Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump spotbugs-annotations from 4.1.2 to 4.3.0 #64

Closed
wants to merge 1 commit into from
Closed

Bump spotbugs-annotations from 4.1.2 to 4.3.0 #64

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jul 5, 2021

Bumps spotbugs-annotations from 4.1.2 to 4.3.0.

Release notes

Sourced from spotbugs-annotations's releases.

SpotBugs 4.3.0

CHANGELOG

CHECKSUM

file checksum (sha256)
spotbugs-4.3.0-javadoc.jar 58eeba2dcdcfd6f73c5203a5745ab1a120ded4df484a6d70124a1dcc0573b37f
spotbugs-4.3.0-sources.jar ab8847620bd47be9f20cad53462bce1ae49e5495a75796f9ba8d547a703f346e
spotbugs-4.3.0.tgz bf9687476cebe0876d9a27679af97705a79b3f0f5629519ca6ec086741b6d884
spotbugs-4.3.0.zip a1c59df789b14a423f24127501db1bd6b0ae642f079f7212ff61343cd387d7f0
spotbugs-annotations-4.3.0-javadoc.jar a49426fbd559394d176c7bc81c8b601b496768048ce29e6f36e05dfcc42f6c19
spotbugs-annotations-4.3.0-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar ae576422c3a090adc372a4542214a38e195f62ada906184e773a8916d83ec386
spotbugs-ant-4.3.0-javadoc.jar 150875811f177a99c60e8e7afdc5c5d3e58393f84de2662bc32d0409254688a0
spotbugs-ant-4.3.0-sources.jar c74dec42c0ed0dd1ae02a7410d8e0f0dbbee23e8e7da4a21910863677fcdbc8e
spotbugs-ant.jar 9233e48d37882ae4e7a42e9f42ef4c63d6f802cf8f3b03ba575bee26e5032367
spotbugs.jar c619ef5233ff1115e5b4ceeacd4bed4070a7e5bd95d9c3172b7376cd0cbb1c72
test-harness-4.3.0-javadoc.jar 463ab8a236314d537f3ff78d229ed5a11a56143db18f1e1c87b64c8d93d1eac4
test-harness-4.3.0-sources.jar 2c1f5ef929453f3b682c7eb7c1e22db3082b5f74c5a5be439be5dc31dd7a31aa
test-harness-4.3.0.jar 55d3a590b81ffec48293a76c45c0695914b405bf9f02bfb930e3ab99b5867d4f
test-harness-core-4.3.0-javadoc.jar b817f0ca2af5fd603ffdf4d95e5071961a2cb2552bbb9403cf1f5390ca0a37c9
test-harness-core-4.3.0-sources.jar f320f5eb4069e9686b760b2a6a0760989753225f9e9ce1226e3258ec64795d8a
test-harness-core-4.3.0.jar cbec03867e077079d011e85f9932fb230fae3d909f741cffaa4c8097e91fdf40
test-harness-jupiter-4.3.0-javadoc.jar 4edbdf0a8293458c1356c0bec95ee7c4e4307e62641127593f8443ba8ddee63b
test-harness-jupiter-4.3.0-sources.jar 210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.3.0.jar 17e8d78d1868f86e63f3e5e3d878e86f3d7fb1b8cf1a8d5f893333c982bfd3e2

SpotBugs 4.2.3

CHANGELOG

CHECKSUM

file checksum (sha256)
spotbugs-4.2.3-javadoc.jar af6c914147a905ab3f005e3d4fc648dee8a43db257add100880fdf5a6df192d4
spotbugs-4.2.3-sources.jar 402c3719be17797cdac702d3fdfd54667242870270dd5593d1ea2b35c9719ebc
spotbugs-4.2.3.tgz 58aebdef157dea61a4a92dd872a54725d052f82e8cae057e9714403d5d403291
spotbugs-4.2.3.zip 86a63ca9aeaeb3ed013a48bdb879a052dff35f1f7049dc0607569292b8bf7fb3
spotbugs-annotations-4.2.3-javadoc.jar 2ae44e915d95c92adbda4c982ee97454472ea06e9422cb4f52bb8ab862a7e9c2
spotbugs-annotations-4.2.3-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar 2c84c2e379bfc173720c4e993b648f2b98339c47d17c46850f3c1c227fc17f78
spotbugs-ant-4.2.3-javadoc.jar f1c1d4c5281944c90af104ea0333fee1473a709f7e2cc42eb12615c5bb2659b2
spotbugs-ant-4.2.3-sources.jar c74dec42c0ed0dd1ae02a7410d8e0f0dbbee23e8e7da4a21910863677fcdbc8e
spotbugs-ant.jar 9233e48d37882ae4e7a42e9f42ef4c63d6f802cf8f3b03ba575bee26e5032367
spotbugs.jar f13a9d0e8f64d7b0f1aa1252a01de0a1de70f74bfc6972549a8e6a04acde6360
test-harness-4.2.3-javadoc.jar 00fd4a2e5f7d1ecfb3a682477e3e102dca47738d8f8d73eb61be5dbe20471e8a
test-harness-4.2.3-sources.jar 2c1f5ef929453f3b682c7eb7c1e22db3082b5f74c5a5be439be5dc31dd7a31aa
test-harness-4.2.3.jar 55d3a590b81ffec48293a76c45c0695914b405bf9f02bfb930e3ab99b5867d4f
test-harness-core-4.2.3-javadoc.jar 090d963c3c9a130d465958d98d9f2945919d24419194c12a497fb83bc146f15a

... (truncated)

Changelog

Sourced from spotbugs-annotations's changelog.

4.3.0 - 2021-07-01

Fixed

  • MS_EXPOSE_REP and EI_EXPOSE_REP are now reported for code returning a reference to a mutable object indirectly (e.g. via a local variable)

Changed

  • Bump ObjectWeb ASM from 9.1 to 9.2 supporting JDK 18 (#1591)
  • Bump Saxon-HE from 10.3 to 10.5 (#1513)
  • Bump gson from 2.8.6 to 2.8.7 (#1556)
  • Function mutableSignature() improved and factored out from the MutableStaticFields detector

Added

  • New bugs MS_EXPOSE_BUF, EI_EXPOSE_BUF, EI_EXPOSE_STATIC_BUF2 and EI_EXPOSE_BUF2 by the FindReturnRef detector to detect cases where buffers or their backing arrays are exposed (see SEI CERT rule FIO05-J)
  • MS_EXPOSE_REP, EI_EXPOSE_REP, EI_EXPOSE_STATIC_REP2 and EI_EXPOSE_REP2 now report for shallowly copied arrays (using clone()) of mutable objects

4.2.3 - 2021-04-12

Fixed

  • Inconsistency in the description of DLS_DEAD_LOCAL_INCREMENT_IN_RETURN, VO_VOLATILE_INCREMENT and QF_QUESTIONABLE_FOR_LOOP (#1470)
  • Should issue warning for SecureRandom object created and used only once (#1464)
  • False positive OBL_UNSATIFIED_OBLIGATION with try with resources (#79)
  • SA_LOCAL_SELF_COMPUTATION bug (#1472)
  • False positive EQ_UNUSUAL with record classes (#1367)

4.2.2 - 2021-03-03

Fixed

  • UWF_NULL_FIELD doesn't report line number (#1368)
  • UnsupportedOperationException in BugRanker.trimToMaxRank (#1161)

Changed

  • Bump ASM from 9.0 to 9.1 supporting JDK17
  • Bump commons-lang from 3.11 to 3.12.0
  • Replace org.json:json:20201115 with com.google.code.gson:gson:2.8.6

4.2.1 - 2021-02-04

Fixed

  • Invalid HTML in the description of LI_LAZY_INIT_UPDATE_STATIC bug pattern (#1383)
  • NP_NONNULL_PARAM_VIOLATION false-positive in CompletableFuture.completedStage(value) (#1397)

Changed

  • Bump json from 20200518 to 20201115 (#1384)

4.2.0 - 2020-11-28

Fixed

  • spotbugs reports VO_VOLATILE_REFERENCE_TO_ARRAY in synthetic code generated by Eclipse 4.17+ Java compiler (#1313)
  • spotbugs reports DM_BOXED_PRIMITIVE_FOR_PARSING for Double and Float (previously only reported for Integer and Long) (#744)
  • sarif report not showing correctly the physical and logical location (#1281)

... (truncated)

Commits
  • 0dfbd81 chore: release v4.3.0
  • 4d10878 docs: add a missing CHANGELOG entry for #1591
  • 5f32372 build(deps): bump asmVersion from 9.1 to 9.2
  • e8e054a Mutable array clones (#1582)
  • 67835f5 build(deps): bump mockito-core from 3.11.1 to 3.11.2
  • 4ecab4b build(deps): bump com.diffplug.spotless from 5.13.0 to 5.14.0
  • daba7a1 build(deps): bump checker-qual from 3.14.0 to 3.15.0
  • e2daa30 Constants changed to SCREAMING_SNAKE_CASE and a typo fixed in the error messa...
  • 9467880 Pattern matching optimized; typos and grammar errors fixed in the descriptions
  • abc2ae2 Extend FindReturnRef to warn for exposing buffers
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump spotbugs-annotations from 4.1.2 to 4.3.0
d989359 
Bumps [spotbugs-annotations](https://github.com/spotbugs/spotbugs) from 4.1.2 to 4.3.0.
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.1.2...4.3.0)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-annotations
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jul 5, 2021

Dependabot tried to add @MarkEWaite as a reviewer to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/rishabhBudhouliya/git-client-plugin/pulls/64/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the users or teams you specified is not a collaborator of the rishabhBudhouliya/git-client-plugin repository. // See: https://docs.github.com/rest/reference/pulls#request-reviewers-for-a-pull-request

@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jul 5, 2021

The following labels could not be found: dependencies.

@dependabot dependabot bot mentioned this pull request Jul 5, 2021
Closed
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Aug 16, 2021

Superseded by #74.

@dependabot dependabot bot closed this Aug 16, 2021
@dependabot dependabot bot deleted the dependabot/maven/master/com.github.spotbugs-spotbugs-annotations-4.3.0 branch August 16, 2021 18:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
0 participants