github-api icon indicating copy to clipboard operation
github-api copied to clipboard
verified publisher icon hub4j

Chore(deps): Bump spotbugs.version from 4.6.0 to 4.7.1

Open dependabot[bot] opened this issue 3 years ago • 1 comments

Bumps spotbugs.version from 4.6.0 to 4.7.1. Updates spotbugs from 4.6.0 to 4.7.1

Release notes

Sourced from spotbugs's releases.

SpotBugs 4.7.1

CHANGELOG

Fixed

  • Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE on try-with-resources with interface references (#1931) @​dmivankov
  • Fixed NullPointerException thrown by detector FindPotentialSecurityCheckBasedOnUntrustedSource on Kotlin files. (#2041) @​baloghadamsoftware
  • Disabled detector ThrowingExceptions by default to avoid many false positives (#2040) @​iloveeclipse
  • Fixed False positives for THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION and THROWS_METHOD_THROWS_CLAUSE_THROWABLE on evaluating synthetic classes (#2040) @​big-andy-coates
  • Fixed False positive for SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA on proper protection by using static lock for synchronized block, but inside an unsecured (synchronized and not static) method (#2089) @​gonczmisi

CHECKSUM

file checksum (sha256)
spotbugs-4.7.1-javadoc.jar b9562f6c370adc73277c2f7ecd1d72dea1f4961ff8a38b5c9de1df48c98d4727
spotbugs-4.7.1-sources.jar 70e08fd3a294d86f364ddb57fe83e5eebb90eb372766e6c0ad41b1c206f2a7c6
spotbugs-4.7.1.tgz 62195a43af19e998380ea5988dba3bdd5b927acd6a3a47a575578629313ce836
spotbugs-4.7.1.zip 008c98901099114dbb0864bf693f480df4cef83929cf469d37b1cf85a348ae88
spotbugs-annotations-4.7.1-javadoc.jar 8f58cc52f0517b072da3696d6d4b882944699746de63084834d688b9d0ff1102
spotbugs-annotations-4.7.1-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar c267764c59c7cbd2e6becebeb7c848cd6dfe23a28a76ea3bc6ccea5cce60932e
spotbugs-ant-4.7.1-javadoc.jar cbd76c1382c887e0f73426646f2b12c867b48a607ccd2eb6618125ab672e9296
spotbugs-ant-4.7.1-sources.jar ce7cfbed848ccb0e3765cec6b9c60c458699aa51f60ad9216cf89dbf38d8d793
spotbugs-ant.jar b866a2a89a03b49e60b5f27e0f5987eb8c12c2d2aefc6e9ddcbcdae345c765db
spotbugs.jar a6b689b6695fe64665a056875c0d57b55c07431d5d5193b2ae3971986a114d0e
test-harness-4.7.1-javadoc.jar 5a4e624420abcdb782158b3ce1b0e17c5e5ad3176698c617128897201bceb775
test-harness-4.7.1-sources.jar 7efb06093ea5f6f330a7bd76b894f396d6cb466665fcefc01a3743b07910dc29
test-harness-4.7.1.jar 50b4a72c668ea7d29bf1234b4aa380df903374216f68b0a87f7ca28d4fa225f3
test-harness-core-4.7.1-javadoc.jar 6e8325372c24834f40a73feaba3fc256fdb5e6391ff086d459afd58b0fc1b073
test-harness-core-4.7.1-sources.jar f8aab3c5cdd456d6b6d632e9fc65897e657447a2e925b6b3f61bd2d15c22cb24
test-harness-core-4.7.1.jar 7165f7f45a6e82e8a6d6a0a4033b6473b310c14f645cb62ebc2fbc6ce5338350
test-harness-jupiter-4.7.1-javadoc.jar 83332c275c96e72ecdacf96244baf79a0357dd5c3fdd6143e0b47fc73f153441
test-harness-jupiter-4.7.1-sources.jar 210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.7.1.jar 18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4

SpotBugs 4.7.0

CHANGELOG

Changed

  • Updated documentation by adding parenthesis () to the negative odd check message (#1995) @​axkr
  • Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024) @​gtoison

Fixed

  • Fixed reports to truncate existing files before writing new content (#1950) @​sdati
  • Fixed traversal of nested archives governed by -nested:true (#1930) @​Vogel612
  • Warnings of deprecated System::setSecurityManager calls on Java 17 (#1983) @​wborn
  • Fixed false positive SSD bug for locking on java.lang.Class objects (#1978) @​jpschewe
  • FindReturnRef throws an IllegalArgumentException unexpectedly (#2019) @​KengoTODA
  • Bumped Saxon-HE from 10.6 to 11.3 (#1955, #1999)
  • Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#2004)

Added

  • New detector ThrowingExceptions and introduced new bug types @​oroszbd

... (truncated)

Changelog

Sourced from spotbugs's changelog.

4.7.1 - 2022-06-26

Fixed

  • Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE on try-with-resources with interface references (#1931)
  • Fixed NullPointerException thrown by detector FindPotentialSecurityCheckBasedOnUntrustedSource on Kotlin files. (#2041)
  • Disabled detector ThrowingExceptions by default to avoid many false positives (#2040)
  • Fixed False positives for THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION and THROWS_METHOD_THROWS_CLAUSE_THROWABLE on evaluating synthetic classes (#2040)
  • Fixed False positive for SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA on proper protection by using static lock for synchronized block, but inside an unsecured (synchronized and not static) method (#2089)

4.7.0 - 2022-04-14

Changed

  • Updated documentation by adding parenthesis () to the negative odd check message (#1995)
  • Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024)

Fixed

  • Fixed reports to truncate existing files before writing new content (#1950)
  • Bumped Saxon-HE from 10.6 to 11.3 (#1955, #1999)
  • Fixed traversal of nested archives governed by -nested:true (#1930)
  • Warnings of deprecated System::setSecurityManager calls on Java 17 (#1983)
  • Fixed false positive SSD bug for locking on java.lang.Class objects (#1978)
  • FindReturnRef throws an IllegalArgumentException unexpectedly (#2019)
  • Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#2004)

Added

  • New detector ThrowingExceptions and introduced new bug types:
    • THROWS_METHOD_THROWS_RUNTIMEEXCEPTION is reported in case of a method throwing RuntimeException,
    • THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION is reported when a method has Exception in its throws clause and
    • THROWS_METHOD_THROWS_CLAUSE_THROWABLE is reported when a method has Throwable in its throws clause (See SEI CERT ERR07-J)
  • New rule PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS to warn for custom class loaders who do not call their superclasses' getPermissions() in their getPermissions() method. This rule based on the SEI CERT rule SEC07-J Call the superclass's getPermissions() method when writing a custom class loader. (#SEC07-J)
  • New rule USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on SEC02-J. Do not base security checks on untrusted sources. (#SEC02-J)
  • New detector DontUseFloatsAsLoopCounters to detect usage of floating-point variables as loop counters (FL_FLOATS_AS_LOOP_COUNTERS), according to SEI CERT rules NUM09-J. Do not use floating-point variables as loop counters
  • New test detector ViewCFG to visualize the control-flow graph for SpotBugs developers
Commits
  • c133f55 release 4.7.1
  • cd62d7d build(deps): bump goomph from 3.37.0 to 3.37.1 in /buildSrc
  • 356240a build(deps): bump mockito-core from 4.5.1 to 4.6.1
  • 1fe1480 FindPotentialSecurityCheckBasedOnUntrustedSource throws an exception on class...
  • 3edd139 Fixed false positive SSD bug for secured synchronized block inside unsecured ...
  • f604ccd build(deps): bump com.github.spotbugs from 5.0.7 to 5.0.8
  • e4d21b9 build(deps): bump goomph from 3.36.2 to 3.37.0 in /buildSrc
  • 141e207 build(deps): bump org.sonarqube from 3.3 to 3.4.0.2513
  • b9cce6a build: stop using textlint
  • 1e97e5f build(deps): bump com.gradle.enterprise from 3.10 to 3.10.2
  • Additional commits viewable in compare view

Updates spotbugs-annotations from 4.6.0 to 4.7.1

Release notes

Sourced from spotbugs-annotations's releases.

SpotBugs 4.7.1

CHANGELOG

Fixed

  • Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE on try-with-resources with interface references (#1931) @​dmivankov
  • Fixed NullPointerException thrown by detector FindPotentialSecurityCheckBasedOnUntrustedSource on Kotlin files. (#2041) @​baloghadamsoftware
  • Disabled detector ThrowingExceptions by default to avoid many false positives (#2040) @​iloveeclipse
  • Fixed False positives for THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION and THROWS_METHOD_THROWS_CLAUSE_THROWABLE on evaluating synthetic classes (#2040) @​big-andy-coates
  • Fixed False positive for SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA on proper protection by using static lock for synchronized block, but inside an unsecured (synchronized and not static) method (#2089) @​gonczmisi

CHECKSUM

file checksum (sha256)
spotbugs-4.7.1-javadoc.jar b9562f6c370adc73277c2f7ecd1d72dea1f4961ff8a38b5c9de1df48c98d4727
spotbugs-4.7.1-sources.jar 70e08fd3a294d86f364ddb57fe83e5eebb90eb372766e6c0ad41b1c206f2a7c6
spotbugs-4.7.1.tgz 62195a43af19e998380ea5988dba3bdd5b927acd6a3a47a575578629313ce836
spotbugs-4.7.1.zip 008c98901099114dbb0864bf693f480df4cef83929cf469d37b1cf85a348ae88
spotbugs-annotations-4.7.1-javadoc.jar 8f58cc52f0517b072da3696d6d4b882944699746de63084834d688b9d0ff1102
spotbugs-annotations-4.7.1-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar c267764c59c7cbd2e6becebeb7c848cd6dfe23a28a76ea3bc6ccea5cce60932e
spotbugs-ant-4.7.1-javadoc.jar cbd76c1382c887e0f73426646f2b12c867b48a607ccd2eb6618125ab672e9296
spotbugs-ant-4.7.1-sources.jar ce7cfbed848ccb0e3765cec6b9c60c458699aa51f60ad9216cf89dbf38d8d793
spotbugs-ant.jar b866a2a89a03b49e60b5f27e0f5987eb8c12c2d2aefc6e9ddcbcdae345c765db
spotbugs.jar a6b689b6695fe64665a056875c0d57b55c07431d5d5193b2ae3971986a114d0e
test-harness-4.7.1-javadoc.jar 5a4e624420abcdb782158b3ce1b0e17c5e5ad3176698c617128897201bceb775
test-harness-4.7.1-sources.jar 7efb06093ea5f6f330a7bd76b894f396d6cb466665fcefc01a3743b07910dc29
test-harness-4.7.1.jar 50b4a72c668ea7d29bf1234b4aa380df903374216f68b0a87f7ca28d4fa225f3
test-harness-core-4.7.1-javadoc.jar 6e8325372c24834f40a73feaba3fc256fdb5e6391ff086d459afd58b0fc1b073
test-harness-core-4.7.1-sources.jar f8aab3c5cdd456d6b6d632e9fc65897e657447a2e925b6b3f61bd2d15c22cb24
test-harness-core-4.7.1.jar 7165f7f45a6e82e8a6d6a0a4033b6473b310c14f645cb62ebc2fbc6ce5338350
test-harness-jupiter-4.7.1-javadoc.jar 83332c275c96e72ecdacf96244baf79a0357dd5c3fdd6143e0b47fc73f153441
test-harness-jupiter-4.7.1-sources.jar 210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.7.1.jar 18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4

SpotBugs 4.7.0

CHANGELOG

Changed

  • Updated documentation by adding parenthesis () to the negative odd check message (#1995) @​axkr
  • Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024) @​gtoison

Fixed

  • Fixed reports to truncate existing files before writing new content (#1950) @​sdati
  • Fixed traversal of nested archives governed by -nested:true (#1930) @​Vogel612
  • Warnings of deprecated System::setSecurityManager calls on Java 17 (#1983) @​wborn
  • Fixed false positive SSD bug for locking on java.lang.Class objects (#1978) @​jpschewe
  • FindReturnRef throws an IllegalArgumentException unexpectedly (#2019) @​KengoTODA
  • Bumped Saxon-HE from 10.6 to 11.3 (#1955, #1999)
  • Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#2004)

Added

  • New detector ThrowingExceptions and introduced new bug types @​oroszbd

... (truncated)

Changelog

Sourced from spotbugs-annotations's changelog.

4.7.1 - 2022-06-26

Fixed

  • Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE on try-with-resources with interface references (#1931)
  • Fixed NullPointerException thrown by detector FindPotentialSecurityCheckBasedOnUntrustedSource on Kotlin files. (#2041)
  • Disabled detector ThrowingExceptions by default to avoid many false positives (#2040)
  • Fixed False positives for THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION and THROWS_METHOD_THROWS_CLAUSE_THROWABLE on evaluating synthetic classes (#2040)
  • Fixed False positive for SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA on proper protection by using static lock for synchronized block, but inside an unsecured (synchronized and not static) method (#2089)

4.7.0 - 2022-04-14

Changed

  • Updated documentation by adding parenthesis () to the negative odd check message (#1995)
  • Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024)

Fixed

  • Fixed reports to truncate existing files before writing new content (#1950)
  • Bumped Saxon-HE from 10.6 to 11.3 (#1955, #1999)
  • Fixed traversal of nested archives governed by -nested:true (#1930)
  • Warnings of deprecated System::setSecurityManager calls on Java 17 (#1983)
  • Fixed false positive SSD bug for locking on java.lang.Class objects (#1978)
  • FindReturnRef throws an IllegalArgumentException unexpectedly (#2019)
  • Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#2004)

Added

  • New detector ThrowingExceptions and introduced new bug types:
    • THROWS_METHOD_THROWS_RUNTIMEEXCEPTION is reported in case of a method throwing RuntimeException,
    • THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION is reported when a method has Exception in its throws clause and
    • THROWS_METHOD_THROWS_CLAUSE_THROWABLE is reported when a method has Throwable in its throws clause (See SEI CERT ERR07-J)
  • New rule PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS to warn for custom class loaders who do not call their superclasses' getPermissions() in their getPermissions() method. This rule based on the SEI CERT rule SEC07-J Call the superclass's getPermissions() method when writing a custom class loader. (#SEC07-J)
  • New rule USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on SEC02-J. Do not base security checks on untrusted sources. (#SEC02-J)
  • New detector DontUseFloatsAsLoopCounters to detect usage of floating-point variables as loop counters (FL_FLOATS_AS_LOOP_COUNTERS), according to SEI CERT rules NUM09-J. Do not use floating-point variables as loop counters
  • New test detector ViewCFG to visualize the control-flow graph for SpotBugs developers
Commits
  • c133f55 release 4.7.1
  • cd62d7d build(deps): bump goomph from 3.37.0 to 3.37.1 in /buildSrc
  • 356240a build(deps): bump mockito-core from 4.5.1 to 4.6.1
  • 1fe1480 FindPotentialSecurityCheckBasedOnUntrustedSource throws an exception on class...
  • 3edd139 Fixed false positive SSD bug for secured synchronized block inside unsecured ...
  • f604ccd build(deps): bump com.github.spotbugs from 5.0.7 to 5.0.8
  • e4d21b9 build(deps): bump goomph from 3.36.2 to 3.37.0 in /buildSrc
  • 141e207 build(deps): bump org.sonarqube from 3.3 to 3.4.0.2513
  • b9cce6a build: stop using textlint
  • 1e97e5f build(deps): bump com.gradle.enterprise from 3.10 to 3.10.2
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Jul 01 '22 02:07 dependabot[bot]

Codecov Report

Merging #1487 (da747e5) into main (08785e5) will not change coverage. The diff coverage is n/a.

@@            Coverage Diff            @@
##               main    #1487   +/-   ##
=========================================
  Coverage     78.80%   78.80%           
  Complexity     2113     2113           
=========================================
  Files           202      202           
  Lines          6427     6427           
  Branches        361      361           
=========================================
  Hits           5065     5065           
  Misses         1152     1152           
  Partials        210      210

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

codecov[bot] avatar Jul 01 '22 02:07 codecov[bot]