Skip to content

build(deps): bump the low-risk group in /api-tests with 2 updates #1509

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 13, 2025
Merged

build(deps): bump the low-risk group in /api-tests with 2 updates #1509

merged 1 commit into from
Aug 13, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 11, 2025

Bumps the low-risk group in /api-tests with 2 updates: org.assertj:assertj-core and com.github.spotbugs:spotbugs.

Updates org.assertj:assertj-core from 3.27.3 to 3.27.4

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.4

🚫 Deprecated

Core

  • Deprecate org.assertj.core.annotations.Beta in favor of org.assertj.core.annotation.Beta
  • Deprecate org.assertj.core.util.CanIgnoreReturnValue in favor of org.assertj.core.annotation.CanIgnoreReturnValue
  • Deprecate org.assertj.core.util.CheckReturnValue in favor of org.assertj.core.annotation.CheckReturnValue

🐛 Bug Fixes

Core

  • Fix thread-safety in AbstractDateAssert #3874

⚡ Improvements

  • Migrate to the Central Publisher Portal, enable snapshot publishing #3881

Core

  • Annotate fail methods with custom @Contract #3882

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​kelunik

Commits
  • 7a64cde [maven-release-plugin] prepare release assertj-build-3.27.4
  • feb5f6f Annotate fail methods with custom @Contract (#3882)
  • 43e8b65 Deprecate org.assertj.core.util.CheckReturnValue in favor of `org.assertj.c...
  • 1bf8cd6 Deprecate org.assertj.core.util.CanIgnoreReturnValue in favor of `org.asser...
  • 72d08b2 Deprecate org.assertj.core.annotations.Beta in favor of `org.assertj.core.a...
  • 475c2eb Polish
  • fdc9bc5 Skip tests during snapshot publishing
  • 8f4a1b5 Migrate to the Central Publisher Portal, enable snapshot publishing (#3881)
  • 7461b68 Fix thread-safety in AbstractDateAssert (#3874)
  • 015f095 Remove EOL Java 23
  • Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs from 4.9.3 to 4.9.4

Release notes

Sourced from com.github.spotbugs:spotbugs's releases.

SpotBugs 4.9.4

CHANGELOG

Changed

  • AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
  • Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
  • Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

Fixed

  • Widen main method recognition according to JEP 445. (#3371)
  • Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields, parameters, packages or classes with an *.Generated annotation with retention >= class (#3350)(#3409)
  • Rewrite some member in ResourceValueFrame.java to Enum (#2061)
  • Ignore non-interpreted text when looking for FS_BAD_DATE_FORMAT_FLAG_COMBO (#3387)
  • Fix IllegalArgumentException thrown from FindNoSideEffectMethods detector (#3320)
  • Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito doAnswer(), doCallRealMethod(), doNothing(), doThrow() or doReturn() call (#3334)
  • Fix CT_CONSTRUCTOR_THROW false positive with public and private constructors in specific order of methods (#3417)
  • Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE FP when the relevant code is in private method, which is only called with proper synchronization (#3428)
  • Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a BDDMockito call (#3441)
  • Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE when field of a local variable is set. (#3459)
  • Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE FP when there was no compound operation (#3363)
  • Fix NM_FIELD_NAMING_CONVENTION crash in the TestASM detector (#3489)
  • Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in JUnit 3/4 setUp() method. (#3169)
  • Fix US_USELESS_SUPPRESSION_ON_FIELD/UUF_UNUSED_FIELD false positive (#3496)
  • Make the osgi manifest of the annotations jar Java 8 compatible (#3498) (#3500)
  • TextUICommandLine supports all options encoded in Eclipse preferences file (#3520)
  • Unnecessary suppressions fix for records headers (#3471)
  • Dead store fix when switch case contains loops (#3530) (#3449)
  • Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects (#3463)
  • Detect cases when equals() unconditionally returns true or false (#3528)
  • Do not report that an Iterator does not throw NoSuchElementException when hasNext() returns true (#3501)
  • Detect random value cast to int when stored in temporary variable (#3461)
  • Look for interfaces default methods when searching uncalled private methods (#1988)
  • Fixed field self assignment false positive (#2258)
  • Fixed DMI_INVOKING_TOSTRING_ON_ARRAY on newer JDK (#1147)
  • Fix NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive with Objects.requireNonNull (#2965) (#3573)
  • Track inner classes access methods to correctly report the bugs (#2029)
  • SF_SWITCH_NO_DEFAULT false positive fix (#1148) (#3572)

Added

  • Added the unnecessary annotation to the US_USELESS_SUPPRESSION_ON_* messages (#3395)
  • Multi-threaded code checks can be skipped with @NotThreadSafe (#3390)
  • New bug type CWO_CLOSED_WITHOUT_OPENED for locks that might be released without even being acquired. (See SEI CERT rule LCK08-J) (#2055)
    • Breaking change: changed values and new items in ResourceValueFrame.
  • Inline access method for method. (#3481)
  • Added DMI_MISLEADING_SUBSTRING for calling subString(0) on a StringBuffer/StringBuilder (#1928)

Signing

  • Signing for Eclipse plugin has been removed at the current time due to signing keys being expired. The expired key produced a warning during install, the same is true without signing.

CHECKSUM

| file | checksum (sha256) |

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs's changelog.

4.9.4 - 2025-08-07

Changed

  • AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
  • Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
  • Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

Fixed

  • Widen main method recognition according to JEP 445. (#3371)
  • Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields, parameters, packages or classes with an *.Generated annotation with retention >= class (#3350)(#3409)
  • Rewrite some member in ResourceValueFrame.java to Enum (#2061)
  • Ignore non-interpreted text when looking for FS_BAD_DATE_FORMAT_FLAG_COMBO (#3387)
  • Fix IllegalArgumentException thrown from FindNoSideEffectMethods detector (#3320)
  • Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito doAnswer(), doCallRealMethod(), doNothing(), doThrow() or doReturn() call (#3334)
  • Fix CT_CONSTRUCTOR_THROW false positive with public and private constructors in specific order of methods (#3417)
  • Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE FP when the relevant code is in private method, which is only called with proper synchronization (#3428)
  • Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a BDDMockito call (#3441)
  • Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE when field of a local variable is set. (#3459)
  • Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE FP when there was no compound operation (#3363)
  • Fix NM_FIELD_NAMING_CONVENTION crash in the TestASM detector (#3489)
  • Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in JUnit 3/4 setUp() method. (#3169)
  • Fix US_USELESS_SUPPRESSION_ON_FIELD/UUF_UNUSED_FIELD false positive (#3496)
  • Make the osgi manifest of the annotations jar Java 8 compatible (#3498) (#3500)
  • TextUICommandLine supports all options encoded in Eclipse preferences file (#3520)
  • Unnecessary suppressions fix for records headers (#3471)
  • Dead store fix when switch case contains loops (#3530) (#3449)
  • Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects (#3463)
  • Detect cases when equals() unconditionally returns true or false (#3528)
  • Do not report that an Iterator does not throw NoSuchElementException when hasNext() returns true (#3501)
  • Detect random value cast to int when stored in temporary variable (#3461)
  • Look for interfaces default methods when searching uncalled private methods (#1988)
  • Fixed field self assignment false positive (#2258)
  • Fixed DMI_INVOKING_TOSTRING_ON_ARRAY on newer JDK (#1147)
  • Fix NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive with Objects.requireNonNull (#2965) (#3573)
  • Track inner classes access methods to correctly report the bugs (#2029)
  • SF_SWITCH_NO_DEFAULT false positive fix (#1148) (#3572)

Added

  • Added the unnecessary annotation to the US_USELESS_SUPPRESSION_ON_* messages (#3395)
  • Multi-threaded code checks can be skipped with @NotThreadSafe (#3390)
  • New bug type CWO_CLOSED_WITHOUT_OPENED for locks that might be released without even being acquired. (See SEI CERT rule LCK08-J) (#2055)
    • Breaking change: changed values and new items in ResourceValueFrame.
  • Inline access method for method. (#3481)
  • Added DMI_MISLEADING_SUBSTRING for calling subString(0) on a StringBuffer/StringBuilder (#1928)

Signing

  • Signing for Eclipse plugin has been removed at the current time due to signing keys being expired. The expired key produced a warning during install, the same is true without signing.
Commits
  • 014b0ee release v4.9.4
  • 0c0f125 build: Adjustments to the tag checking
  • 788524b prepare for next release
  • 44656f0 release v4.9.4
  • da2f64d build: Make sure check is against origin/master not master
  • 0db0852 prepare for next release
  • 7ecaa15 release v4.9.4
  • a2845af build: Remove space in curl
  • b433c57 build: Disable parallel builds for now
  • a4e906f build: Cleanup release action to correctly work
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the low-risk group in /api-tests with 2 updates
625d3b4 
Bumps the low-risk group in /api-tests with 2 updates: [org.assertj:assertj-core](https://github.com/assertj/assertj) and [com.github.spotbugs:spotbugs](https://github.com/spotbugs/spotbugs).


Updates `org.assertj:assertj-core` from 3.27.3 to 3.27.4
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](assertj/assertj@assertj-build-3.27.3...assertj-build-3.27.4)

Updates `com.github.spotbugs:spotbugs` from 4.9.3 to 4.9.4
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.9.3...4.9.4)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: com.github.spotbugs:spotbugs
  dependency-version: 4.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Aug 11, 2025
@RichardSlater
Copy link
Contributor

RichardSlater commented Aug 13, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Aug 13, 2025

Azure Pipelines successfully started running 1 pipeline(s).

RichardSlater
RichardSlater approved these changes Aug 13, 2025
View reviewed changes
Copy link
Contributor

@RichardSlater RichardSlater left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Low risk group.

Copilot AI reviewed Aug 13, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates two low-risk dependencies in the API tests module to their latest patch versions, focusing on bug fixes and improvements without introducing breaking changes.

Key Changes

  • Bump AssertJ Core from 3.27.3 to 3.27.4 (bug fixes and annotations reorganization)
  • Bump SpotBugs from 4.9.3 to 4.9.4 (numerous bug detection improvements and false positive fixes)

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 13, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@RichardSlater RichardSlater merged commit 1f9c684 into master Aug 13, 2025
5 checks passed
@RichardSlater RichardSlater deleted the dependabot/maven/api-tests/low-risk-1f47b8a1e7 branch August 13, 2025 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@RichardSlater RichardSlater RichardSlater approved these changes

Assignees

@VitalinaVZdrobau VitalinaVZdrobau

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@RichardSlater @VitalinaVZdrobau