search

will-molloy / java-template

template repo for Java projects using Gradle with everything setup
https://github.com/will-molloy/java-template/generate
GNU General Public License v2.0
4 stars 57 forks source link

Update all dependencies #235

Closed renovate[bot] closed 11 months ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
actions/checkout action major v3 -> v4 age adoption passing confidence
paulhatch/semantic-version action minor v5.0.2 -> v5.3.0 age adoption passing confidence
org.mockito:mockito-junit-jupiter dependencies minor 5.3.1 -> 5.6.0 age adoption passing confidence
org.mockito:mockito-core dependencies minor 5.3.1 -> 5.6.0 age adoption passing confidence
com.google.truth.extensions:truth-java8-extension dependencies patch 1.1.4 -> 1.1.5 age adoption passing confidence
com.google.truth:truth dependencies patch 1.1.4 -> 1.1.5 age adoption passing confidence
org.junit.jupiter:junit-jupiter (source) dependencies minor 5.9.3 -> 5.10.0 age adoption passing confidence
com.github.spotbugs:spotbugs-annotations (source) dependencies minor 4.7.3 -> 4.8.0 age adoption passing confidence
com.google.guava:guava dependencies minor 32.0.1-jre -> 32.1.3-jre age adoption passing confidence

Release Notes

actions/checkout (actions/checkout) ### [`v4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v400) [Compare Source](https://togithub.com/actions/checkout/compare/v3...v4) - [Support fetching without the --progress option](https://togithub.com/actions/checkout/pull/1067) - [Update to node20](https://togithub.com/actions/checkout/pull/1436)
paulhatch/semantic-version (paulhatch/semantic-version) ### [`v5.3.0`](https://togithub.com/PaulHatch/semantic-version/releases/tag/v5.3.0) [Compare Source](https://togithub.com/paulhatch/semantic-version/compare/v5.2.1...v5.3.0) This version [finally introduces a new branch-based versioning mode](https://togithub.com/PaulHatch/semantic-version/issues/76), `version_from_branch`, to support on-going releases. If enabled, the major and optionally minor version will always be taken from the branch, and only tags which match will be considered candidates. By default, any branch name format is allowed and will be used as the version so long as it ends with a major or major.minor version, e.g. `release/v1` or `release/1.2` or `v1`. This is an advanced feature and should really only be needed if you maintaining ongoing updates for previous versions. Additional documentation and an expanded user guide coming soon. With this release `use_branches` is deprecated and will be removed in v6. Additionally, this release fixes [a bug](https://togithub.com/PaulHatch/semantic-version/issues/122) where prerelease mode was not working when bump each commit was enabled. ### [`v5.2.1`](https://togithub.com/PaulHatch/semantic-version/releases/tag/v5.2.1) [Compare Source](https://togithub.com/paulhatch/semantic-version/compare/v5.2.0...v5.2.1) Fix for diagnostic mode, build output was not included in action output. ### [`v5.2.0`](https://togithub.com/PaulHatch/semantic-version/releases/tag/v5.2.0) [Compare Source](https://togithub.com/paulhatch/semantic-version/compare/v5.1.0...v5.2.0) This release adds a "debug" mode to allow collection and replay of operations to aid troubleshooting when the source repository is unavailable. ### [`v5.1.0`](https://togithub.com/PaulHatch/semantic-version/releases/tag/v5.1.0) [Compare Source](https://togithub.com/paulhatch/semantic-version/compare/v5.0.3...v5.1.0) #### New Features - ([#​69](https://togithub.com/paulhatch/semantic-version/issues/69)) Added a patch pattern for "bump each commit". If `bump_each_commit_patch_pattern` is set AND bump each commit mode is enabled, the patch version will only increment if the commit matches the specified patch pattern. Note that regex is supported using the JavaScript-like `/pattern/` syntax. Flags are also supported using `/pattern/I` but there is no dedicated "flags" input. (This is the preferred method and the existing flags inputs for major and minor may be deprecated in a future release.) - ([#​88](https://togithub.com/paulhatch/semantic-version/issues/88)) Added "prerelease mode" for repos which are still on 0.x.x version. If enabled this will treat "major" changes as "minor", preventing the `1.0.0` version from being automatically set. (It must be set manually) This is intended to help manage versioning for projects with a long pre-release timeline so that developers don't need to worry about the overall state of the project and can still indicate whether a particular commit is breaking or not. - ([#​94](https://togithub.com/paulhatch/semantic-version/issues/94)) An output, `is_tagged`, indicates whether this commit was itself directly tagged. (Thanks [@​Kantis](https://togithub.com/Kantis)) - ([#​92](https://togithub.com/paulhatch/semantic-version/issues/92)) Added outputs to provide information about the commit of the previous version. **Full Changelog**: https://github.com/PaulHatch/semantic-version/compare/v5.0.3...v5.1.0 ### [`v5.0.3`](https://togithub.com/PaulHatch/semantic-version/releases/tag/v5.0.3): Fix for Prerelease Tagged Commits [Compare Source](https://togithub.com/paulhatch/semantic-version/compare/v5.0.2...v5.0.3) Previously pre-release tags were detected as the "current tag", as the previously added tag validation was only apply to the tags from previous commits. This update adds this validation to the current commit.
mockito/mockito (org.mockito:mockito-junit-jupiter) ### [`v5.6.0`](https://togithub.com/mockito/mockito/releases/tag/v5.6.0) *Changelog generated by [Shipkit Changelog Gradle Plugin](https://togithub.com/shipkit/shipkit-changelog)* ##### 5.6.0 - 2023-10-06 - [22 commit(s)](https://togithub.com/mockito/mockito/compare/v5.5.0...v5.6.0) by Andreas Turban, Stefan M, StevenCurran, Yevhen Lazhyntsev, dependabot\[bot] - Use spdx identifier for license name [(#​3134)](https://togithub.com/mockito/mockito/pull/3134) - Fixes [#​1382](https://togithub.com/mockito/mockito/issues/1382) Jupiter Captor annotation support [(#​3133)](https://togithub.com/mockito/mockito/pull/3133) - Bump com.gradle.enterprise from 3.15 to 3.15.1 [(#​3132)](https://togithub.com/mockito/mockito/pull/3132) - Bump com.google.googlejavaformat:google-java-format from 1.18.0 to 1.18.1 [(#​3131)](https://togithub.com/mockito/mockito/pull/3131) - Make MockUtil.getMockMaker() public Mockito API [(#​3129)](https://togithub.com/mockito/mockito/pull/3129) - Make MockUtil.getMockMaker() public or public Mockito API [(#​3128)](https://togithub.com/mockito/mockito/issues/3128) - Bump com.google.googlejavaformat:google-java-format from 1.17.0 to 1.18.0 [(#​3126)](https://togithub.com/mockito/mockito/pull/3126) - Bump com.diffplug.spotless from 6.21.0 to 6.22.0 [(#​3125)](https://togithub.com/mockito/mockito/pull/3125) - Bump versions.errorprone from 2.21.1 to 2.22.0 [(#​3122)](https://togithub.com/mockito/mockito/pull/3122) - Bump versions.bytebuddy from 1.14.7 to 1.14.8 [(#​3117)](https://togithub.com/mockito/mockito/pull/3117) - Bump com.gradle.enterprise from 3.14.1 to 3.15 [(#​3115)](https://togithub.com/mockito/mockito/pull/3115) - Bump org.eclipse.platform:org.eclipse.osgi from 3.18.400 to 3.18.500 [(#​3113)](https://togithub.com/mockito/mockito/pull/3113) - Bump com.github.ben-manes.versions from 0.47.0 to 0.48.0 [(#​3110)](https://togithub.com/mockito/mockito/pull/3110) - Bump actions/checkout from 3 to 4 [(#​3108)](https://togithub.com/mockito/mockito/pull/3108) - Bump com.diffplug.spotless from 6.20.0 to 6.21.0 [(#​3106)](https://togithub.com/mockito/mockito/pull/3106) - Bump versions.bytebuddy from 1.14.6 to 1.14.7 [(#​3105)](https://togithub.com/mockito/mockito/pull/3105) - Update Javadoc for ArgumentCaptor [(#​3103)](https://togithub.com/mockito/mockito/pull/3103) - Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.0 to 1.9.10 [(#​3102)](https://togithub.com/mockito/mockito/pull/3102) - Bump org.jetbrains.kotlin:kotlin-stdlib from 1.9.0 to 1.9.10 [(#​3101)](https://togithub.com/mockito/mockito/pull/3101) - Bump org.codehaus.groovy:groovy from 3.0.18 to 3.0.19 [(#​3100)](https://togithub.com/mockito/mockito/pull/3100) - Resolve more Gradle Tasks lazily [(#​3099)](https://togithub.com/mockito/mockito/pull/3099) - Added JavaFlightRecorder options for Tests [(#​3098)](https://togithub.com/mockito/mockito/pull/3098) - Default mock of Optional.isEmpty() returns true for RETURN_DEEP_STUBS [(#​3097)](https://togithub.com/mockito/mockito/pull/3097) - Default mock of `Optional` is not `empty` when using `RETURN_DEEP_STUBS` [(#​2865)](https://togithub.com/mockito/mockito/issues/2865) - Support [@​Captor](https://togithub.com/Captor) injection in JUnit 5 method parameters [(#​1382)](https://togithub.com/mockito/mockito/issues/1382) ### [`v5.5.0`](https://togithub.com/mockito/mockito/releases/tag/v5.5.0) *Changelog generated by [Shipkit Changelog Gradle Plugin](https://togithub.com/shipkit/shipkit-changelog)* ##### 5.5.0 - 2023-08-22 - [25 commit(s)](https://togithub.com/mockito/mockito/compare/v5.4.0...v5.5.0) by Andreas Turban, Chris Egerton, Róbert Papp, Thach Le, dependabot\[bot] - Bump org.gradle.toolchains.foojay-resolver-convention from 0.6.0 to 0.7.0 [(#​3096)](https://togithub.com/mockito/mockito/pull/3096) - Excessive locking in TypeCachingBytecodeGenerator#BOOTSTRAP_LOCK [(#​3095)](https://togithub.com/mockito/mockito/pull/3095) - Bump versions.bytebuddy from 1.14.5 to 1.14.6 [(#​3094)](https://togithub.com/mockito/mockito/pull/3094) - Fixes 3087 : Add note on backporting to README [(#​3090)](https://togithub.com/mockito/mockito/pull/3090) - Backporting policy [(#​3087)](https://togithub.com/mockito/mockito/issues/3087) - Bump versions.errorprone from 2.21.0 to 2.21.1 [(#​3083)](https://togithub.com/mockito/mockito/pull/3083) - Fixes [#​3077](https://togithub.com/mockito/mockito/issues/3077) : Report unused stubbing exceptions when test filter is no-op [(#​3078)](https://togithub.com/mockito/mockito/pull/3078) - Unused stubbings are not reported when filters are used [(#​3077)](https://togithub.com/mockito/mockito/issues/3077) - Bump versions.errorprone from 2.20.0 to 2.21.0 [(#​3076)](https://togithub.com/mockito/mockito/pull/3076) - Bump com.gradle.enterprise from 3.14 to 3.14.1 [(#​3074)](https://togithub.com/mockito/mockito/pull/3074) - Bump org.opentest4j:opentest4j from 1.2.0 to 1.3.0 [(#​3072)](https://togithub.com/mockito/mockito/pull/3072) - Bump versions.junitJupiter from 5.9.3 to 5.10.0 [(#​3071)](https://togithub.com/mockito/mockito/pull/3071) - Bump org.junit.platform:junit-platform-launcher from 1.9.3 to 1.10.0 [(#​3070)](https://togithub.com/mockito/mockito/pull/3070) - Bump gradle/wrapper-validation-action from 1.0.6 to 1.1.0 [(#​3069)](https://togithub.com/mockito/mockito/pull/3069) - Gradle 8.3 compatibility: buildDir -> layout.buildDirectory [(#​3068)](https://togithub.com/mockito/mockito/pull/3068) - Bump com.gradle.enterprise from 3.13.4 to 3.14 [(#​3067)](https://togithub.com/mockito/mockito/pull/3067) - Bump com.diffplug.spotless from 6.19.0 to 6.20.0 [(#​3066)](https://togithub.com/mockito/mockito/pull/3066) - Toolchain for Test task [(#​3064)](https://togithub.com/mockito/mockito/pull/3064) - Gradle build script improvements [(#​3062)](https://togithub.com/mockito/mockito/pull/3062) - Fixes [#​3046](https://togithub.com/mockito/mockito/issues/3046) [(#​3060)](https://togithub.com/mockito/mockito/pull/3060) - Fix Gradle 8.2 deprecation of Conventions in nexus plugin. [(#​3056)](https://togithub.com/mockito/mockito/pull/3056) - Bump kotlinVersion from 1.8.22 to 1.9.0 [(#​3055)](https://togithub.com/mockito/mockito/pull/3055) - Bump ru.vyarus.animalsniffer from 1.7.0 to 1.7.1 [(#​3054)](https://togithub.com/mockito/mockito/pull/3054) - Gradle 8.2: work around fix for release publishing [(#​3053)](https://togithub.com/mockito/mockito/pull/3053) - Rewire Jacoco for Gradle 8/9 [(#​3052)](https://togithub.com/mockito/mockito/pull/3052) - Gradle 7.6 to 8.2 (conventions to extensions migration, mostly) [(#​3051)](https://togithub.com/mockito/mockito/pull/3051) - Bump org.codehaus.groovy:groovy from 3.0.17 to 3.0.18 [(#​3049)](https://togithub.com/mockito/mockito/pull/3049) - Mockito#reset Condescending Documentation [(#​3046)](https://togithub.com/mockito/mockito/issues/3046) - Excessive locking in TypeCachingBytecodeGenerator#BOOTSTRAP_LOCK [(#​3035)](https://togithub.com/mockito/mockito/issues/3035) ### [`v5.4.0`](https://togithub.com/mockito/mockito/releases/tag/v5.4.0) *Changelog generated by [Shipkit Changelog Gradle Plugin](https://togithub.com/shipkit/shipkit-changelog)* ##### 5.4.0 - 2023-06-18 - [22 commit(s)](https://togithub.com/mockito/mockito/compare/v5.3.1...v5.4.0) by Alexander von Trostorff, Andriy Redko, Benoit Maggi, Chris Povirk, DerFrZocker, Nicolas Ot, Tim van der Lippe, dependabot\[bot], ellaella12 - Bump versions.errorprone from 2.19.1 to 2.20.0 [(#​3041)](https://togithub.com/mockito/mockito/pull/3041) - Bump org.eclipse.platform:org.eclipse.osgi from 3.18.300 to 3.18.400 [(#​3038)](https://togithub.com/mockito/mockito/pull/3038) - Bump com.google.auto.service:auto-service from 1.1.0 to 1.1.1 [(#​3036)](https://togithub.com/mockito/mockito/pull/3036) - Bump com.github.ben-manes.versions from 0.46.0 to 0.47.0 [(#​3034)](https://togithub.com/mockito/mockito/pull/3034) - Bump kotlinVersion from 1.8.21 to 1.8.22 [(#​3033)](https://togithub.com/mockito/mockito/pull/3033) - Documentation about MockMakers slightly outdated in some places. Fixes [#​3031](https://togithub.com/mockito/mockito/issues/3031) [(#​3032)](https://togithub.com/mockito/mockito/pull/3032) - Documentation about MockMakers slightly outdated in some places [(#​3031)](https://togithub.com/mockito/mockito/issues/3031) - Bump versions.bytebuddy from 1.14.4 to 1.14.5 [(#​3025)](https://togithub.com/mockito/mockito/pull/3025) - Edit DoAnswerStyleStubbing.isSet() to return true if there are answers [(#​3020)](https://togithub.com/mockito/mockito/pull/3020) - Bump com.diffplug.spotless from 6.18.0 to 6.19.0 [(#​3018)](https://togithub.com/mockito/mockito/pull/3018) - Bump com.google.auto.service:auto-service from 1.0.1 to 1.1.0 [(#​3017)](https://togithub.com/mockito/mockito/pull/3017) - Bump versions.errorprone from 2.18.0 to 2.19.1 [(#​3009)](https://togithub.com/mockito/mockito/pull/3009) - Fix `@Mock(serializable = true)` for parameterized types. [(#​3007)](https://togithub.com/mockito/mockito/pull/3007) - Add varargs changes to `ArgumentMatchers#any()` JavaDoc [(#​3003)](https://togithub.com/mockito/mockito/pull/3003) - Mockito 5 any() does not match a vararg int\[] argument anymore. I need to use any(int\[].class) to get the ArgumentMatcher to work [(#​2998)](https://togithub.com/mockito/mockito/issues/2998) - Bump com.google.googlejavaformat:google-java-format from 1.16.0 to 1.17.0 [(#​2996)](https://togithub.com/mockito/mockito/pull/2996) - Remove redundant double "now" in JavaDocs for mock without class [(#​2994)](https://togithub.com/mockito/mockito/pull/2994) - Bump org.junit.platform:junit-platform-launcher from 1.9.2 to 1.9.3 [(#​2993)](https://togithub.com/mockito/mockito/pull/2993) - Bump versions.junitJupiter from 5.9.2 to 5.9.3 [(#​2992)](https://togithub.com/mockito/mockito/pull/2992) - Provide a variant of assertArg that works well with checked exceptions [(#​2991)](https://togithub.com/mockito/mockito/pull/2991) - Bump kotlinVersion from 1.8.10 to 1.8.21 [(#​2990)](https://togithub.com/mockito/mockito/pull/2990) - Fix [#​2915](https://togithub.com/mockito/mockito/issues/2915) Forbid spy on mocked interface [(#​2989)](https://togithub.com/mockito/mockito/pull/2989) - Bump net.ltgt.gradle:gradle-errorprone-plugin from 3.0.1 to 3.1.0 [(#​2987)](https://togithub.com/mockito/mockito/pull/2987) - `@Mock(serializable = true)` no longer works with parameterized types [(#​2979)](https://togithub.com/mockito/mockito/issues/2979) - Bug with [@​InjectMocks](https://togithub.com/InjectMocks) in 5.3.0 [(#​2978)](https://togithub.com/mockito/mockito/issues/2978) - Function name is incorrect. [(#​2955)](https://togithub.com/mockito/mockito/issues/2955) - Verify on Spy Interface incorrect count of actual invocation [(#​2915)](https://togithub.com/mockito/mockito/issues/2915) - Only run injection once [(#​2603)](https://togithub.com/mockito/mockito/pull/2603) - mockito-core MockitoAnnotations::openMocks initializes class twice if said class has super class [(#​2602)](https://togithub.com/mockito/mockito/issues/2602)
google/truth (com.google.truth.extensions:truth-java8-extension) ### [`v1.1.5`](https://togithub.com/google/truth/releases/tag/v1.1.5): 1.1.5 - Updated Truth to depend on [Guava 32.0.1](https://togithub.com/google/guava/releases/tag/v32.0.1). The previous Guava version, 32.0.0, contained a bug under Windows, which did not affect Truth's functionality but [could cause problems](https://togithub.com/google/truth/issues/1137) for people who use Guava's I/O functionality in their codebase. Affected users can already manually update their Guava dependency to 32.0.1, but if they don't depend directly on Guava, they may find it easier to upgrade to this new Truth release instead. - Fixed `IterableOfProtosSubject` to produce a proper failure message instead of NPE when the actual value is `null`.
spotbugs/spotbugs (com.github.spotbugs:spotbugs-annotations) ### [`v4.8.0`](https://togithub.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#480---2023-10-11) [Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.7.3...4.8.0) ##### Changed - Bump up Apache Commons BCEL to the version 6.6.1 ([#​2223](https://togithub.com/spotbugs/spotbugs/pull/2223)) - Bump up slf4j-api to 2.0.3 ([#​2220](https://togithub.com/spotbugs/spotbugs/pull/2220)) - Bump up gson to 2.10 ([#​2235](https://togithub.com/spotbugs/spotbugs/pull/2235)) - Allowed for large command line through writing arguments to file (UnionResults/UnionBugs2) - Use com.github.stephenc.jcip for jcip-annotations fixing [#​887](https://togithub.com/spotbugs/spotbugs/issues/887) ##### Fixed - Fixed missing classes not in report if using IErrorLogger.reportMissingClass(ClassDescriptor) ([#​219](https://togithub.com/spotbugs/spotbugs/issues/219)) - Stop exposing junit-bom to consumers ([#​2255](https://togithub.com/spotbugs/spotbugs/pull/2255)) - Fixed AbstractBugReporter emits wrong non-sensical debug output during filtering ([#​184](https://togithub.com/spotbugs/spotbugs/issues/184)) - Added support for jakarta namespace ([#​2289](https://togithub.com/spotbugs/spotbugs/pull/2289)) - Report a low priority bug for an unread field in reflective classes ([#​2325](https://togithub.com/spotbugs/spotbugs/issues/2325)) - Fixed "Unhandled event loop exception" opening Bug Filter Configuration dialog in Eclipse ([#​2327](https://togithub.com/spotbugs/spotbugs/issues/2327)) - Fixed detector `RandomOnceSubDetector` to not report when `doubles`, `ints`, or `longs` are called on a new `Random` or `SecureRandom` ([#​2370](https://togithub.com/spotbugs/spotbugs/issues/2325)) - Fixed detector `TestASM` throwing error during analysis, because it doesn't note that it reports bugs. - Eclipse annotation classpath initializer is hard-coded to jsr305 version 3.0.1, fix to 3.0.2 per [#​2470](https://togithub.com/spotbugs/spotbugs/issues/2470) - Fixed annotation on generic or array incorrectly considered for the nullability of a method parameter or return type ([#​2502](https://togithub.com/spotbugs/spotbugs/issues/2502)) - Added support for CONSTANT_Dynamic in constant class pool ([#​2506](https://togithub.com/spotbugs/spotbugs/issues/2506)) - Recognise enums and records as immutable ([#​2356](https://togithub.com/spotbugs/spotbugs/issues/2356)) - Added detections of reliance on default encoding in java.nio.file.Files ([#​2114](https://togithub.com/spotbugs/spotbugs/issues/2114)) - Fixed a regression in the Value Number Analysis ([#​2465](https://togithub.com/spotbugs/spotbugs/issues/2465)) - Fix XML Output incorrectly escaped in Eclipse Bug Info view ([#​2520](https://togithub.com/spotbugs/spotbugs/pull/2520)) - Updated the MS_EXPOSE_REP description to mention mutable objects, not just arrays ([#​1669](https://togithub.com/spotbugs/spotbugs/issues/1669)) - Described Configuration option frc.suspicious for bug RC_REF_COMPARISON in bug description ([#​2297](https://togithub.com/spotbugs/spotbugs/issues/2297)) - Fixed FindHEMismatch not reporting HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS for some classes ([#​2402](https://togithub.com/spotbugs/spotbugs/issues/2402)) - Added execute file permission to files in the distribution zip ([#​2540](https://togithub.com/spotbugs/spotbugs/issues/2540)) - Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito.verify() call check ([#​872](https://togithub.com/spotbugs/spotbugs/issues/872)) - Do not report SIC_INNER_SHOULD_BE_STATIC for classes annotated with JUnit Nested ([#​560](https://togithub.com/spotbugs/spotbugs/issues/560)) - Detect created, but not-thrown exceptions, which are created by not the constructor ([#​2547](https://togithub.com/spotbugs/spotbugs/issues/2547)) - Fixed eclipse plugin Effort.values pass to effortViewer as required cast to varargs ([#​2579](https://togithub.com/spotbugs/spotbugs/pull/2579)) ##### Added - New simple name-based AnnotationMatcher for exclude files (now bug annotations store the class java annotations in an attribute called `classAnnotationNames`). For example, use like in an excludeFilter.xml to ignore classes generated by the Immutable framework. This ignores all class, method or field bugs in classes with that annotation. - Added the Common Weakness Enumeration (CWE) taxonomy to the Static Analysis Results Interchange Format (SARIF) report. The short and long description for the CWEs are retrived from a JSON file which is a slimmed down version of the official comprehensive CWE XML from MITRE. The JSON contains information about all CWEs. ([#​2410](https://togithub.com/spotbugs/spotbugs/pull/2410)). - New detector `FindAssertionsWithSideEffects` detecting bug `ASSERTION_WITH_SIDE_EFFECT` and `ASSERTION_WITH_SIDE_EFFECT_METHOD` in case of assertions which may have side effects (See [EXP06-J. Expressions used in assertions must not produce side effects](https://wiki.sei.cmu.edu/confluence/display/java/EXP06-J.+Expressions+used+in+assertions+must+not+produce+side+effects)) - New rule set `PA_PUBLIC_PRIMITIVE_ATTRIBUTE`, `PA_PUBLIC_ARRAY_ATTRIBUTE` and `PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE` to warn for public attributes which are written by the methods of the class. This rule is loosely based on the SEI CERT rule *OBJ01-J Limit accessibility of fields*. ([#OBJ01-J](https://wiki.sei.cmu.edu/confluence/display/java/OBJ01-J.+Limit+accessibility+of+fields)) - Extend `SerializableIdiom` detector with new bug type: `SE_PREVENT_EXT_OBJ_OVERWRITE`. It's reported in case of the `readExternal()` method allows any caller to reset any value of an object - New Detector `FindVulnerableSecurityCheckMethods` for new bug type `VSC_VULNERABLE_SECURITY_CHECK_METHODS`. This bug is reported whenever a non-final and non-private method of a non-final class performs a security check using the `java.lang.SecurityManager`. (See \[SEI CERT MET03-J] (https://wiki.sei.cmu.edu/confluence/display/java/MET03-J.+Methods+that+perform+a+security+check+must+be+declared+private+or+final)) - New function added to detector `SynchronizationOnSharedBuiltinConstant`to detect `DL_SYNCHRONIZATION_ON_INTERNED_STRING` ([#​2266](https://togithub.com/spotbugs/spotbugs/pull/2266)) - Make TypeQualifierResolver recognize org.apache.avro.reflect.Nullable ([#​2066](https://togithub.com/spotbugs/spotbugs/pull/2066)) - New detector `FindArgumentAssertions` detecting bug `ASSERTION_OF_ARGUMENTS` in case of validation of arguments of public functions using assertions (See [MET01-J. Never use assertions to validate method arguments](https://wiki.sei.cmu.edu/confluence/display/java/MET01-J.+Never+use+assertions+to+validate+method+arguments)) - Add new detector `CT_CONSTRUCTOR_THROW` for detecting constructors that throw exceptions. - New detector `DontReusePublicIdentifiers` for new bug type `PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS`. This bug is reported whenever a new class, interface, field, method or variable is created reusing an identifier from the *Java Standard Library* . (See [SEI CERT rule DCL01-J](https://wiki.sei.cmu.edu/confluence/display/java/DCL01-J.+Do+not+reuse+public+identifiers+from+the+Java+Standard+Library)) ##### Security - Disable access to external entities when processing XML ([#​2217](https://togithub.com/spotbugs/spotbugs/pull/2217)) ##### Build - Bump Eclipse from 4.6.3 to 4.14 ([#​2314](https://togithub.com/spotbugs/spotbugs/pull/2314)) - Use jakarta annotation 1.3.5 instead of legacy javax annotation 1.3.2 ([#​2315](https://togithub.com/spotbugs/spotbugs/pull/2315)) - Change hamcrest-all to hamcrest-core as that is what was actually used and then update to 2.2 ([#​2316](https://togithub.com/spotbugs/spotbugs/pull/2316)) - Only run release action on 'spotbugs' and use Eclipse 4.14 ([#​2317](https://togithub.com/spotbugs/spotbugs/pull/2317)) - Prefer log4j2 2.20.0 ([#​2480](https://togithub.com/spotbugs/spotbugs/pull/2480)) - Prefer logback 1.4.8 ([#​2480](https://togithub.com/spotbugs/spotbugs/pull/2480)) - Prefer logback 1.4.11 ([#​2580](https://togithub.com/spotbugs/spotbugs/pull/2580)) - Switch junit 4 for junit 5 vintage engine ([#​2483](https://togithub.com/spotbugs/spotbugs/pull/2483)) - LineEndings and Spotless ([#​2343](https://togithub.com/spotbugs/spotbugs/pull/2343)) - Cleanup gitattributes switching text to auto. For developers using windows, run 'git add . --renormalize' and see https://docs.github.com/en/get-started/getting-started-with-git/configuring-git-to-handle-line-endings if needed. - Rework spotless setup from plugin to build file plugin matching that of gradle plugin and thus allowing spotless to be updated to 6.22.0 - Remove customized line endings for spotless so it uses git attributes as suggested by spotless - Add trimTrailingWhitespace for spotless - Fix deprecated usage of eclipse version from 4.13.0 to 4.13 per spotless requirements - Bump spotbugs gradle plugin to 6.0.0-beta.3 demonstrating breaking changes for 6.0.0 in gradle/java.gradle build file ([#​2582](https://togithub.com/spotbugs/spotbugs/pull/2582)) - Delete checked in j2ee jar and instead use servlet/ejb apis from jakarta (javax standard) ([#​2585](https://togithub.com/spotbugs/spotbugs/pull/2585)) - Bump Eclipse from 4.14 to 4.29 (latest) ([#​2589](https://togithub.com/spotbugs/spotbugs/pull/2589)) - Cleanup hamcrest imports / used library ([#​2600](https://togithub.com/spotbugs/spotbugs/pull/2600)) - Migrate entirely to junit 5 ([#​2605](https://togithub.com/spotbugs/spotbugs/pull/2605)) - Some parts of codebase were junit 3 - Delete the SpotbugsRule - Replace custom java determination on build with Junit 5 usage - Various 'public' methods in tests fixed to 'private' - Junit 5 styling applied throughout - Add missing code to the SpotBugsRunner and now use the Extension as replacement of SpotbugsRule

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

This PR has been generated by Mend Renovate. View repository job log here.

codecov[bot] commented 1 year ago

Codecov Report

Merging #235 (44c62fb) into main (fd02271) will not change coverage. The diff coverage is n/a.

@@             Coverage Diff             @@
##                main      #235   +/-   ##
===========================================
  Coverage     100.00%   100.00%           
  Complexity         2         2           
===========================================
  Files              1         1           
  Lines              4         4           
===========================================
  Hits               4         4
Flag Coverage Δ
integration-tests-macos-latest 100.00% <ø> (ø)
integration-tests-ubuntu-latest 100.00% <ø> (ø)
integration-tests-windows-latest 100.00% <ø> (ø)
unit-tests-macos-latest 100.00% <ø> (ø)
unit-tests-ubuntu-latest 100.00% <ø> (ø)
unit-tests-windows-latest 100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.