Bump com.github.spotbugs:spotbugs from 4.2.3 to 4.8.5

[dependabot]

Bumps com.github.spotbugs:spotbugs from 4.2.3 to 4.8.5.

Release notes

Sourced from com.github.spotbugs:spotbugs's releases.

SpotBugs 4.8.5

CHANGELOG

Fixed

• Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED with eager instances (spotbugs/spotbugs#2932)
• Fix FPs when looking for multiple initialization of Singletons (spotbugs/spotbugs#2934)
• Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches when switch instruction is TABLESWITCH(spotbugs/spotbugs#2736)
• Fix FP SE_BAD_FIELD for record fields (spotbugs/spotbugs#2935)

CHECKSUM

file	checksum (sha256)
spotbugs-4.8.5-javadoc.jar	c8abae80768a5cd98bb09d13ae8baee1258efaf673e4c21688a581a8bc55cbe6
spotbugs-4.8.5-sources.jar	c21daa57e931c0ea342de685884251e198ea3a48993a6d4c0ac8a9513fc8dd89
spotbugs-4.8.5.tgz	c514054fd8f81f242ac6d64871d30bdb7b79cb49be7bd6b58067484efae8bfa0
spotbugs-4.8.5.zip	a4b7bad5bb8d2d3cdc42b07d6cdd2a0d7864c0b24732120426d0002df4a9dd0f
spotbugs-annotations-4.8.5-javadoc.jar	5e35895e56ea0c2c4beb71a5b6962070d7a7092a79297419482c123c14324096
spotbugs-annotations-4.8.5-sources.jar	b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar	6e63acb693f156e4fb79151b88f9eebe731b4da65fe12843503613e0d6e6f68d
spotbugs-ant-4.8.5-javadoc.jar	b2807de49cc2e6d733285be3c22a4ef5a51cc95e266b6b93174fc41968eb7738
spotbugs-ant-4.8.5-sources.jar	9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar	a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar	4b0809797d9e05685ef97ec92c9ae1fdabf9e63368948a66badd934183b807d0
test-harness-4.8.5-javadoc.jar	f5c977da2391ef6b7237e3b89a9be56ff82fdbe4d7c59c4f1f854e79fb28142d
test-harness-4.8.5-sources.jar	76788749afa9e2a8d6c39231f683bd8e3faab26947975c751c0ab0fbdfc3c17a
test-harness-4.8.5.jar	04c7c8e778a1688ab9636ab58b55f1236ae99bb5428a934a7ba0f54857263c74
test-harness-core-4.8.5-javadoc.jar	9258f6be3c3a1a4103b268b3c528a7ed0530c54b83d10bccb3c20aed6e38d2ec
test-harness-core-4.8.5-sources.jar	f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.5.jar	30c2b71900f38b77fb0e4a788b8ae1ea5b9e54f42636111576e338085c9c53dd
test-harness-jupiter-4.8.5-javadoc.jar	18e10f9ae7f4c88a8a7790d4ea5e9422901c6a84a768e6961b6d8ce2bc07b9ea
test-harness-jupiter-4.8.5-sources.jar	0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.5.jar	94c5ceecb79b93f5e357b5d9805f0a7a22536a52c70a376182faa14923d86021

SpotBugs 4.8.4

CHANGELOG

Fixed

• Fix FP in SE_PREVENT_EXT_OBJ_OVERWRITE when the if statement checking for null value, checking multiple variables or the method exiting in the if branch with an exception. (#2750)
• Fix possible null value in taxonomies of SARIF output (#2744)
• Fix executionSuccessful flag in SARIF report being set to false when bugs were found (#2116)
• Move information contained in the SARIF property exitSignalName to exitCodeDescription (#2739)
• Do not report SE_NO_SERIALVERSIONID or other serialization issues for records (#2793)
• Added support for CONSTANT_Dynamic (#2759)
• Ignore generic variable types when looking for BC_UNCONFIRMED_CAST_OF_RETURN_VALUE (#1219)
• Do not report BC_UNCONFIRMED_CAST for Java 21's type switches (#2813)
• Remove AppleExtension library (note: menus slightly changed) (#2823)
• Fix false positive NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE even if Objects.requireNonNull is used. (#651, #456)
• Fixed error preventing SpotBugs from reporting FE_FLOATING_POINT_EQUALITY (#2843)
• Fixed NP_LOAD_OF_KNOWN_NULL_VALUE and RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE false positives in try-with-resources generated finally blocks (#2844)

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs's changelog.

4.8.5 - 2024-05-03

Fixed

• Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED with eager instances (#2932)
• Fix FPs when looking for multiple initialization of Singletons (#2934)
• Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches when switch instruction is TABLESWITCH(#2736)
• Fix FP SE_BAD_FIELD for record fields ([dynamodb: Ability to override the table name #2935]spotbugs/spotbugs#2935)

4.8.4 - 2024-04-07

Fixed

• Fix FP in SE_PREVENT_EXT_OBJ_OVERWRITE when the if statement checking for null value, checking multiple variables or the method exiting in the if branch with an exception. (#2750)
• Fix possible null value in taxonomies of SARIF output (#2744)
• Fix executionSuccessful flag in SARIF report being set to false when bugs were found (#2116)
• Move information contained in the SARIF property exitSignalName to exitCodeDescription (#2739)
• Do not report SE_NO_SERIALVERSIONID or other serialization issues for records (#2793)
• Added support for CONSTANT_Dynamic (#2759)
• Ignore generic variable types when looking for BC_UNCONFIRMED_CAST_OF_RETURN_VALUE (#1219)
• Do not report BC_UNCONFIRMED_CAST for Java 21's type switches (#2813)
• Remove AppleExtension library (note: menus slightly changed) (#2823)
• Fix false positive NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE even if Objects.requireNonNull is used. (#651, #456)
• Fixed error preventing SpotBugs from reporting FE_FLOATING_POINT_EQUALITY (#2843)
• Fixed NP_LOAD_OF_KNOWN_NULL_VALUE and RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE false positives in try-with-resources generated finally blocks (#2844)
• Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches (#2828)
• Update UnreadFields detector to ignore warnings for fields with certain annotations (#574)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with @​PostConstruct, @​BeforeEach, etc. (#2872 #2870 #453)
• Do not report DLS_DEAD_LOCAL_STORE for Hibernate bytecode enhancements (#2865)
• Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positives due to source code formatting (#2874)
• Added more nullability annotations in TypeQualifierResolver (#2558 #2694)
• Improved the bug description for VA_FORMAT_STRING_USES_NEWLINE when using text blocks, check the usage of String.formatted() (#2881)
• Fixed crash in ValueRangeAnalysisFactory when looking for redundant conditions used in assertions #2887)
• Revert again commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
• Fixed false positive MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR when referencing but not calling an overridable method #2837)
• Update the filter XSD namespace and location for the upcoming 4.8.4 release #2909)

Added

• New detector MultipleInstantiationsOfSingletons and introduced new bug types:
  • SING_SINGLETON_HAS_NONPRIVATE_CONSTRUCTOR is reported in case of a non-private constructor,
  • SING_SINGLETON_IMPLEMENTS_CLONEABLE is reported in case of a class directly implementing the Cloneable interface,
  • SING_SINGLETON_INDIRECTLY_IMPLEMENTS_CLONEABLE is reported when a class indirectly implements the Cloneable interface,
  • SING_SINGLETON_IMPLEMENTS_CLONE_METHOD is reported when a class does not implement the Cloneable interface, but has a clone() method,
  • SING_SINGLETON_IMPLEMENTS_SERIALIZABLE is reported when a class directly or indirectly implements the Serializable interface and
  • SING_SINGLETON_GETTER_NOT_SYNCHRONIZED is reported when the instance-getter method of the singleton class is not synchronized. (See SEI CERT MSC07-J)
• Extend FindOverridableMethodCall detector with new bug type: MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT. It's reported when an overridable method is called from readObject(), according to SEI CERT rule SER09-J. Do not invoke overridable methods from the readObject() method.

Changed

• Minor cleanup in connection with slashed and dotted names (#2805)

Build

• Fix sonar coverage for project (#2796)
• Upgraded the build to compile bug samples using Java 21 language features (#2813)

... (truncated)

Commits

• 1dbd799 release v4.8.5
• 3d69e18 fix(deps): update dependency com.google.errorprone:error_prone_annotations to...
• 0a55a48 fix(deps): update dependency org.checkerframework:checker-qual to v3.43.0 (#2...
• 73f951c fix(deps): update dependency com.google.guava:guava to v33.2.0-jre (#2977)
• 7120077 chore(deps): update plugin com.github.spotbugs to v6.0.13 (#2974)
• bdc61bd fix(deps): update dependency checkstyle to v10.16.0 (#2973)
• 3f79bad fix(deps): update dependency org.testng:testng to v7.10.2 (#2972)
• bebfdf8 Fix FPs with multiple initialization of Singletons (#2951)
• e8a364a fix(deps): update dependency org.apache.bcel:bcel to v6.9.0 (#2971)
• dd05438 fix(deps): update dependency com.google.errorprone:error_prone_annotations to...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)