Bump spotbugs-annotations from 4.2.3 to 4.5.0

[dependabot[bot]]

Bumps spotbugs-annotations from 4.2.3 to 4.5.0.

Release notes

Sourced from spotbugs-annotations's releases.

SpotBugs 4.5.0

CHANGELOG

Changed

• Replace "分析" with "解析" in Japanese document (#1573) @​KengoTODA
• Add a section to document how to integrate find-sec-bugs into spotbugs-maven-plugin (#540) @​luana-martins
• Bump gson from 2.8.8 to 2.8.9 (#1784)
• Changes related to dominators analysis in package edu.umd.cs.findbugs.classfile.engine.bcel (#1741): @​gamesh411
  • DominatorsAnalysisFactory renamed to NonExceptionDominatorsAnalysisFactory (clarification)
  • NonExceptionPostdominatorsAnalysisFactory renamed to NonExceptionPostDominatorsAnalysisFactory (spelling)
  • NonImplicitExceptionDominatorsAnalysis introduced (API consistency)

Added

• Rule DCN_NULLPOINTER_EXCEPTION covers catching NullPointerExceptions in accordance with SEI Cert rule ERR08-J (#1740) @​gamesh411
• Multiple types of report can be generated in batch. Set multiple commandline options for report configuration like -html=report/spotbugs.html -xml:withMessages=report/spotbugs.xml. @​KengoTODA
• New rule REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS to detect public methods instantiating a class they get in their parameter. This rule based on the SEI CERT rule SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields. (#SEC05-J) @​baloghadamsoftware
• New detector FindOverridableMethodCall to detect invocation of overridable method in constructors (MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR) and clone() method (MC_OVERRIDABLE_METHOD_CALL_IN_CLONE), according to SEI CERT rules MET05-J. Ensure that constructors do not call overridable methods and MET06-J. Do not invoke overridable methods in clone(). @​baloghadamsoftware
• Translation of online manual to Brazilian Portuguese (PT-BR). @​luana-martins

Fixed

• False negative about the rule ES_COMPARING_STRINGS_WITH_EQ (#1764) @​KengoTODA
• False negative about the rule IM_MULTIPLYING_RESULT_OF_IREM (#1498)(spotbugs/spotbugs#1498) @​ecxia

Deprecated

• -output command line option is deprecated. Use command line options for report configuration like -xml=spotbugs.xml instead.

CHECKSUM

file	checksum (sha256)
spotbugs-4.5.0-javadoc.jar	6f11c4d1aa5ad3f77f8d63b7ded099547d2010ee725c6c1d4eb512735726ca69
spotbugs-4.5.0-sources.jar	4bf5daff85cf2e7fbc1b0950be87d7933f1bb80756cf9f55c534a63f07551eb9
spotbugs-4.5.0.tgz	327d5e36afa223737e871114e173c6f2d4543e22c6167bc7825001a752a3cf31
spotbugs-4.5.0.zip	988c43c5c36f3799fe9a0cf9714f95940a2d60764a9aa0af3e6ccc137106b97e
spotbugs-annotations-4.5.0-javadoc.jar	76c580b054ce653658d747fcf8aa76d5934f119f2f988cec2e9feafb3f6b9bed
spotbugs-annotations-4.5.0-sources.jar	b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar	65199ea3fe5dc4d106e30ebf67a92c7c816da816563d75c8ea6da1f0ff662857
spotbugs-ant-4.5.0-javadoc.jar	c12a84e031a3ec5a0fd405e1f696f8e32ddd4a43769eb8dd145b77383e0b5506
spotbugs-ant-4.5.0-sources.jar	c74dec42c0ed0dd1ae02a7410d8e0f0dbbee23e8e7da4a21910863677fcdbc8e
spotbugs-ant.jar	b6e73b68e441c001dc42754c73b811625915ae9a759e1ed719df095b41f2979a
spotbugs.jar	7063b740850a27bafbfd2d4528bec2faf2ebef9845a96efea47e15ccbc8a9317
test-harness-4.5.0-javadoc.jar	a702b967a60c96994963921c8c3f4a98b17adf400bc6740cda46b58edf2e183e
test-harness-4.5.0-sources.jar	2c1f5ef929453f3b682c7eb7c1e22db3082b5f74c5a5be439be5dc31dd7a31aa
test-harness-4.5.0.jar	45ca0e944ee5704318d79f67815cde7ca5f7fb22814e325d00e2d25d9b552659
test-harness-core-4.5.0-javadoc.jar	094550ca7cbd658e6b0dad428414cc47c3cfecc6d195abb90fc56c9174f2d047
test-harness-core-4.5.0-sources.jar	f320f5eb4069e9686b760b2a6a0760989753225f9e9ce1226e3258ec64795d8a
test-harness-core-4.5.0.jar	fd1a0c06a5eaff50ed0953d42fb7d69a41031c6a6630ad5e47c38a9f0eaca285
test-harness-jupiter-4.5.0-javadoc.jar	507afd57f7fc6c619308c46989efa06aa4a99f1ccd9d9ef4b5aa1b2f3e51f656
test-harness-jupiter-4.5.0-sources.jar	210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.5.0.jar	18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4

... (truncated)

Changelog

Sourced from spotbugs-annotations's changelog.

4.5.0 - 2021-11-05

Changed

• Replace "分析" with "解析" in Japanese document (#1573)
• Add a section to document how to integrate find-sec-bugs into spotbugs-maven-plugin (#540)
• Bump gson from 2.8.8 to 2.8.9 (#1784)
• Changes related to dominators analysis in package edu.umd.cs.findbugs.classfile.engine.bcel (#1741):
  • DominatorsAnalysisFactory renamed to NonExceptionDominatorsAnalysisFactory (clarification)
  • NonExceptionPostdominatorsAnalysisFactory renamed to NonExceptionPostDominatorsAnalysisFactory (spelling)
  • NonImplicitExceptionDominatorsAnalysis introduced (API consistency)

Added

• Rule DCN_NULLPOINTER_EXCEPTION covers catching NullPointerExceptions in accordance with SEI Cert rule ERR08-J (#1740)
• Multiple types of report can be generated in batch. Set multiple commandline options for report configuration like -html=report/spotbugs.html -xml:withMessages=report/spotbugs.xml.
• New rule REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS to detect public methods instantiating a class they get in their parameter. This rule based on the SEI CERT rule SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields. (#SEC05-J)
• New detector FindOverridableMethodCall to detect invocation of overridable method in constructors (MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR) and clone() method (MC_OVERRIDABLE_METHOD_CALL_IN_CLONE), according to SEI CERT rules MET05-J. Ensure that constructors do not call overridable methods and MET06-J. Do not invoke overridable methods in clone().
• Translation of online manual to Brazilian Portuguese (PT-BR).

Fixed

• False negative about the rule ES_COMPARING_STRINGS_WITH_EQ (#1764)
• False negative about the rule IM_MULTIPLYING_RESULT_OF_IREM (#1498)(spotbugs/spotbugs#1498)

Deprecated

• -output commandline option is deprecated. Use commandline options for report configuration like -xml=spotbugs.xml instead.

4.4.2 - 2021-10-08

Changed

• Add bug code to report in fancy-hist.xsl (#1688)
• Bump Saxon-HE from 10.5 to 10.6 (#1715)

Fixed

• Fixed immutable java.lang.Class as being flagged as EI (#1695)
• Agree verb with plural subject in the description of SW_SWING_METHODS_INVOKED_IN_SWING_THREAD (#1664)
• Wrong description of the SE_TRANSIENT_FIELD_OF_NONSERIALIZABLE_CLASS (#1664)
• Fixed java.util.Locale as being flagged as EI (#1702)
• Fixed reference to java.awt.Cursor which caused it to be flagged as EI (#1702)
• Treat types with @com.google.errorprone.annotations.Immutable as immutable (#1705)
• Fix annotation check for jdk.internal.ValueBased (#1706)
• DMI_RANDOM_USED_ONLY_ONCE false positive (#1539)
• NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR false negative (#1642)
• Immutable java.util.regex.Pattern as being flagged as EI (#1695)
• Resource leak in the JrtfsCodeBase (#1732)

4.4.1 - 2021-09-07

Changed

• Bump gson from 2.8.7 to 2.8.8 (#1658)
• Lower ExitCodes logger to debug level (#1661)
• Fixed SARIF format to be compatible with Github code scanning API requirements (#1630)

Fixed

... (truncated)

Commits

• 5cc5fc9 release the next minor release v4.5.0
• 92d7552 Add RTD translation to Brazilian Portuguese (PT-BR) (#1796)
• c6ba152 Extend detector FindOverridableMethodCall to detect indirect cases (#1716)
• 085339f Add new rule REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS (#1541)
• 3088491 reproduce and fix #1498
• 454be6a build(deps): bump error_prone_annotations from 2.9.0 to 2.10.0
• d63e473 Rename DominatorsAnalysis to reflect exception handling strategy (#1741)
• 6882383 Support generating multiple bug reports (#1776)
• cf0b796 chore(dev-deps): upgrade SpotBugs gradle plugin to the beta6
• 342f215 build(deps): bump gson from 2.8.8 to 2.8.9 (#1784)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Looks like com.github.spotbugs:spotbugs-annotations is up-to-date now, so this is no longer needed.