xvik / generics-resolver

Java generics runtime resolver
https://xvik.github.io/generics-resolver
MIT License
46 stars 9 forks source link

Bump com.github.spotbugs:spotbugs-annotations from 3.1.12 to 4.8.5 #49

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 6 months ago

Bumps com.github.spotbugs:spotbugs-annotations from 3.1.12 to 4.8.5.

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

SpotBugs 4.8.5

CHANGELOG

Fixed

CHECKSUM

file checksum (sha256)
spotbugs-4.8.5-javadoc.jar c8abae80768a5cd98bb09d13ae8baee1258efaf673e4c21688a581a8bc55cbe6
spotbugs-4.8.5-sources.jar c21daa57e931c0ea342de685884251e198ea3a48993a6d4c0ac8a9513fc8dd89
spotbugs-4.8.5.tgz c514054fd8f81f242ac6d64871d30bdb7b79cb49be7bd6b58067484efae8bfa0
spotbugs-4.8.5.zip a4b7bad5bb8d2d3cdc42b07d6cdd2a0d7864c0b24732120426d0002df4a9dd0f
spotbugs-annotations-4.8.5-javadoc.jar 5e35895e56ea0c2c4beb71a5b6962070d7a7092a79297419482c123c14324096
spotbugs-annotations-4.8.5-sources.jar b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar 6e63acb693f156e4fb79151b88f9eebe731b4da65fe12843503613e0d6e6f68d
spotbugs-ant-4.8.5-javadoc.jar b2807de49cc2e6d733285be3c22a4ef5a51cc95e266b6b93174fc41968eb7738
spotbugs-ant-4.8.5-sources.jar 9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar 4b0809797d9e05685ef97ec92c9ae1fdabf9e63368948a66badd934183b807d0
test-harness-4.8.5-javadoc.jar f5c977da2391ef6b7237e3b89a9be56ff82fdbe4d7c59c4f1f854e79fb28142d
test-harness-4.8.5-sources.jar 76788749afa9e2a8d6c39231f683bd8e3faab26947975c751c0ab0fbdfc3c17a
test-harness-4.8.5.jar 04c7c8e778a1688ab9636ab58b55f1236ae99bb5428a934a7ba0f54857263c74
test-harness-core-4.8.5-javadoc.jar 9258f6be3c3a1a4103b268b3c528a7ed0530c54b83d10bccb3c20aed6e38d2ec
test-harness-core-4.8.5-sources.jar f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.5.jar 30c2b71900f38b77fb0e4a788b8ae1ea5b9e54f42636111576e338085c9c53dd
test-harness-jupiter-4.8.5-javadoc.jar 18e10f9ae7f4c88a8a7790d4ea5e9422901c6a84a768e6961b6d8ce2bc07b9ea
test-harness-jupiter-4.8.5-sources.jar 0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.5.jar 94c5ceecb79b93f5e357b5d9805f0a7a22536a52c70a376182faa14923d86021

SpotBugs 4.8.4

CHANGELOG

Fixed

  • Fix FP in SE_PREVENT_EXT_OBJ_OVERWRITE when the if statement checking for null value, checking multiple variables or the method exiting in the if branch with an exception. (#2750)
  • Fix possible null value in taxonomies of SARIF output (#2744)
  • Fix executionSuccessful flag in SARIF report being set to false when bugs were found (#2116)
  • Move information contained in the SARIF property exitSignalName to exitCodeDescription (#2739)
  • Do not report SE_NO_SERIALVERSIONID or other serialization issues for records (#2793)
  • Added support for CONSTANT_Dynamic (#2759)
  • Ignore generic variable types when looking for BC_UNCONFIRMED_CAST_OF_RETURN_VALUE (#1219)
  • Do not report BC_UNCONFIRMED_CAST for Java 21's type switches (#2813)
  • Remove AppleExtension library (note: menus slightly changed) (#2823)
  • Fix false positive NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE even if Objects.requireNonNull is used. (#651, #456)
  • Fixed error preventing SpotBugs from reporting FE_FLOATING_POINT_EQUALITY (#2843)
  • Fixed NP_LOAD_OF_KNOWN_NULL_VALUE and RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE false positives in try-with-resources generated finally blocks (#2844)

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.8.5 - 2024-05-03

Fixed

  • Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED with eager instances (#2932)
  • Fix FPs when looking for multiple initialization of Singletons (#2934)
  • Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches when switch instruction is TABLESWITCH(#2736)
  • Fix FP SE_BAD_FIELD for record fields ([#2935]spotbugs/spotbugs#2935)

4.8.4 - 2024-04-07

Fixed

  • Fix FP in SE_PREVENT_EXT_OBJ_OVERWRITE when the if statement checking for null value, checking multiple variables or the method exiting in the if branch with an exception. (#2750)
  • Fix possible null value in taxonomies of SARIF output (#2744)
  • Fix executionSuccessful flag in SARIF report being set to false when bugs were found (#2116)
  • Move information contained in the SARIF property exitSignalName to exitCodeDescription (#2739)
  • Do not report SE_NO_SERIALVERSIONID or other serialization issues for records (#2793)
  • Added support for CONSTANT_Dynamic (#2759)
  • Ignore generic variable types when looking for BC_UNCONFIRMED_CAST_OF_RETURN_VALUE (#1219)
  • Do not report BC_UNCONFIRMED_CAST for Java 21's type switches (#2813)
  • Remove AppleExtension library (note: menus slightly changed) (#2823)
  • Fix false positive NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE even if Objects.requireNonNull is used. (#651, #456)
  • Fixed error preventing SpotBugs from reporting FE_FLOATING_POINT_EQUALITY (#2843)
  • Fixed NP_LOAD_OF_KNOWN_NULL_VALUE and RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE false positives in try-with-resources generated finally blocks (#2844)
  • Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches (#2828)
  • Update UnreadFields detector to ignore warnings for fields with certain annotations (#574)
  • Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with @​PostConstruct, @​BeforeEach, etc. (#2872 #2870 #453)
  • Do not report DLS_DEAD_LOCAL_STORE for Hibernate bytecode enhancements (#2865)
  • Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positives due to source code formatting (#2874)
  • Added more nullability annotations in TypeQualifierResolver (#2558 #2694)
  • Improved the bug description for VA_FORMAT_STRING_USES_NEWLINE when using text blocks, check the usage of String.formatted() (#2881)
  • Fixed crash in ValueRangeAnalysisFactory when looking for redundant conditions used in assertions #2887)
  • Revert again commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
  • Fixed false positive MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR when referencing but not calling an overridable method #2837)
  • Update the filter XSD namespace and location for the upcoming 4.8.4 release #2909)

Added

  • New detector MultipleInstantiationsOfSingletons and introduced new bug types:
    • SING_SINGLETON_HAS_NONPRIVATE_CONSTRUCTOR is reported in case of a non-private constructor,
    • SING_SINGLETON_IMPLEMENTS_CLONEABLE is reported in case of a class directly implementing the Cloneable interface,
    • SING_SINGLETON_INDIRECTLY_IMPLEMENTS_CLONEABLE is reported when a class indirectly implements the Cloneable interface,
    • SING_SINGLETON_IMPLEMENTS_CLONE_METHOD is reported when a class does not implement the Cloneable interface, but has a clone() method,
    • SING_SINGLETON_IMPLEMENTS_SERIALIZABLE is reported when a class directly or indirectly implements the Serializable interface and
    • SING_SINGLETON_GETTER_NOT_SYNCHRONIZED is reported when the instance-getter method of the singleton class is not synchronized. (See SEI CERT MSC07-J)
  • Extend FindOverridableMethodCall detector with new bug type: MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT. It's reported when an overridable method is called from readObject(), according to SEI CERT rule SER09-J. Do not invoke overridable methods from the readObject() method.

Changed

  • Minor cleanup in connection with slashed and dotted names (#2805)

Build

  • Fix sonar coverage for project (#2796)
  • Upgraded the build to compile bug samples using Java 21 language features (#2813)

... (truncated)

Commits
  • 1dbd799 release v4.8.5
  • 3d69e18 fix(deps): update dependency com.google.errorprone:error_prone_annotations to...
  • 0a55a48 fix(deps): update dependency org.checkerframework:checker-qual to v3.43.0 (#2...
  • 73f951c fix(deps): update dependency com.google.guava:guava to v33.2.0-jre (#2977)
  • 7120077 chore(deps): update plugin com.github.spotbugs to v6.0.13 (#2974)
  • bdc61bd fix(deps): update dependency checkstyle to v10.16.0 (#2973)
  • 3f79bad fix(deps): update dependency org.testng:testng to v7.10.2 (#2972)
  • bebfdf8 Fix FPs with multiple initialization of Singletons (#2951)
  • e8a364a fix(deps): update dependency org.apache.bcel:bcel to v6.9.0 (#2971)
  • dd05438 fix(deps): update dependency com.google.errorprone:error_prone_annotations to...
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 4 months ago

Superseded by #50.