Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump spotbugs from 4.2.3 to 4.3.0 #335

Merged
merged 1 commit into from
Jul 3, 2021
Merged

Bump spotbugs from 4.2.3 to 4.3.0 #335

merged 1 commit into from
Jul 3, 2021

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jul 2, 2021

Bumps spotbugs from 4.2.3 to 4.3.0.

Release notes

Sourced from spotbugs's releases.

SpotBugs 4.3.0

CHANGELOG

CHECKSUM

file checksum (sha256)
spotbugs-4.3.0-javadoc.jar 58eeba2dcdcfd6f73c5203a5745ab1a120ded4df484a6d70124a1dcc0573b37f
spotbugs-4.3.0-sources.jar ab8847620bd47be9f20cad53462bce1ae49e5495a75796f9ba8d547a703f346e
spotbugs-4.3.0.tgz bf9687476cebe0876d9a27679af97705a79b3f0f5629519ca6ec086741b6d884
spotbugs-4.3.0.zip a1c59df789b14a423f24127501db1bd6b0ae642f079f7212ff61343cd387d7f0
spotbugs-annotations-4.3.0-javadoc.jar a49426fbd559394d176c7bc81c8b601b496768048ce29e6f36e05dfcc42f6c19
spotbugs-annotations-4.3.0-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar ae576422c3a090adc372a4542214a38e195f62ada906184e773a8916d83ec386
spotbugs-ant-4.3.0-javadoc.jar 150875811f177a99c60e8e7afdc5c5d3e58393f84de2662bc32d0409254688a0
spotbugs-ant-4.3.0-sources.jar c74dec42c0ed0dd1ae02a7410d8e0f0dbbee23e8e7da4a21910863677fcdbc8e
spotbugs-ant.jar 9233e48d37882ae4e7a42e9f42ef4c63d6f802cf8f3b03ba575bee26e5032367
spotbugs.jar c619ef5233ff1115e5b4ceeacd4bed4070a7e5bd95d9c3172b7376cd0cbb1c72
test-harness-4.3.0-javadoc.jar 463ab8a236314d537f3ff78d229ed5a11a56143db18f1e1c87b64c8d93d1eac4
test-harness-4.3.0-sources.jar 2c1f5ef929453f3b682c7eb7c1e22db3082b5f74c5a5be439be5dc31dd7a31aa
test-harness-4.3.0.jar 55d3a590b81ffec48293a76c45c0695914b405bf9f02bfb930e3ab99b5867d4f
test-harness-core-4.3.0-javadoc.jar b817f0ca2af5fd603ffdf4d95e5071961a2cb2552bbb9403cf1f5390ca0a37c9
test-harness-core-4.3.0-sources.jar f320f5eb4069e9686b760b2a6a0760989753225f9e9ce1226e3258ec64795d8a
test-harness-core-4.3.0.jar cbec03867e077079d011e85f9932fb230fae3d909f741cffaa4c8097e91fdf40
test-harness-jupiter-4.3.0-javadoc.jar 4edbdf0a8293458c1356c0bec95ee7c4e4307e62641127593f8443ba8ddee63b
test-harness-jupiter-4.3.0-sources.jar 210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.3.0.jar 17e8d78d1868f86e63f3e5e3d878e86f3d7fb1b8cf1a8d5f893333c982bfd3e2
Changelog

Sourced from spotbugs's changelog.

4.3.0 - 2021-07-01

Fixed

  • MS_EXPOSE_REP and EI_EXPOSE_REP are now reported for code returning a reference to a mutable object indirectly (e.g. via a local variable)

Changed

  • Bump ObjectWeb ASM from 9.1 to 9.2 supporting JDK 18 (#1591)
  • Bump Saxon-HE from 10.3 to 10.5 (#1513)
  • Bump gson from 2.8.6 to 2.8.7 (#1556)
  • Function mutableSignature() improved and factored out from the MutableStaticFields detector

Added

  • New bugs MS_EXPOSE_BUF, EI_EXPOSE_BUF, EI_EXPOSE_STATIC_BUF2 and EI_EXPOSE_BUF2 by the FindReturnRef detector to detect cases where buffers or their backing arrays are exposed (see SEI CERT rule FIO05-J)
  • MS_EXPOSE_REP, EI_EXPOSE_REP, EI_EXPOSE_STATIC_REP2 and EI_EXPOSE_REP2 now report for shallowly copied arrays (using clone()) of mutable objects
Commits
  • 0dfbd81 chore: release v4.3.0
  • 4d10878 docs: add a missing CHANGELOG entry for #1591
  • 5f32372 build(deps): bump asmVersion from 9.1 to 9.2
  • e8e054a Mutable array clones (#1582)
  • 67835f5 build(deps): bump mockito-core from 3.11.1 to 3.11.2
  • 4ecab4b build(deps): bump com.diffplug.spotless from 5.13.0 to 5.14.0
  • daba7a1 build(deps): bump checker-qual from 3.14.0 to 3.15.0
  • e2daa30 Constants changed to SCREAMING_SNAKE_CASE and a typo fixed in the error messa...
  • 9467880 Pattern matching optimized; typos and grammar errors fixed in the descriptions
  • abc2ae2 Extend FindReturnRef to warn for exposing buffers
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump spotbugs from 4.2.3 to 4.3.0
555efee 
Bumps [spotbugs](https://github.com/spotbugs/spotbugs) from 4.2.3 to 4.3.0.
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.2.3...4.3.0)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 2, 2021
@hazendaz hazendaz self-assigned this Jul 3, 2021
@hazendaz hazendaz merged commit 7ba7755 into spotbugs Jul 3, 2021
@dependabot dependabot bot deleted the dependabot/maven/com.github.spotbugs-spotbugs-4.3.0 branch July 3, 2021 06:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@hazendaz hazendaz

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@hazendaz