSignalName to exitCodeDescription (#2739)
  • Do not report SE_NO_SERIALVERSIONID or other serialization issues for records (#2793)
  • Added support for CONSTANT_Dynamic (#2759)
  • Ignore generic variable types when looking for BC_UNCONFIRMED_CAST_OF_RETURN_VALUE (#1219)
  • Do not report BC_UNCONFIRMED_CAST for Java 21's type switches (#2813)
  • Remove AppleExtension library (note: menus slightly changed) (#2823)
  • Fix false positive NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE even if Objects.requireNonNull is used. (#651, #456)
  • Fixed error preventing SpotBugs from reporting FE_FLOATING_POINT_EQUALITY (#2843)
  • Fixed NP_LOAD_OF_KNOWN_NULL_VALUE and RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE false positives in try-with-resources generated finally blocks (#2844)
  • Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches (#2828)
  • Update UnreadFields detector to ignore warnings for fields with certain annotations (#574)
  • Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with @​PostConstruct, @​BeforeEach, etc. (#2872 #2870 #453)
  • Do not report DLS_DEAD_LOCAL_STORE for Hibernate bytecode enhancements (#2865)
  • Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positives due to source code formatting (#2874)
  • Added more nullability annotations in TypeQualifierResolver (#2558 #2694)
  • Improved the bug description for VA_FORMAT_STRING_USES_NEWLINE when using text blocks, check the usage of String.formatted() (#2881)
  • Fixed crash in ValueRangeAnalysisFactory when looking for redundant conditions used in assertions #2887)
  • Revert again commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
  • Fixed false positive MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR when referencing but not calling an overridable method (#2837)
  • Update the filter XSD namespace and location for the upcoming 4.8.4 release (#2909)

Added

  • New detector MultipleInstantiationsOfSingletons and introduced new bug types:
    • SING_SINGLETON_HAS_NONPRIVATE_CONSTRUCTOR is reported in case of a non-private constructor,
    • SING_SINGLETON_IMPLEMENTS_CLONEABLE is reported in case of a class directly implementing the Cloneable interface,
    • SING_SINGLETON_INDIRECTLY_IMPLEMENTS_CLONEABLE is reported when a class indirectly implements the Cloneable interface,
    • SING_SINGLETON_IMPLEMENTS_CLONE_METHOD is reported when a class does not implement the Cloneable interface, but has a clone() method,
    • SING_SINGLETON_IMPLEMENTS_SERIALIZABLE is reported when a class directly or indirectly implements the Serializable interface and
    • SING_SINGLETON_GETTER_NOT_SYNCHRONIZED is reported when the instance-getter method of the singleton class is not synchronized. (See SEI CERT MSC07-J)
  • Extend FindOverridableMethodCall detector with new bug type: MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT. It's reported when an overridable method is called from readObject(), according to SEI CERT rule SER09-J. Do not invoke overridable methods from the readObject() method.

... (truncated)

Commits
  • 6cf7b2c release v4.8.6
  • 760571c [sonatype] Use token for sonatype as now enforced
  • 7f4ea03 prepare for the next release
  • d419a05 release v4.8.6
  • 8db7979 Release/4.8.6 (#3015)
  • c5d4ca0 chore(deps): update plugin com.github.spotbugs to v6.0.17 (#3009)
  • bd2fe15 Update spotbugs plugin to 6.0.16 (#3013)
  • 6aecbaf fix: incorrect formatting for links and moved 3001 to unreleased (#3012)
  • c246473 fix(deps): update dependency org.springframework:spring-core to v5.3.37 (#3011)
  • 4deffa6 chore(deps): update plugin com.gradle.develocity to v3.17.5 (#3010)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)