Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump com.github.spotbugs:spotbugs from 4.7.3 to 4.8.2 #2218

Merged
merged 1 commit into from
Dec 1, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 30, 2023

Bumps com.github.spotbugs:spotbugs from 4.7.3 to 4.8.2.

Release notes

Sourced from com.github.spotbugs:spotbugs's releases.

SpotBugs 4.8.2

CHANGELOG

Fixed

  • Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource (#2379)
  • Use java.nio to load filter files (#2684)
  • Eclipse: Do not export javax.annotation packages (#2699)
  • Fixed not thread safe FindOverridableMethodCall detector (#2701)
  • Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. (#2646)
  • Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
  • Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits (#2710)

Added

  • New detector finding System.getenv() calls, where the corresponding Java property could be used (See ENV02-J).

Build

  • Run build using jdk 17 and 21 without usage of toolchains so we do not defeat the purpose of building on both. (#2722)

CHECKSUM

file checksum (sha256)
spotbugs-4.8.2-javadoc.jar 9147da4187712ba3ec7fd232510181366f394443cf70a76ee918738a11c539e9
spotbugs-4.8.2-sources.jar 4486c8404debe8de2d5a7d71c14ad66480f463d84586cb3077c639c72192924c
spotbugs-4.8.2.tgz c3eb4e2077310bf19b06ed232dc8d71f3a4884a4619fd8a7c041ed5ce5af4819
spotbugs-4.8.2.zip 615400e86ee19ee1b74d0f8d1a170e2dfdb8f49d02b60fa7b276a8179c3b584a
spotbugs-annotations-4.8.2-javadoc.jar 22ec9f9658a7e569893db728a5cdcdb4121b4bca1ae1ee154189f2cbbc42f187
spotbugs-annotations-4.8.2-sources.jar b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar 3d02aacbf2d094d510c087c2a25a85e04f655b22260016473d02258237d0df27
spotbugs-ant-4.8.2-javadoc.jar b210ddbee668f591f0ff57ea8d546ac47e2753cbf56b6f1bbeb61a8d4c82d233
spotbugs-ant-4.8.2-sources.jar 9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar 01974233a0da943700b9b9d190f872f6dd155d5825e05d1fae5a531bebb284eb
test-harness-4.8.2-javadoc.jar a362bb855074be294da341b5ba7406c013174246c63061fc7dfc91f28795adbe
test-harness-4.8.2-sources.jar 633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6
test-harness-4.8.2.jar 23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9
test-harness-core-4.8.2-javadoc.jar 9b32bd7cc9e5af80379207b0b4ad2f6217c4e46db2db3f371d886e227b2ee266
test-harness-core-4.8.2-sources.jar f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.2.jar 5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242
test-harness-jupiter-4.8.2-javadoc.jar 8029e928d3dfa2a93ff8d877693421f265122c5d0f4caee17fd6796d0c7e566d
test-harness-jupiter-4.8.2-sources.jar 0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.2.jar d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485

SpotBugs 4.8.1

CHANGELOG

Fixed

  • Fixed schema location for findbugsfilter.xsd ([#1416])
  • Fixed missing null checks ([#2629])
  • Disabled DontReusePublicIdentifiers due to the high false positives rate ([#2627])
  • Removed signature of methods using UTF-8 in DefaultEncodingDetector ([#2634])
  • Fix exception escapes when calling functions of JUnit Assert or Assertions ([#2640])
  • Fixed an error in the SARIF export when a bug annotation is missing ([#2632])

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs's changelog.

4.8.2 - 2023-11-28

Fixed

  • Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource (#2379)
  • Use java.nio to load filter files (#2684)
  • Eclipse: Do not export javax.annotation packages (#2699)
  • Fixed not thread safe FindOverridableMethodCall detector (#2701)
  • Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. (#2646)
  • Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
  • Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits (#2710)

Added

  • New detector finding System.getenv() calls, where the corresponding Java property could be used (See ENV02-J).

Build

  • Run build using jdk 17 and 21 without usage of toolchains so we do not defeat the purpose of building on both. (#2722)

4.8.1 - 2023-11-06

Fixed

  • Fixed schema location for findbugsfilter.xsd (#1416)
  • Fixed missing null checks (#2629)
  • Disabled DontReusePublicIdentifiers due to the high false positives rate (#2627)
  • Removed signature of methods using UTF-8 in DefaultEncodingDetector (#2634)
  • Fix exception escapes when calling functions of JUnit Assert or Assertions (#2640)
  • Fixed an error in the SARIF export when a bug annotation is missing (#2632)
  • Fixed false positive RV_EXCEPTION_NOT_THROWN when asserting to exception throws (#2628)
  • Fix false positive CT_CONSTRUCTOR_THROW when supertype has final finalize (#2665)
  • Lowered the priority of PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE bug (#2652)
  • Eclipse: fixed startup overhead (on computing classpath) for PDE projects (#2671)

Build

  • Fix deprecated GHA on '::set-output' by using GITHUB_OUTPUT (#2651)

4.8.0 - 2023-10-11

Changed

  • Bump up Apache Commons BCEL to the version 6.6.1 (#2223)
  • Bump up slf4j-api to 2.0.3 (#2220)
  • Bump up gson to 2.10 (#2235)
  • Allowed for large command line through writing arguments to file (UnionResults/UnionBugs2)
  • Use com.github.stephenc.jcip for jcip-annotations fixing (#887)
  • Bump ObjectWeb ASM from 9.4 to 9.6, supporting JDK 21 (#2578)

Fixed

  • Fixed missing classes not in report if using IErrorLogger.reportMissingClass(ClassDescriptor) (#219)
  • Stop exposing junit-bom to consumers (#2255)
  • Fixed AbstractBugReporter emits wrong non-sensical debug output during filtering (#184)
  • Added support for jakarta namespace (#2289)
  • Report a low priority bug for an unread field in reflective classes (#2325)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [com.github.spotbugs:spotbugs](https://github.com/spotbugs/spotbugs) from 4.7.3 to 4.8.2.
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.7.3...4.8.2)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the type:dependencies Pull requests that update a dependency label Nov 30, 2023
@baev baev merged commit 663b7ad into master Dec 1, 2023
11 checks passed
@baev baev deleted the dependabot/gradle/com.github.spotbugs-spotbugs-4.8.2 branch December 1, 2023 11:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
theme:build type:dependencies Pull requests that update a dependency
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant