search

will-molloy / java-template

template repo for Java projects using Gradle with everything setup
https://github.com/will-molloy/java-template/generate
GNU General Public License v2.0
4 stars 58 forks source link

Bump spotbugs-annotations from 4.6.0 to 4.7.2 #210

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps spotbugs-annotations from 4.6.0 to 4.7.2.

Release notes

Sourced from spotbugs-annotations's releases.

SpotBugs 4.7.2

CHANGELOG

Fixed

  • Bumped gson from 2.9.0 to 2.9.1 (#2136)
  • Bump up SLF4J API to 2.0.0
  • Bump up logback to 1.4.0
  • Bump up log4j2 binding to 2.18.0
  • Bump up Saxon-HE to 11.4 (#2160)
  • Fixed InvalidInputException in Eclipse while bug reporting (#2134) @​iloveeclipse
  • Bug SA_FIELD_SELF_ASSIGNMENT is now reported from nested classes as well (#2142) @​baloghadamsoftware
  • Avoid warning on use of security manager on Java 17 and newer. (#1579) @​raphw
  • Fixed false positives EI_EXPOSE_REP thrown in case of fields initialized by the of or copyOf method of a List, Map or Set (#1771) @​baloghadamsoftware
  • Fixed CFGBuilderException thrown when dup_x2 is used to swap the reference and wide-value (double, long) in the stack (#2146) @​KengoTODA

CHECKSUM

file checksum (sha256)
spotbugs-4.7.2-javadoc.jar a40e94961c8b99e020aacfa7012cce4e818eac6fb8effa678e20177814113248
spotbugs-4.7.2-sources.jar fca5bab29e0373944cbb07e3329ce1c0c18133885f558fb25e3bc2ebba6a7018
spotbugs-4.7.2.tgz f02a023d03b0fde70038ccb4bc8d4a964a504262d13024a97b14d9070f7d4d96
spotbugs-4.7.2.zip 3974d90eb70aad26bb647e0bbaae810c7cf927587e28ce939c2b6531414afe7d
spotbugs-annotations-4.7.2-javadoc.jar b8e9f92e17a62766f86b82442a07b0f57ff4f919796e944a6e2a5bacc76e4399
spotbugs-annotations-4.7.2-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar e2b4c654b2d7897490cf1f22a009ac677be4c92bfc493a0dedb5706f5e489839
spotbugs-ant-4.7.2-javadoc.jar 632af1c4043b35eab37318eed7ab301655553a124248b4467fb30cbd0f2f24de
spotbugs-ant-4.7.2-sources.jar ce7cfbed848ccb0e3765cec6b9c60c458699aa51f60ad9216cf89dbf38d8d793
spotbugs-ant.jar b866a2a89a03b49e60b5f27e0f5987eb8c12c2d2aefc6e9ddcbcdae345c765db
spotbugs.jar df5205f4d87ed53ff5b847c6aedc55d605966c0f8f9820d9c6be5ba517b09bcd
test-harness-4.7.2-javadoc.jar 1486f4f4be29dc24a19ad95b809b42d08f34ec9c68abfd43c5fe44d6087d8845
test-harness-4.7.2-sources.jar 7efb06093ea5f6f330a7bd76b894f396d6cb466665fcefc01a3743b07910dc29
test-harness-4.7.2.jar 50b4a72c668ea7d29bf1234b4aa380df903374216f68b0a87f7ca28d4fa225f3
test-harness-core-4.7.2-javadoc.jar f10c5bbe98b2666ea775cc5c0a9a94e99b116706d75254d079741ff410dbdd33
test-harness-core-4.7.2-sources.jar f8aab3c5cdd456d6b6d632e9fc65897e657447a2e925b6b3f61bd2d15c22cb24
test-harness-core-4.7.2.jar 7165f7f45a6e82e8a6d6a0a4033b6473b310c14f645cb62ebc2fbc6ce5338350
test-harness-jupiter-4.7.2-javadoc.jar 1bdd8c97fbef6009945e30821ba26f722d1d037c33d780f75d922e30c900ef04
test-harness-jupiter-4.7.2-sources.jar 210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.7.2.jar 18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4

SpotBugs 4.7.1

CHANGELOG

Fixed

  • Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE on try-with-resources with interface references (#1931) @​dmivankov
  • Fixed NullPointerException thrown by detector FindPotentialSecurityCheckBasedOnUntrustedSource on Kotlin files. (#2041) @​baloghadamsoftware
  • Disabled detector ThrowingExceptions by default to avoid many false positives (#2040) @​iloveeclipse
  • Fixed False positives for THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION and THROWS_METHOD_THROWS_CLAUSE_THROWABLE on evaluating synthetic classes (#2040) @​big-andy-coates
  • Fixed False positive for SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA on proper protection by using static lock for synchronized block, but inside an unsecured (synchronized and not static) method (#2089) @​gonczmisi

CHECKSUM

file checksum (sha256)

... (truncated)

Changelog

Sourced from spotbugs-annotations's changelog.

4.7.2 - 2022-09-02

Fixed

  • Bumped gson from 2.9.0 to 2.9.1 (#2136)
  • Bump up SLF4J API to 2.0.0
  • Bump up logback to 1.4.0
  • Bump up log4j2 binding to 2.18.0
  • Bump up Saxon-HE to 11.4 (#2160)
  • Fixed InvalidInputException in Eclipse while bug reporting (#2134)
  • Bug SA_FIELD_SELF_ASSIGNMENT is now reported from nested classes as well (#2142)
  • Avoid warning on use of security manager on Java 17 and newer. (#1579)
  • Fixed false positives EI_EXPOSE_REP thrown in case of fields initialized by the of or copyOf method of a List, Map or Set (#1771)
  • Fixed CFGBuilderException thrown when dup_x2 is used to swap the reference and wide-value (double, long) in the stack (#2146)

4.7.1 - 2022-06-26

Fixed

  • Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE on try-with-resources with interface references (#1931)
  • Fixed NullPointerException thrown by detector FindPotentialSecurityCheckBasedOnUntrustedSource on Kotlin files. (#2041)
  • Disabled detector ThrowingExceptions by default to avoid many false positives (#2040)
  • Fixed False positives for THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION and THROWS_METHOD_THROWS_CLAUSE_THROWABLE on evaluating synthetic classes (#2040)
  • Fixed False positive for SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA on proper protection by using static lock for synchronized block, but inside an unsecured (synchronized and not static) method (#2089)

4.7.0 - 2022-04-14

Changed

  • Updated documentation by adding parenthesis () to the negative odd check message (#1995)
  • Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024)

Fixed

  • Fixed reports to truncate existing files before writing new content (#1950)
  • Bumped Saxon-HE from 10.6 to 11.3 (#1955, #1999)
  • Fixed traversal of nested archives governed by -nested:true (#1930)
  • Warnings of deprecated System::setSecurityManager calls on Java 17 (#1983)
  • Fixed false positive SSD bug for locking on java.lang.Class objects (#1978)
  • FindReturnRef throws an IllegalArgumentException unexpectedly (#2019)
  • Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#2004)

Added

  • New detector ThrowingExceptions and introduced new bug types:
    • THROWS_METHOD_THROWS_RUNTIMEEXCEPTION is reported in case of a method throwing RuntimeException,
    • THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION is reported when a method has Exception in its throws clause and
    • THROWS_METHOD_THROWS_CLAUSE_THROWABLE is reported when a method has Throwable in its throws clause (See SEI CERT ERR07-J)
  • New rule PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS to warn for custom class loaders who do not call their superclasses' getPermissions() in their getPermissions() method. This rule based on the SEI CERT rule SEC07-J Call the superclass's getPermissions() method when writing a custom class loader. (#SEC07-J)
  • New rule USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on SEC02-J. Do not base security checks on untrusted sources. (#SEC02-J)
  • New detector DontUseFloatsAsLoopCounters to detect usage of floating-point variables as loop counters (FL_FLOATS_AS_LOOP_COUNTERS), according to SEI CERT rules NUM09-J. Do not use floating-point variables as loop counters
  • New test detector ViewCFG to visualize the control-flow graph for SpotBugs developers
Commits
  • 1f42a5b release v4.7.1
  • 9147e58 docs: update CHANGELOG for Saxon-HE
  • 7c835b6 Report bug SA_FIELD_SELF_ASSIGNMENT in nested classes as well (#2161)
  • 4c0c1b9 Do not disable the security manager on Java 17 VMs and newer as it is depreca...
  • e1ebefc build(deps): bump com.gradle.enterprise from 3.10.2 to 3.11.1
  • 4c9b635 Fix for false positives EI_EXPOSE_REP in case of unmodifiable collections (...
  • 06a1eeb build(deps): bump Saxon-HE from 11.3 to 11.4
  • 2e9d29c chore: add a comment to describe why we check depth == 1
  • a363651 fix: consider the possibility of dup_x2 and dup_x1
  • 05eb8b7 chore: apply spotless
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
codecov[bot] commented 2 years ago

Codecov Report

Merging #210 (db22fd5) into main (c30e54a) will not change coverage. The diff coverage is n/a.

@@             Coverage Diff             @@
##                main      #210   +/-   ##
===========================================
  Coverage     100.00%   100.00%           
  Complexity         2         2           
===========================================
  Files              1         1           
  Lines              2         2           
===========================================
  Hits               2         2
Flag Coverage Δ
integration-tests 100.00% <ø> (ø)
unit-tests 100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

dependabot[bot] commented 2 years ago

Superseded by #214.