Greg Allen

FYI I saw this issue in the IntelliJ plug-in, which seems likely due to it using an older version of spotbugs internally. When I run with latest version via gradle...

Similar issue for `MockedConstruction`

I have read the CLA Document and I hereby sign the CLA

Problem is that the link in the readme.md is still to the old location.

Examples on the wiki also need updating

I think this might be the cause of an issue I see whereby the buildRpm task will incorrectly decide it is UP-TO-DATE when the only thing changed is the version,...

slight simplification: configurations.passThroughRecommendationsOf.resolvedConfiguration.resolvedArtifacts.each { logger.info "Importing bom: $it.id" new XmlSlurper().parse(it.file).dependencyManagement.dependencies.dependency.each { compile "${it.groupId.text()}:${it.artifactId.text()}:${it.version.text()}" } }

the jackson-databind vulnerability is rejected by jackson team - see https://github.com/FasterXML/jackson-databind/issues/3972 suggest you need to whitelist this dependency (as has been done at my employer in a similar dep scanning...

the issue should be safe to ignore since multiple writers to the same file will each succeed in writing their own full copy of the file (on unix) whereas on...

actually, here's another point on why I think the post-copy length check is flawed - it can never be thread safe / concurrency friendly, since there's no telling how much...