Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump spotbugs.version from 4.7.3 to 4.8.0 #829

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 12, 2023

Bumps spotbugs.version from 4.7.3 to 4.8.0.
Updates com.github.spotbugs:spotbugs-annotations from 4.7.3 to 4.8.0

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

SpotBugs 4.8.0

CHANGELOG

CHECKSUM

file checksum (sha256)
spotbugs-4.8.0-javadoc.jar 4cf102aa474ce8f3728e7513c51c0710024e4cd9d6b7c07672b5e3ec0e70a848
spotbugs-4.8.0-sources.jar d1e47bd320cae314a5c2b44e52152d8ca5f5f700713ba0f497dbed0a916540c2
spotbugs-4.8.0.tgz 15a97043faef7a371ae43137805ca83e89005c22253806b7c63a60a585e794c7
spotbugs-4.8.0.zip 768ac3bd6f5c49d1f12924ff3094ff281debc0ee218ae85ce5aae6f66ca0666a
spotbugs-annotations-4.8.0-javadoc.jar d8ab5ebdaccff345d7167d2518fd74db72cf6b02b259d4f011689d48351c2b3e
spotbugs-annotations-4.8.0-sources.jar b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar f6644de2f0dfe4b614d3c9a35e9a8f1e1da1074892c8cad7a00bb08ce7bf4eff
spotbugs-ant-4.8.0-javadoc.jar 1285df769e00a9fbeb6edceec856b361fb7f5f79762d3f2a768ce71d31cf7bb5
spotbugs-ant-4.8.0-sources.jar 9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar 1ce2fa740d7f07b802881babb27dd26f74861ff2ac938718779ce8a7cb5fe14c
test-harness-4.8.0-javadoc.jar 3191c34729c1dedb4964dfc8a0cd5917457e6271291688ff6d5fc3b9c96868f6
test-harness-4.8.0-sources.jar 633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6
test-harness-4.8.0.jar 23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9
test-harness-core-4.8.0-javadoc.jar 33c6e66ac7a08344afe48aa5ba1d5be22ec79065e50b235530c02d46818a7018
test-harness-core-4.8.0-sources.jar f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.0.jar 5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242
test-harness-jupiter-4.8.0-javadoc.jar 5ff08084863aa6f6579e97e83d9c0ba2b7620663d0f0b0a777f09d99ba06dc8c
test-harness-jupiter-4.8.0-sources.jar 0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.0.jar d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485
Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.8.0 - 2023-10-11

Changed

  • Bump up Apache Commons BCEL to the version 6.6.1 (#2223)
  • Bump up slf4j-api to 2.0.3 (#2220)
  • Bump up gson to 2.10 (#2235)
  • Allowed for large command line through writing arguments to file (UnionResults/UnionBugs2)
  • Use com.github.stephenc.jcip for jcip-annotations fixing #887

Fixed

  • Fixed missing classes not in report if using IErrorLogger.reportMissingClass(ClassDescriptor) (#219)
  • Stop exposing junit-bom to consumers (#2255)
  • Fixed AbstractBugReporter emits wrong non-sensical debug output during filtering (#184)
  • Added support for jakarta namespace (#2289)
  • Report a low priority bug for an unread field in reflective classes (#2325)
  • Fixed "Unhandled event loop exception" opening Bug Filter Configuration dialog in Eclipse (#2327)
  • Fixed detector RandomOnceSubDetector to not report when doubles, ints, or longs are called on a new Random or SecureRandom (#2370)
  • Fixed detector TestASM throwing error during analysis, because it doesn't note that it reports bugs.
  • Eclipse annotation classpath initializer is hard-coded to jsr305 version 3.0.1, fix to 3.0.2 per #2470
  • Fixed annotation on generic or array incorrectly considered for the nullability of a method parameter or return type (#2502)
  • Added support for CONSTANT_Dynamic in constant class pool (#2506)
  • Recognise enums and records as immutable (#2356)
  • Added detections of reliance on default encoding in java.nio.file.Files (#2114)
  • Fixed a regression in the Value Number Analysis (#2465)
  • Fix XML Output incorrectly escaped in Eclipse Bug Info view (#2520)
  • Updated the MS_EXPOSE_REP description to mention mutable objects, not just arrays (#1669)
  • Described Configuration option frc.suspicious for bug RC_REF_COMPARISON in bug description (#2297)
  • Fixed FindHEMismatch not reporting HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS for some classes (#2402)
  • Added execute file permission to files in the distribution zip (#2540)
  • Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito.verify() call check (#872)
  • Do not report SIC_INNER_SHOULD_BE_STATIC for classes annotated with JUnit Nested (#560)
  • Detect created, but not-thrown exceptions, which are created by not the constructor (#2547)
  • Fixed eclipse plugin Effort.values pass to effortViewer as required cast to varargs (#2579)

Added

  • New simple name-based AnnotationMatcher for exclude files (now bug annotations store the class java annotations in an attribute called classAnnotationNames). For example, use like in an excludeFilter.xml to ignore classes generated by the Immutable framework. This ignores all class, method or field bugs in classes with that annotation.
  • Added the Common Weakness Enumeration (CWE) taxonomy to the Static Analysis Results Interchange Format (SARIF) report. The short and long description for the CWEs are retrived from a JSON file which is a slimmed down version of the official comprehensive CWE XML from MITRE. The JSON contains information about all CWEs. (#2410).
  • New detector FindAssertionsWithSideEffects detecting bug ASSERTION_WITH_SIDE_EFFECT and ASSERTION_WITH_SIDE_EFFECT_METHOD in case of assertions which may have side effects (See EXP06-J. Expressions used in assertions must not produce side effects)
  • New rule set PA_PUBLIC_PRIMITIVE_ATTRIBUTE, PA_PUBLIC_ARRAY_ATTRIBUTE and PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE to warn for public attributes which are written by the methods of the class. This rule is loosely based on the SEI CERT rule OBJ01-J Limit accessibility of fields. (#OBJ01-J)
  • Extend SerializableIdiom detector with new bug type: SE_PREVENT_EXT_OBJ_OVERWRITE. It's reported in case of the readExternal() method allows any caller to reset any value of an object
  • New Detector FindVulnerableSecurityCheckMethods for new bug type VSC_VULNERABLE_SECURITY_CHECK_METHODS. This bug is reported whenever a non-final and non-private method of a non-final class performs a security check using the java.lang.SecurityManager. (See [SEI CERT MET03-J] (https://wiki.sei.cmu.edu/confluence/display/java/MET03-J.+Methods+that+perform+a+security+check+must+be+declared+private+or+final))
  • New function added to detector SynchronizationOnSharedBuiltinConstantto detect DL_SYNCHRONIZATION_ON_INTERNED_STRING (#2266)
  • Make TypeQualifierResolver recognize org.apache.avro.reflect.Nullable (#2066)
  • New detector FindArgumentAssertions detecting bug ASSERTION_OF_ARGUMENTS in case of validation of arguments of public functions using assertions (See MET01-J. Never use assertions to validate method arguments)
  • Add new detector CT_CONSTRUCTOR_THROW for detecting constructors that throw exceptions.
  • New detector DontReusePublicIdentifiers for new bug type PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS. This bug is reported whenever a new class, interface, field, method or variable is created reusing an identifier from the Java Standard Library . (See SEI CERT rule DCL01-J)

Security

  • Disable access to external entities when processing XML (#2217)

... (truncated)

Commits
  • b8c498c release v4.8.0
  • b6fd746 Migrate to full junit 5 and add some associated code expected to support juni...
  • 4083f1f fix(deps): update dependency com.google.guava:guava to v32.1.3-jre (#2620)
  • 09d70e1 Fix release (#2616)
  • cfcf9f2 [eclipse-format] No longer supply version to spotless, use same configuration...
  • 63618ab Fix first batch of Gradle buildDir deprecations (#2609)
  • fe4442b chore(deps): update plugin com.github.spotbugs to v6.0.0-beta.4 (#2615)
  • d3c49cb spell check (#2607)
  • bc6a9d4 #2280 Update Eclipse plugin release number to 4.29.0 (#2611)
  • d3b130c fix(deps): update dependency org.mockito:mockito-core to v5.6.0 (#2610)
  • Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs from 4.7.3 to 4.8.0

Release notes

Sourced from com.github.spotbugs:spotbugs's releases.

SpotBugs 4.8.0

CHANGELOG

CHECKSUM

file checksum (sha256)
spotbugs-4.8.0-javadoc.jar 4cf102aa474ce8f3728e7513c51c0710024e4cd9d6b7c07672b5e3ec0e70a848
spotbugs-4.8.0-sources.jar d1e47bd320cae314a5c2b44e52152d8ca5f5f700713ba0f497dbed0a916540c2
spotbugs-4.8.0.tgz 15a97043faef7a371ae43137805ca83e89005c22253806b7c63a60a585e794c7
spotbugs-4.8.0.zip 768ac3bd6f5c49d1f12924ff3094ff281debc0ee218ae85ce5aae6f66ca0666a
spotbugs-annotations-4.8.0-javadoc.jar d8ab5ebdaccff345d7167d2518fd74db72cf6b02b259d4f011689d48351c2b3e
spotbugs-annotations-4.8.0-sources.jar b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar f6644de2f0dfe4b614d3c9a35e9a8f1e1da1074892c8cad7a00bb08ce7bf4eff
spotbugs-ant-4.8.0-javadoc.jar 1285df769e00a9fbeb6edceec856b361fb7f5f79762d3f2a768ce71d31cf7bb5
spotbugs-ant-4.8.0-sources.jar 9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar 1ce2fa740d7f07b802881babb27dd26f74861ff2ac938718779ce8a7cb5fe14c
test-harness-4.8.0-javadoc.jar 3191c34729c1dedb4964dfc8a0cd5917457e6271291688ff6d5fc3b9c96868f6
test-harness-4.8.0-sources.jar 633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6
test-harness-4.8.0.jar 23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9
test-harness-core-4.8.0-javadoc.jar 33c6e66ac7a08344afe48aa5ba1d5be22ec79065e50b235530c02d46818a7018
test-harness-core-4.8.0-sources.jar f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.0.jar 5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242
test-harness-jupiter-4.8.0-javadoc.jar 5ff08084863aa6f6579e97e83d9c0ba2b7620663d0f0b0a777f09d99ba06dc8c
test-harness-jupiter-4.8.0-sources.jar 0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.0.jar d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485
Changelog

Sourced from com.github.spotbugs:spotbugs's changelog.

4.8.0 - 2023-10-11

Changed

  • Bump up Apache Commons BCEL to the version 6.6.1 (#2223)
  • Bump up slf4j-api to 2.0.3 (#2220)
  • Bump up gson to 2.10 (#2235)
  • Allowed for large command line through writing arguments to file (UnionResults/UnionBugs2)
  • Use com.github.stephenc.jcip for jcip-annotations fixing #887

Fixed

  • Fixed missing classes not in report if using IErrorLogger.reportMissingClass(ClassDescriptor) (#219)
  • Stop exposing junit-bom to consumers (#2255)
  • Fixed AbstractBugReporter emits wrong non-sensical debug output during filtering (#184)
  • Added support for jakarta namespace (#2289)
  • Report a low priority bug for an unread field in reflective classes (#2325)
  • Fixed "Unhandled event loop exception" opening Bug Filter Configuration dialog in Eclipse (#2327)
  • Fixed detector RandomOnceSubDetector to not report when doubles, ints, or longs are called on a new Random or SecureRandom (#2370)
  • Fixed detector TestASM throwing error during analysis, because it doesn't note that it reports bugs.
  • Eclipse annotation classpath initializer is hard-coded to jsr305 version 3.0.1, fix to 3.0.2 per #2470
  • Fixed annotation on generic or array incorrectly considered for the nullability of a method parameter or return type (#2502)
  • Added support for CONSTANT_Dynamic in constant class pool (#2506)
  • Recognise enums and records as immutable (#2356)
  • Added detections of reliance on default encoding in java.nio.file.Files (#2114)
  • Fixed a regression in the Value Number Analysis (#2465)
  • Fix XML Output incorrectly escaped in Eclipse Bug Info view (#2520)
  • Updated the MS_EXPOSE_REP description to mention mutable objects, not just arrays (#1669)
  • Described Configuration option frc.suspicious for bug RC_REF_COMPARISON in bug description (#2297)
  • Fixed FindHEMismatch not reporting HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS for some classes (#2402)
  • Added execute file permission to files in the distribution zip (#2540)
  • Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito.verify() call check (#872)
  • Do not report SIC_INNER_SHOULD_BE_STATIC for classes annotated with JUnit Nested (#560)
  • Detect created, but not-thrown exceptions, which are created by not the constructor (#2547)
  • Fixed eclipse plugin Effort.values pass to effortViewer as required cast to varargs (#2579)

Added

  • New simple name-based AnnotationMatcher for exclude files (now bug annotations store the class java annotations in an attribute called classAnnotationNames). For example, use like in an excludeFilter.xml to ignore classes generated by the Immutable framework. This ignores all class, method or field bugs in classes with that annotation.
  • Added the Common Weakness Enumeration (CWE) taxonomy to the Static Analysis Results Interchange Format (SARIF) report. The short and long description for the CWEs are retrived from a JSON file which is a slimmed down version of the official comprehensive CWE XML from MITRE. The JSON contains information about all CWEs. (#2410).
  • New detector FindAssertionsWithSideEffects detecting bug ASSERTION_WITH_SIDE_EFFECT and ASSERTION_WITH_SIDE_EFFECT_METHOD in case of assertions which may have side effects (See EXP06-J. Expressions used in assertions must not produce side effects)
  • New rule set PA_PUBLIC_PRIMITIVE_ATTRIBUTE, PA_PUBLIC_ARRAY_ATTRIBUTE and PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE to warn for public attributes which are written by the methods of the class. This rule is loosely based on the SEI CERT rule OBJ01-J Limit accessibility of fields. (#OBJ01-J)
  • Extend SerializableIdiom detector with new bug type: SE_PREVENT_EXT_OBJ_OVERWRITE. It's reported in case of the readExternal() method allows any caller to reset any value of an object
  • New Detector FindVulnerableSecurityCheckMethods for new bug type VSC_VULNERABLE_SECURITY_CHECK_METHODS. This bug is reported whenever a non-final and non-private method of a non-final class performs a security check using the java.lang.SecurityManager. (See [SEI CERT MET03-J] (https://wiki.sei.cmu.edu/confluence/display/java/MET03-J.+Methods+that+perform+a+security+check+must+be+declared+private+or+final))
  • New function added to detector SynchronizationOnSharedBuiltinConstantto detect DL_SYNCHRONIZATION_ON_INTERNED_STRING (#2266)
  • Make TypeQualifierResolver recognize org.apache.avro.reflect.Nullable (#2066)
  • New detector FindArgumentAssertions detecting bug ASSERTION_OF_ARGUMENTS in case of validation of arguments of public functions using assertions (See MET01-J. Never use assertions to validate method arguments)
  • Add new detector CT_CONSTRUCTOR_THROW for detecting constructors that throw exceptions.
  • New detector DontReusePublicIdentifiers for new bug type PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS. This bug is reported whenever a new class, interface, field, method or variable is created reusing an identifier from the Java Standard Library . (See SEI CERT rule DCL01-J)

Security

  • Disable access to external entities when processing XML (#2217)

... (truncated)

Commits
  • b8c498c release v4.8.0
  • b6fd746 Migrate to full junit 5 and add some associated code expected to support juni...
  • 4083f1f fix(deps): update dependency com.google.guava:guava to v32.1.3-jre (#2620)
  • 09d70e1 Fix release (#2616)
  • cfcf9f2 [eclipse-format] No longer supply version to spotless, use same configuration...
  • 63618ab Fix first batch of Gradle buildDir deprecations (#2609)
  • fe4442b chore(deps): update plugin com.github.spotbugs to v6.0.0-beta.4 (#2615)
  • d3c49cb spell check (#2607)
  • bc6a9d4 #2280 Update Eclipse plugin release number to 4.29.0 (#2611)
  • d3b130c fix(deps): update dependency org.mockito:mockito-core to v5.6.0 (#2610)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps `spotbugs.version` from 4.7.3 to 4.8.0.

Updates `com.github.spotbugs:spotbugs-annotations` from 4.7.3 to 4.8.0
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.7.3...4.8.0)

Updates `com.github.spotbugs:spotbugs` from 4.7.3 to 4.8.0
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.7.3...4.8.0)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-annotations
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: com.github.spotbugs:spotbugs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Update of dependencies java Pull requests that update Maven Java dependencies labels Oct 12, 2023
@codecov
Copy link

codecov bot commented Oct 12, 2023

Codecov Report

All modified lines are covered by tests ✅

📢 Thoughts on this report? Let us know!.

@uhafner uhafner closed this Oct 13, 2023
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 13, 2023

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/maven/spotbugs.version-4.8.0 branch October 13, 2023 09:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Update of dependencies java Pull requests that update Maven Java dependencies
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant