Lee Dongjin

Hi @showuon, Here it is. I just updated the issue title more clearly and updated the spotbugs dependency into 4.5.2.

@showuon Sorry for bothering you. Here is the update. There were some [updates on spotbugs between 4.2.2 and 4.5.2](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md) and some previously-unfound problems are now detected: - In 4.3.0, spotbugs...

@showuon My bad. I found several other false-positives from other modules with spotbugs; They are now fixed. (Please see the comments.) :bow: 

@ijuma > Do you know if they intend to fix those? Oh yes, as you can see in the updated PR, I updated spotbugs to 4.5.3 following the gradle plugin...

@ijuma If you don't mind [CVE WS-2021-0419](https://github.com/protocolbuffers/protobuf/issues/9457) introduced by gson 2.8.6. This PR is to fix it.

Rebased onto the latest trunk. cc/ @ijuma

@Boojapho Thanks for reporting. Here is the fix - rebased onto the latest trunk and upgraded spotbugs into 4.7.0, which also fixes the gson vulnerability.

@ijuma Here is the update: 1. Rebased onto the latest trunk. 2. Gather the false positives together and add some TODO comments not to leave the workarounds later. 3. Reduce...

@ijuma @guozhangwang Could you have a look when you are free? I refined the original work with a benchmark with a real-world dataset. As you can see in the updated...

@kkonstantine Here it is - I rebased it onto the latest trunk. Could anyone review this PR? :pray: