Skip to content

chore(deps): update dependency com.github.spotbugs:spotbugs-annotations to v4.9.4#4653

Merged
renovate[bot] merged 1 commit intomasterfrom
renovate/com.github.spotbugs-spotbugs-annotations-4.9.x
Aug 10, 2025
Merged

chore(deps): update dependency com.github.spotbugs:spotbugs-annotations to v4.9.4#4653
renovate[bot] merged 1 commit intomasterfrom
renovate/com.github.spotbugs-spotbugs-annotations-4.9.x

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Aug 10, 2025

This PR contains the following updates:

Package Change Age Confidence
com.github.spotbugs:spotbugs-annotations (source) 4.9.3 -> 4.9.4 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

spotbugs/spotbugs (com.github.spotbugs:spotbugs-annotations)

v4.9.4

Compare Source

Changed
  • AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
  • Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#​3354).
  • Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#​3485)
Fixed
  • Widen main method recognition according to JEP 445. (#​3371)
  • Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields, parameters, packages or classes with an *.Generated annotation with retention >= class (#​3350)(#​3409)
  • Rewrite some member in ResourceValueFrame.java to Enum (#​2061)
  • Ignore non-interpreted text when looking for FS_BAD_DATE_FORMAT_FLAG_COMBO (#​3387)
  • Fix IllegalArgumentException thrown from FindNoSideEffectMethods detector (#​3320)
  • Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito doAnswer(), doCallRealMethod(), doNothing(), doThrow() or doReturn() call (#​3334)
  • Fix CT_CONSTRUCTOR_THROW false positive with public and private constructors in specific order of methods (#​3417)
  • Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE FP when the relevant code is in private method, which is only called with proper synchronization (#​3428)
  • Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a BDDMockito call (#​3441)
  • Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE when field of a local variable is set. (#​3459)
  • Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE FP when there was no compound operation (#​3363)
  • Fix NM_FIELD_NAMING_CONVENTION crash in the TestASM detector (#​3489)
  • Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in JUnit 3/4 setUp() method. (#​3169)
  • Fix US_USELESS_SUPPRESSION_ON_FIELD/UUF_UNUSED_FIELD false positive (#​3496)
  • Make the osgi manifest of the annotations jar Java 8 compatible (#​3498) (#​3500)
  • TextUICommandLine supports all options encoded in Eclipse preferences file (#​3520)
  • Unnecessary suppressions fix for records headers (#​3471)
  • Dead store fix when switch case contains loops (#​3530) (#​3449)
  • Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects (#​3463)
  • Detect cases when equals() unconditionally returns true or false (#​3528)
  • Do not report that an Iterator does not throw NoSuchElementException when hasNext() returns true (#​3501)
  • Detect random value cast to int when stored in temporary variable (#​3461)
  • Look for interfaces default methods when searching uncalled private methods (#​1988)
  • Fixed field self assignment false positive (#​2258)
  • Fixed DMI_INVOKING_TOSTRING_ON_ARRAY on newer JDK (#​1147)
  • Fix NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive with Objects.requireNonNull (#​2965) (#​3573)
  • Track inner classes access methods to correctly report the bugs (#​2029)
  • SF_SWITCH_NO_DEFAULT false positive fix (#​1148) (#​3572)
Added
  • Added the unnecessary annotation to the US_USELESS_SUPPRESSION_ON_* messages (#​3395)
  • Multi-threaded code checks can be skipped with @NotThreadSafe (#​3390)
  • New bug type CWO_CLOSED_WITHOUT_OPENED for locks that might be released without even being acquired. (See SEI CERT rule LCK08-J) (#​2055)
    • Breaking change: changed values and new items in ResourceValueFrame.
  • Inline access method for method. (#​3481)
  • Added DMI_MISLEADING_SUBSTRING for calling subString(0) on a StringBuffer/StringBuilder (#​1928)
Signing
  • Signing for Eclipse plugin has been removed at the current time due to signing keys being expired. The expired key produced a warning during install, the same is true without signing.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Aug 10, 2025
@renovate renovate bot enabled auto-merge (squash) August 10, 2025 01:09
@codecov
Copy link

codecov bot commented Aug 10, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.00%. Comparing base (d5bff14) to head (8b9a27e).
⚠️ Report is 42 commits behind head on master.

Additional details and impacted files 
@@          Coverage Diff           @@
##           master   #4653   +/-   ##
======================================
  Coverage    0.00%   0.00%           
======================================
  Files           2       2           
  Lines          85      85           
  Branches        3       3           
======================================
  Misses         85      85

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@DanySK DanySK force-pushed the renovate/com.github.spotbugs-spotbugs-annotations-4.9.x branch 2 times, most recently from cc90d2f to bb00033 Compare August 10, 2025 10:29
@renovate renovate bot force-pushed the renovate/com.github.spotbugs-spotbugs-annotations-4.9.x branch from bb00033 to 8b9a27e Compare August 10, 2025 10:29
@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 10, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@renovate renovate bot merged commit 24fbb32 into master Aug 10, 2025
26 checks passed
@renovate renovate bot deleted the renovate/com.github.spotbugs-spotbugs-annotations-4.9.x branch August 10, 2025 11:29
DanySK pushed a commit that referenced this pull request Aug 15, 2025
@semantic-release-bot
chore(release): 42.2.9 [skip ci]
a4984ae 
## [42.2.9](42.2.8...42.2.9) (2025-08-15)

### Dependency updates

* **core-deps:** update protelis to v18.2.1 (patch) ([#4682](#4682)) ([6154647](6154647))
* **deps:** update danysk/makepkg docker tag to v1.1.60 ([#4670](#4670)) ([c079c1c](c079c1c))
* **deps:** update dependency com.github.spotbugs:spotbugs-annotations to v4.9.4 ([#4653](#4653)) ([24fbb32](24fbb32))
* **deps:** update dependency de.flapdoodle.embed:de.flapdoodle.embed.mongo to v4.21.0 ([#4634](#4634)) ([3147631](3147631))
* **deps:** update dependency gradle to v9 ([#4640](#4640)) ([c091c1e](c091c1e))
* **deps:** update dependency io.ktor.plugin to v3.2.3 ([#4627](#4627)) ([4b910b6](4b910b6))
* **deps:** update dependency org.danilopianini:kotlin-symmetric-matrix to v1.1.6 ([#4683](#4683)) ([5756f98](5756f98))
* **deps:** update dependency org.danilopianini.gradle-java-qa:org.danilopianini.gradle-java-qa.gradle.plugin to v1.130.0 ([#4656](#4656)) ([2c2d2fe](2c2d2fe))
* **deps:** update dependency org.danilopianini.gradle-kotlin-qa:org.danilopianini.gradle-kotlin-qa.gradle.plugin to v0.93.0 ([#4636](#4636)) ([d97f13e](d97f13e))
* **deps:** update dependency org.jetbrains.androidx.lifecycle:lifecycle-runtime-compose to v2.9.2 ([#4688](#4688)) ([86951a9](86951a9))
* **deps:** update dependency scalafmt to v3.9.9 ([#4628](#4628)) ([d7c36db](d7c36db))
* **deps:** update dependency semantic-release-preconfigured-conventional-commits to v1.1.139 ([#4629](#4629)) ([69f8773](69f8773))
* **deps:** update node.js to 22.18 ([#4637](#4637)) ([e0d3a92](e0d3a92))
* **deps:** update plugin gitsemver to v6 ([#4673](#4673)) ([554b1cc](554b1cc))
* **deps:** update plugin gitsemver to v6.0.1 ([#4687](#4687)) ([c8da9fa](c8da9fa))
* **deps:** update plugin multijvmtesting to v3.6.1 ([#4648](#4648)) ([3d6a06a](3d6a06a))
* **deps:** update plugin multijvmtesting to v4 ([#4649](#4649)) ([a8e48d7](a8e48d7))
* **deps:** update plugin multijvmtesting to v4.0.2 ([#4677](#4677)) ([feba92c](feba92c))
* **deps:** update plugin multijvmtesting to v4.1.0 ([#4686](#4686)) ([42f9b43](42f9b43))
* **deps:** update plugin org.danilopianini.gradle-pre-commit-git-hooks to v2.0.29 ([#4680](#4680)) ([e53ae76](e53ae76))
* **deps:** update plugin publishoncentral to v9.1.0 ([#4638](#4638)) ([e0f7e30](e0f7e30))
* **deps:** update plugin publishoncentral to v9.1.2 ([#4675](#4675)) ([0e84ddd](0e84ddd))
* **deps:** update plugin publishoncentral to v9.1.3 ([#4685](#4685)) ([141cf2e](141cf2e))
* **deps:** update plugin shadowjar to v8.3.9 ([#4651](#4651)) ([a8bd06f](a8bd06f))
* **deps:** update plugin shadowjar to v9 ([#4652](#4652)) ([a1a51a2](a1a51a2))
* **deps:** update react to v2025.7.15-19.1.1 (patch) ([#4631](#4631)) ([8e40fdb](8e40fdb))
* **deps:** update react to v2025.8.10-19.1.1 (patch) ([#4663](#4663)) ([a103c81](a103c81))
* **deps:** update react to v2025.8.11-19.1.1 (patch) ([#4674](#4674)) ([0c647a8](0c647a8))
* **deps:** update react to v2025.8.12-19.1.1 (patch) ([#4676](#4676)) ([a345e2c](a345e2c))
* **deps:** update react to v2025.8.6-19.1.1 (minor) ([#4639](#4639)) ([bb284fa](bb284fa))
* **deps:** update react to v2025.8.8-19.1.1 (patch) ([#4654](#4654)) ([63e0ae3](63e0ae3))
* **deps:** update react to v2025.8.9-19.1.1 (patch) ([#4662](#4662)) ([192f4a7](192f4a7))

### Tests

* **graphql:** allow up to 2 minutes to complete the environment surrogate test ([#4669](#4669)) ([dbb22b0](dbb22b0))
* **graphql:** use different ports for tests with different JVMs to avoid clashes ([#4664](#4664)) ([5753215](5753215))

### Build and continuous integration

* **deps:** update actions/checkout action to v5 ([#4667](#4667)) ([f7194c0](f7194c0))
* **deps:** update actions/download-artifact action to v5 ([#4641](#4641)) ([28e2e28](28e2e28))
* **deps:** update danysk/action-checkout action to v0.2.23 ([#4668](#4668)) ([a050338](a050338))
* **deps:** update danysk/action-checkout action to v0.2.24 ([#4672](#4672)) ([aacbc6c](aacbc6c))
* **deps:** update danysk/build-check-deploy-gradle-action action to v4.0.2 ([#4632](#4632)) ([c965452](c965452))
* **deps:** update danysk/build-check-deploy-gradle-action action to v4.0.3 ([#4643](#4643)) ([772cfd8](772cfd8))
* migrate to `com.gradleup.shadow` ([#4650](#4650)) ([bbbd4ef](bbbd4ef))
* migrate to `cz.augi.gradle.scalafmt` ([#4657](#4657)) ([0f34d52](0f34d52))
* **multiplatform:** explicitly make KotlinWebpack and KotlinJsTest tasks depend on IncrementalSyncTask ([#4665](#4665)) ([6abab23](6abab23))
* **scafi:** generate bytecode using the same version of the remainder of Alchemist (currently, Java 17) ([#4659](#4659)) ([ce10ade](ce10ade))
* **scafi:** use the task configuration avoidance API ([#4658](#4658)) ([d5bff14](d5bff14))
* use direct references to the version catalog in place of `findLibrary` ([#4660](#4660)) ([b148afa](b148afa))
* use the same version of kotlin in the main build and for `buildSrc` ([#4661](#4661)) ([0992ea8](0992ea8))
* **website:** ignore extract.bbbike.org during link-checking ([#4646](#4646)) ([61d3c93](61d3c93))

### General maintenance

* **build:** actualize the `yarn.lock` file ([f7cd4bd](f7cd4bd))
* **build:** update the javadoc.io cache ([3fd2924](3fd2924))
* **build:** update the javadoc.io cache ([f0417a6](f0417a6))
* **build:** update the javadoc.io cache ([652d85b](652d85b))
* **build:** update the javadoc.io cache ([68064b2](68064b2))
* **build:** update the javadoc.io cache ([a6a213a](a6a213a))
* **build:** update the javadoc.io cache ([08593f5](08593f5))
* **build:** update the javadoc.io cache ([116af01](116af01))
* **build:** update the javadoc.io cache ([040aa41](040aa41))
* **build:** update the javadoc.io cache ([eae3eca](eae3eca))
* **build:** update the javadoc.io cache ([8d9f794](8d9f794))
* **build:** update the javadoc.io cache ([6bb4e14](6bb4e14))
* **build:** update the javadoc.io cache ([50fef99](50fef99))
* **build:** update the javadoc.io cache ([25eacbc](25eacbc))
* **build:** update the javadoc.io cache ([0bf67f2](0bf67f2))
* **build:** update the javadoc.io cache ([5f4beca](5f4beca))
* **build:** update the javadoc.io cache ([06d7fde](06d7fde))

### Style improvements

* improve readability of the main build file ([#4644](#4644)) ([41754a1](41754a1))

### Refactoring

* externalize (drop) multivesta-adapter ([#4647](#4647)) ([c147018](c147018))
@DanySK
Copy link
Member

DanySK commented Aug 15, 2025

🎉 This PR is included in version 42.2.9 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@DanySK DanySK

Labels

dependencies Pull requests that update a dependency file released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DanySK