renovate[bot]
commented
1 month ago Edited/Blocked Notification
Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.
You can manually request rebase by checking the rebase/retry box above.
⚠️ Warning: custom changes will be lost.
This PR contains the following updates:
4.8.3->4.8.5Release Notes
spotbugs/spotbugs (com.github.spotbugs:spotbugs-annotations)
### [`v4.8.5`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#485---2024-05-03) [Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.8.4...4.8.5) ##### Fixed - Fix FP `SING_SINGLETON_GETTER_NOT_SYNCHRONIZED` with eager instances ([#2932](https://togithub.com/spotbugs/spotbugs/issues/2932)) - Fix FPs when looking for multiple initialization of Singletons ([#2934](https://togithub.com/spotbugs/spotbugs/issues/2934)) - Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches when switch instruction is TABLESWITCH([#2736](https://togithub.com/spotbugs/spotbugs/issues/2736)) - Fix FP `SE_BAD_FIELD` for record fields (\[[#2935](https://togithub.com/spotbugs/spotbugs/issues/2935)][https://github.com/spotbugs/spotbugs/issues/2935](https://togithub.com/spotbugs/spotbugs/issues/2935)) ### [`v4.8.4`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#484---2024-04-07) [Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.8.3...4.8.4) ##### Fixed - Fix FP in SE_PREVENT_EXT_OBJ_OVERWRITE when the if statement checking for null value, checking multiple variables or the method exiting in the if branch with an exception. ([#2750](https://togithub.com/spotbugs/spotbugs/issues/2750)) - Fix possible null value in taxonomies of SARIF output ([#2744](https://togithub.com/spotbugs/spotbugs/issues/2744)) - Fix `executionSuccessful` flag in SARIF report being set to false when bugs were found ([#2116](https://togithub.com/spotbugs/spotbugs/issues/2116)) - Move information contained in the SARIF property `exitSignalName` to `exitCodeDescription` ([#2739](https://togithub.com/spotbugs/spotbugs/issues/2739)) - Do not report SE_NO_SERIALVERSIONID or other serialization issues for records ([#2793](https://togithub.com/spotbugs/spotbugs/issues/2793)) - Added support for CONSTANT_Dynamic ([#2759](https://togithub.com/spotbugs/spotbugs/issues/2759)) - Ignore generic variable types when looking for BC_UNCONFIRMED_CAST_OF_RETURN_VALUE ([#1219](https://togithub.com/spotbugs/spotbugs/issues/1219)) - Do not report BC_UNCONFIRMED_CAST for Java 21's type switches ([#2813](https://togithub.com/spotbugs/spotbugs/pull/2813)) - Remove AppleExtension library (note: menus slightly changed) ([#2823](https://togithub.com/spotbugs/spotbugs/pull/2823)) - Fix false positive NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE even if Objects.requireNonNull is used. ([#651](https://togithub.com/spotbugs/spotbugs/issues/651), [#456](https://togithub.com/spotbugs/spotbugs/issues/456)) - Fixed error preventing SpotBugs from reporting FE_FLOATING_POINT_EQUALITY ([#2843](https://togithub.com/spotbugs/spotbugs/pull/2843)) - Fixed NP_LOAD_OF_KNOWN_NULL_VALUE and RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE false positives in try-with-resources generated finally blocks ([#2844](https://togithub.com/spotbugs/spotbugs/pull/2844)) - Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches ([#2828](https://togithub.com/spotbugs/spotbugs/pull/2828)) - Update UnreadFields detector to ignore warnings for fields with certain annotations ([#574](https://togithub.com/spotbugs/spotbugs/issues/574)) - Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with [@PostConstruct](https://togithub.com/PostConstruct), [@BeforeEach](https://togithub.com/BeforeEach), etc. ([#2872](https://togithub.com/spotbugs/spotbugs/pull/2872) [#2870](https://togithub.com/spotbugs/spotbugs/issues/2870) [#453](https://togithub.com/spotbugs/spotbugs/issues/453)) - Do not report DLS_DEAD_LOCAL_STORE for Hibernate bytecode enhancements ([#2865](https://togithub.com/spotbugs/spotbugs/pull/2865)) - Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positives due to source code formatting ([#2874](https://togithub.com/spotbugs/spotbugs/pull/2874)) - Added more nullability annotations in TypeQualifierResolver ([#2558](https://togithub.com/spotbugs/spotbugs/issues/2558) [#2694](https://togithub.com/spotbugs/spotbugs/pull/2694)) - Improved the bug description for VA_FORMAT_STRING_USES_NEWLINE when using text blocks, check the usage of String.formatted() ([#2881](https://togithub.com/spotbugs/spotbugs/pull/2881)) - Fixed crash in ValueRangeAnalysisFactory when looking for redundant conditions used in assertions [#2887](https://togithub.com/spotbugs/spotbugs/pull/2887)) - Revert again commons-text from 1.11.0 to 1.10.0 to resolve a version conflict ([#2686](https://togithub.com/spotbugs/spotbugs/issues/2686)) - Fixed false positive MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR when referencing but not calling an overridable method [#2837](https://togithub.com/spotbugs/spotbugs/pull/2837)) - Update the filter XSD namespace and location for the upcoming 4.8.4 release [#2909](https://togithub.com/spotbugs/spotbugs/issues/2909)) ##### Added - New detector `MultipleInstantiationsOfSingletons` and introduced new bug types: - `SING_SINGLETON_HAS_NONPRIVATE_CONSTRUCTOR` is reported in case of a non-private constructor, - `SING_SINGLETON_IMPLEMENTS_CLONEABLE` is reported in case of a class directly implementing the `Cloneable` interface, - `SING_SINGLETON_INDIRECTLY_IMPLEMENTS_CLONEABLE` is reported when a class indirectly implements the `Cloneable` interface, - `SING_SINGLETON_IMPLEMENTS_CLONE_METHOD` is reported when a class does not implement the `Cloneable` interface, but has a `clone()` method, - `SING_SINGLETON_IMPLEMENTS_SERIALIZABLE` is reported when a class directly or indirectly implements the `Serializable` interface and - `SING_SINGLETON_GETTER_NOT_SYNCHRONIZED` is reported when the instance-getter method of the singleton class is not synchronized. (See [SEI CERT MSC07-J](https://wiki.sei.cmu.edu/confluence/display/java/MSC07-J.+Prevent+multiple+instantiations+of+singleton+objects)) - Extend `FindOverridableMethodCall` detector with new bug type: `MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT`. It's reported when an overridable method is called from `readObject()`, according to SEI CERT rule [SER09-J. Do not invoke overridable methods from the readObject() method](https://wiki.sei.cmu.edu/confluence/display/java/SER09-J.+Do+not+invoke+overridable+methods+from+the+readObject%28%29+method). ##### Changed - Minor cleanup in connection with slashed and dotted names ([#2805](https://togithub.com/spotbugs/spotbugs/pull/2805)) ##### Build - Fix sonar coverage for project ([#2796](https://togithub.com/spotbugs/spotbugs/issues/2796)) - Upgraded the build to compile bug samples using Java 21 language features ([#2813](https://togithub.com/spotbugs/spotbugs/pull/2813)) - Add 'configurations.checkstyle resolution starategy' to control bug in gradle on exclusions not being excluded properly as seen in checkstyle usage. See [https://github.com/checkstyle/checkstyle/issues/14211](https://togithub.com/checkstyle/checkstyle/issues/14211) for more information. ([#2798](https://togithub.com/spotbugs/spotbugs/issues/2798)) - Allow our builds to work with jdk 11 with drop back on Eclipse to 4.24 and spring to 5.3.31. ([#2604](https://togithub.com/spotbugs/spotbugs/pull/2604/))Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.