xembly Update dependency com.github.spotbugs:spotbugs to v4.9.8

This PR contains the following updates:

Package	Change	Age	Confidence
com.github.spotbugs:spotbugs (source)	`4.9.1` -> `4.9.8`

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

spotbugs/spotbugs (com.github.spotbugs:spotbugs)

`v4.9.8`

Compare Source

Fixed

Maven plugin reporting issue if -adjustPriority is not set (#3774)

`v4.9.7`

Compare Source

Fixed

Fix Eclipse not always using latest preferences file state (#3740)
Fix exception throw when singleton implementing Cloneable has no clone() method (#3727)
Fix for missing -adjustPriority parameter in Eclipse preferences (#3687)
Documentation of -adjustPriority parameter
Functionality from DetectorFactory setEnabledButNonReporting(), getPriorityAdjustment() methods and BugInstance.adjustForDetector() is deprecated and moved to PriorityAdjuster (#3753)
Improved FindNakedNotify to handle the case when the lock is loaded from a field (#3634)

Changed

Support for fully qualified class names for detectors in -adjustPriority parameter
Support for numerical and absolute priority adjustments
Bump up Apache Commons BCEL to the version 6.11.0 (#3569)

Deprecated

Add back and deprecate edu.umd.cs.findbugs.io.IO.close(InputStream) method. (#3756)

Build

Allow our GA builds to work with JDK 25 (and drop support for JDK 24) (#3564)

`v4.9.6`

Compare Source

Fixed

Fix exception throw when analyzing jakarta.servlet.http.HttpServletRequest method calls (#3711)

`v4.9.5`

Compare Source

Fixed

Fix for an error when a record method has the @SuppressFBWarnings annotation (#3622)
Fix SF_SWITCH_FALLTHROUGH false positive when continuing a loop (#3617)
CWO_CLOSED_WITHOUT_OPENED false positive (#3616)
SF_SWITCH_NO_DEFAULT false positive fix for switch-arrow (#3645)
Fix the issue with BCEL logging Duplicating value: ... (#3621)
Add missing jakarta support for servlets / pre/post destroy (#3694)

Added

Add 'java.nio.file.Path.of' to known types for path traversal checks (#3699)

Cleanup

S1481: Unused local variables should be removed (#3654)
Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotation (#3695)

`v4.9.4`

Compare Source

Changed

AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

Fixed

Widen main method recognition according to JEP 445. (#3371)
Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields, parameters, packages or classes with an *.Generated annotation with retention >= class (#3350)(#3409)
Rewrite some member in ResourceValueFrame.java to Enum (#2061)
Ignore non-interpreted text when looking for FS_BAD_DATE_FORMAT_FLAG_COMBO (#3387)
Fix IllegalArgumentException thrown from FindNoSideEffectMethods detector (#3320)
Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito doAnswer(), doCallRealMethod(), doNothing(), doThrow() or doReturn() call (#3334)
Fix CT_CONSTRUCTOR_THROW false positive with public and private constructors in specific order of methods (#3417)
Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE FP when the relevant code is in private method, which is only called with proper synchronization (#3428)
Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a BDDMockito call (#3441)
Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE when field of a local variable is set. (#3459)
Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE FP when there was no compound operation (#3363)
Fix NM_FIELD_NAMING_CONVENTION crash in the TestASM detector (#3489)
Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in JUnit 3/4 setUp() method. (#3169)
Fix US_USELESS_SUPPRESSION_ON_FIELD/UUF_UNUSED_FIELD false positive (#3496)
Make the osgi manifest of the annotations jar Java 8 compatible (#3498) (#3500)
TextUICommandLine supports all options encoded in Eclipse preferences file (#3520)
Unnecessary suppressions fix for records headers (#3471)
Dead store fix when switch case contains loops (#3530) (#3449)
Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects (#3463)
Detect cases when equals() unconditionally returns true or false (#3528)
Do not report that an Iterator does not throw NoSuchElementException when hasNext() returns true (#3501)
Detect random value cast to int when stored in temporary variable (#3461)
Look for interfaces default methods when searching uncalled private methods (#1988)
Fixed field self assignment false positive (#2258)
Fixed DMI_INVOKING_TOSTRING_ON_ARRAY on newer JDK (#1147)
Fix NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive with Objects.requireNonNull (#2965) (#3573)
Track inner classes access methods to correctly report the bugs (#2029)
SF_SWITCH_NO_DEFAULT false positive fix (#1148) (#3572)

Added

Added the unnecessary annotation to the US_USELESS_SUPPRESSION_ON_* messages (#3395)
Multi-threaded code checks can be skipped with @NotThreadSafe (#3390)
New bug type CWO_CLOSED_WITHOUT_OPENED for locks that might be released without even being acquired. (See SEI CERT rule LCK08-J) (#2055)
- Breaking change: changed values and new items in ResourceValueFrame.
Inline access method for method. (#3481)
Added DMI_MISLEADING_SUBSTRING for calling subString(0) on a StringBuffer/StringBuilder (#1928)

Signing

Signing for Eclipse plugin has been removed at the current time due to signing keys being expired. The expired key produced a warning during install, the same is true without signing.

`v4.9.3`

Compare Source

Added

Introduced UselessSuppressionDetector to report the useless annotations instead of NoteSuppressedWarnings (#3348)

Fixed

Do not report US_USELESS_SUPPRESSION_ON_METHOD on synthetic methods (#3351)

`v4.9.2`

Compare Source

Added

Reporting useless @SuppressFBWarnings annotations (#641)

Fixed

Fixed html bug descriptions for AT_STALE_THREAD_WRITE_OF_PRIMITIVE and AT_NONATOMIC_64BIT_PRIMITIVE (#3303)
Fixed an HSM_HIDING_METHOD false positive when ECJ generates a synthetic method for an enum switch (#3305)
Fix AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD false negatives, detector depending on method order.
Fix THROWS_METHOD_THROWS_CLAUSE_THROWABLE reported in a method calling MethodHandle.invokeExact due to its polymorphic signature (#3309)
Fix AT_STALE_THREAD_WRITE_OF_PRIMITIVE false positive in inner class (#3310).
Fix AT_STALE_THREAD_WRITE_OF_PRIMITIVE false positive for ECJ compiled enum switches (#3316)
Fix RC_REF_COMPARISON false positive with Lombok With annotation (#3319)
Avoid calling File.getCanonicalPath twice to improve performance (#3325)
Fix MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR and MC_OVERRIDABLE_METHOD_CALL_IN_CLONE false positive when the overridable method is outside the class (#3328).
Fix NullPointerException thrown from ThrowingExceptions detector (#3337).

Removed

Removed the TLW_TWO_LOCK_NOTIFY, LI_LAZY_INIT_INSTANCE, BRSA_BAD_RESULTSET_ACCESS, BC_NULL_INSTANCEOF, NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR and RCN_REDUNDANT_CHECKED_NULL_COMPARISON deprecated bug patterns.