Bump spotbugs-gradle-plugin from 4.7.10 to 5.0.0

[dependabot[bot]]

Bumps spotbugs-gradle-plugin from 4.7.10 to 5.0.0.

Release notes

Sourced from spotbugs-gradle-plugin's releases.

5.0.0

5.0.0 (2021-12-06)

Many thanks for the PR authors in this major release! @​rpalcolea @​blzsaa @​jscancella @​KengoTODA

Bug Fixes

• bump default spotbugs version from 4.4.2 to 4.5.0 (932b215)
• deprecate methods which will be removed in Gradle v8 (c210b8f, 3a28675), closes #598, #597
• drop support for Gradle v5 and v6 (97f330f), closes #557
• set useAuxclasspathFile option by default (3c3779d)
• stop printing stacktraces by default when ignoreFailures = true (e739a30), closes #266
• use hybrid worker by default (8c2667a), closes #429 #416
• Replace deprecated Gradle API
  • stop depending on deprecated JavaPluginConvention (4ab0c8c)
  • stop depending on project.afterEvaluate (809705e), closes #567
  • replace deprecated GUtil API (81ca2f7)
  • replace deprecated setDestination() API (a94168b)
  • replace deprecated JavaExecSpec#setMain(String) (fa63551)
  • deprecated Gradle api usage (#583) (04d6a5e), closes #577

Features

• print report to console when reporting is not specified (b78a1b3), closes #363 #172
• support creating multiple reports (751ca27)
• support Gradle Java Toolchains for JavaExec and WorkerAPI (2978bed), closes #526

BREAKING CHANGES

• The useAuxclasspathFile option is enabled by default.
• Each SpotBugsTask will launch a java process by default. It may affect build performance but is necessary to fix the resource leak
• stacktraces is not printed by default when ignoreFailures = true. set showStackTraces = true explicitly if necessary.
• Gradle v5 and v6 are now not supported.
• Behavior without report config has been changed from XML to console.

Migration Guide

To upgrade your spotbugs-gradle-plugin from v4 to v5, follow these steps:

• Bump up Gradle to v7.0 or later. Refer to the following official manuals for detail.
  • Upgrading your build from Gradle 5.x to 6.0
  • Upgrading your build from Gradle 6.x to 7.0
  • The report { ... } configuration needs to be updated to lazy property:
    • from report.enabled = true to report.required.set(true)
    • from report.destination = file(...) to report.outputLocation.set(file(...))
• If your build script enables the useAuxclasspathFile option, you can safely remove it, because now it's enabled by default.
• If your build script sets the ignoreFailures = true option, you may set showStackTraces = true explicitly to see a stack trace in case of analysis failures.
• If your build script does not configure reporting and it expects an XML report file, set reports { xml { required.set(true) }} explicitly.

... (truncated)

Commits

• 66c5859 build: finish RC release on the beta branch
• 751ca27 feat: support creating multiple reports
• 932b215 fix: bump default spotbugs version from 4.4.2 to 4.5.0
• 5ff6f32 build: bump up Gradle to 7.3
• 2b8e0ed build: switch to the Release Candidate
• 75c00b7 build: bump up Gradle SpotBugs plugin to the latest beta version
• 78600b6 build: bump up required Node.JS to the latest LTS
• 3e59827 chore: merge origin/master to the beta branch
• 81ca2f7 fix: replace deprecated GUtil API
• 4ab0c8c fix: stop depending on deprecated JavaPluginConvention
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[xvik]

@dependabot ignore this major version

[dependabot[bot]]

OK, I won't notify you about version 5.x.x again, unless you re-open this PR or update to a 5.x.x release yourself.