spotbugs/spotbugs (com.github.spotbugs:spotbugs-annotations)
### [`v4.8.3`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#483---2023-12-12)
[Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.8.2...4.8.3)
##### Fixed
- Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits for checked exceptions ([#2710](https://togithub.com/spotbugs/spotbugs/issues/2710))
- Applied changes for bcel 6.8.0 with adjustments to constant pool ([#2756](https://togithub.com/spotbugs/spotbugs/pull/2756))
- More information bcel changes can be found on ([#2757](https://togithub.com/spotbugs/spotbugs/pull/2757))
- Fix FN in CT_CONSTRUCTOR_THROW when the return value of the called method is not void or primitive type.
##### Changed
- Improved Matcher checks for empty strings ([#2755](https://togithub.com/spotbugs/spotbugs/pull/2755))
- Allow 'onlyAnalyze' option to specify negative matches, such that this facility can be used to prevent a subset of classes to be excluded from analysis ([#2754](https://togithub.com/spotbugs/spotbugs/pull/2754))
- Strictly require logback 1.2.13 due to CVE-2023-6481 and CVE-23-6378 ([#2760](https://togithub.com/spotbugs/spotbugs/pull/2760))
- Prefer log4j2 at 2.22.0 and logback at 1.4.14 ([#2760](https://togithub.com/spotbugs/spotbugs/pull/2760))
### [`v4.8.2`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#482---2023-11-28)
[Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.8.1...4.8.2)
##### Fixed
- Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource ([#2379](https://togithub.com/spotbugs/spotbugs/issues/2379))
- Use java.nio to load filter files ([#2684](https://togithub.com/spotbugs/spotbugs/pull/2684))
- Eclipse: Do not export javax.annotation packages ([#2699](https://togithub.com/spotbugs/spotbugs/pull/2699))
- Fixed not thread safe FindOverridableMethodCall detector ([#2701](https://togithub.com/spotbugs/spotbugs/issues/2701))
- Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. ([#2646](https://togithub.com/spotbugs/spotbugs/issues/2646))
- Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict ([#2686](https://togithub.com/spotbugs/spotbugs/issues/2686))
- Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits ([#2710](https://togithub.com/spotbugs/spotbugs/issues/2710))
##### Added
- New detector finding `System.getenv()` calls, where the corresponding Java property could be used (See [ENV02-J](https://wiki.sei.cmu.edu/confluence/display/java/ENV02-J.+Do+not+trust+the+values+of+environment+variables)).
##### Build
- Run build using jdk 17 and 21 without usage of toolchains so we do not defeat the purpose of building on both. ([#2722](https://togithub.com/spotbugs/spotbugs/pull/2722))
### [`v4.8.1`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#481---2023-11-06)
[Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.8.0...4.8.1)
##### Fixed
- Fixed schema location for findbugsfilter.xsd (\[[#1416](https://togithub.com/spotbugs/spotbugs/issues/1416)])
- Fixed missing null checks (\[[#2629](https://togithub.com/spotbugs/spotbugs/issues/2629)])
- Disabled DontReusePublicIdentifiers due to the high false positives rate (\[[#2627](https://togithub.com/spotbugs/spotbugs/issues/2627)])
- Removed signature of methods using UTF-8 in DefaultEncodingDetector (\[[#2634](https://togithub.com/spotbugs/spotbugs/issues/2634)])
- Fix exception escapes when calling functions of JUnit Assert or Assertions (\[[#2640](https://togithub.com/spotbugs/spotbugs/issues/2640)])
- Fixed an error in the SARIF export when a bug annotation is missing (\[[#2632](https://togithub.com/spotbugs/spotbugs/issues/2632)])
- Fixed false positive RV_EXCEPTION_NOT_THROWN when asserting to exception throws (\[[#2628](https://togithub.com/spotbugs/spotbugs/issues/2628)])
- Fix false positive CT_CONSTRUCTOR_THROW when supertype has final finalize (\[[#2665](https://togithub.com/spotbugs/spotbugs/issues/2665)])
- Lowered the priority of `PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE` bug (\[[#2652](https://togithub.com/spotbugs/spotbugs/issues/2652)])
- Eclipse: fixed startup overhead (on computing classpath) for PDE projects (\[[#2671](https://togithub.com/spotbugs/spotbugs/pull/2671)])
##### Build
- Fix deprecated GHA on '::set-output' by using GITHUB_OUTPUT (\[[#2651](https://togithub.com/spotbugs/spotbugs/pull/2651)])
Configuration
📅 Schedule: Branch creation - "after 10pm" in timezone Europe/Prague, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
4.8.0
->4.8.3
Release Notes
spotbugs/spotbugs (com.github.spotbugs:spotbugs-annotations)
### [`v4.8.3`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#483---2023-12-12) [Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.8.2...4.8.3) ##### Fixed - Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits for checked exceptions ([#2710](https://togithub.com/spotbugs/spotbugs/issues/2710)) - Applied changes for bcel 6.8.0 with adjustments to constant pool ([#2756](https://togithub.com/spotbugs/spotbugs/pull/2756)) - More information bcel changes can be found on ([#2757](https://togithub.com/spotbugs/spotbugs/pull/2757)) - Fix FN in CT_CONSTRUCTOR_THROW when the return value of the called method is not void or primitive type. ##### Changed - Improved Matcher checks for empty strings ([#2755](https://togithub.com/spotbugs/spotbugs/pull/2755)) - Allow 'onlyAnalyze' option to specify negative matches, such that this facility can be used to prevent a subset of classes to be excluded from analysis ([#2754](https://togithub.com/spotbugs/spotbugs/pull/2754)) - Strictly require logback 1.2.13 due to CVE-2023-6481 and CVE-23-6378 ([#2760](https://togithub.com/spotbugs/spotbugs/pull/2760)) - Prefer log4j2 at 2.22.0 and logback at 1.4.14 ([#2760](https://togithub.com/spotbugs/spotbugs/pull/2760)) ### [`v4.8.2`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#482---2023-11-28) [Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.8.1...4.8.2) ##### Fixed - Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource ([#2379](https://togithub.com/spotbugs/spotbugs/issues/2379)) - Use java.nio to load filter files ([#2684](https://togithub.com/spotbugs/spotbugs/pull/2684)) - Eclipse: Do not export javax.annotation packages ([#2699](https://togithub.com/spotbugs/spotbugs/pull/2699)) - Fixed not thread safe FindOverridableMethodCall detector ([#2701](https://togithub.com/spotbugs/spotbugs/issues/2701)) - Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. ([#2646](https://togithub.com/spotbugs/spotbugs/issues/2646)) - Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict ([#2686](https://togithub.com/spotbugs/spotbugs/issues/2686)) - Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits ([#2710](https://togithub.com/spotbugs/spotbugs/issues/2710)) ##### Added - New detector finding `System.getenv()` calls, where the corresponding Java property could be used (See [ENV02-J](https://wiki.sei.cmu.edu/confluence/display/java/ENV02-J.+Do+not+trust+the+values+of+environment+variables)). ##### Build - Run build using jdk 17 and 21 without usage of toolchains so we do not defeat the purpose of building on both. ([#2722](https://togithub.com/spotbugs/spotbugs/pull/2722)) ### [`v4.8.1`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#481---2023-11-06) [Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.8.0...4.8.1) ##### Fixed - Fixed schema location for findbugsfilter.xsd (\[[#1416](https://togithub.com/spotbugs/spotbugs/issues/1416)]) - Fixed missing null checks (\[[#2629](https://togithub.com/spotbugs/spotbugs/issues/2629)]) - Disabled DontReusePublicIdentifiers due to the high false positives rate (\[[#2627](https://togithub.com/spotbugs/spotbugs/issues/2627)]) - Removed signature of methods using UTF-8 in DefaultEncodingDetector (\[[#2634](https://togithub.com/spotbugs/spotbugs/issues/2634)]) - Fix exception escapes when calling functions of JUnit Assert or Assertions (\[[#2640](https://togithub.com/spotbugs/spotbugs/issues/2640)]) - Fixed an error in the SARIF export when a bug annotation is missing (\[[#2632](https://togithub.com/spotbugs/spotbugs/issues/2632)]) - Fixed false positive RV_EXCEPTION_NOT_THROWN when asserting to exception throws (\[[#2628](https://togithub.com/spotbugs/spotbugs/issues/2628)]) - Fix false positive CT_CONSTRUCTOR_THROW when supertype has final finalize (\[[#2665](https://togithub.com/spotbugs/spotbugs/issues/2665)]) - Lowered the priority of `PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE` bug (\[[#2652](https://togithub.com/spotbugs/spotbugs/issues/2652)]) - Eclipse: fixed startup overhead (on computing classpath) for PDE projects (\[[#2671](https://togithub.com/spotbugs/spotbugs/pull/2671)]) ##### Build - Fix deprecated GHA on '::set-output' by using GITHUB_OUTPUT (\[[#2651](https://togithub.com/spotbugs/spotbugs/pull/2651)])Configuration
📅 Schedule: Branch creation - "after 10pm" in timezone Europe/Prague, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.