Bump spotbugs.version from 4.9.3 to 4.9.5

[dependabot]

Bumps spotbugs.version from 4.9.3 to 4.9.5.
Updates com.github.spotbugs:spotbugs-annotations from 4.9.3 to 4.9.5

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

SpotBugs 4.9.5

CHANGELOG

Fixed

• Fix for an error when a record method has the @SuppressFBWarnings annotation (#3622)
• Fix SF_SWITCH_FALLTHROUGH false positive when continuing a loop (#3617)
• CWO_CLOSED_WITHOUT_OPENED false positive (#3616)
• SF_SWITCH_NO_DEFAULT false positive fix for switch-arrow (#3645)
• Fix the issue with BCEL logging Duplicating value: ... (#3621)
• Add missing jakarta support for servlets / pre/post destroy (#3694)

Added

• Add 'java.nio.file.Path.of' to known types for path traversal checks (#3699)

Cleanup

• S1481: Unused local variables should be removed (#3654)
• Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotatoin (#3695)

CHECKSUM

file	checksum (sha256)
spotbugs-4.9.5-javadoc.jar	e615f45f056f39d543f0b35b2e855755c332cdf70b2ae9d3317d8d92bdf1ba14
spotbugs-4.9.5-sources.jar	3d8bf289f16288d9e5412a4dc3b8ce36cf035edbddc5b0bca0e979990bec5a95
spotbugs-4.9.5.tgz	6c55c38f28a76dd11946117c175a520fbbc0abdfe6e62fdc3291fe449e8e3202
spotbugs-4.9.5.zip	064da05951ca2d93a54bef9990b0d61328fa681a3e026cab99ad850edf945204
spotbugs-annotations-4.9.5-javadoc.jar	6d5865f18b091eef7349c1557c24d30e3ad8bb05666cd76b3a00d1debdd4424a
spotbugs-annotations-4.9.5-sources.jar	075b2eed660c2fe2fb1ad1de028f8fdff5f358e25c1318706b95ab17bb28be44
spotbugs-annotations.jar	946451cdd75fd3c5a99d5ed8d783a9eb0dbf4f570c10b7b8f8473f381a47b03d
spotbugs-ant-4.9.5-javadoc.jar	05582d9d6671cc7ef96d8fe384fe6dc120a1e3a1e96e412984862ded945d6a87
spotbugs-ant-4.9.5-sources.jar	91477d93b1fd1bebae35d318427b5238fb458e726478dc1a8ac41ce74838a1e6
spotbugs-ant.jar	22f2fa397e86663adcd4828cc1c91e63aa6cc2bfc56832885b749a86fac5c784
spotbugs.jar	50f0f825d184e6843bca36a3c55a61e5e99f852ec7063b5f21a15c420cb4d0a3
test-harness-4.9.5-javadoc.jar	9c6b872bfeb5ac1e7078da2a26ff2816a690f4e728219b619d7c47f4092f9947
test-harness-4.9.5-sources.jar	805d2d124b0d4ea513ee9262d4ad6027c3471d45defd80fd7d20e23425d17df7
test-harness-4.9.5.jar	0076a3bc9602c78d73edb048e625a96ee6a182fa3dd39300aa739af67b954189
test-harness-core-4.9.5-javadoc.jar	f371500e18eeb0c3fe5318d741800e125741efe558234550d2951601ef07b195
test-harness-core-4.9.5-sources.jar	656579431db1b2714faeeca3c3d59426e2ffdfdb0725546b4090f993d2413eeb
test-harness-core-4.9.5.jar	66db286ae1dd056458c1e0303a8e2f81fe95a2c5d2888172a3ed17e993434bf1
test-harness-jupiter-4.9.5-javadoc.jar	aa21348a1bbab2fb65bf19dbeb9a884eeb5223c9f9395b29636802fab32d2e52
test-harness-jupiter-4.9.5-sources.jar	59bbb8581ed4bdd212a669d94ec363b6c1d6df9276a608359c66d7f0c1688279
test-harness-jupiter-4.9.5.jar	0582a99bdc66e24c7e36753014729149189fd27129ec5a2f38a8d67457bc9696

SpotBugs 4.9.4

CHANGELOG

Changed

• AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
• Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
• Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

Fixed

• Widen main method recognition according to JEP 445. (#3371)

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.9.5 - 2025-09-14

Fixed

• Fix for an error when a record method has the @SuppressFBWarnings annotation (#3622)
• Fix SF_SWITCH_FALLTHROUGH false positive when continuing a loop (#3617)
• CWO_CLOSED_WITHOUT_OPENED false positive (#3616)
• SF_SWITCH_NO_DEFAULT false positive fix for switch-arrow (#3645)
• Fix the issue with BCEL logging Duplicating value: ... (#3621)
• Add missing jakarta support for servlets / pre/post destroy (#3694)

Added

• Add 'java.nio.file.Path.of' to known types for path traversal checks (#3699)

Cleanup

• S1481: Unused local variables should be removed (#3654)
• Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotatoin (#3695)

4.9.4 - 2025-08-07

Changed

• AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
• Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
• Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

Fixed

• Widen main method recognition according to JEP 445. (#3371)
• Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields, parameters, packages or classes with an *.Generated annotation with retention >= class (#3350)(#3409)
• Rewrite some member in ResourceValueFrame.java to Enum (#2061)
• Ignore non-interpreted text when looking for FS_BAD_DATE_FORMAT_FLAG_COMBO (#3387)
• Fix IllegalArgumentException thrown from FindNoSideEffectMethods detector (#3320)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito doAnswer(), doCallRealMethod(), doNothing(), doThrow() or doReturn() call (#3334)
• Fix CT_CONSTRUCTOR_THROW false positive with public and private constructors in specific order of methods (#3417)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE FP when the relevant code is in private method, which is only called with proper synchronization (#3428)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a BDDMockito call (#3441)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE when field of a local variable is set. (#3459)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE FP when there was no compound operation (#3363)
• Fix NM_FIELD_NAMING_CONVENTION crash in the TestASM detector (#3489)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in JUnit 3/4 setUp() method. (#3169)
• Fix US_USELESS_SUPPRESSION_ON_FIELD/UUF_UNUSED_FIELD false positive (#3496)
• Make the osgi manifest of the annotations jar Java 8 compatible (#3498) (#3500)
• TextUICommandLine supports all options encoded in Eclipse preferences file (#3520)
• Unnecessary suppressions fix for records headers (#3471)
• Dead store fix when switch case contains loops (#3530) (#3449)
• Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects (#3463)
• Detect cases when equals() unconditionally returns true or false (#3528)
• Do not report that an Iterator does not throw NoSuchElementException when hasNext() returns true (#3501)
• Detect random value cast to int when stored in temporary variable (#3461)
• Look for interfaces default methods when searching uncalled private methods (#1988)
• Fixed field self assignment false positive (#2258)
• Fixed DMI_INVOKING_TOSTRING_ON_ARRAY on newer JDK (#1147)
• Fix NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive with Objects.requireNonNull (#2965) (#3573)
• Track inner classes access methods to correctly report the bugs (#2029)

... (truncated)

Commits

• 4c0531d release v4.9.5
• 3e3cd53 chore: Cleanup improper regex usage on replaceAll with replace (#3704)
• fe5205c chore(deps): update plugin com.github.spotbugs to v6.4.0 (#3703)
• b1e8fed fix: Correct file handling and potential leaks (#3701)
• 24f2035 chore: Use Java 11 Path.of instead of Paths.get (#3699)
• 81cd5c7 Use modifiers in correct order (#3700)
• 2d7e1b2 ci: formatting (#3698)
• a46e49a chore: Minor code cleanup in eclipse plugin (#3697)
• e945b7b ci: Fix comment in build file about spotbugs annotations as they are not rebu...
• 6013c61 chore: Move spotbugs tests to jakarta (#3695)
• Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs from 4.9.3 to 4.9.5

Release notes

Sourced from com.github.spotbugs:spotbugs's releases.

SpotBugs 4.9.5

CHANGELOG

Fixed

• Fix for an error when a record method has the @SuppressFBWarnings annotation (#3622)
• Fix SF_SWITCH_FALLTHROUGH false positive when continuing a loop (#3617)
• CWO_CLOSED_WITHOUT_OPENED false positive (#3616)
• SF_SWITCH_NO_DEFAULT false positive fix for switch-arrow (#3645)
• Fix the issue with BCEL logging Duplicating value: ... (#3621)
• Add missing jakarta support for servlets / pre/post destroy (#3694)

Added

• Add 'java.nio.file.Path.of' to known types for path traversal checks (#3699)

Cleanup

• S1481: Unused local variables should be removed (#3654)
• Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotatoin (#3695)

CHECKSUM

file	checksum (sha256)
spotbugs-4.9.5-javadoc.jar	e615f45f056f39d543f0b35b2e855755c332cdf70b2ae9d3317d8d92bdf1ba14
spotbugs-4.9.5-sources.jar	3d8bf289f16288d9e5412a4dc3b8ce36cf035edbddc5b0bca0e979990bec5a95
spotbugs-4.9.5.tgz	6c55c38f28a76dd11946117c175a520fbbc0abdfe6e62fdc3291fe449e8e3202
spotbugs-4.9.5.zip	064da05951ca2d93a54bef9990b0d61328fa681a3e026cab99ad850edf945204
spotbugs-annotations-4.9.5-javadoc.jar	6d5865f18b091eef7349c1557c24d30e3ad8bb05666cd76b3a00d1debdd4424a
spotbugs-annotations-4.9.5-sources.jar	075b2eed660c2fe2fb1ad1de028f8fdff5f358e25c1318706b95ab17bb28be44
spotbugs-annotations.jar	946451cdd75fd3c5a99d5ed8d783a9eb0dbf4f570c10b7b8f8473f381a47b03d
spotbugs-ant-4.9.5-javadoc.jar	05582d9d6671cc7ef96d8fe384fe6dc120a1e3a1e96e412984862ded945d6a87
spotbugs-ant-4.9.5-sources.jar	91477d93b1fd1bebae35d318427b5238fb458e726478dc1a8ac41ce74838a1e6
spotbugs-ant.jar	22f2fa397e86663adcd4828cc1c91e63aa6cc2bfc56832885b749a86fac5c784
spotbugs.jar	50f0f825d184e6843bca36a3c55a61e5e99f852ec7063b5f21a15c420cb4d0a3
test-harness-4.9.5-javadoc.jar	9c6b872bfeb5ac1e7078da2a26ff2816a690f4e728219b619d7c47f4092f9947
test-harness-4.9.5-sources.jar	805d2d124b0d4ea513ee9262d4ad6027c3471d45defd80fd7d20e23425d17df7
test-harness-4.9.5.jar	0076a3bc9602c78d73edb048e625a96ee6a182fa3dd39300aa739af67b954189
test-harness-core-4.9.5-javadoc.jar	f371500e18eeb0c3fe5318d741800e125741efe558234550d2951601ef07b195
test-harness-core-4.9.5-sources.jar	656579431db1b2714faeeca3c3d59426e2ffdfdb0725546b4090f993d2413eeb
test-harness-core-4.9.5.jar	66db286ae1dd056458c1e0303a8e2f81fe95a2c5d2888172a3ed17e993434bf1
test-harness-jupiter-4.9.5-javadoc.jar	aa21348a1bbab2fb65bf19dbeb9a884eeb5223c9f9395b29636802fab32d2e52
test-harness-jupiter-4.9.5-sources.jar	59bbb8581ed4bdd212a669d94ec363b6c1d6df9276a608359c66d7f0c1688279
test-harness-jupiter-4.9.5.jar	0582a99bdc66e24c7e36753014729149189fd27129ec5a2f38a8d67457bc9696

SpotBugs 4.9.4

CHANGELOG

Changed

• AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
• Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
• Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

Fixed

• Widen main method recognition according to JEP 445. (#3371)

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs's changelog.

4.9.5 - 2025-09-14

Fixed

• Fix for an error when a record method has the @SuppressFBWarnings annotation (#3622)
• Fix SF_SWITCH_FALLTHROUGH false positive when continuing a loop (#3617)
• CWO_CLOSED_WITHOUT_OPENED false positive (#3616)
• SF_SWITCH_NO_DEFAULT false positive fix for switch-arrow (#3645)
• Fix the issue with BCEL logging Duplicating value: ... (#3621)
• Add missing jakarta support for servlets / pre/post destroy (#3694)

Added

• Add 'java.nio.file.Path.of' to known types for path traversal checks (#3699)

Cleanup

• S1481: Unused local variables should be removed (#3654)
• Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotatoin (#3695)

4.9.4 - 2025-08-07

Changed

• AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
• Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
• Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

Fixed

• Widen main method recognition according to JEP 445. (#3371)
• Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields, parameters, packages or classes with an *.Generated annotation with retention >= class (#3350)(#3409)
• Rewrite some member in ResourceValueFrame.java to Enum (#2061)
• Ignore non-interpreted text when looking for FS_BAD_DATE_FORMAT_FLAG_COMBO (#3387)
• Fix IllegalArgumentException thrown from FindNoSideEffectMethods detector (#3320)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito doAnswer(), doCallRealMethod(), doNothing(), doThrow() or doReturn() call (#3334)
• Fix CT_CONSTRUCTOR_THROW false positive with public and private constructors in specific order of methods (#3417)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE FP when the relevant code is in private method, which is only called with proper synchronization (#3428)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a BDDMockito call (#3441)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE when field of a local variable is set. (#3459)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE FP when there was no compound operation (#3363)
• Fix NM_FIELD_NAMING_CONVENTION crash in the TestASM detector (#3489)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in JUnit 3/4 setUp() method. (#3169)
• Fix US_USELESS_SUPPRESSION_ON_FIELD/UUF_UNUSED_FIELD false positive (#3496)
• Make the osgi manifest of the annotations jar Java 8 compatible (#3498) (#3500)
• TextUICommandLine supports all options encoded in Eclipse preferences file (#3520)
• Unnecessary suppressions fix for records headers (#3471)
• Dead store fix when switch case contains loops (#3530) (#3449)
• Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects (#3463)
• Detect cases when equals() unconditionally returns true or false (#3528)
• Do not report that an Iterator does not throw NoSuchElementException when hasNext() returns true (#3501)
• Detect random value cast to int when stored in temporary variable (#3461)
• Look for interfaces default methods when searching uncalled private methods (#1988)
• Fixed field self assignment false positive (#2258)
• Fixed DMI_INVOKING_TOSTRING_ON_ARRAY on newer JDK (#1147)
• Fix NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive with Objects.requireNonNull (#2965) (#3573)
• Track inner classes access methods to correctly report the bugs (#2029)

... (truncated)

Commits

• 4c0531d release v4.9.5
• 3e3cd53 chore: Cleanup improper regex usage on replaceAll with replace (#3704)
• fe5205c chore(deps): update plugin com.github.spotbugs to v6.4.0 (#3703)
• b1e8fed fix: Correct file handling and potential leaks (#3701)
• 24f2035 chore: Use Java 11 Path.of instead of Paths.get (#3699)
• 81cd5c7 Use modifiers in correct order (#3700)
• 2d7e1b2 ci: formatting (#3698)
• a46e49a chore: Minor code cleanup in eclipse plugin (#3697)
• e945b7b ci: Fix comment in build file about spotbugs annotations as they are not rebu...
• 6013c61 chore: Move spotbugs tests to jakarta (#3695)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

☀️   Quality Monitor

Tests

     Unit Tests: 100% successful (86 passed, 2 skipped)
   ⛔   Architecture Tests: 100% successful (17 passed, 2 skipped)

Code Coverage

   〰️   Line Coverage: 92% (61 missed lines)
   ➰   Branch Coverage: 91% (19 missed branches)

Mutation Coverage

     Mutation Coverage: 80% (81 survived mutations)
   💪   Test Strength: 85% (59 survived mutations in tested code)

Style

     CheckStyle: No warnings
     PMD: No warnings

Bugs

     SpotBugs: No bugs
   🐛   Error Prone: No bugs

API Problems

   🚫   Revapi: No warnings

Vulnerabilities

   🛡️   OWASP Dependency Check: No vulnerabilities

Software Metrics

   🌀   Cyclomatic Complexity: 377 (total)
   💭   Cognitive Complexity: 173 (total)
   ➿   N-Path Complexity: 341 (total)
   📏   Lines of Code: 4279 (total)
   📝   Non Commenting Source Statements: 1262 (total)
   🔗   Class Cohesion: 71.43% (maximum)
   ⚖️   Weight of Class: 100.00% (maximum)

🚦 Quality Gates

Overall Status: ✅ SUCCESS

✅ Passed Gates

• ✅ Tests Success Rate: 100.00 >= 100.00
• ✅ Line Coverage: 92.00 >= 80.00
• ✅ Branch Coverage: 91.00 >= 80.00
• ✅ Potential Bugs: 0.00 <= 0.00
• ✅ Style Violations: 0.00 <= 0.00

---

Created by Quality Monitor v3.2.0 (#a3f5b8b). More details are shown in the GitHub Checks Result.