Skip to content

Releases: pmd/pmd

PMD 7.6.0 (27-September-2024)

27 Sep 09:49
pmd_releases/7.6.0
d8d4d3d
Compare
Choose a tag to compare

27-September-2024 - 7.6.0

The PMD team is pleased to announce PMD 7.6.0.

This is a minor release.

Table Of Contents

🚀 New and noteworthy

New Git default branch - "main"

We are joining the Git community and updating "master" to "main". Using the term "master" for the main
development branch can be offensive to some people. Existing versions of Git have been always capable of
working with any branch name and since 2.28.0 (July 2020) the default initial branch is configurable
(init.defaultBranch). Since October 2020, the default branch for new repositories on GitHub
is "main". Finally, PMD will also use this new name for the main branch in all our own repositories.

Why "main"? PMD uses a very simple branching model - pull requests with feature branches and one main development
branch, from which releases are created. That's why "main" is currently the best fitting name.

More information:

What changes?

🐛 Fixed Issues

  • apex
    • #5138: [apex] Various false-negatives since 7.3.0 when using triggers
      (ApexCRUDViolation, CognitiveComplexity, OperationWithLimitsInLoop)
    • #5163: [apex] Parser error when using toLabel in SOSL query
    • #5182: [apex] Parser error when using GROUPING in a SOQL query
    • #5218: [apex] Parser error when using nested subqueries in SOQL
    • #5228: [apex] Parser error when using convertCurrency() in SOQL
  • core
    • #5059: [core] xml output doesn't escape CDATA inside its own CDATA
    • #5201: [core] PMD sarif schema file points to nonexistent location
    • #5222: [core] RuleReference/RuleSetWriter don't handle changed default property values correctly
    • #5229: [doc] CLI flag --show-suppressed needs to mention xml, html, summaryhtml
  • java
    • #5190: [java] NPE in type inference
  • java-codestyle
    • #5046: [java] LocalVariableCouldBeFinal false positive with try/catch
  • java-errorprone
    • #5068: [java] MissingStaticMethodInNonInstantiatableClass: false positive with builder pattern
    • #5207: [java] CheckSkipResult: false positve for a private method void skip(int) in a subclass of FilterInputStream

🚨 API Changes

No changes.

✨ Merged pull requests

📦 Dependency updates

  • #5185: Bump checkstyle from 10.14.0 to 10.18.1
  • #5187: Bump org.apache.maven.plugins:maven-install-plugin from 3.1.1 to 3.1.3
  • #5199: Bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.1 to 3.1.3
  • #5216: Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.20.0 to 0.23.0
  • #5226: Bump rouge from 4.3.0 to 4.4.0 in the all-gems group across 1 directory
  • #5227: Bump com.google.code.gson:gson from 2.10.1 to 2.11.0
  • #5232: Bump com.google.protobuf:protobuf-java from 3.25.3 to 3.25.5
  • #5233: Bump webrick from 1.8.1 to 1.8.2 in /docs

📈 Stats

  • 60 commits
  • 27 closed tickets & PRs
  • Days since last release: 27

PMD 7.5.0 (30-August-2024)

30 Aug 09:00
pmd_releases/7.5.0
74ada42
Compare
Choose a tag to compare

30-August-2024 - 7.5.0

The PMD team is pleased to announce PMD 7.5.0.

This is a minor release.

Table Of Contents

🚀 New: Java 23 Support

This release of PMD brings support for Java 23. There are no new standard language features,
but a couple of preview language features:

Note that String Templates (introduced as preview in Java 21 and 22) are not supported anymore in Java 23,
see JDK-8329949 for details.

In order to analyze a project with PMD that uses these preview language features,
you'll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language
version 23-preview:

export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-23-preview ...

Note: Support for Java 21 preview language features have been removed. The version "21-preview"
are no longer available.

🌟 New Rules

  • The new Java rule AvoidSynchronizedStatement finds synchronization blocks that
    could cause performance issues with virtual threads due to pinning.
  • The new JavaScript rule AvoidConsoleStatements finds any function calls
    on the Console API (e.g. console.log). Using these in production code might negatively impact performance.

🐛 Fixed Issues

  • apex-performance
    • #5139: [apex] OperationWithHighCostInLoop: false negative for triggers
  • java
    • #5062: [java] Support Java 23
    • #5167: [java] java.lang.IllegalArgumentException: <?> cannot be a wildcard bound
  • java-bestpractices
    • #3602: [java] GuardLogStatement: False positive when compile-time constant is created from external constants
    • #4731: [java] GuardLogStatement: Documentation is unclear why getters are flagged
    • #5145: [java] UnusedPrivateMethod: False positive with method calls inside lambda
    • #5151: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is a constant from another class
    • #5152: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is "this"
    • #5153: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is an array element
  • java-design
    • #5048: [java] CognitiveComplexity: Exception when using Map.of()
    • #5162: [java] SingularField: False-positive when preceded by synchronized block
  • java-multithreading
    • #5175: [java] Update AvoidSynchronizedAtMethodLevel message to mention ReentrantLock, new rule AvoidSynchronizedStatement
  • javascript-performance
    • #5105: [javascript] Prohibit any console methods
  • plsql
    • #5125: [plsql] Improve merge statement (order of merge insert/update flexible, allow prefixes in column names)
  • plsql-bestpractices
    • #5132: [plsql] TomKytesDespair: XPathException for more complex exception handler

🚨 API Changes

Deprecations

  • pmd-jsp
    • JspParserImpl is deprecated now. It should have been package-private
      because this is an implementation class that should not be used directly.
  • pmd-plsql
    • MergeUpdateClausePrefix is deprecated. This production is
      not used anymore and will be removed. Note: The whole parser implementation class has been deprecated since 7.3.0,
      as it is supposed to be internalized.
  • pmd-velocity
    • VtlParserImpl is deprecated now. It should have been package-private
      because this is an implementation class that should not be used directly.
  • pmd-visualforce
    • VfParserImpl is deprecated now. It should have been package-private
      because this is an implementation class that should not be used directly.

Experimental

✨ External Contributions

  • #5125: [plsql] Improve merge statement (order of merge insert/update flexible, allow prefixes in column names) - Arjen Duursma (@duursma)
  • #5175: [java] Update AvoidSynchronizedAtMethodLevel message to mention ReentrantLock, new rule AvoidSynchronizedStatement - Chas Honton (@chonton)

📦 Dependency updates

  • #5100: Enable Dependabot
  • #5141: Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.1 to 3.4.0
  • #5142: Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0
  • #5144: Bump org.codehaus.mojo:versions-maven-plugin from 2.16.2 to 2.17.1
  • #5148: Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0
  • #5149: Bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M13 to 4.0.0-M16
  • #5160: Bump org.pcollections:pcollections from 3.2.0 to 4.0.2
  • #5161: Bump danger from 9.4.3 to 9.5.0 in the all-gems group across 1 directory
  • #5164: Bump org.apache.maven.plugins:maven-dependency-plugin from 3.6.1 to 3.7.1
  • #5165: Bump the all-gems group across 1 directory with 2 updates
  • #5171: Bump net.bytebuddy:byte-buddy-agent from 1.14.12 to 1.14.19
  • #5180: Bump net.sf.saxon:Saxon-HE from 12.4 to 12.5

📈 Stats

  • 87 commits
  • 25 closed tickets & PRs
  • Days since last release: 35

PMD 7.4.0 (26-July-2024)

26 Jul 08:38
pmd_releases/7.4.0
db5fa2d
Compare
Choose a tag to compare

26-July-2024 - 7.4.0

The PMD team is pleased to announce PMD 7.4.0.

This is a minor release.

Table Of Contents

🌟 New and changed rules

New Rules

  • The new Apex rule AvoidNonRestrictiveQueries finds SOQL and SOSL queries without a where
    or limit statement. This can quickly cause governor limit exceptions.

Changed rules

  • ClassNamingConventions (Apex Codestyle): Two new properties to configure different patterns
    for inner classes and interfaces: innerClassPattern and innerInterfacePattern.

Renamed rules

  • InaccurateNumericLiteral (JavaScript Error Prone) has been renamed from InnaccurateNumericLiteral.
    The old rule name still works but is deprecated.

🐛 Fixed Issues

  • apex
    • #5094: [apex] "No adapter exists for type" error message printed to stdout instead of stderr
  • apex-bestpractices
    • #5095: [apex] ApexUnitTestShouldNotUseSeeAllDataTrue false negative due to casing (regression in PMD 7)
  • apex-codestyle
    • #4800: [apex] ClassNamingConvention: Support naming convention for inner classes
  • apex-performance
    • #635: [apex] New Rule: Avoid soql/sosl queries without a where clause or limit statement
  • java-bestpractices
    • #5106: [java] AccessorClassGeneration: Node was null for default constructor
    • #5110: [java] UnusedPrivateMethod for method referenced by lombok.Builder.ObtainVia
    • #5117: [java] UnusedPrivateMethod for methods annotated with jakarta.annotation.PostConstruct or PreDestroy
  • java-errorprone
    • #1488: [java] MissingStaticMethodInNonInstantiatableClass: False positive with Lombok Builder on Constructor
  • javascript-errorprone
    • #2367: [javascript] InnaccurateNumericLiteral is misspelled
    • #4716: [javascript] InaccurateNumericLiteral with number 259200000
  • plsql
    • #5086: [plsql] Fixed issue with missing optional table alias in MERGE usage
    • #5087: [plsql] Add support for SQL_MACRO
    • #5088: [plsql] Add support for 'DEFAULT' clause on the arguments of some oracle functions
    • #5133: [plsql] AssertionError: Root of the tree should implement RootNode for a PL/SQL type declaration
  • cli
    • #5120: [cli] Can't start designer under Windows
  • core
    • #5091: [core] PMD CPD v7.3.0 gives deprecation warning for skipLexicalErrors even when not used

🚨 API Changes

  • javascript

✨ External Contributions

📈 Stats

  • 81 commits
  • 32 closed tickets & PRs
  • Days since last release: 27

PMD 7.3.0 (28-June-2024)

28 Jun 09:36
pmd_releases/7.3.0
c5dbc29
Compare
Choose a tag to compare

28-June-2024 - 7.3.0

The PMD team is pleased to announce PMD 7.3.0.

This is a minor release.

Table Of Contents

🚀 New and noteworthy

✨ New Rules

  • The new Java rule UseEnumCollections reports usages for HashSet and HashMap
    when the keys are of an enum type. The specialized enum collections are more space- and time-efficient.

💥 pmd-compat6 removed (breaking)

The already deprecated PMD 6 compatibility module (pmd-compat6) has been removed. It was intended to be used with
older versions of the maven-pmd-plugin, but since maven-pmd-plugin 3.22.0, PMD 7 is supported directly and this
module is not needed anymore.

If you currently use this dependency (net.sourceforge.pmd:pmd-compat6), remove it and upgrade maven-pmd-plugin
to the latest version (3.23.0 or newer).

See also Maven PMD Plugin.

🐛 Fixed Issues

  • cli
    • #2827: [cli] Consider processing errors in exit status
  • core
    • #4396: [core] CPD is always case sensitive
    • #4992: [core] CPD: Include processing errors in XML report
    • #5066: [core] CPD throws java.lang.OutOfMemoryError: Java heap space (since 7.1.0)
  • apex
    • #4922: [apex] SOQL syntax error with TYPEOF in sub-query
    • #5053: [apex] CPD fails to parse string literals with escaped characters
    • #5055: [apex] SOSL syntax error with WITH USER_MODE or WITH SYSTEM_MODE
  • apex-bestpractices
    • #5000: [apex] UnusedLocalVariable FP with binds in SOSL / SOQL
  • java
    • #4885: [java] AssertionError: Method should be accessible
    • #5050: [java] Problems with pattern variables in switch branches
  • java-bestpractices
    • #577: [java] New Rule: Check that Map<K,V> is an EnumMap if K is an enum value
    • #5047: [java] UnusedPrivateMethod FP for Generics & Overloads
  • plsql
    • #1934: [plsql] ParseException with MERGE statement in anonymous block
    • #2779: [plsql] Error while parsing statement with (Oracle) DML Error Logging
    • #4270: [plsql] Parsing exception COMPOUND TRIGGER with EXCEPTION handler

🚨 API Changes

CPD Report Format XML

There are some important changes:

  1. The XML format will now use an XSD schema, that is available at https://pmd.github.io/schema/cpd-report_1_0_0.xsd.
    This schema defines the valid elements and attributes that one can expect from a CPD report.
  2. The root element pmd-cpd contains the new attributes pmdVersion, timestamp and version. The latter is
    the schema version and is currently "1.0.0".
  3. The CPD XML report will now also contain recoverable errors as additional <error> elements.

See Report formats for CPD for an example.

The XML format should be compatible as only attributes and elements have been added. However, if you parse
the document with a namespace aware parser, you might encounter some issues like no elements being found.
In case the new format doesn't work for you (e.g. namespaces, unexpected error elements), you can
go back using the old format with the renderer "xmlold" (XMLOldRenderer). Note, that
this old renderer is deprecated and only there for compatibility reasons. Whatever tooling is used to
read the XML format should be updated.

CLI

  • New exit code 5 introduced. PMD and CPD will exit now by default with exit code 5, if any recoverable error
    (e.g. parsing exception, lexing exception or rule exception) occurred. PMD will still create a report with
    all detected violations or duplications if recoverable errors occurred. Such errors mean, that the report
    might be incomplete, as either violations or duplications for an entire file or for a specific rule are missing.
    These cases can be considered as false-negatives.

    In any case, the root cause should be investigated. If it's a problem in PMD itself, please create a bug report.

  • New CLI parameter --no-fail-on-error to ignore such errors and not exit with code 5. By default,
    a build with errors will now fail and with that parameter, the previous behavior can be restored.
    This parameter is available for both PMD and CPD.

  • The CLI parameter --skip-lexical-errors is deprecated. By default, lexical errors are skipped but the
    build is failed. Use the new parameter --[no-]fail-on-error instead to control whether to fail the build or not.

Ant

  • CPDTask has a new parameter failOnError. It controls, whether to fail the build if any recoverable error occurred.
    By default, the build will fail. CPD will still create a report with all detected duplications, but the report might
    be incomplete.
  • The parameter skipLexicalError in CPDTask is deprecated and ignored. Lexical errors are now always skipped.
    Use the new parameter failOnError instead to control whether to fail the build or not.

Deprecated API

Breaking changes: pmd-compat6 removed

The already deprecated PMD 6 compatibility module (pmd-compat6) has been removed.
See above for details.

📈 Stats

  • 88 commits
  • 32 closed tickets & PRs
  • Days since last release: 27

PMD 7.2.0 (31-May-2024)

31 May 11:39
pmd_releases/7.2.0
38bc997
Compare
Choose a tag to compare

31-May-2024 - 7.2.0

The PMD team is pleased to announce PMD 7.2.0.

This is a minor release.

Table Of Contents

🚀 New and noteworthy

Collections exposed as XPath attributes

Up to now, all AST node getters would be exposed to XPath, as long as the return type was a primitive (boxed or unboxed), String or Enum. That meant that collections, even of these basic types, were not exposed, so for instance accessing Apex's ASTUserClass.getInterfaceNames() to list the interfaces implemented by a class was impossible from XPath, and would require writing a Java rule to check it.

Since this release, PMD will also expose any getter returning a collection of any supported type as a sequence through an XPath attribute. They would require to use apropriate XQuery functions to manipulate the sequence. So for instance, to detect any given ASTUserClass in Apex that implements Queueable, it is now possible to write:

/UserClass[@InterfaceNames = 'Queueable']

Updated PMD Designer

This PMD release ships a new version of the pmd-designer.
For the changes, see PMD Designer Changelog (7.2.0).

🐛 Fixed Issues

  • core
    • #4467: [core] Expose collections from getters as XPath sequence attributes
    • #4978: [core] Referenced Rulesets do not emit details on validation errors
    • #4983: [cpd] Fix CPD crashes about unicode escapes
    • #5009: [core] Kotest tests aren't picked up by surefire
  • java
    • #4912: [java] Unable to parse some Java9+ resource references
    • #4973: [java] Stop parsing Java for CPD
    • #4980: [java] Bad intersection, unrelated class types java.lang.Object[] and java.lang.Number
    • #4988: [java] Fix impl of ASTVariableId::isResourceDeclaration / VariableId/@ResourceDeclaration
    • #4990: [java] Add an attribute @PackageQualifier to ASTClassType
    • #5006: [java] Bad intersection, unrelated class types Child and Parent<? extends Child>
    • #5029: [java] PMD 7.x throws stack overflow in TypeOps$ProjectionVisitor while parsing a Java class
  • java-bestpractices
    • #4278: [java] UnusedPrivateMethod FP with Junit 5 @MethodSource and default factory method name
    • #4852: [java] ReplaceVectorWithList false-positive (neither Vector nor List usage)
    • #4975: [java] UnusedPrivateMethod false positive when using @MethodSource on a @nested test
    • #4985: [java] UnusedPrivateMethod false-positive / method reference in combination with custom object
  • java-codestyle
    • #1619: [java] LocalVariableCouldBeFinal on 'size' variable in for loop
    • #3122: [java] LocalVariableCouldBeFinal should consider blank local variables
    • #4903: [java] UnnecessaryBoxing, but explicit conversion is necessary
    • #4924: [java] UnnecessaryBoxing false positive in PMD 7.0.0 in lambda
    • #4930: [java] EmptyControlStatement should not allow empty try with concise resources
    • #4954: [java] LocalVariableNamingConventions should allow unnamed variables by default
    • #5028: [java] FormalParameterNamingConventions should accept unnamed parameters by default
  • java-errorprone
    • #4042: [java] A false negative about the rule StringBufferInstantiationWithChar
    • #5007: [java] AvoidUsingOctalValues triggers on non-octal double literals with a leading 0
  • java-multithreading
    • #2368: [java] False positive UnsynchronizedStaticFormatter in static initializer

🚨 API Changes

Deprecated API

✨ External Contributions

📈 Stats

  • 152 commits
  • 46 closed tickets & PRs
  • Days since last release: 35

PMD 7.1.0 (26-April-2024)

26 Apr 07:34
pmd_releases/7.1.0
592e80d
Compare
Choose a tag to compare

26-April-2024 - 7.1.0

The PMD team is pleased to announce PMD 7.1.0.

This is a minor release.

Table Of Contents

🚀 New and noteworthy

More robust CPD reports

There were a number of circumstances, specially around (but not limited to) literal sequences, were CPD would
report duplicate overlapping or partially overlapping matches. These have now been fixed, and CPD will report
only the longest non-overlapping duplicate.

These improvements apply to all supported languages, irrespective of supported flags.

✨ New Rules

  • The new Java rule UnnecessaryVarargsArrayCreation reports explicit array creation
    when a varargs is expected. This is more heavy to read and could be simplified.
  • The new Java rule ConfusingArgumentToVarargsMethod reports some confusing situations
    where a varargs method is called with an inexact argument type. These may end up in a mismatch between the expected
    parameter type and the actual value.
  • The new Java rule LambdaCanBeMethodReference reports lambda expressions that can be replaced
    with a method reference. Please read the documentation of the rule for more info. This rule is now part of the Quickstart
    ruleset.

🌟 Rule Changes

🐛 Fixed Issues

  • core
    • #494: [core] Adopt JApiCmp to enforce control over API changes
    • #4942: [core] CPD: --skip-duplicate-files has no effect (7.0.0 regression)
    • #4959: [core] Upgrade saxon to 12.4
  • cli
    • #4791: [cli] Could not find or load main class
    • #4913: [cli] cpd-gui closes immediately
  • doc
    • #4901: [doc] Improve documentation on usage of violationSuppressXPath
  • apex
    • #4418: [apex] ASTAnnotation.getImage() does not return value as written in the class
  • apex-errorprone
    • #3953: [apex] EmptyCatchBlock false positive with formal (doc) comments
  • cpp
    • #2438: [cpp] Repeated Duplication blocks
  • java
    • #4899: [java] Parsing failed in ParseLock#doParse() java.io.IOException: Stream closed
    • #4902: [java] "Bad intersection, unrelated class types" for Constable[] and Enum[]
    • #4947: [java] Broken TextBlock parser
  • java-bestpractices
    • #1084: [java] Allow JUnitTestsShouldIncludeAssert to configure verification methods
    • #3216: [java] New rule: UnnecessaryVarargsArrayCreation
    • #4435: [java] [7.0-rc1] UnusedAssignment for used field
    • #4569: [java] ForLoopCanBeForeach reports on loop for (int i = 0; i < list.size(); i += 2)
    • #4618: [java] UnusedAssignment false positive with conditional assignments of fields
  • java-codestyle
    • #4602: [java] UnnecessaryImport: false positives with static imports
    • #4785: [java] False Positive: PMD Incorrectly report violation for UnnecessaryImport
    • #4779: [java] Examples in documentation of MethodArgumentCanBeFinal do not trigger the rule
    • #4881: [java] ClassNamingConventions: interfaces are identified as abstract classes (regression in 7.0.0)
  • java-design
    • #2440: [java] FinalFieldCouldBeStatic FN when the right side of the assignment is a constant expression
    • #3694: [java] SingularField ignores static variables
    • #4873: [java] AvoidCatchingGenericException: Can no longer suppress on the exception itself
  • java-errorprone
    • #2056: [java] CloseResource false-positive with URLClassLoader in cast expression
    • #4751: [java] PMD crashes when analyzing CloseResource Rule
    • #4928: [java] EmptyCatchBlock false negative when allowCommentedBlocks=true
    • #4948: [java] ImplicitSwitchFallThrough: False-positive with nested switch statements
  • java-performance
    • #3845: [java] InsufficientStringBufferDeclaration should consider literal expression
    • #4874: [java] StringInstantiation: False-positive when using new String(charArray)
    • #4886: [java] BigIntegerInstantiation: False Positive with Java 17 and BigDecimal.TWO
  • pom-errorprone
    • #4388: [pom] InvalidDependencyTypes doesn't consider dependencies at all
  • misc
    • #4967: Fix reproducible build issues with 7.0.0

🚨 API Changes

Deprecated methods

✨ External Contributions

📈 Stats

  • 205 commits
  • 71 closed tickets & PRs
  • Days since last release: 34

PMD 7.0.0 (22-March-2024)

22 Mar 09:08
pmd_releases/7.0.0
7979570
Compare
Choose a tag to compare

22-March-2024 - 7.0.0

🎉 After a long time, we're excited to bring you now the next major version of PMD! 🎉

Since this is a big release, we provide here only a concise version of the release notes. We prepared a separate
page with the full Detailed Release Notes for PMD 7.0.0.

🤝🙏 Many thanks to all users and contributors who were testing the release candidates and
provided feedback and/or PRs!

✨ PMD 7...

  • ...has a new logo
  • ...analyzes Java 21 and Java 22 projects with even better type resolution and symbol table support
  • ...analyzes Kotlin and Swift
  • ...analyzes Apex with a new parser
  • ...finds duplicated code in Coco, Julia, TypeScript
  • ...ships 11 new rules and tons of improvements for existing rules
  • ...provides a new CLI interface with progress bar
  • ...supports Antlr based languages
  • ...and many more enhancements

💥 Note: Since PMD 7 is a major release, it is not a drop-in replacement for PMD 6.55.0.
A detailed documentation of required changes are available in the Migration Guide for PMD 7.

Expand to see Release Notes

Table Of Contents

Changes since 7.0.0-rc4

This section lists the most important changes from the last release candidate.
The remaining section describes the complete release notes for 7.0.0.

New and Noteworthy

Maven PMD Plugin compatibility with PMD 7

In order to use PMD 7 with maven-pmd-plugin a new
compatibility module has been created. This allows to use PMD 7 by simply adding one additional dependency:

  1. Follow the guide Upgrading PMD at Runtime
  2. Add additionally the following dependency:
<dependency>
  <groupId>net.sourceforge.pmd</groupId>
  <artifactId>pmd-compat6</artifactId>
  <version>${pmdVersion}</version>
</dependency>

It is important to add this dependency as the first in the list, so that maven-pmd-plugin sees the (old)
compatible versions of some classes.

This module is available beginning with version 7.0.0-rc4 and will be there at least for the first
final version PMD 7 (7.0.0). It's not decided yet, whether we will keep updating it, after PMD 7 is finally
released.

Note: This compatibility module only works for the built-in rules, that are still available in PMD 7. E.g. you need
to review your rulesets and look out for deprecated rules and such. See the use case
I'm using only built-in rules
in the Migration Guide for PMD 7.

As PMD 7 revamped the Java module, if you have custom rules, you need to migrate these rules.
See the use case I'm using custom rules
in the Migration Guide.

Note: Once the default version of PMD is upgraded to PMD7 in maven-pmd-plugin
(see MPMD-379), this
compatibility module is no longer needed. The module pmd-compat6 might not be maintained then
any further, hence it is already declared as deprecated.

No guarantee is given, that the (deprecated) module pmd-compat6 is being maintained over the
whole lifetime of PMD 7.

Java 22 Support

This release of PMD brings support for Java 22. There are the following new standard language features,
that are supported now:

PMD also supports the following preview language features:

In order to analyze a project with PMD that uses these language features,
you'll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language
version 22-preview:

export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-22-preview ...

Note: Support for Java 20 preview language features have been removed. The version "20-preview" is no longer available.

Swift Support
  • limited support for Swift 5.9 (Macro Expansions)
Groovy Support (CPD)
  • We now support parsing all Groovy features from Groovy 3 and 4.
  • We now support suppression through CPD-ON/CPD-OFF comment pairs.
  • See PR #4726 for details.
Updated PMD Designer

This PMD release ships a new version of the pmd-designer. The designer artifact has been
renamed from "pmd-ui" to "pmd-designer". While the designer still works with Java 8, the
recommended Java Runtime is Java 11 (or later) with OpenJFX 17 (or later).

For the detailed changes, see PMD Designer Changelog (7.0.0).

Apex Support: Replaced Jorje with fully open source front-end

When PMD added Apex support with version 5.5.0, it utilized the Apex Jorje library to parse Apex source
and generate an AST. This library is however a binary-blob provided as part of the
Salesforce Extensions for VS Code, and it is closed-source.

This causes problems, if binary blobs are not allowed by e.g. a company-wide policy. In that case, the Jorje
library prevented that PMD Apex could be used at all.

Also having access to the source code, enhancements and modifications are easier to do.

Under the hood, we use two open source libraries instead:

  • apex-parser originally by
    Kevin Jones (@nawforce).
    This project provides the grammar for a ANTLR based parser.
  • Summit-AST by Google (@google)
    This project translates the ANTLR parse tree into an AST, that is similar to the AST Jorje provided.
    Note: This is not an official Google product.

Although the parser is completely switched, there are only little known changes to the AST.
These are documented in the Migration Guide for PMD 7: Apex AST.

With the new Apex parser, the new language constructs like
[User Mode Database Operations...

Read more

PMD 7.0.0-rc4 (30-September-2023)

30 Sep 17:53
pmd_releases/7.0.0-rc4
720b9a3
Compare
Choose a tag to compare

30-September-2023 - 7.0.0-rc4

We're excited to bring you the next major version of PMD!

Since this is a big release, we provide here only a concise version of the release notes. We prepared a separate
page with the full Detailed Release Notes for PMD 7.0.0.

ℹ️ Release Candidates

PMD 7.0.0 is finally almost ready. In order to gather feedback, we are going to ship a couple of release candidates. These are officially available on GitHub and Maven Central and can be used as usual (e.g. as a dependency). We encourage you to try out the new features, but keep in mind that we may introduce API breaking changes between the release candidates. It should be stable enough if you don't use custom rules.

We have still some tasks planned for the next release candidates. You can see the progress in PMD 7 Tracking Issue #3898.

If you find any problem or difficulty while updating from PMD 6, please provide feedback via our issue tracker. That way we can improve the experience for all.

Expand to see Release Notes

Table Of Contents

Changes since 7.0.0-rc3

This section lists the most important changes from the last release candidate.
The remaining section describes the complete release notes for 7.0.0.

New and Noteworthy

Migration Guide for PMD 7

A detailed documentation of required changes are available in the
Migration Guide for PMD 7.

Apex Jorje Updated

With the new version of Apex Jorje, the new language constructs like User Mode Database Operations
can be parsed now. PMD should now be able to parse Apex code up to version 59.0 (Winter '23).

Java 21 Support

This release of PMD brings support for Java 21. There are the following new standard language features,
that are supported now:

PMD also supports the following preview language features:

In order to analyze a project with PMD that uses these language features,
you'll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language
version 21-preview:

export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-21-preview ...

Note: Support for Java 19 preview language features have been removed. The version "19-preview" is no longer available.

Fixed issues

  • miscellaneous
    • #4582: [dist] Download link broken
    • #4691: [CVEs] Critical and High CEVs reported on PMD and PMD dependencies
  • core
    • #1204: [core] Allow numeric properties in XML to be within an unbounded range
    • #3919: [core] Merge CPD and PMD language
    • #4204: [core] Provide a CpdAnalysis class as a programmatic entry point into CPD
    • #4301: [core] Remove deprecated property concrete classes
    • #4302: [core] Migrate Property Framework API to Java 8
    • #4323: [core] Refactor CPD integration
    • #4397: [core] Refactor CPD
    • #4611: [core] Fix loading language properties from env vars
    • #4621: [core] Make ClasspathClassLoader::getResource child first
  • cli
    • #4423: [cli] Fix NPE when only --file-list is specified
  • doc
    • #4294: [doc] Migration Guide for upgrading PMD 6 ➡️ 7
    • #4303: [doc] Document new property framework
    • #4521: [doc] Website is not mobile friendly
  • apex
    • #3973: [apex] Update parser to support new 'as user' keywords (User Mode for Database Operations)
    • #4453: [apex] [7.0-rc1] Exception while initializing Apexlink (Index 34812 out of bounds for length 34812)
  • apex-design
    • #4596: [apex] ExcessivePublicCount ignores properties
  • apex-security
    • #4646: [apex] ApexSOQLInjection does not recognise SObjectType or SObjectField as safe variable types
  • java
    • #4401: [java] PMD 7 fails to build under Java 19
    • #4583: [java] Support JDK 21 (LTS)
  • java-bestpractices
    • #4634: [java] JUnit4TestShouldUseTestAnnotation false positive with TestNG

API Changes

pmd-java
  • Support for Java 19 preview language features have been removed. The version "19-preview" is no longer available.
Rule properties
  • The old deprecated classes like IntProperty and StringProperty have been removed. Please use
    PropertyFactory to create properties.
  • All properties which accept multiple values now use a comma (,) as a delimiter. The previous default was a
    pipe character (|). The delimiter is not configurable anymore. If needed, the comma can be escaped
    with a backslash.
  • The min and max attributes in property definitions in the XML are now optional and can appear separately
    or be omitted.
New Programmatic API for CPD

See Detailed Release Notes for PMD 7
and PR #4397 for details.

Removed classes and methods

The following previously deprecated classes have been removed:

  • pmd-core
    • net.sourceforge.pmd.cpd.AbstractTokenizer ➡️ use AnyTokenizer instead
    • net.sourceforge.pmd.cpd.CPD ➡️ use PmdCli from pmd-cli module for CLI support or use
      CpdAnalysis for programmatic API
    • net.sourceforge.pmd.cpd.GridBagHelper (now package private)
      ...
Read more

PMD 7.0.0-rc3 (30-May-2023)

30 May 18:44
pmd_releases/7.0.0-rc3
7d6d303
Compare
Choose a tag to compare

30-May-2023 - 7.0.0-rc3

We're excited to bring you the next major version of PMD!

Since this is a big release, we provide here only a concise version of the release notes. We prepared a separate
page with the full Detailed Release Notes for PMD 7.0.0.

ℹ️ Release Candidates

PMD 7.0.0 is finally almost ready. In order to gather feedback, we are going to ship a couple of release candidates. These are officially available on GitHub and Maven Central and can be used as usual (e.g. as a dependency). We encourage you to try out the new features, but keep in mind that we may introduce API breaking changes between the release candidates. It should be stable enough if you don't use custom rules.

We have still some tasks planned for the next release candidates. You can see the progress in PMD 7 Tracking Issue #3898.

If you find any problem or difficulty while updating from PMD 6, please provide feedback via our issue tracker. That way we can improve the experience for all.

Expand to see Release Notes

Table Of Contents

Changes since 7.0.0-rc2

This section lists the most important changes from the last release candidate.
The remaining section describes the complete release notes for 7.0.0.

New CPD report format cpdhtml-v2.xslt

Thanks to @mohan-chinnappan-n a new CPD report format has been added which features a data table.
It uses an XSLT stylesheet to convert CPD's XML format into HTML.

See the example report.

Fixed issues

  • miscellaneous
    • #4460: Fix assembly-plugin warnings
  • core
    • #4425: [core] Replace TextFile::pathId
    • #4454: [core] "Unknown option: '-min'" but is referenced in documentation
  • java-bestpractices
    • #4433: [java] [7.0-rc1] ReplaceHashtableWithMap on java.util.Properties
    • #4492: [java] GuardLogStatement gives false positive when argument is a Java method reference
    • #4503: [java] JUnitTestsShouldIncludeAssert: false negative with TestNG
  • java-codestyle
    • #4268: [java] CommentDefaultAccessModifier: false positive with TestNG annotations
    • #4432: [java] [7.0-rc1] UnnecessaryImport - Unused static import is being used
    • #4455: [java] FieldNamingConventions: false positive with lombok's @UtilityClass
    • #4557: [java] UnnecessaryImport FP with static imports of overloaded methods
  • java-design
    • #4434: [java] [7.0-rc1] ExceptionAsFlowControl when simply propagating
    • #4456: [java] FinalFieldCouldBeStatic: false positive with lombok's @UtilityClass
    • #4549: [java] Make LawOfDemeter results deterministic
  • java-errorprone
    • #4063: [java] AvoidBranchingStatementAsLastInLoop: False-negative about try/finally block
    • #4457: [java] OverrideBothEqualsAndHashcode: false negative with anonymous classes
    • #4510: [java] ConstructorCallsOverridableMethod: false positive with lombok's @Value
    • #4546: [java] OverrideBothEqualsAndHashCode ignores records
  • java-performance
    • #4458: [java] RedundantFieldInitializer: false positive with lombok's @Value

API Changes

  • The following previously deprecated classes have been removed:

    • pmd-core
      • net.sourceforge.pmd.PMD
      • net.sourceforge.pmd.cli.PMDCommandLineInterface
      • net.sourceforge.pmd.cli.PMDParameters
      • net.sourceforge.pmd.cli.PmdParametersParseResult
  • The asset filenames of PMD on GitHub Releases are
    now pmd-dist-<version>-bin.zip, pmd-dist-<version>-src.zip and pmd-dist-<version>-doc.zip.
    Keep that in mind, if you have an automated download script.

    The structure inside the ZIP files stay the same, e.g. we still provide inside the binary distribution
    ZIP file the base directory pmd-bin-<version>.

  • The CLI option --stress (or -stress) has been removed without replacement.

  • The CLI option --minimum-priority was changed with 7.0.0-rc1 to only take the following values:
    High, Medium High, Medium, Medium Low, Low. With 7.0.0-rc2 compatibility has been restored, so that the equivalent
    integer values (1 to 5) are supported as well.

  • Replaced RuleViolation::getFilename with new RuleViolation#getFileId, that returns a
    FileId. This is an identifier for a TextFile
    and could represent a path name. This allows to have a separate display name, e.g. renderers use
    FileNameRenderer to either display the full path name or a relative path name
    (see Renderer#setFileNameRenderer and
    ConfigurableFileNameRenderer). Many places where we used a simple String for
    a path-like name before have been adapted to use the new FileId.

    See PR #4425 for details.

External Contributions

Read more

PMD 7.0.0-rc2 (29-April-2023)

29 Apr 22:03
pmd_releases/7.0.0-rc2
a97e108
Compare
Choose a tag to compare

29-April-2023 - 7.0.0-rc2

We're excited to bring you the next major version of PMD!

Since this is a big release, we provide here only a concise version of the release notes. We prepared a separate
page with the full Detailed Release Notes for PMD 7.0.0.

ℹ️ Release Candidates

PMD 7.0.0 is finally almost ready. In order to gather feedback, we are going to ship a couple of release candidates. These are officially available on GitHub and Maven Central and can be used as usual (e.g. as a dependency). We encourage you to try out the new features, but keep in mind that we may introduce API breaking changes between the release candidates. It should be stable enough if you don't use custom rules.

We have still some tasks planned for the next release candidates. You can see the progress in PMD 7 Tracking Issue #3898.

If you find any problem or difficulty while updating from PMD 6, please provide feedback via our issue tracker. That way we can improve the experience for all.

Expand to see Release Notes

Table Of Contents

Changes since 7.0.0-rc1

This section lists the most important changes from the last release candidate.
The remaining section describes the complete release notes for 7.0.0.

API Changes

  • Moved the two classes AntlrTokenizer and JavaCCTokenizer from
    internal package into package net.sourceforge.pmd.cpd.impl. These two classes are part of the API and
    are base classes for CPD language implementations.
  • AntlrBaseRule is gone in favor of AbstractVisitorRule.
  • The classes KotlinInnerNode and SwiftInnerNode
    are package-private now.
  • The parameter order of addSourceFile has been swapped
    in order to have the same meaning as in 6.55.0. That will make it easier if you upgrade from 6.55.0 to 7.0.0.
    However, that means, that you need to change these method calls if you have migrated to 7.0.0-rc1 already.

Updated PMD Designer

This PMD release ships a new version of the pmd-designer.
For the changes, see PMD Designer Changelog.

Language Related Changes

  • New: CPD support for TypeScript
  • New: CPD support for Julia

Rule Changes

  • ImmutableField: the property ignoredAnnotations has been removed. The property was
    deprecated since PMD 6.52.0.
  • SwitchDensity: the type of the property minimum has been changed from decimal to integer
    for consistency with other statistical rules.

Fixed Issues

  • cli
    • #4482: [cli] pmd.bat can only be executed once
    • #4484: [cli] ast-dump with no properties produce an NPE
  • core
    • #2500: [core] Clarify API for ANTLR based languages
  • doc
    • #2501: [doc] Verify ANTLR Documentation
    • #4438: [doc] Documentation links in VS Code are outdated
  • java-codestyle
    • #4273: [java] CommentDefaultAccessModifier ignoredAnnotations should include "org.junit.jupiter.api.extension.RegisterExtension" by default
    • #4487: [java] UnnecessaryConstructor: false-positive with @Inject and @Autowired
  • java-design
    • #4254: [java] ImmutableField - false positive with Lombok @Setter
    • #4477: [java] SignatureDeclareThrowsException: false-positive with TestNG annotations
    • #4490: [java] ImmutableField - false negative with Lombok @Getter
  • java-errorprone
    • #4449: [java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression
    • #4493: [java] MissingStaticMethodInNonInstantiatableClass: false-positive about @Inject
    • #4505: [java] ImplicitSwitchFallThrough NPE in PMD 7.0.0-rc1
  • java-multithreading
    • #4483: [java] NonThreadSafeSingleton false positive with double-checked locking
  • miscellaneous
    • #4462: Provide Software Bill of Materials (SBOM)

External contributions

🚀 Major Features and Enhancements

New official logo

The new official logo of PMD:

New PMD Logo

Revamped Java module

  • Java grammar substantially refactored - more correct regarding the Java Language Specification (JLS)
  • Built-in rules have been upgraded for the changed AST
  • Rewritten type resolution framework and symbol table correctly implements the JLS
  • AST exposes more semantic information (method calls, field accesses)

For more ...

Read more