Skip to content
This repository was archived by the owner on Jan 16, 2023. It is now read-only.

Bump spotbugs from 4.1.2 to 4.4.1 #72

Closed
dependabot wants to merge 1 commit into from
Closed

Bump spotbugs from 4.1.2 to 4.4.1 #72

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Sep 10, 2021

Bumps spotbugs from 4.1.2 to 4.4.1.

Release notes

Sourced from spotbugs's releases.

SpotBugs 4.4.1

CHANGELOG

CHECKSUM

file checksum (sha256)
spotbugs-4.4.1-javadoc.jar 7021a519365315a5fc0f98a0d2c3ed2b73eb20e61baf5b937453b6d085fa02ef
spotbugs-4.4.1-sources.jar 4e6f932cf21f826d30873b0d51c250d5fc5307fd177ec782d38d82f1019c711d
spotbugs-4.4.1.tgz 341873c7c4a73508aca6f32f03339aad38c926703accb2e799b5b632b0832bd9
spotbugs-4.4.1.zip 414152869130c22646ff0e6898bba09e9e20d6ade87eeebe912e645b578b9385
spotbugs-annotations-4.4.1-javadoc.jar cd290d907c4ab7a0ef0fcdacbe9059d8fa15a9de2b98f6ab9f5e02625f9ef557
spotbugs-annotations-4.4.1-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar fa5d3b17d585868c74c0e25b3c57c17282f9a3328c73ea5259bfd9ac99c6933a
spotbugs-ant-4.4.1-javadoc.jar eb5600fbe8c01fb9d2f0bf33a079ba7f60ca1ffd0fc41bb7f21a1728d7823e9b
spotbugs-ant-4.4.1-sources.jar c74dec42c0ed0dd1ae02a7410d8e0f0dbbee23e8e7da4a21910863677fcdbc8e
spotbugs-ant.jar 9233e48d37882ae4e7a42e9f42ef4c63d6f802cf8f3b03ba575bee26e5032367
spotbugs.jar 48c53d2fdefbcd7292a05e23b50dbaab29047e3c87096e5129e4e7a627c354a3
test-harness-4.4.1-javadoc.jar 01c8e43294e9c2a394dcdb5224441e65bc9023a414efcd974b7af92ce10ce60a
test-harness-4.4.1-sources.jar 2c1f5ef929453f3b682c7eb7c1e22db3082b5f74c5a5be439be5dc31dd7a31aa
test-harness-4.4.1.jar 55d3a590b81ffec48293a76c45c0695914b405bf9f02bfb930e3ab99b5867d4f
test-harness-core-4.4.1-javadoc.jar 74b76f75cb4e4a8504d6ff09ca8fcff6d0dba19b24979998ae214b230e44c018
test-harness-core-4.4.1-sources.jar f320f5eb4069e9686b760b2a6a0760989753225f9e9ce1226e3258ec64795d8a
test-harness-core-4.4.1.jar cbec03867e077079d011e85f9932fb230fae3d909f741cffaa4c8097e91fdf40
test-harness-jupiter-4.4.1-javadoc.jar ad8111b37ab5ff2d33415fbb8bd559526259f316028a4129182a98e5966631e8
test-harness-jupiter-4.4.1-sources.jar 210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.4.1.jar 17e8d78d1868f86e63f3e5e3d878e86f3d7fb1b8cf1a8d5f893333c982bfd3e2

SpotBugs 4.4.0

CHANGELOG

CHECKSUM

file checksum (sha256)
spotbugs-4.4.0-javadoc.jar c25c0a3056ccf1ce9ae4c182ab73f6c9626d9031a30bf48857941d6c56ba3cc7
spotbugs-4.4.0-sources.jar 7b9b931b258f1db321fc5fb2e00946594dea976ad51a79a7f3ae48cac17d6c6e
spotbugs-4.4.0.tgz 126b952cf248c92fbb7ba07462a71b3400bd1726fed96e179d8a50edd3e40745
spotbugs-4.4.0.zip f5f8b9aba1f3c87a508fbcb6045dcdc748e1ca4ce16803d6676417c9d82fb862
spotbugs-annotations-4.4.0-javadoc.jar 33a7ccc8917b9c5d2a6b133dceb5b212c0079986232a876471df4d7eb843bc8a
spotbugs-annotations-4.4.0-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar 383fe580c90e1fea94a3387a8245e096beb792efdca7e04a0bbb4a8cbb81dea2
spotbugs-ant-4.4.0-javadoc.jar da10c9d3273d4367d8c940eec20e2799eba9ae54b920c506478236c241b75a55
spotbugs-ant-4.4.0-sources.jar c74dec42c0ed0dd1ae02a7410d8e0f0dbbee23e8e7da4a21910863677fcdbc8e
spotbugs-ant.jar 9233e48d37882ae4e7a42e9f42ef4c63d6f802cf8f3b03ba575bee26e5032367
spotbugs.jar eb02e80126a4cdfb997fe90a1a2c6ff128b114cc7daab77ed3a773bef3adc2ca
test-harness-4.4.0-javadoc.jar 4aee854334bb0dbcfd4697443abc0594a96c8c7db12e9e5408839fad4bf75162
test-harness-4.4.0-sources.jar 2c1f5ef929453f3b682c7eb7c1e22db3082b5f74c5a5be439be5dc31dd7a31aa
test-harness-4.4.0.jar 55d3a590b81ffec48293a76c45c0695914b405bf9f02bfb930e3ab99b5867d4f
test-harness-core-4.4.0-javadoc.jar 76c8694c8051dbc3f5e989448f3746f6da5374e24db22a022b5c2ffe73336f01

... (truncated)

Changelog

Sourced from spotbugs's changelog.

4.4.1 - 2021-09-07

Changed

  • Bump gson from 2.8.7 to 2.8.8 (#1658)
  • Lower ExitCodes logger to debug level (#1661)
  • Fixed SARIF format to be compatible with Github code scanning API requirements (#1630)

Fixed

  • Fixed immutable classes in java.net.* as being flagged as EI (#1653
  • Classes containing only static methods with setter-like names are no longer considered as mutable (#1601)
  • Handle all immutable collections in the Guava library as immutable (#1601)
  • Classes annotated with @​Immutable or @​jdk.internal.ValueBased are considered as immutable (#1601)
  • All classes in packages java.time and java.math are now correctly handled as immutable (#1601)

4.4.0 - 2021-08-12

Fixed

  • Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE (#600 and #1338)
  • Inconsistent bug description on EQ_COMPARING_CLASS_NAMES (#1523)
  • Add a declaration of charset encoding in generated reports (#1623)
  • Fixed regression in Bug Info view for Eclipse 2021-03+ (#1477)

Added

  • New detector FindBadEndOfStreamCheck for new bug type EOS_BAD_END_OF_STREAM_CHECK. This bug is reported whenever the return value of java.io.FileInputStream.read() or java.io.FileReader.read() is first converted to byte/int and only thereafter checked against -1. (See SEI CERT rule FIO08-J)

4.3.0 - 2021-07-01

Fixed

  • MS_EXPOSE_REP and EI_EXPOSE_REP are now reported for code returning a reference to a mutable object indirectly (e.g. via a local variable)

Changed

  • Bump ObjectWeb ASM from 9.1 to 9.2 supporting JDK 18 (#1591)
  • Bump Saxon-HE from 10.3 to 10.5 (#1513)
  • Bump gson from 2.8.6 to 2.8.7 (#1556)
  • Function mutableSignature() improved and factored out from the MutableStaticFields detector

Added

  • New bugs MS_EXPOSE_BUF, EI_EXPOSE_BUF, EI_EXPOSE_STATIC_BUF2 and EI_EXPOSE_BUF2 by the FindReturnRef detector to detect cases where buffers or their backing arrays are exposed (see SEI CERT rule FIO05-J)
  • MS_EXPOSE_REP, EI_EXPOSE_REP, EI_EXPOSE_STATIC_REP2 and EI_EXPOSE_REP2 now report for shallowly copied arrays (using clone()) of mutable objects

4.2.3 - 2021-04-12

Fixed

  • Inconsistency in the description of DLS_DEAD_LOCAL_INCREMENT_IN_RETURN, VO_VOLATILE_INCREMENT and QF_QUESTIONABLE_FOR_LOOP (#1470)
  • Should issue warning for SecureRandom object created and used only once (#1464)
  • False positive OBL_UNSATIFIED_OBLIGATION with try with resources (#79)
  • SA_LOCAL_SELF_COMPUTATION bug (#1472)
  • False positive EQ_UNUSUAL with record classes (#1367)

4.2.2 - 2021-03-03

... (truncated)

Commits
  • fca3406 build: set group even to the root project
  • 8da7825 release v4.4.1
  • 69a2ae8 build(deps): bump com.github.spotbugs from 4.7.3 to 4.7.4
  • 9d2884d Add field "text" to the object message in result (SARIF) (#1631)
  • 3a111bc Classes annotated with @​Immutable or @​jdk.internal.ValueBased are considered ...
  • e0966ca Consider all classes in java.time and java.math as immutable
  • aa7717d build(deps): bump com.diffplug.spotless from 5.14.3 to 5.15.0
  • aed3659 build(deps): bump checker-qual from 3.17.0 to 3.18.0
  • e338ed0 Add the Guava immutable collections to the set of immutable classes
  • 2f09b4b Exclude static methods from setter-like methods when considering a class as i...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump spotbugs from 4.1.2 to 4.4.1
8874d15 
Bumps [spotbugs](https://github.com/spotbugs/spotbugs) from 4.1.2 to 4.4.1.
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.1.2...4.4.1)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 10, 2021
@dependabot dependabot bot mentioned this pull request Sep 10, 2021
Closed
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Oct 12, 2021

Superseded by #85.

@dependabot dependabot bot closed this Oct 12, 2021
@dependabot dependabot bot deleted the dependabot/maven/com.github.spotbugs-spotbugs-4.4.1 branch October 12, 2021 09:06
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant