fix(deps): update dependency com.github.spotbugs:spotbugs-annotations to v4.8.3

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
com.github.spotbugs:spotbugs-annotations (source)	4.8.0 -> 4.8.3

---

Release Notes

spotbugs/spotbugs (com.github.spotbugs:spotbugs-annotations)

v4.8.3

Compare Source

Fixed

• Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits for checked exceptions (#​2710)
• Applied changes for bcel 6.8.0 with adjustments to constant pool (#​2756)
  • More information bcel changes can be found on (#​2757)
• Fix FN in CT_CONSTRUCTOR_THROW when the return value of the called method is not void or primitive type.

Changed

• Improved Matcher checks for empty strings (#​2755)
• Allow 'onlyAnalyze' option to specify negative matches, such that this facility can be used to prevent a subset of classes to be excluded from analysis (#​2754)
• Strictly require logback 1.2.13 due to CVE-2023-6481 and CVE-23-6378 (#​2760)
• Prefer log4j2 at 2.22.0 and logback at 1.4.14 (#​2760)

v4.8.2

Compare Source

Fixed

• Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource (#​2379)
• Use java.nio to load filter files (#​2684)
• Eclipse: Do not export javax.annotation packages (#​2699)
• Fixed not thread safe FindOverridableMethodCall detector (#​2701)
• Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. (#​2646)
• Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#​2686)
• Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits (#​2710)

Added

• New detector finding System.getenv() calls, where the corresponding Java property could be used (See ENV02-J).

Build

• Run build using jdk 17 and 21 without usage of toolchains so we do not defeat the purpose of building on both. (#​2722)

v4.8.1

Compare Source

Fixed

• Fixed schema location for findbugsfilter.xsd ([#​1416])
• Fixed missing null checks ([#​2629])
• Disabled DontReusePublicIdentifiers due to the high false positives rate ([#​2627])
• Removed signature of methods using UTF-8 in DefaultEncodingDetector ([#​2634])
• Fix exception escapes when calling functions of JUnit Assert or Assertions ([#​2640])
• Fixed an error in the SARIF export when a bug annotation is missing ([#​2632])
• Fixed false positive RV_EXCEPTION_NOT_THROWN when asserting to exception throws ([#​2628])
• Fix false positive CT_CONSTRUCTOR_THROW when supertype has final finalize ([#​2665])
• Lowered the priority of PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE bug ([#​2652])
• Eclipse: fixed startup overhead (on computing classpath) for PDE projects ([#​2671])

Build

• Fix deprecated GHA on '::set-output' by using GITHUB_OUTPUT ([#​2651])

---

Configuration

📅 Schedule: Branch creation - "after 10pm" in timezone Europe/Prague, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[sonarqubecloud]

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud