Bump spotbugs-annotations from 4.2.3 to 4.5.1

[dependabot[bot]]

Bumps spotbugs-annotations from 4.2.3 to 4.5.1.

Release notes

Sourced from spotbugs-annotations's releases.

SpotBugs 4.5.1

CHANGELOG

• https://github.com/spotbugs/spotbugs/blob/4.5.1/CHANGELOG.md

CHECKSUM

file	checksum (sha256)
spotbugs-4.5.1-javadoc.jar	899cbc1214eb942e01980cd9d6a64e937598e25c9c1ef7d3af2da43bce729636
spotbugs-4.5.1-sources.jar	b52e0b2e883dcbea58268c5355f1fa4c7090c5d941a93ddf844fa09534ef66e4
spotbugs-4.5.1.tgz	e846b2e374fad74621e45e8b01c31eb9a2636d60b4cd30168944bed98dcb5a4c
spotbugs-4.5.1.zip	26dd83027cd5e5a7e6a3f4c7a4239f27a9af8de209c7e37890835fc8cf035de7
spotbugs-annotations-4.5.1-javadoc.jar	a66f6df0d2f53a88180980cbb465f558ec1614fc409b72f412949b10ec68db29
spotbugs-annotations-4.5.1-sources.jar	b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar	083cc7dcb72f1e39d1da4389753f29c91546376d05be730db812974f74e570d7
spotbugs-ant-4.5.1-javadoc.jar	90a0ab972f2f6a51c3096f1ac7d06681dda5358c0dcbdb1d5333358bf0da2093
spotbugs-ant-4.5.1-sources.jar	06f19afbb2fd63e554d1588328feea5aabe0ea4c104191986de03ba1e2f518cb
spotbugs-ant.jar	e31cbd498a93ac92d19658bf45ca3a973b63e8932efca8da1cfd530ec9e547b3
spotbugs.jar	91c014d3a53b72ba4d0920f567dd1679a5621ed74ccb3bb9e6df84a22d2ff952
test-harness-4.5.1-javadoc.jar	77d6754b87ed52889148d7cae0f3a85be4c7a2923bcda456b7d7e512cefbe2db
test-harness-4.5.1-sources.jar	2c1f5ef929453f3b682c7eb7c1e22db3082b5f74c5a5be439be5dc31dd7a31aa
test-harness-4.5.1.jar	45ca0e944ee5704318d79f67815cde7ca5f7fb22814e325d00e2d25d9b552659
test-harness-core-4.5.1-javadoc.jar	76adfa13f8fe997cd06ef35beeccb8115af89f8d3e3a8a0936fd0cffe36fe1ab
test-harness-core-4.5.1-sources.jar	f320f5eb4069e9686b760b2a6a0760989753225f9e9ce1226e3258ec64795d8a
test-harness-core-4.5.1.jar	fd1a0c06a5eaff50ed0953d42fb7d69a41031c6a6630ad5e47c38a9f0eaca285
test-harness-jupiter-4.5.1-javadoc.jar	c0bbd1ce2724acc7a5037b21ebe47f3a18ddb70be7cac9cc494009a9d5e71c9e
test-harness-jupiter-4.5.1-sources.jar	210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.5.1.jar	18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4

SpotBugs 4.5.0

CHANGELOG

Changed

• Replace "分析" with "解析" in Japanese document (#1573) @​KengoTODA
• Add a section to document how to integrate find-sec-bugs into spotbugs-maven-plugin (#540) @​luana-martins
• Bump gson from 2.8.8 to 2.8.9 (#1784)
• Changes related to dominators analysis in package edu.umd.cs.findbugs.classfile.engine.bcel (#1741): @​gamesh411
  • DominatorsAnalysisFactory renamed to NonExceptionDominatorsAnalysisFactory (clarification)
  • NonExceptionPostdominatorsAnalysisFactory renamed to NonExceptionPostDominatorsAnalysisFactory (spelling)
  • NonImplicitExceptionDominatorsAnalysis introduced (API consistency)

Added

• Rule DCN_NULLPOINTER_EXCEPTION covers catching NullPointerExceptions in accordance with SEI Cert rule ERR08-J (#1740) @​gamesh411
• Multiple types of report can be generated in batch. Set multiple commandline options for report configuration like -html=report/spotbugs.html -xml:withMessages=report/spotbugs.xml. @​KengoTODA
• New rule REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS to detect public methods instantiating a class they get in their parameter. This rule based on the SEI CERT rule SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields. (#SEC05-J) @​baloghadamsoftware
• New detector FindOverridableMethodCall to detect invocation of overridable method in constructors (MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR) and clone() method (MC_OVERRIDABLE_METHOD_CALL_IN_CLONE), according to SEI CERT rules MET05-J. Ensure that constructors do not call overridable methods and MET06-J. Do not invoke overridable methods in clone(). @​baloghadamsoftware
• Translation of online manual to Brazilian Portuguese (PT-BR). @​luana-martins

Fixed

• False negative about the rule ES_COMPARING_STRINGS_WITH_EQ (#1764) @​KengoTODA
• False negative about the rule IM_MULTIPLYING_RESULT_OF_IREM (#1498)(spotbugs/spotbugs#1498) @​ecxia

... (truncated)

Changelog

Sourced from spotbugs-annotations's changelog.

4.5.1 - 2021-12-08

Fixed

• Ant task does not produce XML anymore (#1827)
• Do not emit false positives of MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR and MC_OVERRIDABLE_METHOD_CALL_IN_CLONE for final classes (#1812).
• Reports cannot be created on Windows platform (#1842)

4.5.0 - 2021-11-05

Changed

• Replace "分析" with "解析" in Japanese document (#1573)
• Add a section to document how to integrate find-sec-bugs into spotbugs-maven-plugin (#540)
• Bump gson from 2.8.8 to 2.8.9 (#1784)
• Changes related to dominators analysis in package edu.umd.cs.findbugs.classfile.engine.bcel (#1741):
  • DominatorsAnalysisFactory renamed to NonExceptionDominatorsAnalysisFactory (clarification)
  • NonExceptionPostdominatorsAnalysisFactory renamed to NonExceptionPostDominatorsAnalysisFactory (spelling)
  • NonImplicitExceptionDominatorsAnalysis introduced (API consistency)

Added

• Rule DCN_NULLPOINTER_EXCEPTION covers catching NullPointerExceptions in accordance with SEI Cert rule ERR08-J (#1740)
• Multiple types of report can be generated in batch. Set multiple commandline options for report configuration like -html=report/spotbugs.html -xml:withMessages=report/spotbugs.xml.
• New rule REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS to detect public methods instantiating a class they get in their parameter. This rule based on the SEI CERT rule SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields. (#SEC05-J)
• New detector FindOverridableMethodCall to detect invocation of overridable method in constructors (MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR) and clone() method (MC_OVERRIDABLE_METHOD_CALL_IN_CLONE), according to SEI CERT rules MET05-J. Ensure that constructors do not call overridable methods and MET06-J. Do not invoke overridable methods in clone().
• Translation of online manual to Brazilian Portuguese (PT-BR).

Fixed

• False negative about the rule ES_COMPARING_STRINGS_WITH_EQ (#1764)
• False negative about the rule IM_MULTIPLYING_RESULT_OF_IREM (#1498)(spotbugs/spotbugs#1498)

Deprecated

• -output commandline option is deprecated. Use commandline options for report configuration like -xml=spotbugs.xml instead.

4.4.2 - 2021-10-08

Changed

• Add bug code to report in fancy-hist.xsl (#1688)
• Bump Saxon-HE from 10.5 to 10.6 (#1715)

Fixed

• Fixed immutable java.lang.Class as being flagged as EI (#1695)
• Agree verb with plural subject in the description of SW_SWING_METHODS_INVOKED_IN_SWING_THREAD (#1664)
• Wrong description of the SE_TRANSIENT_FIELD_OF_NONSERIALIZABLE_CLASS (#1664)
• Fixed java.util.Locale as being flagged as EI (#1702)
• Fixed reference to java.awt.Cursor which caused it to be flagged as EI (#1702)
• Treat types with @com.google.errorprone.annotations.Immutable as immutable (#1705)
• Fix annotation check for jdk.internal.ValueBased (#1706)
• DMI_RANDOM_USED_ONLY_ONCE false positive (#1539)
• NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR false negative (#1642)
• Immutable java.util.regex.Pattern as being flagged as EI (#1695)
• Resource leak in the JrtfsCodeBase (#1732)

4.4.1 - 2021-09-07

... (truncated)

Commits

• 77c98d0 release v4.5.1
• d9dbb63 build: bump up Gradle to the latest release
• cf92eba docs: update docs to support the new major release of Gradle plugin
• 03e5bd7 fix MC_OVERRIDABLE_METHOD_CALL false positive for final class (#1813)
• daf74d0 build(deps): bump checker-qual from 3.19.0 to 3.20.0
• ff31e03 HTML report is not generated on the Windows platform (#1842)
• d9df81c build(deps): bump org.ajoberstar.grgit from 4.1.0 to 4.1.1
• 95ffc0d build(deps): bump junit-bom from 5.8.1 to 5.8.2
• 45d9069 build(deps): bump com.gradle.enterprise from 3.3.1 to 3.7.2
• 7d3d2d7 build(deps): bump com.github.spotbugs from 5.0.0-beta.8 to 5.0.0-rc.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov[bot]]

Codecov Report

Merging #165 (b96eed3) into master (6c523be) will not change coverage. The diff coverage is n/a.

@@             Coverage Diff             @@
##              master      #165   +/-   ##
===========================================
  Coverage     100.00%   100.00%           
  Complexity         2         2           
===========================================
  Files              1         1           
  Lines              2         2           
===========================================
  Hits               2         2           

Flag	Coverage Δ
unittests	100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 6c523be...b96eed3. Read the comment docs.

[dependabot[bot]]

Superseded by #166.