apache · hhughes · Oct 31, 2023
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -198,11 +198,11 @@ Make sure you import the types from `net.jcip`, there are homonyms in the classp
 
 ### Nullability annotations
 
-We use the [Spotbugs annotations](https://spotbugs.github.io) to document nullability of parameters,
+We use the [jsr305 annotations](http://code.google.com/p/jsr-305/) to document nullability of parameters,
 method return types and class members.
 
-Please annotate any new class or interface with the appropriate annotations: `@NonNull`, `@Nullable`. Make sure you import 
-the types from `edu.umd.cs.findbugs.annotations`, there are homonyms in the classpath.
+Please annotate any new class or interface with the appropriate annotations: `@Nonnull`, `@Nullable`. Make sure you import 
+the types from `javax.annotation`, there are homonyms in the classpath.
 
 
 ## Coding style -- test code

diff --git a/core-shaded/pom.xml b/core-shaded/pom.xml
@@ -114,8 +114,8 @@
       <artifactId>jcip-annotations</artifactId>
     </dependency>
     <dependency>
-      <groupId>com.github.spotbugs</groupId>
-      <artifactId>spotbugs-annotations</artifactId>
+      <groupId>com.google.code.findbugs</groupId>
+      <artifactId>jsr305</artifactId>
     </dependency>
   </dependencies>
   <!--
@@ -318,7 +318,7 @@
                   <!--
                   2) Don't include the packages below because they contain annotations only and are
                   not required at runtime.
-                  -->!net.jcip.annotations.*, !edu.umd.cs.findbugs.annotations.*,
+                  -->!net.jcip.annotations.*, !javax.annotation.*,
                   <!--
                   3) Don't include GraalVM.
                   -->!org.graalvm.*, !com.oracle.svm.*,

diff --git a/core/pom.xml b/core/pom.xml
@@ -121,8 +121,8 @@
       <artifactId>jcip-annotations</artifactId>
     </dependency>
     <dependency>
-      <groupId>com.github.spotbugs</groupId>
-      <artifactId>spotbugs-annotations</artifactId>
+      <groupId>com.google.code.findbugs</groupId>
+      <artifactId>jsr305</artifactId>
     </dependency>
     <dependency>
       <groupId>org.graalvm.sdk</groupId>
@@ -303,7 +303,7 @@
                   <!--
                   1) Don't include the packages below because they contain annotations only and are
                   not required at runtime.
-                  -->!net.jcip.annotations.*, !edu.umd.cs.findbugs.annotations.*,
+                  -->!net.jcip.annotations.*, !javax.annotation.*,
                   <!--
                   2) Don't include GraalVM.
                   -->!org.graalvm.*, !com.oracle.svm.*,

diff --git a/core/src/main/java/com/datastax/dse/driver/api/core/DseSession.java b/core/src/main/java/com/datastax/dse/driver/api/core/DseSession.java
@@ -19,7 +19,7 @@
 
 import com.datastax.oss.driver.api.core.CqlSession;
 import com.datastax.oss.driver.api.core.MavenCoordinates;
-import edu.umd.cs.findbugs.annotations.NonNull;
+import javax.annotation.Nonnull;
 
 /**
  * @deprecated All DSE functionality is now available directly on {@link CqlSession}. This type is
@@ -33,14 +33,14 @@ public interface DseSession extends CqlSession {
    *     preserved for backward compatibility, but it returns the same value as {@link
    *     CqlSession#OSS_DRIVER_COORDINATES}.
    */
-  @Deprecated @NonNull MavenCoordinates DSE_DRIVER_COORDINATES = CqlSession.OSS_DRIVER_COORDINATES;
+  @Deprecated @Nonnull MavenCoordinates DSE_DRIVER_COORDINATES = CqlSession.OSS_DRIVER_COORDINATES;
 
   /**
    * Returns a builder to create a new instance.
    *
    * <p>Note that this builder is mutable and not thread-safe.
    */
-  @NonNull
+  @Nonnull
   static DseSessionBuilder builder() {
     return new DseSessionBuilder();
   }

diff --git a/core/src/main/java/com/datastax/dse/driver/api/core/DseSessionBuilder.java b/core/src/main/java/com/datastax/dse/driver/api/core/DseSessionBuilder.java
@@ -19,7 +19,7 @@
 
 import com.datastax.oss.driver.api.core.CqlSession;
 import com.datastax.oss.driver.api.core.session.SessionBuilder;
-import edu.umd.cs.findbugs.annotations.NonNull;
+import javax.annotation.Nonnull;
 import net.jcip.annotations.NotThreadSafe;
 
 /**
@@ -31,9 +31,9 @@
 @Deprecated
 public class DseSessionBuilder extends SessionBuilder<DseSessionBuilder, DseSession> {
 
-  @NonNull
+  @Nonnull
   @Override
-  protected DseSession wrap(@NonNull CqlSession defaultSession) {
+  protected DseSession wrap(@Nonnull CqlSession defaultSession) {
     return new com.datastax.dse.driver.internal.core.session.DefaultDseSession(defaultSession);
   }
 }
diff --git a/core/src/main/java/com/datastax/dse/driver/api/core/auth/BaseDseAuthenticator.java b/core/src/main/java/com/datastax/dse/driver/api/core/auth/BaseDseAuthenticator.java
@@ -18,9 +18,9 @@
 package com.datastax.dse.driver.api.core.auth;
 
 import com.datastax.oss.driver.api.core.auth.SyncAuthenticator;
-import edu.umd.cs.findbugs.annotations.NonNull;
-import edu.umd.cs.findbugs.annotations.Nullable;
 import java.nio.ByteBuffer;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import net.jcip.annotations.ThreadSafe;
 
 /**
@@ -35,7 +35,7 @@ public abstract class BaseDseAuthenticator implements SyncAuthenticator {
 
   private final String serverAuthenticator;
 
-  protected BaseDseAuthenticator(@NonNull String serverAuthenticator) {
+  protected BaseDseAuthenticator(@Nonnull String serverAuthenticator) {
     this.serverAuthenticator = serverAuthenticator;
   }
 
@@ -52,7 +52,7 @@ protected BaseDseAuthenticator(@NonNull String serverAuthenticator) {
    * This must be either a {@linkplain ByteBuffer#asReadOnlyBuffer() read-only} buffer, or a new
    * instance every time.
    */
-  @NonNull
+  @Nonnull
   protected abstract ByteBuffer getMechanism();
 
   /**
@@ -68,7 +68,7 @@ protected BaseDseAuthenticator(@NonNull String serverAuthenticator) {
    * This must be either a {@linkplain ByteBuffer#asReadOnlyBuffer() read-only} buffer, or a new
    * instance every time.
    */
-  @NonNull
+  @Nonnull
   protected abstract ByteBuffer getInitialServerChallenge();
 
   @Nullable

diff --git a/core/src/main/java/com/datastax/dse/driver/api/core/auth/DseGssApiAuthProviderBase.java b/core/src/main/java/com/datastax/dse/driver/api/core/auth/DseGssApiAuthProviderBase.java
@@ -25,15 +25,15 @@
 import com.datastax.oss.driver.shaded.guava.common.base.Charsets;
 import com.datastax.oss.driver.shaded.guava.common.collect.ImmutableMap;
 import com.datastax.oss.protocol.internal.util.Bytes;
-import edu.umd.cs.findbugs.annotations.NonNull;
-import edu.umd.cs.findbugs.annotations.Nullable;
 import java.net.InetSocketAddress;
 import java.nio.ByteBuffer;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import javax.security.auth.Subject;
 import javax.security.auth.login.AppConfigurationEntry;
 import javax.security.auth.login.Configuration;
@@ -72,25 +72,25 @@ public abstract class DseGssApiAuthProviderBase implements AuthProvider {
    *     when you have multiple driver instances executing in the same JVM). Config-based
    *     implementations fill this with {@link Session#getName()}.
    */
-  protected DseGssApiAuthProviderBase(@NonNull String logPrefix) {
+  protected DseGssApiAuthProviderBase(@Nonnull String logPrefix) {
     this.logPrefix = Objects.requireNonNull(logPrefix);
   }
 
-  @NonNull
+  @Nonnull
   protected abstract GssApiOptions getOptions(
-      @NonNull EndPoint endPoint, @NonNull String serverAuthenticator);
+      @Nonnull EndPoint endPoint, @Nonnull String serverAuthenticator);
 
-  @NonNull
+  @Nonnull
   @Override
   public Authenticator newAuthenticator(
-      @NonNull EndPoint endPoint, @NonNull String serverAuthenticator)
+      @Nonnull EndPoint endPoint, @Nonnull String serverAuthenticator)
       throws AuthenticationException {
     return new GssApiAuthenticator(
         getOptions(endPoint, serverAuthenticator), endPoint, serverAuthenticator);
   }
 
   @Override
-  public void onMissingChallenge(@NonNull EndPoint endPoint) {
+  public void onMissingChallenge(@Nonnull EndPoint endPoint) {
     LOG.warn(
         "[{}] {} did not send an authentication challenge; "
             + "This is suspicious because the driver expects authentication",
@@ -111,7 +111,7 @@ public void close() {
   @Immutable
   public static class GssApiOptions {
 
-    @NonNull
+    @Nonnull
     public static Builder builder() {
       return new Builder();
     }
@@ -127,7 +127,7 @@ private GssApiOptions(
         @Nullable Subject subject,
         @Nullable String saslProtocol,
         @Nullable String authorizationId,
-        @NonNull Map<String, String> saslProperties) {
+        @Nonnull Map<String, String> saslProperties) {
       this.loginConfiguration = loginConfiguration;
       this.subject = subject;
       this.saslProtocol = saslProtocol;
@@ -155,7 +155,7 @@ public String getAuthorizationId() {
       return authorizationId;
     }
 
-    @NonNull
+    @Nonnull
     public Map<String, String> getSaslProperties() {
       return saslProperties;
     }
@@ -183,7 +183,7 @@ public Builder() {
        *
        * @see #withLoginConfiguration(Map)
        */
-      @NonNull
+      @Nonnull
       public Builder withLoginConfiguration(@Nullable Configuration loginConfiguration) {
         this.loginConfiguration = loginConfiguration;
         return this;
@@ -198,7 +198,7 @@ public Builder withLoginConfiguration(@Nullable Configuration loginConfiguration
        * if both are called, the subject takes precedence, and the login configuration will be
        * ignored.
        */
-      @NonNull
+      @Nonnull
       public Builder withLoginConfiguration(@Nullable Map<String, String> loginConfiguration) {
         this.loginConfiguration = fetchLoginConfiguration(loginConfiguration);
         return this;
@@ -210,7 +210,7 @@ public Builder withLoginConfiguration(@Nullable Map<String, String> loginConfigu
        * <p>You MUST call either this method or {@link #withLoginConfiguration(Configuration)}; if
        * both are called, the subject takes precedence, and the login configuration will be ignored.
        */
-      @NonNull
+      @Nonnull
       public Builder withSubject(@Nullable Subject subject) {
         this.subject = subject;
         return this;
@@ -220,14 +220,14 @@ public Builder withSubject(@Nullable Subject subject) {
        * Sets the SASL protocol name to use; should match the username of the Kerberos service
        * principal used by the DSE server.
        */
-      @NonNull
+      @Nonnull
       public Builder withSaslProtocol(@Nullable String saslProtocol) {
         this.saslProtocol = saslProtocol;
         return this;
       }
 
       /** Sets the authorization ID (allows proxy authentication). */
-      @NonNull
+      @Nonnull
       public Builder withAuthorizationId(@Nullable String authorizationId) {
         this.authorizationId = authorizationId;
         return this;
@@ -243,13 +243,13 @@ public Builder withAuthorizationId(@Nullable String authorizationId) {
        * javax.security.sasl.qop = auth
        * </pre>
        */
-      @NonNull
-      public Builder addSaslProperty(@NonNull String name, @NonNull String value) {
+      @Nonnull
+      public Builder addSaslProperty(@Nonnull String name, @Nonnull String value) {
         this.saslProperties.put(Objects.requireNonNull(name), Objects.requireNonNull(value));
         return this;
       }
 
-      @NonNull
+      @Nonnull
       public GssApiOptions build() {
         return new GssApiOptions(
             loginConfiguration,
@@ -328,13 +328,13 @@ protected GssApiAuthenticator(
       this.endPoint = endPoint;
     }
 
-    @NonNull
+    @Nonnull
     @Override
     protected ByteBuffer getMechanism() {
       return MECHANISM;
     }
 
-    @NonNull
+    @Nonnull
     @Override
     protected ByteBuffer getInitialServerChallenge() {
       return SERVER_INITIAL_CHALLENGE;

diff --git a/core/src/main/java/com/datastax/dse/driver/api/core/auth/DsePlainTextAuthProviderBase.java b/core/src/main/java/com/datastax/dse/driver/api/core/auth/DsePlainTextAuthProviderBase.java
@@ -18,7 +18,7 @@
 package com.datastax.dse.driver.api.core.auth;
 
 import com.datastax.oss.driver.api.core.auth.PlainTextAuthProviderBase;
-import edu.umd.cs.findbugs.annotations.NonNull;
+import javax.annotation.Nonnull;
 import net.jcip.annotations.ThreadSafe;
 
 /**
@@ -30,7 +30,7 @@
 @Deprecated
 public abstract class DsePlainTextAuthProviderBase extends PlainTextAuthProviderBase {
 
-  protected DsePlainTextAuthProviderBase(@NonNull String logPrefix) {
+  protected DsePlainTextAuthProviderBase(@Nonnull String logPrefix) {
     super(logPrefix);
   }
 }
diff --git a/...rc/main/java/com/datastax/dse/driver/api/core/auth/ProgrammaticDseGssApiAuthProvider.java b/...rc/main/java/com/datastax/dse/driver/api/core/auth/ProgrammaticDseGssApiAuthProvider.java
@@ -19,7 +19,7 @@
 
 import com.datastax.oss.driver.api.core.auth.AuthProvider;
 import com.datastax.oss.driver.api.core.metadata.EndPoint;
-import edu.umd.cs.findbugs.annotations.NonNull;
+import javax.annotation.Nonnull;
 
 /**
  * {@link AuthProvider} that provides GSSAPI authenticator instances for clients to connect to DSE
@@ -165,10 +165,10 @@ public ProgrammaticDseGssApiAuthProvider(GssApiOptions options) {
     this.options = options;
   }
 
-  @NonNull
+  @Nonnull
   @Override
   protected GssApiOptions getOptions(
-      @NonNull EndPoint endPoint, @NonNull String serverAuthenticator) {
+      @Nonnull EndPoint endPoint, @Nonnull String serverAuthenticator) {
     return options;
   }
 }
diff --git a/core/src/main/java/com/datastax/dse/driver/api/core/auth/ProxyAuthentication.java b/core/src/main/java/com/datastax/dse/driver/api/core/auth/ProxyAuthentication.java
@@ -21,9 +21,9 @@
 import com.datastax.oss.driver.api.core.cql.Statement;
 import com.datastax.oss.driver.shaded.guava.common.base.Charsets;
 import com.datastax.oss.protocol.internal.util.collection.NullAllowingImmutableMap;
-import edu.umd.cs.findbugs.annotations.NonNull;
 import java.nio.ByteBuffer;
 import java.util.Map;
+import javax.annotation.Nonnull;
 
 public class ProxyAuthentication {
   private static final String PROXY_EXECUTE = "ProxyExecute";
@@ -45,9 +45,9 @@ public class ProxyAuthentication {
    *     href="https://docs.datastax.com/en/dse/6.0/dse-admin/datastax_enterprise/security/secProxy.html">Setting
    *     up roles for applications (DSE 6.0 admin guide)</a>
    */
-  @NonNull
+  @Nonnull
   public static <StatementT extends Statement<StatementT>> StatementT executeAs(
-      @NonNull String userOrRole, @NonNull StatementT statement) {
+      @Nonnull String userOrRole, @Nonnull StatementT statement) {
     return statement.setCustomPayload(
         addProxyExecuteEntry(statement.getCustomPayload(), userOrRole));
   }
@@ -57,15 +57,15 @@ public static <StatementT extends Statement<StatementT>> StatementT executeAs(
    *
    * @see #executeAs(String, Statement)
    */
-  @NonNull
+  @Nonnull
   public static <StatementT extends GraphStatement<StatementT>> StatementT executeAs(
-      @NonNull String userOrRole, @NonNull StatementT statement) {
+      @Nonnull String userOrRole, @Nonnull StatementT statement) {
     return statement.setCustomPayload(
         addProxyExecuteEntry(statement.getCustomPayload(), userOrRole));
   }
 
   private static Map<String, ByteBuffer> addProxyExecuteEntry(
-      Map<String, ByteBuffer> currentPayload, @NonNull String userOrRole) {
+      Map<String, ByteBuffer> currentPayload, @Nonnull String userOrRole) {
     NullAllowingImmutableMap.Builder<String, ByteBuffer> builder =
         NullAllowingImmutableMap.builder();
     builder.put(PROXY_EXECUTE, ByteBuffer.wrap(userOrRole.getBytes(Charsets.UTF_8)));