search

mapfish / mapfish-print

A component of MapFish for printing templated cartographic maps. This module is the Java serverside module.
http://mapfish.github.io/mapfish-print-doc/
BSD 2-Clause "Simplified" License
183 stars 417 forks source link

Update spotbugs to v4.8.4 (3.30) (patch) #3278

Closed renovate[bot] closed 3 months ago

renovate[bot] commented 3 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
com.github.spotbugs:spotbugs-annotations (source) 4.8.3 -> 4.8.4 age adoption passing confidence
spotbugs (source) 4.8.3 -> 4.8.4 age adoption passing confidence

Release Notes

spotbugs/spotbugs (com.github.spotbugs:spotbugs-annotations) ### [`v4.8.4`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#484---2024-04-07) [Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.8.3...4.8.4) ##### Fixed - Fix FP in SE_PREVENT_EXT_OBJ_OVERWRITE when the if statement checking for null value, checking multiple variables or the method exiting in the if branch with an exception. ([#​2750](https://togithub.com/spotbugs/spotbugs/issues/2750)) - Fix possible null value in taxonomies of SARIF output ([#​2744](https://togithub.com/spotbugs/spotbugs/issues/2744)) - Fix `executionSuccessful` flag in SARIF report being set to false when bugs were found ([#​2116](https://togithub.com/spotbugs/spotbugs/issues/2116)) - Move information contained in the SARIF property `exitSignalName` to `exitCodeDescription` ([#​2739](https://togithub.com/spotbugs/spotbugs/issues/2739)) - Do not report SE_NO_SERIALVERSIONID or other serialization issues for records ([#​2793](https://togithub.com/spotbugs/spotbugs/issues/2793)) - Added support for CONSTANT_Dynamic ([#​2759](https://togithub.com/spotbugs/spotbugs/issues/2759)) - Ignore generic variable types when looking for BC_UNCONFIRMED_CAST_OF_RETURN_VALUE ([#​1219](https://togithub.com/spotbugs/spotbugs/issues/1219)) - Do not report BC_UNCONFIRMED_CAST for Java 21's type switches ([#​2813](https://togithub.com/spotbugs/spotbugs/pull/2813)) - Remove AppleExtension library (note: menus slightly changed) ([#​2823](https://togithub.com/spotbugs/spotbugs/pull/2823)) - Fix false positive NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE even if Objects.requireNonNull is used. ([#​651](https://togithub.com/spotbugs/spotbugs/issues/651), [#​456](https://togithub.com/spotbugs/spotbugs/issues/456)) - Fixed error preventing SpotBugs from reporting FE_FLOATING_POINT_EQUALITY ([#​2843](https://togithub.com/spotbugs/spotbugs/pull/2843)) - Fixed NP_LOAD_OF_KNOWN_NULL_VALUE and RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE false positives in try-with-resources generated finally blocks ([#​2844](https://togithub.com/spotbugs/spotbugs/pull/2844)) - Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches ([#​2828](https://togithub.com/spotbugs/spotbugs/pull/2828)) - Update UnreadFields detector to ignore warnings for fields with certain annotations ([#​574](https://togithub.com/spotbugs/spotbugs/issues/574)) - Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with [@​PostConstruct](https://togithub.com/PostConstruct), [@​BeforeEach](https://togithub.com/BeforeEach), etc. ([#​2872](https://togithub.com/spotbugs/spotbugs/pull/2872) [#​2870](https://togithub.com/spotbugs/spotbugs/issues/2870) [#​453](https://togithub.com/spotbugs/spotbugs/issues/453)) - Do not report DLS_DEAD_LOCAL_STORE for Hibernate bytecode enhancements ([#​2865](https://togithub.com/spotbugs/spotbugs/pull/2865)) - Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positives due to source code formatting ([#​2874](https://togithub.com/spotbugs/spotbugs/pull/2874)) - Added more nullability annotations in TypeQualifierResolver ([#​2558](https://togithub.com/spotbugs/spotbugs/issues/2558) [#​2694](https://togithub.com/spotbugs/spotbugs/pull/2694)) - Improved the bug description for VA_FORMAT_STRING_USES_NEWLINE when using text blocks, check the usage of String.formatted() ([#​2881](https://togithub.com/spotbugs/spotbugs/pull/2881)) - Fixed crash in ValueRangeAnalysisFactory when looking for redundant conditions used in assertions [#​2887](https://togithub.com/spotbugs/spotbugs/pull/2887)) - Revert again commons-text from 1.11.0 to 1.10.0 to resolve a version conflict ([#​2686](https://togithub.com/spotbugs/spotbugs/issues/2686)) - Fixed false positive MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR when referencing but not calling an overridable method [#​2837](https://togithub.com/spotbugs/spotbugs/pull/2837)) - Update the filter XSD namespace and location for the upcoming 4.8.4 release [#​2909](https://togithub.com/spotbugs/spotbugs/issues/2909)) ##### Added - New detector `MultipleInstantiationsOfSingletons` and introduced new bug types: - `SING_SINGLETON_HAS_NONPRIVATE_CONSTRUCTOR` is reported in case of a non-private constructor, - `SING_SINGLETON_IMPLEMENTS_CLONEABLE` is reported in case of a class directly implementing the `Cloneable` interface, - `SING_SINGLETON_INDIRECTLY_IMPLEMENTS_CLONEABLE` is reported when a class indirectly implements the `Cloneable` interface, - `SING_SINGLETON_IMPLEMENTS_CLONE_METHOD` is reported when a class does not implement the `Cloneable` interface, but has a `clone()` method, - `SING_SINGLETON_IMPLEMENTS_SERIALIZABLE` is reported when a class directly or indirectly implements the `Serializable` interface and - `SING_SINGLETON_GETTER_NOT_SYNCHRONIZED` is reported when the instance-getter method of the singleton class is not synchronized. (See [SEI CERT MSC07-J](https://wiki.sei.cmu.edu/confluence/display/java/MSC07-J.+Prevent+multiple+instantiations+of+singleton+objects)) - Extend `FindOverridableMethodCall` detector with new bug type: `MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT`. It's reported when an overridable method is called from `readObject()`, according to SEI CERT rule [SER09-J. Do not invoke overridable methods from the readObject() method](https://wiki.sei.cmu.edu/confluence/display/java/SER09-J.+Do+not+invoke+overridable+methods+from+the+readObject%28%29+method). ##### Changed - Minor cleanup in connection with slashed and dotted names ([#​2805](https://togithub.com/spotbugs/spotbugs/pull/2805)) ##### Build - Fix sonar coverage for project ([#​2796](https://togithub.com/spotbugs/spotbugs/issues/2796)) - Upgraded the build to compile bug samples using Java 21 language features ([#​2813](https://togithub.com/spotbugs/spotbugs/pull/2813)) - Add 'configurations.checkstyle resolution starategy' to control bug in gradle on exclusions not being excluded properly as seen in checkstyle usage. See [https://github.com/checkstyle/checkstyle/issues/14211](https://togithub.com/checkstyle/checkstyle/issues/14211) for more information. ([#​2798](https://togithub.com/spotbugs/spotbugs/issues/2798)) - Allow our builds to work with jdk 11 with drop back on Eclipse to 4.24 and spring to 5.3.31. ([#​2604](https://togithub.com/spotbugs/spotbugs/pull/2604/))

Configuration

πŸ“… Schedule: Branch creation - "after 5pm on the first day of the month" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about these updates again.

This PR has been generated by Mend Renovate. View repository job log here.