Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Bump spotbugs from 4.6.0 to 4.7.0 #315

Closed
wants to merge 1 commit into from
Closed

Bump spotbugs from 4.6.0 to 4.7.0 #315

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 5, 2022
edited
Loading

Bumps spotbugs from 4.6.0 to 4.7.0.

Release notes

Sourced from spotbugs's releases.

SpotBugs 4.7.0

CHANGELOG

Changed

  • Updated documentation by adding parenthesis () to the negative odd check message (#1995) @​axkr
  • Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024) @​gtoison

Fixed

  • Fixed reports to truncate existing files before writing new content (#1950) @​sdati
  • Fixed traversal of nested archives governed by -nested:true (#1930) @​Vogel612
  • Warnings of deprecated System::setSecurityManager calls on Java 17 (#1983) @​wborn
  • Fixed false positive SSD bug for locking on java.lang.Class objects (#1978) @​jpschewe
  • FindReturnRef throws an IllegalArgumentException unexpectedly (#2019) @​KengoTODA
  • Bumped Saxon-HE from 10.6 to 11.3 (#1955, #1999)
  • Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#2004)

Added

  • New detector ThrowingExceptions and introduced new bug types @​oroszbd
    • THROWS_METHOD_THROWS_RUNTIMEEXCEPTION is reported in case of a method throwing RuntimeException,
    • THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION is reported when a method has Exception in its throws clause and
    • THROWS_METHOD_THROWS_CLAUSE_THROWABLE is reported when a method has Throwable in its throws clause (See SEI CERT ERR07-J)
  • New rule PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS to warn for custom class loaders who do not call their superclasses' getPermissions() in their getPermissions() method. This rule based on the SEI CERT rule SEC07-J Call the superclass's getPermissions() method when writing a custom class loader. (#SEC07-J) @​baloghadamsoftware
  • New rule USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on SEC02-J. Do not base security checks on untrusted sources. (#SEC02-J) @​baloghadamsoftware
  • New detector DontUseFloatsAsLoopCounters to detect usage of floating-point variables as loop counters (FL_FLOATS_AS_LOOP_COUNTERS), according to SEI CERT rules NUM09-J. Do not use floating-point variables as loop counters @​adrianturtoczki
  • New test detector ViewCFG to visualize the control-flow graph for SpotBugs developers @​baloghadamsoftware

CHECKSUM

file checksum (sha256)
spotbugs-4.7.0-javadoc.jar 43745221e8fdf50fa2f89d659034523dd58da3d10223de6e0c91704c07e025a0
spotbugs-4.7.0-sources.jar 6e90f856826b48a3031e2cb903534b4fdb494759863ea14e8df93c9cf15a272c
spotbugs-4.7.0.tgz 8c871e279c7d9b1933158db6355b8ac817a84fd724b88b1e393e3abcf6874910
spotbugs-4.7.0.zip 9ee793b0f3f78901089211dfa67b8603e38fd1abd64eac09d2590df506cfedf5
spotbugs-annotations-4.7.0-javadoc.jar 76a9a7d45590494a220840d173809b2fe0ec50e554435dd9b28de9312cc6a34a
spotbugs-annotations-4.7.0-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar 8e6677102aa0de50841644cf9a57d6d503550ad774049a76c75bf157a8beebd5
spotbugs-ant-4.7.0-javadoc.jar 50d84857bbdca54898e93b225835ab25eba9f0a7e340c420ab08bc17bd584f0c
spotbugs-ant-4.7.0-sources.jar ce7cfbed848ccb0e3765cec6b9c60c458699aa51f60ad9216cf89dbf38d8d793
spotbugs-ant.jar b866a2a89a03b49e60b5f27e0f5987eb8c12c2d2aefc6e9ddcbcdae345c765db
spotbugs.jar 94c44d86c83b8fe63b20023e510874aef721b1081982051706e1da841572f295
test-harness-4.7.0-javadoc.jar 3af01af49d74964569fe8ce0e4c217fbfd89e7c02ae5428148b5222e0aec8906
test-harness-4.7.0-sources.jar 7efb06093ea5f6f330a7bd76b894f396d6cb466665fcefc01a3743b07910dc29
test-harness-4.7.0.jar 50b4a72c668ea7d29bf1234b4aa380df903374216f68b0a87f7ca28d4fa225f3
test-harness-core-4.7.0-javadoc.jar 659508cc31a9dfb5c7d4c14981a3f38f476888c7bb08479ac19401ef39201f64
test-harness-core-4.7.0-sources.jar f8aab3c5cdd456d6b6d632e9fc65897e657447a2e925b6b3f61bd2d15c22cb24
test-harness-core-4.7.0.jar 7165f7f45a6e82e8a6d6a0a4033b6473b310c14f645cb62ebc2fbc6ce5338350
test-harness-jupiter-4.7.0-javadoc.jar c0300bac23ce2292be120325515128d2d9262c1f7d71b3bf1c4324b2d6b57753
test-harness-jupiter-4.7.0-sources.jar 210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.7.0.jar 18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4
Changelog

Sourced from spotbugs's changelog.

4.7.0 - 2022-04-14

Changed

  • Updated documentation by adding parenthesis () to the negative odd check message (#1995)
  • Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024)

Fixed

  • Fixed reports to truncate existing files before writing new content (#1950)
  • Bumped Saxon-HE from 10.6 to 11.3 (#1955, #1999)
  • Fixed traversal of nested archives governed by -nested:true (#1930)
  • Warnings of deprecated System::setSecurityManager calls on Java 17 (#1983)
  • Fixed false positive SSD bug for locking on java.lang.Class objects (#1978)
  • FindReturnRef throws an IllegalArgumentException unexpectedly (#2019)
  • Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#2004)

Added

  • New detector ThrowingExceptions and introduced new bug types:
    • THROWS_METHOD_THROWS_RUNTIMEEXCEPTION is reported in case of a method throwing RuntimeException,
    • THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION is reported when a method has Exception in its throws clause and
    • THROWS_METHOD_THROWS_CLAUSE_THROWABLE is reported when a method has Throwable in its throws clause (See SEI CERT ERR07-J)
  • New rule PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS to warn for custom class loaders who do not call their superclasses' getPermissions() in their getPermissions() method. This rule based on the SEI CERT rule SEC07-J Call the superclass's getPermissions() method when writing a custom class loader. (#SEC07-J)
  • New rule USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on SEC02-J. Do not base security checks on untrusted sources. (#SEC02-J)
  • New detector DontUseFloatsAsLoopCounters to detect usage of floating-point variables as loop counters (FL_FLOATS_AS_LOOP_COUNTERS), according to SEI CERT rules NUM09-J. Do not use floating-point variables as loop counters
  • New test detector ViewCFG to visualize the control-flow graph for SpotBugs developers
Commits
  • c6bff34 release v4.7.0
  • 38d2029 docs: bump up version of findsecbugs-plugin in the doc
  • 4e61eac fix: let Plugin implement AutoCloseable
  • 9725e34 CFG Visualizer (implemented as a test detector) (#2014)
  • 85ebe28 Added new detector for NUM09-J: Do not use floating-point variables as loop c...
  • 23f37b9 Fix report output to truncate existing files (#1951)
  • beec2f5 build(deps): bump goomph from 3.36.1 to 3.36.2 in /buildSrc
  • 79aba05 build(deps): bump checker-qual from 3.21.4 to 3.22.0
  • fda53ce build(deps): bump mockito-core from 4.5.0 to 4.5.1
  • 1c74563 build(deps): bump goomph from 3.36.0 to 3.36.1 in /buildSrc
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label May 5, 2022
@alexpdp7 alexpdp7 mentioned this pull request May 5, 2022
Closed
@alexpdp7
Copy link
Owner

alexpdp7 commented May 5, 2022

Blocked by spotbugs/spotbugs#2040 .

@dependabot dependabot bot force-pushed the dependabot/maven/com.github.spotbugs-spotbugs-4.7.0 branch from c247e3b to ecdd81d Compare May 11, 2022 06:43
@dependabot dependabot bot force-pushed the dependabot/maven/com.github.spotbugs-spotbugs-4.7.0 branch from ecdd81d to 72a43e8 Compare May 20, 2022 08:43
@dependabot dependabot bot force-pushed the dependabot/maven/com.github.spotbugs-spotbugs-4.7.0 branch 3 times, most recently from 788f3d3 to 2347d0b Compare June 13, 2022 07:27
@dependabot dependabot bot force-pushed the dependabot/maven/com.github.spotbugs-spotbugs-4.7.0 branch from 2347d0b to 89aab34 Compare June 15, 2022 22:02
@dependabot
Bump spotbugs from 4.6.0 to 4.7.0
38aaf3a 
Bumps [spotbugs](https://github.com/spotbugs/spotbugs) from 4.6.0 to 4.7.0.
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.6.0...4.7.0)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/maven/com.github.spotbugs-spotbugs-4.7.0 branch from 89aab34 to 38aaf3a Compare June 25, 2022 09:47
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 28, 2022

Superseded by #339.

@dependabot dependabot bot closed this Jun 28, 2022
@dependabot dependabot bot deleted the dependabot/maven/com.github.spotbugs-spotbugs-4.7.0 branch June 28, 2022 04:13
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@alexpdp7