Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump spotbugs from 4.6.0 to 4.7.1 #120

Merged
merged 1 commit into from Jul 12, 2022
Merged

Bump spotbugs from 4.6.0 to 4.7.1 #120

merged 1 commit into from Jul 12, 2022

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 1, 2022
edited

Bumps spotbugs from 4.6.0 to 4.7.1.

Release notes

Sourced from spotbugs's releases.

SpotBugs 4.7.1

CHANGELOG

Fixed

  • Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE on try-with-resources with interface references (#1931) @​dmivankov
  • Fixed NullPointerException thrown by detector FindPotentialSecurityCheckBasedOnUntrustedSource on Kotlin files. (#2041) @​baloghadamsoftware
  • Disabled detector ThrowingExceptions by default to avoid many false positives (#2040) @​iloveeclipse
  • Fixed False positives for THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION and THROWS_METHOD_THROWS_CLAUSE_THROWABLE on evaluating synthetic classes (#2040) @​big-andy-coates
  • Fixed False positive for SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA on proper protection by using static lock for synchronized block, but inside an unsecured (synchronized and not static) method (#2089) @​gonczmisi

CHECKSUM

file checksum (sha256)
spotbugs-4.7.1-javadoc.jar b9562f6c370adc73277c2f7ecd1d72dea1f4961ff8a38b5c9de1df48c98d4727
spotbugs-4.7.1-sources.jar 70e08fd3a294d86f364ddb57fe83e5eebb90eb372766e6c0ad41b1c206f2a7c6
spotbugs-4.7.1.tgz 62195a43af19e998380ea5988dba3bdd5b927acd6a3a47a575578629313ce836
spotbugs-4.7.1.zip 008c98901099114dbb0864bf693f480df4cef83929cf469d37b1cf85a348ae88
spotbugs-annotations-4.7.1-javadoc.jar 8f58cc52f0517b072da3696d6d4b882944699746de63084834d688b9d0ff1102
spotbugs-annotations-4.7.1-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar c267764c59c7cbd2e6becebeb7c848cd6dfe23a28a76ea3bc6ccea5cce60932e
spotbugs-ant-4.7.1-javadoc.jar cbd76c1382c887e0f73426646f2b12c867b48a607ccd2eb6618125ab672e9296
spotbugs-ant-4.7.1-sources.jar ce7cfbed848ccb0e3765cec6b9c60c458699aa51f60ad9216cf89dbf38d8d793
spotbugs-ant.jar b866a2a89a03b49e60b5f27e0f5987eb8c12c2d2aefc6e9ddcbcdae345c765db
spotbugs.jar a6b689b6695fe64665a056875c0d57b55c07431d5d5193b2ae3971986a114d0e
test-harness-4.7.1-javadoc.jar 5a4e624420abcdb782158b3ce1b0e17c5e5ad3176698c617128897201bceb775
test-harness-4.7.1-sources.jar 7efb06093ea5f6f330a7bd76b894f396d6cb466665fcefc01a3743b07910dc29
test-harness-4.7.1.jar 50b4a72c668ea7d29bf1234b4aa380df903374216f68b0a87f7ca28d4fa225f3
test-harness-core-4.7.1-javadoc.jar 6e8325372c24834f40a73feaba3fc256fdb5e6391ff086d459afd58b0fc1b073
test-harness-core-4.7.1-sources.jar f8aab3c5cdd456d6b6d632e9fc65897e657447a2e925b6b3f61bd2d15c22cb24
test-harness-core-4.7.1.jar 7165f7f45a6e82e8a6d6a0a4033b6473b310c14f645cb62ebc2fbc6ce5338350
test-harness-jupiter-4.7.1-javadoc.jar 83332c275c96e72ecdacf96244baf79a0357dd5c3fdd6143e0b47fc73f153441
test-harness-jupiter-4.7.1-sources.jar 210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.7.1.jar 18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4

SpotBugs 4.7.0

CHANGELOG

Changed

  • Updated documentation by adding parenthesis () to the negative odd check message (#1995) @​axkr
  • Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024) @​gtoison

Fixed

  • Fixed reports to truncate existing files before writing new content (#1950) @​sdati
  • Fixed traversal of nested archives governed by -nested:true (#1930) @​Vogel612
  • Warnings of deprecated System::setSecurityManager calls on Java 17 (#1983) @​wborn
  • Fixed false positive SSD bug for locking on java.lang.Class objects (#1978) @​jpschewe
  • FindReturnRef throws an IllegalArgumentException unexpectedly (#2019) @​KengoTODA
  • Bumped Saxon-HE from 10.6 to 11.3 (#1955, #1999)
  • Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#2004)

Added

  • New detector ThrowingExceptions and introduced new bug types @​oroszbd

... (truncated)

Changelog

Sourced from spotbugs's changelog.

4.7.1 - 2022-06-26

Fixed

  • Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE on try-with-resources with interface references (#1931)
  • Fixed NullPointerException thrown by detector FindPotentialSecurityCheckBasedOnUntrustedSource on Kotlin files. (#2041)
  • Disabled detector ThrowingExceptions by default to avoid many false positives (#2040)
  • Fixed False positives for THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION and THROWS_METHOD_THROWS_CLAUSE_THROWABLE on evaluating synthetic classes (#2040)
  • Fixed False positive for SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA on proper protection by using static lock for synchronized block, but inside an unsecured (synchronized and not static) method (#2089)

4.7.0 - 2022-04-14

Changed

  • Updated documentation by adding parenthesis () to the negative odd check message (#1995)
  • Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024)

Fixed

  • Fixed reports to truncate existing files before writing new content (#1950)
  • Bumped Saxon-HE from 10.6 to 11.3 (#1955, #1999)
  • Fixed traversal of nested archives governed by -nested:true (#1930)
  • Warnings of deprecated System::setSecurityManager calls on Java 17 (#1983)
  • Fixed false positive SSD bug for locking on java.lang.Class objects (#1978)
  • FindReturnRef throws an IllegalArgumentException unexpectedly (#2019)
  • Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#2004)

Added

  • New detector ThrowingExceptions and introduced new bug types:
    • THROWS_METHOD_THROWS_RUNTIMEEXCEPTION is reported in case of a method throwing RuntimeException,
    • THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION is reported when a method has Exception in its throws clause and
    • THROWS_METHOD_THROWS_CLAUSE_THROWABLE is reported when a method has Throwable in its throws clause (See SEI CERT ERR07-J)
  • New rule PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS to warn for custom class loaders who do not call their superclasses' getPermissions() in their getPermissions() method. This rule based on the SEI CERT rule SEC07-J Call the superclass's getPermissions() method when writing a custom class loader. (#SEC07-J)
  • New rule USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on SEC02-J. Do not base security checks on untrusted sources. (#SEC02-J)
  • New detector DontUseFloatsAsLoopCounters to detect usage of floating-point variables as loop counters (FL_FLOATS_AS_LOOP_COUNTERS), according to SEI CERT rules NUM09-J. Do not use floating-point variables as loop counters
  • New test detector ViewCFG to visualize the control-flow graph for SpotBugs developers
Commits
  • c133f55 release 4.7.1
  • cd62d7d build(deps): bump goomph from 3.37.0 to 3.37.1 in /buildSrc
  • 356240a build(deps): bump mockito-core from 4.5.1 to 4.6.1
  • 1fe1480 FindPotentialSecurityCheckBasedOnUntrustedSource throws an exception on class...
  • 3edd139 Fixed false positive SSD bug for secured synchronized block inside unsecured ...
  • f604ccd build(deps): bump com.github.spotbugs from 5.0.7 to 5.0.8
  • e4d21b9 build(deps): bump goomph from 3.36.2 to 3.37.0 in /buildSrc
  • 141e207 build(deps): bump org.sonarqube from 3.3 to 3.4.0.2513
  • b9cce6a build: stop using textlint
  • 1e97e5f build(deps): bump com.gradle.enterprise from 3.10 to 3.10.2
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 1, 2022
@dependabot dependabot bot mentioned this pull request Jul 1, 2022
Closed
@garydgregory
Copy link
Member

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/maven/com.github.spotbugs-spotbugs-4.7.1 branch from 314744a to 88a34fc Compare July 11, 2022 14:32
@dependabot
Bump spotbugs from 4.6.0 to 4.7.1
25a5799 
Bumps [spotbugs](https://github.com/spotbugs/spotbugs) from 4.6.0 to 4.7.1.
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.6.0...4.7.1)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/maven/com.github.spotbugs-spotbugs-4.7.1 branch from 88a34fc to 25a5799 Compare July 11, 2022 14:34
@garydgregory garydgregory merged commit bb87d99 into master Jul 12, 2022
@garydgregory garydgregory deleted the dependabot/maven/com.github.spotbugs-spotbugs-4.7.1 branch July 12, 2022 14:09
garydgregory added a commit that referenced this pull request Jul 12, 2022
@garydgregory
Bump spotbugs from 4.6.0 to 4.7.1 #120
0cadfb7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
1 participant
@garydgregory