keycloak-config-cli icon indicating copy to clipboard operation
keycloak-config-cli copied to clipboard

Published 20 hours ago verified publisher icon adorsys

Bump com.github.spotbugs:spotbugs from 4.7.3 to 4.8.3

Open dependabot[bot] opened this issue 1 year ago • 1 comments

Bumps com.github.spotbugs:spotbugs from 4.7.3 to 4.8.3.

Release notes

Sourced from com.github.spotbugs:spotbugs's releases.

SpotBugs 4.8.3

CHANGELOG

Fixed

  • Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits for checked exceptions (#2710)
  • Applied changes for bcel 6.8.0 with adjustments to constant pool (#2756)
    • More information bcel changes can be found on (#2757)
  • Fix FN in CT_CONSTRUCTOR_THROW when the return value of the called method is not void or primitive type.

Changed

  • Improved Matcher checks for empty strings (#2755)
  • Allow 'onlyAnalyze' option to specify negative matches, such that this facility can be used to prevent a subset of classes to be excluded from analysis (#2754)
  • Strictly require logback 1.2.13 due to CVE-2023-6481 and CVE-23-6378 (#2760)
  • Prefer log4j2 at 2.22.0 and logback at 1.4.14 (#2760)

CHECKSUM

file checksum (sha256)
spotbugs-4.8.3-javadoc.jar 2e01e937ceb24dc02796690e73caa9d06e576741af497f22f2b1ccd41e98065d
spotbugs-4.8.3-sources.jar 383f1434925a9b5df46c03dc79aac9dbc9ac1e5020f40b34f4e6ab565b8082f5
spotbugs-4.8.3.tgz 4713c0ebcc76125ba11be3cfcb288a39b809fdabfbeec0acd0ac7494ef649851
spotbugs-4.8.3.zip 7468aaaf370ec9df0601a46cf0157b83022d00227ef724d80ebbfbb11cb26270
spotbugs-annotations-4.8.3-javadoc.jar eb513a89ac812f50e3d7de5efbb0e135994849c18412b04759e6d67e991e356e
spotbugs-annotations-4.8.3-sources.jar b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar e5d4f60be8e57595766ba7f1d4535dc46aebf98dae05e16372a4d4120d3ebb6b
spotbugs-ant-4.8.3-javadoc.jar a9713955805838408ed7b6adf030bffc4cd2036fa2fdb8fb772bc1857e4ac4a6
spotbugs-ant-4.8.3-sources.jar 9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar 84a286b65d1c2441ac24a57a998c83d43b9d287fd68ac0df7c7524b5f419fc2b
test-harness-4.8.3-javadoc.jar e3c3997b3a26bee7833b9e7ae634b32f7b060fe11af0a4111d0d62b2a872f760
test-harness-4.8.3-sources.jar 633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6
test-harness-4.8.3.jar 23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9
test-harness-core-4.8.3-javadoc.jar cd3a2bbcff93aba606a4e3340733d06684e2e456211068f8cb7069890c71efa0
test-harness-core-4.8.3-sources.jar f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.3.jar 5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242
test-harness-jupiter-4.8.3-javadoc.jar 35631be40804da4e5613dfa70efc491c52d5b9d4e6d35d706efce78a4ceb1669
test-harness-jupiter-4.8.3-sources.jar 0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.3.jar d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485

SpotBugs 4.8.2

CHANGELOG

Fixed

  • Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource (#2379)
  • Use java.nio to load filter files (#2684)
  • Eclipse: Do not export javax.annotation packages (#2699)
  • Fixed not thread safe FindOverridableMethodCall detector (#2701)
  • Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. (#2646)
  • Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
  • Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits (#2710)

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs's changelog.

4.8.3 - 2023-12-12

Fixed

  • Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits for checked exceptions (#2710)
  • Applied changes for bcel 6.8.0 with adjustments to constant pool (#2756)
    • More information bcel changes can be found on (#2757)
  • Fix FN in CT_CONSTRUCTOR_THROW when the return value of the called method is not void or primitive type.

Changed

  • Improved Matcher checks for empty strings (#2755)
  • Allow 'onlyAnalyze' option to specify negative matches, such that this facility can be used to prevent a subset of classes to be excluded from analysis (#2754)
  • Strictly require logback 1.2.13 due to CVE-2023-6481 and CVE-23-6378 (#2760)
  • Prefer log4j2 at 2.22.0 and logback at 1.4.14 (#2760)

4.8.2 - 2023-11-28

Fixed

  • Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource (#2379)
  • Use java.nio to load filter files (#2684)
  • Eclipse: Do not export javax.annotation packages (#2699)
  • Fixed not thread safe FindOverridableMethodCall detector (#2701)
  • Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. (#2646)
  • Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
  • Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits (#2710)

Added

  • New detector finding System.getenv() calls, where the corresponding Java property could be used (See ENV02-J).

Build

  • Run build using jdk 17 and 21 without usage of toolchains so we do not defeat the purpose of building on both. (#2722)

4.8.1 - 2023-11-06

Fixed

  • Fixed schema location for findbugsfilter.xsd (#1416)
  • Fixed missing null checks (#2629)
  • Disabled DontReusePublicIdentifiers due to the high false positives rate (#2627)
  • Removed signature of methods using UTF-8 in DefaultEncodingDetector (#2634)
  • Fix exception escapes when calling functions of JUnit Assert or Assertions (#2640)
  • Fixed an error in the SARIF export when a bug annotation is missing (#2632)
  • Fixed false positive RV_EXCEPTION_NOT_THROWN when asserting to exception throws (#2628)
  • Fix false positive CT_CONSTRUCTOR_THROW when supertype has final finalize (#2665)
  • Lowered the priority of PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE bug (#2652)
  • Eclipse: fixed startup overhead (on computing classpath) for PDE projects (#2671)

Build

  • Fix deprecated GHA on '::set-output' by using GITHUB_OUTPUT (#2651)

4.8.0 - 2023-10-11

Changed

... (truncated)

Commits
  • 1e42fc9 release v4.8.3
  • 44dd360 Fix FNs in CT_CONSTRUCTOR_THROW (#2747)
  • 10422e8 Adjust log binding requirements due to CVEs from logback (#2760)
  • e720004 Support negated onlyAnalyze items (#2754)
  • 8a41d8f Sonar Analyses fixes (#2753)
  • a7aada2 fix(deps): update dependency org.apache.bcel:bcel to v6.8.0 (#2756)
  • c176966 chore(deps): update dependency com.diffplug.gradle:goomph to v3.44.0 (#2758)
  • 0f7a97f chore(deps): update plugin com.github.spotbugs to v6.0.2 (#2742)
  • 5495d4b chore(deps): update plugin com.gradle.enterprise to v3.16 (#2746)
  • 194f19b Use String.isEmpty() with null guards (#2755)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Dec 13 '23 19:12 dependabot[bot]

Quality Gate Passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud[bot] avatar Dec 13 '23 19:12 sonarqubecloud[bot]

@dependabot rebase

jonasvoelcker avatar Jun 03 '24 16:06 jonasvoelcker

Superseded by #1027.

dependabot[bot] avatar Jun 03 '24 16:06 dependabot[bot]