Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump com.github.spotbugs:spotbugs from 4.7.3 to 4.8.3 #969

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump com.github.spotbugs:spotbugs from 4.7.3 to 4.8.3 #969

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 13, 2023

Bumps com.github.spotbugs:spotbugs from 4.7.3 to 4.8.3.

Release notes

Sourced from com.github.spotbugs:spotbugs's releases.

SpotBugs 4.8.3

CHANGELOG

Fixed

  • Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits for checked exceptions (#2710)
  • Applied changes for bcel 6.8.0 with adjustments to constant pool (#2756)
    • More information bcel changes can be found on (#2757)
  • Fix FN in CT_CONSTRUCTOR_THROW when the return value of the called method is not void or primitive type.

Changed

  • Improved Matcher checks for empty strings (#2755)
  • Allow 'onlyAnalyze' option to specify negative matches, such that this facility can be used to prevent a subset of classes to be excluded from analysis (#2754)
  • Strictly require logback 1.2.13 due to CVE-2023-6481 and CVE-23-6378 (#2760)
  • Prefer log4j2 at 2.22.0 and logback at 1.4.14 (#2760)

CHECKSUM

file checksum (sha256)
spotbugs-4.8.3-javadoc.jar 2e01e937ceb24dc02796690e73caa9d06e576741af497f22f2b1ccd41e98065d
spotbugs-4.8.3-sources.jar 383f1434925a9b5df46c03dc79aac9dbc9ac1e5020f40b34f4e6ab565b8082f5
spotbugs-4.8.3.tgz 4713c0ebcc76125ba11be3cfcb288a39b809fdabfbeec0acd0ac7494ef649851
spotbugs-4.8.3.zip 7468aaaf370ec9df0601a46cf0157b83022d00227ef724d80ebbfbb11cb26270
spotbugs-annotations-4.8.3-javadoc.jar eb513a89ac812f50e3d7de5efbb0e135994849c18412b04759e6d67e991e356e
spotbugs-annotations-4.8.3-sources.jar b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar e5d4f60be8e57595766ba7f1d4535dc46aebf98dae05e16372a4d4120d3ebb6b
spotbugs-ant-4.8.3-javadoc.jar a9713955805838408ed7b6adf030bffc4cd2036fa2fdb8fb772bc1857e4ac4a6
spotbugs-ant-4.8.3-sources.jar 9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar 84a286b65d1c2441ac24a57a998c83d43b9d287fd68ac0df7c7524b5f419fc2b
test-harness-4.8.3-javadoc.jar e3c3997b3a26bee7833b9e7ae634b32f7b060fe11af0a4111d0d62b2a872f760
test-harness-4.8.3-sources.jar 633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6
test-harness-4.8.3.jar 23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9
test-harness-core-4.8.3-javadoc.jar cd3a2bbcff93aba606a4e3340733d06684e2e456211068f8cb7069890c71efa0
test-harness-core-4.8.3-sources.jar f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.3.jar 5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242
test-harness-jupiter-4.8.3-javadoc.jar 35631be40804da4e5613dfa70efc491c52d5b9d4e6d35d706efce78a4ceb1669
test-harness-jupiter-4.8.3-sources.jar 0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.3.jar d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485

SpotBugs 4.8.2

CHANGELOG

Fixed

  • Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource (#2379)
  • Use java.nio to load filter files (#2684)
  • Eclipse: Do not export javax.annotation packages (#2699)
  • Fixed not thread safe FindOverridableMethodCall detector (#2701)
  • Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. (#2646)
  • Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
  • Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits (#2710)

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs's changelog.

4.8.3 - 2023-12-12

Fixed

  • Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits for checked exceptions (#2710)
  • Applied changes for bcel 6.8.0 with adjustments to constant pool (#2756)
    • More information bcel changes can be found on (#2757)
  • Fix FN in CT_CONSTRUCTOR_THROW when the return value of the called method is not void or primitive type.

Changed

  • Improved Matcher checks for empty strings (#2755)
  • Allow 'onlyAnalyze' option to specify negative matches, such that this facility can be used to prevent a subset of classes to be excluded from analysis (#2754)
  • Strictly require logback 1.2.13 due to CVE-2023-6481 and CVE-23-6378 (#2760)
  • Prefer log4j2 at 2.22.0 and logback at 1.4.14 (#2760)

4.8.2 - 2023-11-28

Fixed

  • Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource (#2379)
  • Use java.nio to load filter files (#2684)
  • Eclipse: Do not export javax.annotation packages (#2699)
  • Fixed not thread safe FindOverridableMethodCall detector (#2701)
  • Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. (#2646)
  • Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
  • Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits (#2710)

Added

  • New detector finding System.getenv() calls, where the corresponding Java property could be used (See ENV02-J).

Build

  • Run build using jdk 17 and 21 without usage of toolchains so we do not defeat the purpose of building on both. (#2722)

4.8.1 - 2023-11-06

Fixed

  • Fixed schema location for findbugsfilter.xsd (#1416)
  • Fixed missing null checks (#2629)
  • Disabled DontReusePublicIdentifiers due to the high false positives rate (#2627)
  • Removed signature of methods using UTF-8 in DefaultEncodingDetector (#2634)
  • Fix exception escapes when calling functions of JUnit Assert or Assertions (#2640)
  • Fixed an error in the SARIF export when a bug annotation is missing (#2632)
  • Fixed false positive RV_EXCEPTION_NOT_THROWN when asserting to exception throws (#2628)
  • Fix false positive CT_CONSTRUCTOR_THROW when supertype has final finalize (#2665)
  • Lowered the priority of PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE bug (#2652)
  • Eclipse: fixed startup overhead (on computing classpath) for PDE projects (#2671)

Build

  • Fix deprecated GHA on '::set-output' by using GITHUB_OUTPUT (#2651)

4.8.0 - 2023-10-11

Changed

... (truncated)

Commits
  • 1e42fc9 release v4.8.3
  • 44dd360 Fix FNs in CT_CONSTRUCTOR_THROW (#2747)
  • 10422e8 Adjust log binding requirements due to CVEs from logback (#2760)
  • e720004 Support negated onlyAnalyze items (#2754)
  • 8a41d8f Sonar Analyses fixes (#2753)
  • a7aada2 fix(deps): update dependency org.apache.bcel:bcel to v6.8.0 (#2756)
  • c176966 chore(deps): update dependency com.diffplug.gradle:goomph to v3.44.0 (#2758)
  • 0f7a97f chore(deps): update plugin com.github.spotbugs to v6.0.2 (#2742)
  • 5495d4b chore(deps): update plugin com.gradle.enterprise to v3.16 (#2746)
  • 194f19b Use String.isEmpty() with null guards (#2755)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump com.github.spotbugs:spotbugs from 4.7.3 to 4.8.3
ad3d06e 
Bumps [com.github.spotbugs:spotbugs](https://github.com/spotbugs/spotbugs) from 4.7.3 to 4.8.3.
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.7.3...4.8.3)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Dec 13, 2023
@dependabot dependabot bot mentioned this pull request Dec 13, 2023
Closed
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Dec 13, 2023

Quality Gate Passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants