diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 16a5b955..d5a23da9 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -7,9 +7,10 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
+ cache: [maven]
+ distribution: [temurin]
+ java: [17, 21, 22, 23-ea]
os: [ubuntu-latest, macos-latest, windows-latest]
- java: [11, 17, 21, 22, 23-ea]
- distribution: ['temurin']
fail-fast: false
max-parallel: 4
name: Test JDK ${{ matrix.java }}, ${{ matrix.os }}
@@ -21,5 +22,6 @@ jobs:
with:
java-version: ${{ matrix.java }}
distribution: ${{ matrix.distribution }}
+ cache: ${{ matrix.cache }}
- name: Test with Maven
run: ./mvnw test -B -V --no-transfer-progress -D"license.skip=true"
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 00000000..18fae20a
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,47 @@
+name: "CodeQL"
+
+on:
+ push:
+ branches: [ "master" ]
+ pull_request:
+ branches: [ "master" ]
+ schedule:
+ - cron: "43 10 * * 2"
+
+jobs:
+ analyze:
+ name: Analyze
+ runs-on: ubuntu-latest
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: [ javascript, java ]
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Setup Java
+ uses: actions/setup-java@v4
+ with:
+ java-version: 17
+ distribution: 'temurin'
+
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v3
+ with:
+ languages: ${{ matrix.language }}
+ queries: +security-and-quality
+
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@v3
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v3
+ with:
+ category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/coveralls.yaml b/.github/workflows/coveralls.yaml
index bf998b75..05f3029f 100644
--- a/.github/workflows/coveralls.yaml
+++ b/.github/workflows/coveralls.yaml
@@ -11,8 +11,9 @@ jobs:
- name: Set up JDK
uses: actions/setup-java@v4
with:
+ cache: maven
+ distribution: temurin
java-version: 21
- distribution: zulu
- name: Report Coverage to Coveralls for Pull Requests
if: github.event_name == 'pull_request'
run: ./mvnw -B -V test jacoco:report coveralls:report -q -Dlicense.skip=true -DrepoToken=$GITHUB_TOKEN -DserviceName=github -DpullRequest=$PR_NUMBER --no-transfer-progress
@@ -21,6 +22,6 @@ jobs:
PR_NUMBER: ${{ github.event.number }}
- name: Report Coverage to Coveralls for General Push
if: github.event_name == 'push'
- run: ./mvnw -B -V test jacoco:report coveralls:report -q -Dlicense.skip=true -DrepoToken=$GITHUB_TOKEN -DserviceName=github
+ run: ./mvnw -B -V test jacoco:report coveralls:report -q -Dlicense.skip=true -DrepoToken=$GITHUB_TOKEN -DserviceName=github --no-transfer-progress
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/it-maven-3.6.3.yaml b/.github/workflows/it-maven-3.6.3.yaml
index 96e26718..8f5f1b45 100644
--- a/.github/workflows/it-maven-3.6.3.yaml
+++ b/.github/workflows/it-maven-3.6.3.yaml
@@ -15,7 +15,7 @@ jobs:
java-version: 21
distribution: zulu
- name: Load Maven 3.6.3
- run: mvn -B -V org.apache.maven.plugins:maven-wrapper-plugin:3.2.0:wrapper -Dmaven=3.6.3 --no-transfer-progress
+ run: mvn -B -V org.apache.maven.plugins:maven-wrapper-plugin:3.3.2:wrapper -Dmaven=3.6.3 --no-transfer-progress
- name: Build Setup
run: ./mvnw -B -V clean install -Dlicense.skip=true -Dmaven.min-version=3.6.3
- name: Integration Test with Maven
diff --git a/.github/workflows/it-maven-4.0.0.yaml b/.github/workflows/it-maven-4.0.0.yaml
index c7379cec..1bb435f3 100644
--- a/.github/workflows/it-maven-4.0.0.yaml
+++ b/.github/workflows/it-maven-4.0.0.yaml
@@ -1,11 +1,11 @@
-name: Java Integration Tests Maven 4.0.0-alpha-13
+name: Java Integration Tests Maven 4.0.0-beta-3
on: [push, pull_request]
jobs:
test:
runs-on: ubuntu-latest
- name: Integration Tests Maven 4.0.0-alpha-13
+ name: Integration Tests Maven 4.0.0-beta-3
steps:
- uses: actions/checkout@v4
@@ -14,9 +14,9 @@ jobs:
with:
java-version: 21
distribution: zulu
- - name: Load Maven 4.0.0-alpha-13
- run: mvn -B -V org.apache.maven.plugins:maven-wrapper-plugin:3.2.0:wrapper -Dmaven=4.0.0-alpha-13 --no-transfer-progress
+ - name: Load Maven 4.0.0-beta-3
+ run: mvn -B -V org.apache.maven.plugins:maven-wrapper-plugin:3.3.2:wrapper -Dmaven=4.0.0-beta-3 --no-transfer-progress
- name: Build Setup
- run: ./mvnw -B -V clean install -Dlicense.skip=true -Dmaven.min-version=4.0.0-alpha-13 --no-transfer-progress
+ run: ./mvnw -B -V clean install -Dlicense.skip=true -Dmaven.min-version=4.0.0-beta-3 --no-transfer-progress
- name: Integration Test with Maven
- run: ./mvnw -B -V -DtestSrc=remote -Prun-its clean install -Dinvoker.parallelThreads=8 -Dlicense.skip=true -Dmaven.min-version=4.0.0-alpha-13 --no-transfer-progress
+ run: ./mvnw -B -V -DtestSrc=remote -Prun-its clean install -Dinvoker.parallelThreads=8 -Dlicense.skip=true -Dmaven.min-version=4.0.0-beta-3 --no-transfer-progress
diff --git a/.github/workflows/site.yaml b/.github/workflows/site.yaml
index 22281a17..9879e6e7 100644
--- a/.github/workflows/site.yaml
+++ b/.github/workflows/site.yaml
@@ -14,7 +14,8 @@ jobs:
- name: Set up JDK
uses: actions/setup-java@v4
with:
- distribution: zulu
+ cache: maven
+ distribution: temurin
java-version: 21
- name: Build site
run: ./mvnw site site:stage -DskipTests -Dlicense.skip=true -B -V --no-transfer-progress --settings ./.mvn/settings.xml
diff --git a/.github/workflows/sonar.yaml b/.github/workflows/sonar.yaml
index bfb8f4bc..23cab5ba 100644
--- a/.github/workflows/sonar.yaml
+++ b/.github/workflows/sonar.yaml
@@ -17,10 +17,11 @@ jobs:
- name: Set up JDK
uses: actions/setup-java@v4
with:
+ cache: maven
+ distribution: temurin
java-version: 21
- distribution: zulu
- name: Analyze with SonarCloud
- run: ./mvnw verify sonar:sonar -B -V -Dsonar.projectKey=spotbugs_spotbugs-maven-plugin -Dsonar.organization=spotbugs -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=$SONAR_TOKEN -Dlicense.skip=true --no-transfer-progress
+ run: ./mvnw verify sonar:sonar -B -V -Dsonar.projectKey=spotbugs_spotbugs-maven-plugin -Dsonar.organization=spotbugs -Dsonar.host.url=https://sonarcloud.io -Dsonar.token=$SONAR_TOKEN -Dlicense.skip=true --no-transfer-progress
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/sonatype.yaml b/.github/workflows/sonatype.yaml
index 26357541..7f13d126 100644
--- a/.github/workflows/sonatype.yaml
+++ b/.github/workflows/sonatype.yaml
@@ -14,8 +14,9 @@ jobs:
- name: Set up JDK
uses: actions/setup-java@v4
with:
+ cache: maven
+ distribution: temurin
java-version: 21
- distribution: zulu
- name: Deploy to Sonatype
run: ./mvnw deploy -DskipTests -B -V --no-transfer-progress --settings ./.mvn/settings.xml -Dlicense.skip=true
env:
diff --git a/.mvn/wrapper/MavenWrapperDownloader.java b/.mvn/wrapper/MavenWrapperDownloader.java
index f6cb0fa0..bdf0ddfa 100644
--- a/.mvn/wrapper/MavenWrapperDownloader.java
+++ b/.mvn/wrapper/MavenWrapperDownloader.java
@@ -30,7 +30,7 @@
import java.util.concurrent.ThreadLocalRandom;
public final class MavenWrapperDownloader {
- private static final String WRAPPER_VERSION = "3.3.1";
+ private static final String WRAPPER_VERSION = "3.3.2";
private static final boolean VERBOSE = Boolean.parseBoolean(System.getenv("MVNW_VERBOSE"));
diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties
index d2a5c3fb..fd516637 100644
--- a/.mvn/wrapper/maven-wrapper.properties
+++ b/.mvn/wrapper/maven-wrapper.properties
@@ -14,6 +14,7 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
-wrapperVersion=3.3.1
-distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.6/apache-maven-3.9.6-bin.zip
-wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.3.1/maven-wrapper-3.3.1.jar
+wrapperVersion=3.3.2
+distributionType=source
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.8/apache-maven-3.9.8-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.3.2/maven-wrapper-3.3.2.jar
diff --git a/mvnw b/mvnw
index b21a698e..66838882 100755
--- a/mvnw
+++ b/mvnw
@@ -19,7 +19,7 @@
# ----------------------------------------------------------------------------
# ----------------------------------------------------------------------------
-# Apache Maven Wrapper startup batch script, version 3.3.1
+# Apache Maven Wrapper startup batch script, version 3.3.2
#
# Required ENV vars:
# ------------------
@@ -212,9 +212,9 @@ else
log "Couldn't find $wrapperJarPath, downloading it ..."
if [ -n "$MVNW_REPOURL" ]; then
- wrapperUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.3.1/maven-wrapper-3.3.1.jar"
+ wrapperUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.3.2/maven-wrapper-3.3.2.jar"
else
- wrapperUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.3.1/maven-wrapper-3.3.1.jar"
+ wrapperUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.3.2/maven-wrapper-3.3.2.jar"
fi
while IFS="=" read -r key value; do
# Remove '\r' from value to allow usage on windows as IFS does not consider '\r' as a separator ( considers space, tab, new line ('\n'), and custom '=' )
diff --git a/mvnw.cmd b/mvnw.cmd
index f93f29a8..da4fe4dd 100644
--- a/mvnw.cmd
+++ b/mvnw.cmd
@@ -18,7 +18,7 @@
@REM ----------------------------------------------------------------------------
@REM ----------------------------------------------------------------------------
-@REM Apache Maven Wrapper startup batch script, version 3.3.1
+@REM Apache Maven Wrapper startup batch script, version 3.3.2
@REM
@REM Required ENV vars:
@REM JAVA_HOME - location of a JDK home dir
@@ -119,7 +119,7 @@ SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
-set WRAPPER_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.3.1/maven-wrapper-3.3.1.jar"
+set WRAPPER_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.3.2/maven-wrapper-3.3.2.jar"
FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
IF "%%A"=="wrapperUrl" SET WRAPPER_URL=%%B
@@ -133,7 +133,7 @@ if exist %WRAPPER_JAR% (
)
) else (
if not "%MVNW_REPOURL%" == "" (
- SET WRAPPER_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.3.1/maven-wrapper-3.3.1.jar"
+ SET WRAPPER_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.3.2/maven-wrapper-3.3.2.jar"
)
if "%MVNW_VERBOSE%" == "true" (
echo Couldn't find %WRAPPER_JAR%, downloading it ...
diff --git a/pom.xml b/pom.xml
index 7b03aa7b..c943420c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -23,13 +23,13 @@
com.github.hazendaz
base-parent
- 45
+ 47
com.github.spotbugs
spotbugs-maven-plugin
- 4.8.5.1-SNAPSHOT
+ 4.9.0.0-SNAPSHOT
maven-plugin
spotbugs-maven-plugin
@@ -160,34 +160,39 @@
+
+ 8
+ 8
+ 8
+
${project.basedir}/src/main/groovy
${project.version}
- 1714932977
+ 1720223482
- 4.8.5
+ 4.8.6
5.10.2
- 4.8.5
+ 4.8.6
4.8.5
2.0.13
1.10.14
- 4.0.21
- 3.25.10
+ 4.0.22
+ 3.26.1
1.12.0
1.11.1
3.4.2
0.13.1
- 3.3.2
+ 3.4.0
3.1.1
3.2.0
- 3.9.6
+ 3.9.8
2.1.1
1.3.0
@@ -198,15 +203,15 @@
1.0.0
0.22-1
3.0.2
- 3.5.0
- 3.6.1
- 3.6.3
- 3.13.0
+ 3.6.2
+ 3.7.0
+ 3.7.0
+ 3.13.1
2.1.0
3.12.1
3.6
- 2.16.2
+ 2.17.0
false
${project.build.directory}/it-src-spotbugs
@@ -239,7 +244,7 @@
3.2.2
2.1
2.11.0
- 33.2.0-jre
+ 33.2.1-jre
2.16.1
2.0.0
2.6
diff --git a/src/it-tools/build-tools/pom.xml b/src/it-tools/build-tools/pom.xml
index 83917c15..589eded3 100644
--- a/src/it-tools/build-tools/pom.xml
+++ b/src/it-tools/build-tools/pom.xml
@@ -1,7 +1,7 @@
diff --git a/src/it/MFINDBUGS-145/pom.xml b/src/it/MFINDBUGS-145/pom.xml
index 7e3b449a..0910d3ab 100644
--- a/src/it/MFINDBUGS-145/pom.xml
+++ b/src/it/MFINDBUGS-145/pom.xml
@@ -1,7 +1,7 @@
+ 8
+ 8
+
+ 8
UTF-8
UTF-8
diff --git a/src/it/MFINDBUGS-178/pom.xml b/src/it/MFINDBUGS-178/pom.xml
index 743e8478..5bfd7df7 100644
--- a/src/it/MFINDBUGS-178/pom.xml
+++ b/src/it/MFINDBUGS-178/pom.xml
@@ -1,7 +1,7 @@
diff --git a/src/it/check-fail/pom.xml b/src/it/check-fail/pom.xml
index 8b901244..9805fca2 100644
--- a/src/it/check-fail/pom.xml
+++ b/src/it/check-fail/pom.xml
@@ -1,7 +1,7 @@
+
4.0.0
+
spotbugs-maven-plugin.it
common
testing
../common.xml
+
check-multi-filter-dups
- check-multi-filter-dups
pom
+
+ check-multi-filter-dups
+
module1
module2
+
diff --git a/src/it/check-multi/modules/module-1/pom.xml b/src/it/check-multi/modules/module-1/pom.xml
index 1522f14e..a0e0176f 100644
--- a/src/it/check-multi/modules/module-1/pom.xml
+++ b/src/it/check-multi/modules/module-1/pom.xml
@@ -1,7 +1,7 @@
+
4.0.0
+
spotbugs-maven-plugin.it
common
testing
../common.xml
+
check-multi
check-multi
pom
+
modules
diff --git a/src/it/check-no-missing-classes/pom.xml b/src/it/check-no-missing-classes/pom.xml
index 737a0f39..9f74942d 100644
--- a/src/it/check-no-missing-classes/pom.xml
+++ b/src/it/check-no-missing-classes/pom.xml
@@ -1,7 +1,7 @@
+
4.0.0
+
+
spotbugs-maven-plugin.it
check-no-missing-classes
testing
check-no-missing-classes
- jar
+
- 1.8
- 1.8
+
+ 8
+ 8
+
+ 8
+
org.junit.jupiter
@@ -43,6 +50,7 @@
@junitVersion@
+
diff --git a/src/it/check-nofail/pom.xml b/src/it/check-nofail/pom.xml
index b3a83b57..3b8373c8 100644
--- a/src/it/check-nofail/pom.xml
+++ b/src/it/check-nofail/pom.xml
@@ -1,7 +1,7 @@
+
4.0.0
+
spotbugs-maven-plugin.it
common
testing
../common.xml
+
check-timeout
check-timeout
- jar
+
diff --git a/src/it/check/pom.xml b/src/it/check/pom.xml
index 8507dd99..af2f7294 100644
--- a/src/it/check/pom.xml
+++ b/src/it/check/pom.xml
@@ -1,7 +1,7 @@
+
4.0.0
+
spotbugs-maven-plugin.it
common
testing
../common.xml
+
exclude-modules
exclude-modules
pom
+
module1
module2
diff --git a/src/it/exclude-multi-list/pom.xml b/src/it/exclude-multi-list/pom.xml
index d93a3c2f..c89efc0b 100644
--- a/src/it/exclude-multi-list/pom.xml
+++ b/src/it/exclude-multi-list/pom.xml
@@ -1,7 +1,7 @@
+
4.0.0
+
spotbugs-maven-plugin.it
common
testing
../common.xml
+
multi-build
- multi-build
pom
+
+ multi-build
+
modules
diff --git a/src/it/multi/modules/module-1/pom.xml b/src/it/multi/modules/module-1/pom.xml
index 1522f14e..a0e0176f 100644
--- a/src/it/multi/modules/module-1/pom.xml
+++ b/src/it/multi/modules/module-1/pom.xml
@@ -1,7 +1,7 @@
+
4.0.0
+
spotbugs-maven-plugin.it
common
testing
../common.xml
+
multi
- multi
pom
+
+ multi
+
modules
diff --git a/src/it/nested/pom.xml b/src/it/nested/pom.xml
index ffb6c946..70121e57 100644
--- a/src/it/nested/pom.xml
+++ b/src/it/nested/pom.xml
@@ -1,7 +1,7 @@
+
4.0.0
+
spotbugs-maven-plugin.it
common
testing
../common.xml
+
pluginList-repo
pluginList-repo
- jar
+
true
diff --git a/src/it/pluginList/pom.xml b/src/it/pluginList/pom.xml
index 9a2f65fc..5d9ec1d5 100644
--- a/src/it/pluginList/pom.xml
+++ b/src/it/pluginList/pom.xml
@@ -1,7 +1,7 @@
+
4.0.0
+
spotbugs-maven-plugin.it
common
testing
../common.xml
+
relaxed
relaxed
- jar
+
true
diff --git a/src/it/sarif-1/pom.xml b/src/it/sarif-1/pom.xml
index 13119a20..5e4268f6 100644
--- a/src/it/sarif-1/pom.xml
+++ b/src/it/sarif-1/pom.xml
@@ -1,7 +1,7 @@
+
+ true
true
diff --git a/src/it/sarif-2/pom.xml b/src/it/sarif-2/pom.xml
index af3db1d9..20e149a5 100644
--- a/src/it/sarif-2/pom.xml
+++ b/src/it/sarif-2/pom.xml
@@ -1,7 +1,7 @@
+ 8
+ 8
+
+ 8
diff --git a/src/it/systemPropertyVariables/pom.xml b/src/it/systemPropertyVariables/pom.xml
index b07b3270..9d54e9ed 100644
--- a/src/it/systemPropertyVariables/pom.xml
+++ b/src/it/systemPropertyVariables/pom.xml
@@ -1,7 +1,7 @@
+
4.0.0
+
spotbugs-maven-plugin.it
common
testing
../common.xml
+
systemPropertyVariables
systemPropertyVariables
- jar
+
true
diff --git a/src/it/threaded/pom.xml b/src/it/threaded/pom.xml
index 40172085..4e41219f 100644
--- a/src/it/threaded/pom.xml
+++ b/src/it/threaded/pom.xml
@@ -1,7 +1,7 @@