Bump spotbugs from 4.1.2 to 4.5.2

[dependabot]

Bumps spotbugs from 4.1.2 to 4.5.2.

Release notes

Sourced from spotbugs's releases.

SpotBugs 4.5.2

CHANGELOG

Security

• Bumped log4j from 2.14.1 to 2.16.0 to address CVE-2021-44228 @​iloveeclipse

Fixed

• Updated RV_01_TO_INT to handle float and long checks (#1518) @​gloNelson

CHECKSUM

file	checksum (sha256)
spotbugs-4.5.2-javadoc.jar	d12b874128f9d6b3467577d86c34581ea99840e920b318c75cc0c49e34ebd5f3
spotbugs-4.5.2-sources.jar	653bf298c0e8b7d366bbe64c7d5557f0aad7a65cf861f3de752ed0fb810702d2
spotbugs-4.5.2.tgz	e9c8c945d16a4dd1b3552b5296e0df8bba70c3ace95b20bc2939a75f2e3bee3e
spotbugs-4.5.2.zip	0467dc71b24b61bfda7dfaec3df96b5095d526b99b034cad9d068ee026f4cbe3
spotbugs-annotations-4.5.2-javadoc.jar	1ed3f98f0d0efe3309b58edf163e6b5e5b1d0088c0246121850aa8344425911f
spotbugs-annotations-4.5.2-sources.jar	b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar	f6fbf3e13a6c6862e19677a053598fac3cd7f2f6fde726a6765bf83101aa911f
spotbugs-ant-4.5.2-javadoc.jar	0f575c9fd20928faa13f826ef1f21ba6cb5bee1f4c50f4a09a8b65ef488dac52
spotbugs-ant-4.5.2-sources.jar	06f19afbb2fd63e554d1588328feea5aabe0ea4c104191986de03ba1e2f518cb
spotbugs-ant.jar	e31cbd498a93ac92d19658bf45ca3a973b63e8932efca8da1cfd530ec9e547b3
spotbugs.jar	7a4c753d36114f480f63c91b538d0548787827bdefced006fa57eb423095e25a
test-harness-4.5.2-javadoc.jar	1aba8c6a4ada5b82c268ecc8fee6db154c0a788b8e42ac130fe6ea1398bc4804
test-harness-4.5.2-sources.jar	2c1f5ef929453f3b682c7eb7c1e22db3082b5f74c5a5be439be5dc31dd7a31aa
test-harness-4.5.2.jar	45ca0e944ee5704318d79f67815cde7ca5f7fb22814e325d00e2d25d9b552659
test-harness-core-4.5.2-javadoc.jar	88b2470f4ebcc4d10ccc13ee101b951208f8389963919d407c49cda451e5555a
test-harness-core-4.5.2-sources.jar	f320f5eb4069e9686b760b2a6a0760989753225f9e9ce1226e3258ec64795d8a
test-harness-core-4.5.2.jar	fd1a0c06a5eaff50ed0953d42fb7d69a41031c6a6630ad5e47c38a9f0eaca285
test-harness-jupiter-4.5.2-javadoc.jar	d7afde7e639f3ec3737941b68118d4877c819274385f0bf4d62d9aac5549a9ba
test-harness-jupiter-4.5.2-sources.jar	210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.5.2.jar	18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4

SpotBugs 4.5.1

CHANGELOG

Fixed

• Ant task does not produce XML anymore (#1827) @​KengoTODA
• Do not emit false positives of MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR and MC_OVERRIDABLE_METHOD_CALL_IN_CLONE for final classes (#1812). @​danielnorberg
• Reports cannot be created on Windows platform (#1842) @​KengoTODA

CHECKSUM

file	checksum (sha256)
spotbugs-4.5.1-javadoc.jar	899cbc1214eb942e01980cd9d6a64e937598e25c9c1ef7d3af2da43bce729636
spotbugs-4.5.1-sources.jar	b52e0b2e883dcbea58268c5355f1fa4c7090c5d941a93ddf844fa09534ef66e4
spotbugs-4.5.1.tgz	e846b2e374fad74621e45e8b01c31eb9a2636d60b4cd30168944bed98dcb5a4c
spotbugs-4.5.1.zip	26dd83027cd5e5a7e6a3f4c7a4239f27a9af8de209c7e37890835fc8cf035de7
spotbugs-annotations-4.5.1-javadoc.jar	a66f6df0d2f53a88180980cbb465f558ec1614fc409b72f412949b10ec68db29
spotbugs-annotations-4.5.1-sources.jar	b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar	083cc7dcb72f1e39d1da4389753f29c91546376d05be730db812974f74e570d7

... (truncated)

Changelog

Sourced from spotbugs's changelog.

4.5.2 - 2021-12-13

Security

• Bumped log4j from 2.14.1 to 2.16.0 to address CVE-2021-44228

Fixed

• Updated RV_01_TO_INT to handle float and long checks (#1518)

4.5.1 - 2021-12-08

Fixed

• Ant task does not produce XML anymore (#1827)
• Do not emit false positives of MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR and MC_OVERRIDABLE_METHOD_CALL_IN_CLONE for final classes (#1812).
• Reports cannot be created on Windows platform (#1842)

4.5.0 - 2021-11-05

Changed

• Replace "分析" with "解析" in Japanese document (#1573)
• Add a section to document how to integrate find-sec-bugs into spotbugs-maven-plugin (#540)
• Bump gson from 2.8.8 to 2.8.9 (#1784)
• Changes related to dominators analysis in package edu.umd.cs.findbugs.classfile.engine.bcel (#1741):
  • DominatorsAnalysisFactory renamed to NonExceptionDominatorsAnalysisFactory (clarification)
  • NonExceptionPostdominatorsAnalysisFactory renamed to NonExceptionPostDominatorsAnalysisFactory (spelling)
  • NonImplicitExceptionDominatorsAnalysis introduced (API consistency)

Added

• Rule DCN_NULLPOINTER_EXCEPTION covers catching NullPointerExceptions in accordance with SEI Cert rule ERR08-J (#1740)
• Multiple types of report can be generated in batch. Set multiple commandline options for report configuration like -html=report/spotbugs.html -xml:withMessages=report/spotbugs.xml.
• New rule REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS to detect public methods instantiating a class they get in their parameter. This rule based on the SEI CERT rule SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields. (#SEC05-J)
• New detector FindOverridableMethodCall to detect invocation of overridable method in constructors (MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR) and clone() method (MC_OVERRIDABLE_METHOD_CALL_IN_CLONE), according to SEI CERT rules MET05-J. Ensure that constructors do not call overridable methods and MET06-J. Do not invoke overridable methods in clone().
• Translation of online manual to Brazilian Portuguese (PT-BR).

Fixed

• False negative about the rule ES_COMPARING_STRINGS_WITH_EQ (#1764)
• False negative about the rule IM_MULTIPLYING_RESULT_OF_IREM (#1498)(spotbugs/spotbugs#1498)

Deprecated

• -output commandline option is deprecated. Use commandline options for report configuration like -xml=spotbugs.xml instead.

4.4.2 - 2021-10-08

Changed

• Add bug code to report in fancy-hist.xsl (#1688)
• Bump Saxon-HE from 10.5 to 10.6 (#1715)

Fixed

• Fixed immutable java.lang.Class as being flagged as EI (#1695)
• Agree verb with plural subject in the description of SW_SWING_METHODS_INVOKED_IN_SWING_THREAD (#1664)
• Wrong description of the SE_TRANSIENT_FIELD_OF_NONSERIALIZABLE_CLASS (#1664)
• Fixed java.util.Locale as being flagged as EI (#1702)
• Fixed reference to java.awt.Cursor which caused it to be flagged as EI (#1702)
• Treat types with @com.google.errorprone.annotations.Immutable as immutable (#1705)

... (truncated)

Commits

• 0c8b4d1 Update CHANGELOG.md
• 94d81f1 docs: fix category in the CHANGELOG
• f29e292 Fixed typo in the date
• d46acbf build(deps): bump log4j-slf4j18-impl from 2.15.0 to 2.16.0
• ba7eb96 Release 4.5.2 to address CVE-2021-44228
• c84b263 build(deps): bump log4j-slf4j18-impl from 2.14.1 to 2.15.0
• 22fba92 fix: updated RV_01_TO_INT to include float and long (#1851)
• 1f8f6d0 build(deps): bump com.github.spotbugs from 5.0.1 to 5.0.2 (#1860)
• bef25f0 build(deps): bump com.github.spotbugs from 5.0.0-rc.1 to 5.0.1
• 8023af6 prepare for the next development
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #104.