Skip to content
This repository has been archived by the owner on May 28, 2024. It is now read-only.

Bump spotbugs-annotations from 4.5.2 to 4.7.3 #91

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 17, 2022

Bumps spotbugs-annotations from 4.5.2 to 4.7.3.

Release notes

Sourced from spotbugs-annotations's releases.

SpotBugs 4.7.3

CHANGELOG

Fixed

  • Fixed detector DontUseFloatsAsLoopCounters to prevent false positives. (#2126) @​baloghadamsoftware
  • Fixed regression in 4.7.2 caused by (#2141) @​baloghadamsoftware
  • improve compatibility with later version of jdk (>= 13). (#2188) @​Bluesbreaker45
  • Fixed detector UncallableMethodOfAnonymousClass to not report unused methods of method-local enumerations and records (#2120) @​baloghadamsoftware
  • Fixed detector FindSqlInjection to detect bug SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE SQL with high priority in case of unsafe appends also in Java 11 and above (#2183) @​baloghadamsoftware
  • Fixed detector StringConcatenation to detect bug SBSC_USE_STRINGBUFFER_CONCATENATION also in Java 11 and above (#2182) @​baloghadamsoftware
  • Fixed OpcodeStackDetector to to handle propagation of taints properly in case of string concatenation in Java 9 and above (#2195) @​baloghadamsoftware
  • Bump up log4j2 binding to 2.19.0
  • Bump ObjectWeb ASM from 9.3 to 9.4 supporting JDK 20 (#2200)
  • Bump up commons-text to 1.10.0 (#2197)
  • Fixed debug detector ViewCFG to generate file names that are also valid on Windows (#2209) @​baloghadamsoftware

CHECKSUM

file checksum (sha256)
spotbugs-4.7.3-javadoc.jar d2ba03077ea35bdac56ff4c45f8a00d0b334c3a6a3855da61d3712b4146472cf
spotbugs-4.7.3-sources.jar 1fd011390e107d57c7c758539a8f79908d022709920171a91d27d3b88634087c
spotbugs-4.7.3.tgz f02e2f1135b23f3edfddb75f64be0491353cfeb567b5a584115aa4fd373d4431
spotbugs-4.7.3.zip dffd3f41fdc2a4cfda547d4ce700585136340e7d0803aeeb2e7ca6cf8c4a6898
spotbugs-annotations-4.7.3-javadoc.jar 392b57d03cb24664dd9ba856287b38a8668c3926eabdfa0f0663fad8fa7d0f44
spotbugs-annotations-4.7.3-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar c0fd1ac2e22acdd46913a2ff74551b71f124457199688698204af4bf3d43165d
spotbugs-ant-4.7.3-javadoc.jar 8591f80cf058830d5b824adc68b820cd901d630b9b55557c48fe4cca6ccdd2fe
spotbugs-ant-4.7.3-sources.jar ce7cfbed848ccb0e3765cec6b9c60c458699aa51f60ad9216cf89dbf38d8d793
spotbugs-ant.jar b866a2a89a03b49e60b5f27e0f5987eb8c12c2d2aefc6e9ddcbcdae345c765db
spotbugs.jar df37eab21a7d04aa807808a33e9f7c081451cb02c14b4a2c33119976be498520
test-harness-4.7.3-javadoc.jar 4008cc377288c53b4725f43a519a701eb91226a99ab340e997694ade20ed243e
test-harness-4.7.3-sources.jar 7efb06093ea5f6f330a7bd76b894f396d6cb466665fcefc01a3743b07910dc29
test-harness-4.7.3.jar 50b4a72c668ea7d29bf1234b4aa380df903374216f68b0a87f7ca28d4fa225f3
test-harness-core-4.7.3-javadoc.jar 486c16fa3ed7c1d99d8ddcdc8e1a6aecf925911d6b473d73aeab40f1639dda52
test-harness-core-4.7.3-sources.jar f8aab3c5cdd456d6b6d632e9fc65897e657447a2e925b6b3f61bd2d15c22cb24
test-harness-core-4.7.3.jar 7165f7f45a6e82e8a6d6a0a4033b6473b310c14f645cb62ebc2fbc6ce5338350
test-harness-jupiter-4.7.3-javadoc.jar 5a011955082b4e27bcdeeb56b6bc6fae21f87015b354bc5ffb80442495b919b9
test-harness-jupiter-4.7.3-sources.jar 210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.7.3.jar 18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4

SpotBugs 4.7.2

CHANGELOG

Fixed

  • Bumped gson from 2.9.0 to 2.9.1 (#2136)
  • Bump up SLF4J API to 2.0.0
  • Bump up logback to 1.4.0
  • Bump up log4j2 binding to 2.18.0
  • Bump up Saxon-HE to 11.4 (#2160)
  • Fixed InvalidInputException in Eclipse while bug reporting (#2134) @​iloveeclipse
  • Bug SA_FIELD_SELF_ASSIGNMENT is now reported from nested classes as well (#2142) @​baloghadamsoftware

... (truncated)

Changelog

Sourced from spotbugs-annotations's changelog.

4.7.3 - 2022-10-15

Fixed

  • Fixed detector DontUseFloatsAsLoopCounters to prevent false positives. (#2126)
  • Fixed regression in 4.7.2 caused by (#2141)
  • improve compatibility with later version of jdk (>= 13). (#2188)
  • Fixed detector UncallableMethodOfAnonymousClass to not report unused methods of method-local enumerations and records (#2120)
  • Fixed detector FindSqlInjection to detect bug SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE SQL with high priority in case of unsafe appends also in Java 11 and above (#2183)
  • Fixed detector StringConcatenation to detect bug SBSC_USE_STRINGBUFFER_CONCATENATION also in Java 11 and above (#2182)
  • Fixed OpcodeStackDetector to to handle propagation of taints properly in case of string concatenation in Java 9 and above (#2195)
  • Bump up log4j2 binding to 2.19.0
  • Bump ObjectWeb ASM from 9.3 to 9.4 supporting JDK 20 (#2200)
  • Bump up commons-text to 1.10.0 (#2197)
  • Fixed debug detector ViewCFG to generate file names that are also valid on Windows (#2209)

4.7.2 - 2022-09-02

Fixed

  • Bumped gson from 2.9.0 to 2.9.1 (#2136)
  • Bump up SLF4J API to 2.0.0
  • Bump up logback to 1.4.0
  • Bump up log4j2 binding to 2.18.0
  • Bump up Saxon-HE to 11.4 (#2160)
  • Fixed InvalidInputException in Eclipse while bug reporting (#2134)
  • Bug SA_FIELD_SELF_ASSIGNMENT is now reported from nested classes as well (#2142)
  • Avoid warning on use of security manager on Java 17 and newer. (#1579)
  • Fixed false positives EI_EXPOSE_REP thrown in case of fields initialized by the of or copyOf method of a List, Map or Set (#1771)
  • Fixed CFGBuilderException thrown when dup_x2 is used to swap the reference and wide-value (double, long) in the stack (#2146)

4.7.1 - 2022-06-26

Fixed

  • Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE on try-with-resources with interface references (#1931)
  • Fixed NullPointerException thrown by detector FindPotentialSecurityCheckBasedOnUntrustedSource on Kotlin files. (#2041)
  • Disabled detector ThrowingExceptions by default to avoid many false positives (#2040)
  • Fixed False positives for THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION and THROWS_METHOD_THROWS_CLAUSE_THROWABLE on evaluating synthetic classes (#2040)
  • Fixed False positive for SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA on proper protection by using static lock for synchronized block, but inside an unsecured (synchronized and not static) method (#2089)

4.7.0 - 2022-04-14

Changed

  • Updated documentation by adding parenthesis () to the negative odd check message (#1995)
  • Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024)

Fixed

  • Fixed reports to truncate existing files before writing new content (#1950)
  • Bumped Saxon-HE from 10.6 to 11.3 (#1955, #1999)
  • Fixed traversal of nested archives governed by -nested:true (#1930)
  • Warnings of deprecated System::setSecurityManager calls on Java 17 (#1983)
  • Fixed false positive SSD bug for locking on java.lang.Class objects (#1978)
  • FindReturnRef throws an IllegalArgumentException unexpectedly (#2019)
  • Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#2004)

Added

... (truncated)

Commits
  • fa9e53a release v4.7.3
  • 838bf77 build(deps): bump com.gradle.enterprise from 3.11.1 to 3.11.2
  • 1515e4c build(deps): bump joda-time from 2.11.2 to 2.12.0
  • 393345b build(deps): bump error_prone_annotations from 2.15.0 to 2.16
  • 119956b Fix for detector UncallableMethodOfAnonymousClass to not report unused meth...
  • 96d50b5 Fix detector FindSqlInjection to detect bug SQL_NONCONSTANT_STRING_PASSED_TO_...
  • 35dddba build(deps): bump groovy-all from 4.0.4 to 4.0.5
  • b4560e0 Fix detector StringConcatenation to detect bug SBSC_USE_STRINGBUFFER_CONCATEN...
  • c4c26c1 Fix for test detector ViewCFG
  • 77b7da7 Fix OpcodeStack to handle propagation of taints properly in case of string co...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [spotbugs-annotations](https://github.com/spotbugs/spotbugs) from 4.5.2 to 4.7.3.
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.5.2...4.7.3)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-annotations
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from leviem1 as a code owner October 17, 2022 13:14
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Oct 17, 2022
@stale
Copy link

stale bot commented Nov 17, 2022

This issue has been automatically marked as stale because it has not had recent activity.

@stale stale bot added the stale This issue hasn't received any activity in a while label Nov 17, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code stale This issue hasn't received any activity in a while
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants