search

will-molloy / java-template

template repo for Java projects using Gradle with everything setup
https://github.com/will-molloy/java-template/generate
GNU General Public License v2.0
4 stars 57 forks source link

Bump spotbugs-annotations from 4.2.3 to 4.4.2 #153

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps spotbugs-annotations from 4.2.3 to 4.4.2.

Release notes

Sourced from spotbugs-annotations's releases.

SpotBugs 4.4.2

CHANGELOG

Changed

Fixed

CHECKSUM

file checksum (sha256)
spotbugs-4.4.2-javadoc.jar ebd9595105d8ffa5b04de8cc0ec103d3bad9db0098127fa6a13628b352739cac
spotbugs-4.4.2-sources.jar a1a27e7c0bf35d53069cfb6ffe6e6c024ab00dc1c236507bebacae9a7be6ecf4
spotbugs-4.4.2.tgz 459c3b245718338c010c4e2444a5c40900e8455b1127280a7e2515e60212dea1
spotbugs-4.4.2.zip 3972c65e1d32d584e94dd45269f83a70566e8db98c0335bab1f5caf465ca98f5
spotbugs-annotations-4.4.2-javadoc.jar c75937d9ed96191dc2adad18c47c8561b53837e2546aadf207ec41d66bd7ba11
spotbugs-annotations-4.4.2-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar baccf1cae5a8569903707c5429f949934c64feb50e6dba79e33f4dab195c482d
spotbugs-ant-4.4.2-javadoc.jar b38d143ed62b41738e15607592fa63df9ce32aff31eb98dca34e567857e3b46d
spotbugs-ant-4.4.2-sources.jar c74dec42c0ed0dd1ae02a7410d8e0f0dbbee23e8e7da4a21910863677fcdbc8e
spotbugs-ant.jar b6e73b68e441c001dc42754c73b811625915ae9a759e1ed719df095b41f2979a
spotbugs.jar b6ad77661a4db83192d866e91c755fb70fc7b06332bb1efd88278461c8cb08b5
test-harness-4.4.2-javadoc.jar 6ccf92a3812913916fb93316b30ee7c460fa9e5790c285815ef4e4df30a7e999
test-harness-4.4.2-sources.jar 2c1f5ef929453f3b682c7eb7c1e22db3082b5f74c5a5be439be5dc31dd7a31aa
test-harness-4.4.2.jar 45ca0e944ee5704318d79f67815cde7ca5f7fb22814e325d00e2d25d9b552659
test-harness-core-4.4.2-javadoc.jar 458fbe233430631dccb143da2d24b357d60d6a82caf3c0275f331b917446e39e
test-harness-core-4.4.2-sources.jar f320f5eb4069e9686b760b2a6a0760989753225f9e9ce1226e3258ec64795d8a
test-harness-core-4.4.2.jar fd1a0c06a5eaff50ed0953d42fb7d69a41031c6a6630ad5e47c38a9f0eaca285
test-harness-jupiter-4.4.2-javadoc.jar e398a17ebd760f48628a774ec40a07390db3442306bc8867ce7ed4be9361cef3
test-harness-jupiter-4.4.2-sources.jar 210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.4.2.jar 18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4

SpotBugs 4.4.1

CHANGELOG

CHECKSUM

| file | checksum (sha256) |

... (truncated)

Changelog

Sourced from spotbugs-annotations's changelog.

4.4.2 - 2021-10-08

Changed

  • Add bug code to report in fancy-hist.xsl (#1688)
  • Bump Saxon-HE from 10.5 to 10.6 (#1715)

Fixed

  • Fixed immutable java.lang.Class as being flagged as EI (#1695)
  • Agree verb with plural subject in the description of SW_SWING_METHODS_INVOKED_IN_SWING_THREAD (#1664)
  • Wrong description of the SE_TRANSIENT_FIELD_OF_NONSERIALIZABLE_CLASS (#1664)
  • Fixed java.util.Locale as being flagged as EI (#1702)
  • Fixed reference to java.awt.Cursor which caused it to be flagged as EI (#1702)
  • Treat types with @com.google.errorprone.annotations.Immutable as immutable (#1705)
  • Fix annotation check for jdk.internal.ValueBased (#1706)
  • DMI_RANDOM_USED_ONLY_ONCE false positive (#1539)
  • NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR false negative (#1642)
  • Immutable java.util.regex.Pattern as being flagged as EI (#1695)
  • Resource leak in the JrtfsCodeBase (#1732)

4.4.1 - 2021-09-07

Changed

  • Bump gson from 2.8.7 to 2.8.8 (#1658)
  • Lower ExitCodes logger to debug level (#1661)
  • Fixed SARIF format to be compatible with Github code scanning API requirements (#1630)

Fixed

  • Fixed immutable classes in java.net.* as being flagged as EI (#1653
  • Classes containing only static methods with setter-like names are no longer considered as mutable (#1601)
  • Handle all immutable collections in the Guava library as immutable (#1601)
  • Classes annotated with @​Immutable or @​jdk.internal.ValueBased are considered as immutable (#1601)
  • All classes in packages java.time and java.math are now correctly handled as immutable (#1601)

4.4.0 - 2021-08-12

Fixed

  • Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE (#600 and #1338)
  • Inconsistent bug description on EQ_COMPARING_CLASS_NAMES (#1523)
  • Add a declaration of charset encoding in generated reports (#1623)
  • Fixed regression in Bug Info view for Eclipse 2021-03+ (#1477)

Added

  • New detector FindBadEndOfStreamCheck for new bug type EOS_BAD_END_OF_STREAM_CHECK. This bug is reported whenever the return value of java.io.FileInputStream.read() or java.io.FileReader.read() is first converted to byte/int and only thereafter checked against -1. (See SEI CERT rule FIO08-J)

4.3.0 - 2021-07-01

Fixed

  • MS_EXPOSE_REP and EI_EXPOSE_REP are now reported for code returning a reference to a mutable object indirectly (e.g. via a local variable)

Changed

  • Bump ObjectWeb ASM from 9.1 to 9.2 supporting JDK 18 (#1591)

... (truncated)

Commits
  • c0382dc release v4.4.2
  • 4e1db5c docs: organize entries in the CHANGELOG
  • 2b7a08d build(deps): bump mockito-core from 3.12.4 to 4.0.0
  • c0a94ce build(deps): bump com.github.spotbugs from 5.0.0-beta.1 to 5.0.0-beta.2
  • e256ea5 fix: MutableClasses: add java.util.regex.Pattern
  • b221290 fix format
  • 5b1ad9b remove try
  • 06b1378 fix resource leak due to Files.list
  • e3fc40d Fix Issue #1642
  • a6878ed build(deps): bump checker-qual from 3.18.0 to 3.18.1
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
codecov[bot] commented 2 years ago

Codecov Report

Merging #153 (d874f03) into master (6c523be) will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff             @@
##              master      #153   +/-   ##
===========================================
  Coverage     100.00%   100.00%           
  Complexity         2         2           
===========================================
  Files              1         1           
  Lines              2         2           
===========================================
  Hits               2         2
Flag Coverage Δ
unittests 100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 6c523be...d874f03. Read the comment docs.

dependabot[bot] commented 2 years ago

Superseded by #159.