Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump spotbugs-annotations from 3.1.12 to 4.7.3 #231

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 18, 2022

Bumps spotbugs-annotations from 3.1.12 to 4.7.3.

Release notes

Sourced from spotbugs-annotations's releases.

SpotBugs 4.7.3

CHANGELOG

Fixed

  • Fixed detector DontUseFloatsAsLoopCounters to prevent false positives. (#2126) @​baloghadamsoftware
  • Fixed regression in 4.7.2 caused by (#2141) @​baloghadamsoftware
  • improve compatibility with later version of jdk (>= 13). (#2188) @​Bluesbreaker45
  • Fixed detector UncallableMethodOfAnonymousClass to not report unused methods of method-local enumerations and records (#2120) @​baloghadamsoftware
  • Fixed detector FindSqlInjection to detect bug SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE SQL with high priority in case of unsafe appends also in Java 11 and above (#2183) @​baloghadamsoftware
  • Fixed detector StringConcatenation to detect bug SBSC_USE_STRINGBUFFER_CONCATENATION also in Java 11 and above (#2182) @​baloghadamsoftware
  • Fixed OpcodeStackDetector to to handle propagation of taints properly in case of string concatenation in Java 9 and above (#2195) @​baloghadamsoftware
  • Bump up log4j2 binding to 2.19.0
  • Bump ObjectWeb ASM from 9.3 to 9.4 supporting JDK 20 (#2200)
  • Bump up commons-text to 1.10.0 (#2197)
  • Fixed debug detector ViewCFG to generate file names that are also valid on Windows (#2209) @​baloghadamsoftware

CHECKSUM

file checksum (sha256)
spotbugs-4.7.3-javadoc.jar d2ba03077ea35bdac56ff4c45f8a00d0b334c3a6a3855da61d3712b4146472cf
spotbugs-4.7.3-sources.jar 1fd011390e107d57c7c758539a8f79908d022709920171a91d27d3b88634087c
spotbugs-4.7.3.tgz f02e2f1135b23f3edfddb75f64be0491353cfeb567b5a584115aa4fd373d4431
spotbugs-4.7.3.zip dffd3f41fdc2a4cfda547d4ce700585136340e7d0803aeeb2e7ca6cf8c4a6898
spotbugs-annotations-4.7.3-javadoc.jar 392b57d03cb24664dd9ba856287b38a8668c3926eabdfa0f0663fad8fa7d0f44
spotbugs-annotations-4.7.3-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar c0fd1ac2e22acdd46913a2ff74551b71f124457199688698204af4bf3d43165d
spotbugs-ant-4.7.3-javadoc.jar 8591f80cf058830d5b824adc68b820cd901d630b9b55557c48fe4cca6ccdd2fe
spotbugs-ant-4.7.3-sources.jar ce7cfbed848ccb0e3765cec6b9c60c458699aa51f60ad9216cf89dbf38d8d793
spotbugs-ant.jar b866a2a89a03b49e60b5f27e0f5987eb8c12c2d2aefc6e9ddcbcdae345c765db
spotbugs.jar df37eab21a7d04aa807808a33e9f7c081451cb02c14b4a2c33119976be498520
test-harness-4.7.3-javadoc.jar 4008cc377288c53b4725f43a519a701eb91226a99ab340e997694ade20ed243e
test-harness-4.7.3-sources.jar 7efb06093ea5f6f330a7bd76b894f396d6cb466665fcefc01a3743b07910dc29
test-harness-4.7.3.jar 50b4a72c668ea7d29bf1234b4aa380df903374216f68b0a87f7ca28d4fa225f3
test-harness-core-4.7.3-javadoc.jar 486c16fa3ed7c1d99d8ddcdc8e1a6aecf925911d6b473d73aeab40f1639dda52
test-harness-core-4.7.3-sources.jar f8aab3c5cdd456d6b6d632e9fc65897e657447a2e925b6b3f61bd2d15c22cb24
test-harness-core-4.7.3.jar 7165f7f45a6e82e8a6d6a0a4033b6473b310c14f645cb62ebc2fbc6ce5338350
test-harness-jupiter-4.7.3-javadoc.jar 5a011955082b4e27bcdeeb56b6bc6fae21f87015b354bc5ffb80442495b919b9
test-harness-jupiter-4.7.3-sources.jar 210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.7.3.jar 18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4

SpotBugs 4.7.2

CHANGELOG

Fixed

  • Bumped gson from 2.9.0 to 2.9.1 (#2136)
  • Bump up SLF4J API to 2.0.0
  • Bump up logback to 1.4.0
  • Bump up log4j2 binding to 2.18.0
  • Bump up Saxon-HE to 11.4 (#2160)
  • Fixed InvalidInputException in Eclipse while bug reporting (#2134) @​iloveeclipse
  • Bug SA_FIELD_SELF_ASSIGNMENT is now reported from nested classes as well (#2142) @​baloghadamsoftware

... (truncated)

Changelog

Sourced from spotbugs-annotations's changelog.

4.7.3 - 2022-10-15

Fixed

  • Fixed detector DontUseFloatsAsLoopCounters to prevent false positives. (#2126)
  • Fixed regression in 4.7.2 caused by (#2141)
  • improve compatibility with later version of jdk (>= 13). (#2188)
  • Fixed detector UncallableMethodOfAnonymousClass to not report unused methods of method-local enumerations and records (#2120)
  • Fixed detector FindSqlInjection to detect bug SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE SQL with high priority in case of unsafe appends also in Java 11 and above (#2183)
  • Fixed detector StringConcatenation to detect bug SBSC_USE_STRINGBUFFER_CONCATENATION also in Java 11 and above (#2182)
  • Fixed OpcodeStackDetector to to handle propagation of taints properly in case of string concatenation in Java 9 and above (#2195)
  • Bump up log4j2 binding to 2.19.0
  • Bump ObjectWeb ASM from 9.3 to 9.4 supporting JDK 20 (#2200)
  • Bump up commons-text to 1.10.0 (#2197)
  • Fixed debug detector ViewCFG to generate file names that are also valid on Windows (#2209)

4.7.2 - 2022-09-02

Fixed

  • Bumped gson from 2.9.0 to 2.9.1 (#2136)
  • Bump up SLF4J API to 2.0.0
  • Bump up logback to 1.4.0
  • Bump up log4j2 binding to 2.18.0
  • Bump up Saxon-HE to 11.4 (#2160)
  • Fixed InvalidInputException in Eclipse while bug reporting (#2134)
  • Bug SA_FIELD_SELF_ASSIGNMENT is now reported from nested classes as well (#2142)
  • Avoid warning on use of security manager on Java 17 and newer. (#1579)
  • Fixed false positives EI_EXPOSE_REP thrown in case of fields initialized by the of or copyOf method of a List, Map or Set (#1771)
  • Fixed CFGBuilderException thrown when dup_x2 is used to swap the reference and wide-value (double, long) in the stack (#2146)

4.7.1 - 2022-06-26

Fixed

  • Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE on try-with-resources with interface references (#1931)
  • Fixed NullPointerException thrown by detector FindPotentialSecurityCheckBasedOnUntrustedSource on Kotlin files. (#2041)
  • Disabled detector ThrowingExceptions by default to avoid many false positives (#2040)
  • Fixed False positives for THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION and THROWS_METHOD_THROWS_CLAUSE_THROWABLE on evaluating synthetic classes (#2040)
  • Fixed False positive for SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA on proper protection by using static lock for synchronized block, but inside an unsecured (synchronized and not static) method (#2089)

4.7.0 - 2022-04-14

Changed

  • Updated documentation by adding parenthesis () to the negative odd check message (#1995)
  • Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024)

Fixed

  • Fixed reports to truncate existing files before writing new content (#1950)
  • Bumped Saxon-HE from 10.6 to 11.3 (#1955, #1999)
  • Fixed traversal of nested archives governed by -nested:true (#1930)
  • Warnings of deprecated System::setSecurityManager calls on Java 17 (#1983)
  • Fixed false positive SSD bug for locking on java.lang.Class objects (#1978)
  • FindReturnRef throws an IllegalArgumentException unexpectedly (#2019)
  • Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#2004)

Added

... (truncated)

Commits
  • fa9e53a release v4.7.3
  • 838bf77 build(deps): bump com.gradle.enterprise from 3.11.1 to 3.11.2
  • 1515e4c build(deps): bump joda-time from 2.11.2 to 2.12.0
  • 393345b build(deps): bump error_prone_annotations from 2.15.0 to 2.16
  • 119956b Fix for detector UncallableMethodOfAnonymousClass to not report unused meth...
  • 96d50b5 Fix detector FindSqlInjection to detect bug SQL_NONCONSTANT_STRING_PASSED_TO_...
  • 35dddba build(deps): bump groovy-all from 4.0.4 to 4.0.5
  • b4560e0 Fix detector StringConcatenation to detect bug SBSC_USE_STRINGBUFFER_CONCATEN...
  • c4c26c1 Fix for test detector ViewCFG
  • 77b7da7 Fix OpcodeStack to handle propagation of taints properly in case of string co...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [spotbugs-annotations](https://github.com/spotbugs/spotbugs) from 3.1.12 to 4.7.3.
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@3.1.12...4.7.3)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-annotations
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants