Bump spotbugs from 4.4.2 to 4.5.0

[dependabot]

Bumps spotbugs from 4.4.2 to 4.5.0.

Release notes

Sourced from spotbugs's releases.

SpotBugs 4.5.0

CHANGELOG

Changed

• Replace "分析" with "解析" in Japanese document (#1573) @​KengoTODA
• Add a section to document how to integrate find-sec-bugs into spotbugs-maven-plugin (#540) @​luana-martins
• Bump gson from 2.8.8 to 2.8.9 (#1784)
• Changes related to dominators analysis in package edu.umd.cs.findbugs.classfile.engine.bcel (#1741): @​gamesh411
  • DominatorsAnalysisFactory renamed to NonExceptionDominatorsAnalysisFactory (clarification)
  • NonExceptionPostdominatorsAnalysisFactory renamed to NonExceptionPostDominatorsAnalysisFactory (spelling)
  • NonImplicitExceptionDominatorsAnalysis introduced (API consistency)

Added

• Rule DCN_NULLPOINTER_EXCEPTION covers catching NullPointerExceptions in accordance with SEI Cert rule ERR08-J (#1740) @​gamesh411
• Multiple types of report can be generated in batch. Set multiple commandline options for report configuration like -html=report/spotbugs.html -xml:withMessages=report/spotbugs.xml. @​KengoTODA
• New rule REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS to detect public methods instantiating a class they get in their parameter. This rule based on the SEI CERT rule SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields. (#SEC05-J) @​baloghadamsoftware
• New detector FindOverridableMethodCall to detect invocation of overridable method in constructors (MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR) and clone() method (MC_OVERRIDABLE_METHOD_CALL_IN_CLONE), according to SEI CERT rules MET05-J. Ensure that constructors do not call overridable methods and MET06-J. Do not invoke overridable methods in clone(). @​baloghadamsoftware
• Translation of online manual to Brazilian Portuguese (PT-BR). @​luana-martins

Fixed

• False negative about the rule ES_COMPARING_STRINGS_WITH_EQ (#1764) @​KengoTODA
• False negative about the rule IM_MULTIPLYING_RESULT_OF_IREM (#1498)(spotbugs/spotbugs#1498) @​ecxia

Deprecated

• -output command line option is deprecated. Use command line options for report configuration like -xml=spotbugs.xml instead.

CHECKSUM

file	checksum (sha256)
spotbugs-4.5.0-javadoc.jar	6f11c4d1aa5ad3f77f8d63b7ded099547d2010ee725c6c1d4eb512735726ca69
spotbugs-4.5.0-sources.jar	4bf5daff85cf2e7fbc1b0950be87d7933f1bb80756cf9f55c534a63f07551eb9
spotbugs-4.5.0.tgz	327d5e36afa223737e871114e173c6f2d4543e22c6167bc7825001a752a3cf31
spotbugs-4.5.0.zip	988c43c5c36f3799fe9a0cf9714f95940a2d60764a9aa0af3e6ccc137106b97e
spotbugs-annotations-4.5.0-javadoc.jar	76c580b054ce653658d747fcf8aa76d5934f119f2f988cec2e9feafb3f6b9bed
spotbugs-annotations-4.5.0-sources.jar	b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar	65199ea3fe5dc4d106e30ebf67a92c7c816da816563d75c8ea6da1f0ff662857
spotbugs-ant-4.5.0-javadoc.jar	c12a84e031a3ec5a0fd405e1f696f8e32ddd4a43769eb8dd145b77383e0b5506
spotbugs-ant-4.5.0-sources.jar	c74dec42c0ed0dd1ae02a7410d8e0f0dbbee23e8e7da4a21910863677fcdbc8e
spotbugs-ant.jar	b6e73b68e441c001dc42754c73b811625915ae9a759e1ed719df095b41f2979a
spotbugs.jar	7063b740850a27bafbfd2d4528bec2faf2ebef9845a96efea47e15ccbc8a9317
test-harness-4.5.0-javadoc.jar	a702b967a60c96994963921c8c3f4a98b17adf400bc6740cda46b58edf2e183e
test-harness-4.5.0-sources.jar	2c1f5ef929453f3b682c7eb7c1e22db3082b5f74c5a5be439be5dc31dd7a31aa
test-harness-4.5.0.jar	45ca0e944ee5704318d79f67815cde7ca5f7fb22814e325d00e2d25d9b552659
test-harness-core-4.5.0-javadoc.jar	094550ca7cbd658e6b0dad428414cc47c3cfecc6d195abb90fc56c9174f2d047
test-harness-core-4.5.0-sources.jar	f320f5eb4069e9686b760b2a6a0760989753225f9e9ce1226e3258ec64795d8a
test-harness-core-4.5.0.jar	fd1a0c06a5eaff50ed0953d42fb7d69a41031c6a6630ad5e47c38a9f0eaca285
test-harness-jupiter-4.5.0-javadoc.jar	507afd57f7fc6c619308c46989efa06aa4a99f1ccd9d9ef4b5aa1b2f3e51f656
test-harness-jupiter-4.5.0-sources.jar	210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.5.0.jar	18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4

Changelog

Sourced from spotbugs's changelog.

4.5.0 - 2021-11-05

Changed

• Replace "分析" with "解析" in Japanese document (#1573)
• Add a section to document how to integrate find-sec-bugs into spotbugs-maven-plugin (#540)
• Bump gson from 2.8.8 to 2.8.9 (#1784)
• Changes related to dominators analysis in package edu.umd.cs.findbugs.classfile.engine.bcel (#1741):
  • DominatorsAnalysisFactory renamed to NonExceptionDominatorsAnalysisFactory (clarification)
  • NonExceptionPostdominatorsAnalysisFactory renamed to NonExceptionPostDominatorsAnalysisFactory (spelling)
  • NonImplicitExceptionDominatorsAnalysis introduced (API consistency)

Added

• Rule DCN_NULLPOINTER_EXCEPTION covers catching NullPointerExceptions in accordance with SEI Cert rule ERR08-J (#1740)
• Multiple types of report can be generated in batch. Set multiple commandline options for report configuration like -html=report/spotbugs.html -xml:withMessages=report/spotbugs.xml.
• New rule REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS to detect public methods instantiating a class they get in their parameter. This rule based on the SEI CERT rule SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields. (#SEC05-J)
• New detector FindOverridableMethodCall to detect invocation of overridable method in constructors (MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR) and clone() method (MC_OVERRIDABLE_METHOD_CALL_IN_CLONE), according to SEI CERT rules MET05-J. Ensure that constructors do not call overridable methods and MET06-J. Do not invoke overridable methods in clone().
• Translation of online manual to Brazilian Portuguese (PT-BR).

Fixed

• False negative about the rule ES_COMPARING_STRINGS_WITH_EQ (#1764)
• False negative about the rule IM_MULTIPLYING_RESULT_OF_IREM (#1498)(spotbugs/spotbugs#1498)

Deprecated

• -output commandline option is deprecated. Use commandline options for report configuration like -xml=spotbugs.xml instead.

Commits

• 5cc5fc9 release the next minor release v4.5.0
• 92d7552 Add RTD translation to Brazilian Portuguese (PT-BR) (#1796)
• c6ba152 Extend detector FindOverridableMethodCall to detect indirect cases (#1716)
• 085339f Add new rule REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS (#1541)
• 3088491 reproduce and fix #1498
• 454be6a build(deps): bump error_prone_annotations from 2.9.0 to 2.10.0
• d63e473 Rename DominatorsAnalysis to reflect exception handling strategy (#1741)
• 6882383 Support generating multiple bug reports (#1776)
• cf0b796 chore(dev-deps): upgrade SpotBugs gradle plugin to the beta6
• 342f215 build(deps): bump gson from 2.8.8 to 2.8.9 (#1784)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)