Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Bump spotbugs-annotations from 3.1.12 to 4.3.0 #186

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump spotbugs-annotations from 3.1.12 to 4.3.0 #186

wants to merge 1 commit into from

Conversation

dependabot-preview[bot]
Copy link
Contributor

Bumps spotbugs-annotations from 3.1.12 to 4.3.0.

Release notes

Sourced from spotbugs-annotations's releases.

SpotBugs 4.3.0

CHANGELOG

CHECKSUM

file checksum (sha256)
spotbugs-4.3.0-javadoc.jar 58eeba2dcdcfd6f73c5203a5745ab1a120ded4df484a6d70124a1dcc0573b37f
spotbugs-4.3.0-sources.jar ab8847620bd47be9f20cad53462bce1ae49e5495a75796f9ba8d547a703f346e
spotbugs-4.3.0.tgz bf9687476cebe0876d9a27679af97705a79b3f0f5629519ca6ec086741b6d884
spotbugs-4.3.0.zip a1c59df789b14a423f24127501db1bd6b0ae642f079f7212ff61343cd387d7f0
spotbugs-annotations-4.3.0-javadoc.jar a49426fbd559394d176c7bc81c8b601b496768048ce29e6f36e05dfcc42f6c19
spotbugs-annotations-4.3.0-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar ae576422c3a090adc372a4542214a38e195f62ada906184e773a8916d83ec386
spotbugs-ant-4.3.0-javadoc.jar 150875811f177a99c60e8e7afdc5c5d3e58393f84de2662bc32d0409254688a0
spotbugs-ant-4.3.0-sources.jar c74dec42c0ed0dd1ae02a7410d8e0f0dbbee23e8e7da4a21910863677fcdbc8e
spotbugs-ant.jar 9233e48d37882ae4e7a42e9f42ef4c63d6f802cf8f3b03ba575bee26e5032367
spotbugs.jar c619ef5233ff1115e5b4ceeacd4bed4070a7e5bd95d9c3172b7376cd0cbb1c72
test-harness-4.3.0-javadoc.jar 463ab8a236314d537f3ff78d229ed5a11a56143db18f1e1c87b64c8d93d1eac4
test-harness-4.3.0-sources.jar 2c1f5ef929453f3b682c7eb7c1e22db3082b5f74c5a5be439be5dc31dd7a31aa
test-harness-4.3.0.jar 55d3a590b81ffec48293a76c45c0695914b405bf9f02bfb930e3ab99b5867d4f
test-harness-core-4.3.0-javadoc.jar b817f0ca2af5fd603ffdf4d95e5071961a2cb2552bbb9403cf1f5390ca0a37c9
test-harness-core-4.3.0-sources.jar f320f5eb4069e9686b760b2a6a0760989753225f9e9ce1226e3258ec64795d8a
test-harness-core-4.3.0.jar cbec03867e077079d011e85f9932fb230fae3d909f741cffaa4c8097e91fdf40
test-harness-jupiter-4.3.0-javadoc.jar 4edbdf0a8293458c1356c0bec95ee7c4e4307e62641127593f8443ba8ddee63b
test-harness-jupiter-4.3.0-sources.jar 210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.3.0.jar 17e8d78d1868f86e63f3e5e3d878e86f3d7fb1b8cf1a8d5f893333c982bfd3e2

SpotBugs 4.2.3

CHANGELOG

CHECKSUM

file checksum (sha256)
spotbugs-4.2.3-javadoc.jar af6c914147a905ab3f005e3d4fc648dee8a43db257add100880fdf5a6df192d4
spotbugs-4.2.3-sources.jar 402c3719be17797cdac702d3fdfd54667242870270dd5593d1ea2b35c9719ebc
spotbugs-4.2.3.tgz 58aebdef157dea61a4a92dd872a54725d052f82e8cae057e9714403d5d403291
spotbugs-4.2.3.zip 86a63ca9aeaeb3ed013a48bdb879a052dff35f1f7049dc0607569292b8bf7fb3
spotbugs-annotations-4.2.3-javadoc.jar 2ae44e915d95c92adbda4c982ee97454472ea06e9422cb4f52bb8ab862a7e9c2
spotbugs-annotations-4.2.3-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar 2c84c2e379bfc173720c4e993b648f2b98339c47d17c46850f3c1c227fc17f78
spotbugs-ant-4.2.3-javadoc.jar f1c1d4c5281944c90af104ea0333fee1473a709f7e2cc42eb12615c5bb2659b2
spotbugs-ant-4.2.3-sources.jar c74dec42c0ed0dd1ae02a7410d8e0f0dbbee23e8e7da4a21910863677fcdbc8e
spotbugs-ant.jar 9233e48d37882ae4e7a42e9f42ef4c63d6f802cf8f3b03ba575bee26e5032367
spotbugs.jar f13a9d0e8f64d7b0f1aa1252a01de0a1de70f74bfc6972549a8e6a04acde6360
test-harness-4.2.3-javadoc.jar 00fd4a2e5f7d1ecfb3a682477e3e102dca47738d8f8d73eb61be5dbe20471e8a
test-harness-4.2.3-sources.jar 2c1f5ef929453f3b682c7eb7c1e22db3082b5f74c5a5be439be5dc31dd7a31aa
test-harness-4.2.3.jar 55d3a590b81ffec48293a76c45c0695914b405bf9f02bfb930e3ab99b5867d4f
test-harness-core-4.2.3-javadoc.jar 090d963c3c9a130d465958d98d9f2945919d24419194c12a497fb83bc146f15a

... (truncated)

Changelog

Sourced from spotbugs-annotations's changelog.

4.3.0 - 2021-07-01

Fixed

  • MS_EXPOSE_REP and EI_EXPOSE_REP are now reported for code returning a reference to a mutable object indirectly (e.g. via a local variable)

Changed

  • Bump ObjectWeb ASM from 9.1 to 9.2 supporting JDK 18 (#1591)
  • Bump Saxon-HE from 10.3 to 10.5 (#1513)
  • Bump gson from 2.8.6 to 2.8.7 (#1556)
  • Function mutableSignature() improved and factored out from the MutableStaticFields detector

Added

  • New bugs MS_EXPOSE_BUF, EI_EXPOSE_BUF, EI_EXPOSE_STATIC_BUF2 and EI_EXPOSE_BUF2 by the FindReturnRef detector to detect cases where buffers or their backing arrays are exposed (see SEI CERT rule FIO05-J)
  • MS_EXPOSE_REP, EI_EXPOSE_REP, EI_EXPOSE_STATIC_REP2 and EI_EXPOSE_REP2 now report for shallowly copied arrays (using clone()) of mutable objects

4.2.3 - 2021-04-12

Fixed

  • Inconsistency in the description of DLS_DEAD_LOCAL_INCREMENT_IN_RETURN, VO_VOLATILE_INCREMENT and QF_QUESTIONABLE_FOR_LOOP (#1470)
  • Should issue warning for SecureRandom object created and used only once (#1464)
  • False positive OBL_UNSATIFIED_OBLIGATION with try with resources (#79)
  • SA_LOCAL_SELF_COMPUTATION bug (#1472)
  • False positive EQ_UNUSUAL with record classes (#1367)

4.2.2 - 2021-03-03

Fixed

  • UWF_NULL_FIELD doesn't report line number (#1368)
  • UnsupportedOperationException in BugRanker.trimToMaxRank (#1161)

Changed

  • Bump ASM from 9.0 to 9.1 supporting JDK17
  • Bump commons-lang from 3.11 to 3.12.0
  • Replace org.json:json:20201115 with com.google.code.gson:gson:2.8.6

4.2.1 - 2021-02-04

Fixed

  • Invalid HTML in the description of LI_LAZY_INIT_UPDATE_STATIC bug pattern (#1383)
  • NP_NONNULL_PARAM_VIOLATION false-positive in CompletableFuture.completedStage(value) (#1397)

Changed

  • Bump json from 20200518 to 20201115 (#1384)

4.2.0 - 2020-11-28

Fixed

  • spotbugs reports VO_VOLATILE_REFERENCE_TO_ARRAY in synthetic code generated by Eclipse 4.17+ Java compiler (#1313)
  • spotbugs reports DM_BOXED_PRIMITIVE_FOR_PARSING for Double and Float (previously only reported for Integer and Long) (#744)
  • sarif report not showing correctly the physical and logical location (#1281)

... (truncated)

Commits
  • 0dfbd81 chore: release v4.3.0
  • 4d10878 docs: add a missing CHANGELOG entry for #1591
  • 5f32372 build(deps): bump asmVersion from 9.1 to 9.2
  • e8e054a Mutable array clones (#1582)
  • 67835f5 build(deps): bump mockito-core from 3.11.1 to 3.11.2
  • 4ecab4b build(deps): bump com.diffplug.spotless from 5.13.0 to 5.14.0
  • daba7a1 build(deps): bump checker-qual from 3.14.0 to 3.15.0
  • e2daa30 Constants changed to SCREAMING_SNAKE_CASE and a typo fixed in the error messa...
  • 9467880 Pattern matching optimized; typos and grammar errors fixed in the descriptions
  • abc2ae2 Extend FindReturnRef to warn for exposing buffers
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Automerge options (never/patch/minor, and dev/runtime dependencies)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

@dependabot-preview
Bump spotbugs-annotations from 3.1.12 to 4.3.0
a8de0da 
Bumps [spotbugs-annotations](https://github.com/spotbugs/spotbugs) from 3.1.12 to 4.3.0.
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@3.1.12...4.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
@dependabot-preview dependabot-preview bot added the dependencies Pull requests that update a dependency file label Jul 2, 2021
@dependabot-preview dependabot-preview bot mentioned this pull request Jul 2, 2021
Closed
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants