spotbugs/spotbugs (spotbugs)
### [`v4.8.3`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#483---2023-12-12)
[Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.8.2...4.8.3)
##### Fixed
- Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits for checked exceptions ([#2710](https://togithub.com/spotbugs/spotbugs/issues/2710))
- Applied changes for bcel 6.8.0 with adjustments to constant pool ([#2756](https://togithub.com/spotbugs/spotbugs/pull/2756))
- More information bcel changes can be found on ([#2757](https://togithub.com/spotbugs/spotbugs/pull/2757))
- Fix FN in CT_CONSTRUCTOR_THROW when the return value of the called method is not void or primitive type.
- Fix FP in CT_CONSTRUCTOR_THROW when exception throwing lambda is created, but not called in constructor ([#2695](https://togithub.com/spotbugs/spotbugs/issues/2695))
##### Changed
- Improved Matcher checks for empty strings ([#2755](https://togithub.com/spotbugs/spotbugs/pull/2755))
- Allow 'onlyAnalyze' option to specify negative matches, such that this facility can be used to prevent a subset of classes to be excluded from analysis ([#2754](https://togithub.com/spotbugs/spotbugs/pull/2754))
- Strictly require logback 1.2.13 due to CVE-2023-6481 and CVE-23-6378 ([#2760](https://togithub.com/spotbugs/spotbugs/pull/2760))
- Prefer log4j2 at 2.22.0 and logback at 1.4.14 ([#2760](https://togithub.com/spotbugs/spotbugs/pull/2760))
### [`v4.8.2`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#482---2023-11-28)
[Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.8.1...4.8.2)
##### Fixed
- Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource ([#2379](https://togithub.com/spotbugs/spotbugs/issues/2379))
- Use java.nio to load filter files ([#2684](https://togithub.com/spotbugs/spotbugs/pull/2684))
- Eclipse: Do not export javax.annotation packages ([#2699](https://togithub.com/spotbugs/spotbugs/pull/2699))
- Fixed not thread safe FindOverridableMethodCall detector ([#2701](https://togithub.com/spotbugs/spotbugs/issues/2701))
- Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. ([#2646](https://togithub.com/spotbugs/spotbugs/issues/2646))
- Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict ([#2686](https://togithub.com/spotbugs/spotbugs/issues/2686))
- Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits ([#2710](https://togithub.com/spotbugs/spotbugs/issues/2710))
##### Added
- New detector finding `System.getenv()` calls, where the corresponding Java property could be used (See [ENV02-J](https://wiki.sei.cmu.edu/confluence/display/java/ENV02-J.+Do+not+trust+the+values+of+environment+variables)).
##### Build
- Run build using jdk 17 and 21 without usage of toolchains so we do not defeat the purpose of building on both. ([#2722](https://togithub.com/spotbugs/spotbugs/pull/2722))
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
4.8.1
->4.8.3
Release Notes
spotbugs/spotbugs (spotbugs)
### [`v4.8.3`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#483---2023-12-12) [Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.8.2...4.8.3) ##### Fixed - Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits for checked exceptions ([#2710](https://togithub.com/spotbugs/spotbugs/issues/2710)) - Applied changes for bcel 6.8.0 with adjustments to constant pool ([#2756](https://togithub.com/spotbugs/spotbugs/pull/2756)) - More information bcel changes can be found on ([#2757](https://togithub.com/spotbugs/spotbugs/pull/2757)) - Fix FN in CT_CONSTRUCTOR_THROW when the return value of the called method is not void or primitive type. - Fix FP in CT_CONSTRUCTOR_THROW when exception throwing lambda is created, but not called in constructor ([#2695](https://togithub.com/spotbugs/spotbugs/issues/2695)) ##### Changed - Improved Matcher checks for empty strings ([#2755](https://togithub.com/spotbugs/spotbugs/pull/2755)) - Allow 'onlyAnalyze' option to specify negative matches, such that this facility can be used to prevent a subset of classes to be excluded from analysis ([#2754](https://togithub.com/spotbugs/spotbugs/pull/2754)) - Strictly require logback 1.2.13 due to CVE-2023-6481 and CVE-23-6378 ([#2760](https://togithub.com/spotbugs/spotbugs/pull/2760)) - Prefer log4j2 at 2.22.0 and logback at 1.4.14 ([#2760](https://togithub.com/spotbugs/spotbugs/pull/2760)) ### [`v4.8.2`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#482---2023-11-28) [Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.8.1...4.8.2) ##### Fixed - Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource ([#2379](https://togithub.com/spotbugs/spotbugs/issues/2379)) - Use java.nio to load filter files ([#2684](https://togithub.com/spotbugs/spotbugs/pull/2684)) - Eclipse: Do not export javax.annotation packages ([#2699](https://togithub.com/spotbugs/spotbugs/pull/2699)) - Fixed not thread safe FindOverridableMethodCall detector ([#2701](https://togithub.com/spotbugs/spotbugs/issues/2701)) - Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. ([#2646](https://togithub.com/spotbugs/spotbugs/issues/2646)) - Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict ([#2686](https://togithub.com/spotbugs/spotbugs/issues/2686)) - Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits ([#2710](https://togithub.com/spotbugs/spotbugs/issues/2710)) ##### Added - New detector finding `System.getenv()` calls, where the corresponding Java property could be used (See [ENV02-J](https://wiki.sei.cmu.edu/confluence/display/java/ENV02-J.+Do+not+trust+the+values+of+environment+variables)). ##### Build - Run build using jdk 17 and 21 without usage of toolchains so we do not defeat the purpose of building on both. ([#2722](https://togithub.com/spotbugs/spotbugs/pull/2722))Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.