fix(deps): update dependency com.github.spotbugs:spotbugs-annotations to v4.8.0

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
com.github.spotbugs:spotbugs-annotations (source)	`4.7.3` -> `4.8.0`

Release Notes

spotbugs/spotbugs (com.github.spotbugs:spotbugs-annotations)

### [`v4.8.0`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#480---2023-10-11) [Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.7.3...4.8.0) ##### Changed - Bump up Apache Commons BCEL to the version 6.6.1 ([#2223](https://togithub.com/spotbugs/spotbugs/pull/2223)) - Bump up slf4j-api to 2.0.3 ([#2220](https://togithub.com/spotbugs/spotbugs/pull/2220)) - Bump up gson to 2.10 ([#2235](https://togithub.com/spotbugs/spotbugs/pull/2235)) - Allowed for large command line through writing arguments to file (UnionResults/UnionBugs2) - Use com.github.stephenc.jcip for jcip-annotations fixing [#887](https://togithub.com/spotbugs/spotbugs/issues/887) ##### Fixed - Fixed missing classes not in report if using IErrorLogger.reportMissingClass(ClassDescriptor) ([#219](https://togithub.com/spotbugs/spotbugs/issues/219)) - Stop exposing junit-bom to consumers ([#2255](https://togithub.com/spotbugs/spotbugs/pull/2255)) - Fixed AbstractBugReporter emits wrong non-sensical debug output during filtering ([#184](https://togithub.com/spotbugs/spotbugs/issues/184)) - Added support for jakarta namespace ([#2289](https://togithub.com/spotbugs/spotbugs/pull/2289)) - Report a low priority bug for an unread field in reflective classes ([#2325](https://togithub.com/spotbugs/spotbugs/issues/2325)) - Fixed "Unhandled event loop exception" opening Bug Filter Configuration dialog in Eclipse ([#2327](https://togithub.com/spotbugs/spotbugs/issues/2327)) - Fixed detector `RandomOnceSubDetector` to not report when `doubles`, `ints`, or `longs` are called on a new `Random` or `SecureRandom` ([#2370](https://togithub.com/spotbugs/spotbugs/issues/2325)) - Fixed detector `TestASM` throwing error during analysis, because it doesn't note that it reports bugs. - Eclipse annotation classpath initializer is hard-coded to jsr305 version 3.0.1, fix to 3.0.2 per [#2470](https://togithub.com/spotbugs/spotbugs/issues/2470) - Fixed annotation on generic or array incorrectly considered for the nullability of a method parameter or return type ([#2502](https://togithub.com/spotbugs/spotbugs/issues/2502)) - Added support for CONSTANT_Dynamic in constant class pool ([#2506](https://togithub.com/spotbugs/spotbugs/issues/2506)) - Recognise enums and records as immutable ([#2356](https://togithub.com/spotbugs/spotbugs/issues/2356)) - Added detections of reliance on default encoding in java.nio.file.Files ([#2114](https://togithub.com/spotbugs/spotbugs/issues/2114)) - Fixed a regression in the Value Number Analysis ([#2465](https://togithub.com/spotbugs/spotbugs/issues/2465)) - Fix XML Output incorrectly escaped in Eclipse Bug Info view ([#2520](https://togithub.com/spotbugs/spotbugs/pull/2520)) - Updated the MS_EXPOSE_REP description to mention mutable objects, not just arrays ([#1669](https://togithub.com/spotbugs/spotbugs/issues/1669)) - Described Configuration option frc.suspicious for bug RC_REF_COMPARISON in bug description ([#2297](https://togithub.com/spotbugs/spotbugs/issues/2297)) - Fixed FindHEMismatch not reporting HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS for some classes ([#2402](https://togithub.com/spotbugs/spotbugs/issues/2402)) - Added execute file permission to files in the distribution zip ([#2540](https://togithub.com/spotbugs/spotbugs/issues/2540)) - Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito.verify() call check ([#872](https://togithub.com/spotbugs/spotbugs/issues/872)) - Do not report SIC_INNER_SHOULD_BE_STATIC for classes annotated with JUnit Nested ([#560](https://togithub.com/spotbugs/spotbugs/issues/560)) - Detect created, but not-thrown exceptions, which are created by not the constructor ([#2547](https://togithub.com/spotbugs/spotbugs/issues/2547)) - Fixed eclipse plugin Effort.values pass to effortViewer as required cast to varargs ([#2579](https://togithub.com/spotbugs/spotbugs/pull/2579)) ##### Added - New simple name-based AnnotationMatcher for exclude files (now bug annotations store the class java annotations in an attribute called `classAnnotationNames`). For example, use like in an excludeFilter.xml to ignore classes generated by the Immutable framework. This ignores all class, method or field bugs in classes with that annotation. - Added the Common Weakness Enumeration (CWE) taxonomy to the Static Analysis Results Interchange Format (SARIF) report. The short and long description for the CWEs are retrived from a JSON file which is a slimmed down version of the official comprehensive CWE XML from MITRE. The JSON contains information about all CWEs. ([#2410](https://togithub.com/spotbugs/spotbugs/pull/2410)). - New detector `FindAssertionsWithSideEffects` detecting bug `ASSERTION_WITH_SIDE_EFFECT` and `ASSERTION_WITH_SIDE_EFFECT_METHOD` in case of assertions which may have side effects (See [EXP06-J. Expressions used in assertions must not produce side effects](https://wiki.sei.cmu.edu/confluence/display/java/EXP06-J.+Expressions+used+in+assertions+must+not+produce+side+effects)) - New rule set `PA_PUBLIC_PRIMITIVE_ATTRIBUTE`, `PA_PUBLIC_ARRAY_ATTRIBUTE` and `PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE` to warn for public attributes which are written by the methods of the class. This rule is loosely based on the SEI CERT rule *OBJ01-J Limit accessibility of fields*. ([#OBJ01-J](https://wiki.sei.cmu.edu/confluence/display/java/OBJ01-J.+Limit+accessibility+of+fields)) - Extend `SerializableIdiom` detector with new bug type: `SE_PREVENT_EXT_OBJ_OVERWRITE`. It's reported in case of the `readExternal()` method allows any caller to reset any value of an object - New Detector `FindVulnerableSecurityCheckMethods` for new bug type `VSC_VULNERABLE_SECURITY_CHECK_METHODS`. This bug is reported whenever a non-final and non-private method of a non-final class performs a security check using the `java.lang.SecurityManager`. (See \[SEI CERT MET03-J] (https://wiki.sei.cmu.edu/confluence/display/java/MET03-J.+Methods+that+perform+a+security+check+must+be+declared+private+or+final)) - New function added to detector `SynchronizationOnSharedBuiltinConstant`to detect `DL_SYNCHRONIZATION_ON_INTERNED_STRING` ([#2266](https://togithub.com/spotbugs/spotbugs/pull/2266)) - Make TypeQualifierResolver recognize org.apache.avro.reflect.Nullable ([#2066](https://togithub.com/spotbugs/spotbugs/pull/2066)) - New detector `FindArgumentAssertions` detecting bug `ASSERTION_OF_ARGUMENTS` in case of validation of arguments of public functions using assertions (See [MET01-J. Never use assertions to validate method arguments](https://wiki.sei.cmu.edu/confluence/display/java/MET01-J.+Never+use+assertions+to+validate+method+arguments)) - Add new detector `CT_CONSTRUCTOR_THROW` for detecting constructors that throw exceptions. - New detector `DontReusePublicIdentifiers` for new bug type `PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS`. This bug is reported whenever a new class, interface, field, method or variable is created reusing an identifier from the *Java Standard Library* . (See [SEI CERT rule DCL01-J](https://wiki.sei.cmu.edu/confluence/display/java/DCL01-J.+Do+not+reuse+public+identifiers+from+the+Java+Standard+Library)) ##### Security - Disable access to external entities when processing XML ([#2217](https://togithub.com/spotbugs/spotbugs/pull/2217)) ##### Build - Bump Eclipse from 4.6.3 to 4.14 ([#2314](https://togithub.com/spotbugs/spotbugs/pull/2314)) - Use jakarta annotation 1.3.5 instead of legacy javax annotation 1.3.2 ([#2315](https://togithub.com/spotbugs/spotbugs/pull/2315)) - Change hamcrest-all to hamcrest-core as that is what was actually used and then update to 2.2 ([#2316](https://togithub.com/spotbugs/spotbugs/pull/2316)) - Only run release action on 'spotbugs' and use Eclipse 4.14 ([#2317](https://togithub.com/spotbugs/spotbugs/pull/2317)) - Prefer log4j2 2.20.0 ([#2480](https://togithub.com/spotbugs/spotbugs/pull/2480)) - Prefer logback 1.4.8 ([#2480](https://togithub.com/spotbugs/spotbugs/pull/2480)) - Prefer logback 1.4.11 ([#2580](https://togithub.com/spotbugs/spotbugs/pull/2580)) - Switch junit 4 for junit 5 vintage engine ([#2483](https://togithub.com/spotbugs/spotbugs/pull/2483)) - LineEndings and Spotless ([#2343](https://togithub.com/spotbugs/spotbugs/pull/2343)) - Cleanup gitattributes switching text to auto. For developers using windows, run 'git add . --renormalize' and see https://docs.github.com/en/get-started/getting-started-with-git/configuring-git-to-handle-line-endings if needed. - Rework spotless setup from plugin to build file plugin matching that of gradle plugin and thus allowing spotless to be updated to 6.22.0 - Remove customized line endings for spotless so it uses git attributes as suggested by spotless - Add trimTrailingWhitespace for spotless - Fix deprecated usage of eclipse version from 4.13.0 to 4.13 per spotless requirements - Bump spotbugs gradle plugin to 6.0.0-beta.3 demonstrating breaking changes for 6.0.0 in gradle/java.gradle build file ([#2582](https://togithub.com/spotbugs/spotbugs/pull/2582)) - Delete checked in j2ee jar and instead use servlet/ejb apis from jakarta (javax standard) ([#2585](https://togithub.com/spotbugs/spotbugs/pull/2585)) - Bump Eclipse from 4.14 to 4.29 (latest) ([#2589](https://togithub.com/spotbugs/spotbugs/pull/2589)) - Cleanup hamcrest imports / used library ([#2600](https://togithub.com/spotbugs/spotbugs/pull/2600)) - Migrate entirely to junit 5 ([#2605](https://togithub.com/spotbugs/spotbugs/pull/2605)) - Some parts of codebase were junit 3 - Delete the SpotbugsRule - Replace custom java determination on build with Junit 5 usage - Various 'public' methods in tests fixed to 'private' - Junit 5 styling applied throughout - Add missing code to the SpotBugsRunner and now use the Extension as replacement of SpotbugsRule

Configuration

📅 Schedule: Branch creation - "after 10pm" in timezone Europe/Prague, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

micronaut-projects / micronaut-jms

fix(deps): update dependency com.github.spotbugs:spotbugs-annotations to v4.8.0 #441

Release Notes

Configuration