Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump spotbugs from 4.6.0 to 4.7.0 #464

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 5, 2022

Bumps spotbugs from 4.6.0 to 4.7.0.

Release notes

Sourced from spotbugs's releases.

SpotBugs 4.7.0

CHANGELOG

Changed

  • Updated documentation by adding parenthesis () to the negative odd check message (#1995) @​axkr
  • Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024) @​gtoison

Fixed

  • Fixed reports to truncate existing files before writing new content (#1950) @​sdati
  • Fixed traversal of nested archives governed by -nested:true (#1930) @​Vogel612
  • Warnings of deprecated System::setSecurityManager calls on Java 17 (#1983) @​wborn
  • Fixed false positive SSD bug for locking on java.lang.Class objects (#1978) @​jpschewe
  • FindReturnRef throws an IllegalArgumentException unexpectedly (#2019) @​KengoTODA
  • Bumped Saxon-HE from 10.6 to 11.3 (#1955, #1999)
  • Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#2004)

Added

  • New detector ThrowingExceptions and introduced new bug types @​oroszbd
    • THROWS_METHOD_THROWS_RUNTIMEEXCEPTION is reported in case of a method throwing RuntimeException,
    • THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION is reported when a method has Exception in its throws clause and
    • THROWS_METHOD_THROWS_CLAUSE_THROWABLE is reported when a method has Throwable in its throws clause (See SEI CERT ERR07-J)
  • New rule PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS to warn for custom class loaders who do not call their superclasses' getPermissions() in their getPermissions() method. This rule based on the SEI CERT rule SEC07-J Call the superclass's getPermissions() method when writing a custom class loader. (#SEC07-J) @​baloghadamsoftware
  • New rule USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on SEC02-J. Do not base security checks on untrusted sources. (#SEC02-J) @​baloghadamsoftware
  • New detector DontUseFloatsAsLoopCounters to detect usage of floating-point variables as loop counters (FL_FLOATS_AS_LOOP_COUNTERS), according to SEI CERT rules NUM09-J. Do not use floating-point variables as loop counters @​adrianturtoczki
  • New test detector ViewCFG to visualize the control-flow graph for SpotBugs developers @​baloghadamsoftware

CHECKSUM

file checksum (sha256)
spotbugs-4.7.0-javadoc.jar 43745221e8fdf50fa2f89d659034523dd58da3d10223de6e0c91704c07e025a0
spotbugs-4.7.0-sources.jar 6e90f856826b48a3031e2cb903534b4fdb494759863ea14e8df93c9cf15a272c
spotbugs-4.7.0.tgz 8c871e279c7d9b1933158db6355b8ac817a84fd724b88b1e393e3abcf6874910
spotbugs-4.7.0.zip 9ee793b0f3f78901089211dfa67b8603e38fd1abd64eac09d2590df506cfedf5
spotbugs-annotations-4.7.0-javadoc.jar 76a9a7d45590494a220840d173809b2fe0ec50e554435dd9b28de9312cc6a34a
spotbugs-annotations-4.7.0-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar 8e6677102aa0de50841644cf9a57d6d503550ad774049a76c75bf157a8beebd5
spotbugs-ant-4.7.0-javadoc.jar 50d84857bbdca54898e93b225835ab25eba9f0a7e340c420ab08bc17bd584f0c
spotbugs-ant-4.7.0-sources.jar ce7cfbed848ccb0e3765cec6b9c60c458699aa51f60ad9216cf89dbf38d8d793
spotbugs-ant.jar b866a2a89a03b49e60b5f27e0f5987eb8c12c2d2aefc6e9ddcbcdae345c765db
spotbugs.jar 94c44d86c83b8fe63b20023e510874aef721b1081982051706e1da841572f295
test-harness-4.7.0-javadoc.jar 3af01af49d74964569fe8ce0e4c217fbfd89e7c02ae5428148b5222e0aec8906
test-harness-4.7.0-sources.jar 7efb06093ea5f6f330a7bd76b894f396d6cb466665fcefc01a3743b07910dc29
test-harness-4.7.0.jar 50b4a72c668ea7d29bf1234b4aa380df903374216f68b0a87f7ca28d4fa225f3
test-harness-core-4.7.0-javadoc.jar 659508cc31a9dfb5c7d4c14981a3f38f476888c7bb08479ac19401ef39201f64
test-harness-core-4.7.0-sources.jar f8aab3c5cdd456d6b6d632e9fc65897e657447a2e925b6b3f61bd2d15c22cb24
test-harness-core-4.7.0.jar 7165f7f45a6e82e8a6d6a0a4033b6473b310c14f645cb62ebc2fbc6ce5338350
test-harness-jupiter-4.7.0-javadoc.jar c0300bac23ce2292be120325515128d2d9262c1f7d71b3bf1c4324b2d6b57753
test-harness-jupiter-4.7.0-sources.jar 210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.7.0.jar 18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4
Changelog

Sourced from spotbugs's changelog.

4.7.0 - 2022-04-14

Changed

  • Updated documentation by adding parenthesis () to the negative odd check message (#1995)
  • Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024)

Fixed

  • Fixed reports to truncate existing files before writing new content (#1950)
  • Bumped Saxon-HE from 10.6 to 11.3 (#1955, #1999)
  • Fixed traversal of nested archives governed by -nested:true (#1930)
  • Warnings of deprecated System::setSecurityManager calls on Java 17 (#1983)
  • Fixed false positive SSD bug for locking on java.lang.Class objects (#1978)
  • FindReturnRef throws an IllegalArgumentException unexpectedly (#2019)
  • Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#2004)

Added

  • New detector ThrowingExceptions and introduced new bug types:
    • THROWS_METHOD_THROWS_RUNTIMEEXCEPTION is reported in case of a method throwing RuntimeException,
    • THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION is reported when a method has Exception in its throws clause and
    • THROWS_METHOD_THROWS_CLAUSE_THROWABLE is reported when a method has Throwable in its throws clause (See SEI CERT ERR07-J)
  • New rule PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS to warn for custom class loaders who do not call their superclasses' getPermissions() in their getPermissions() method. This rule based on the SEI CERT rule SEC07-J Call the superclass's getPermissions() method when writing a custom class loader. (#SEC07-J)
  • New rule USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on SEC02-J. Do not base security checks on untrusted sources. (#SEC02-J)
  • New detector DontUseFloatsAsLoopCounters to detect usage of floating-point variables as loop counters (FL_FLOATS_AS_LOOP_COUNTERS), according to SEI CERT rules NUM09-J. Do not use floating-point variables as loop counters
  • New test detector ViewCFG to visualize the control-flow graph for SpotBugs developers
Commits
  • c6bff34 release v4.7.0
  • 38d2029 docs: bump up version of findsecbugs-plugin in the doc
  • 4e61eac fix: let Plugin implement AutoCloseable
  • 9725e34 CFG Visualizer (implemented as a test detector) (#2014)
  • 85ebe28 Added new detector for NUM09-J: Do not use floating-point variables as loop c...
  • 23f37b9 Fix report output to truncate existing files (#1951)
  • beec2f5 build(deps): bump goomph from 3.36.1 to 3.36.2 in /buildSrc
  • 79aba05 build(deps): bump checker-qual from 3.21.4 to 3.22.0
  • fda53ce build(deps): bump mockito-core from 4.5.0 to 4.5.1
  • 1c74563 build(deps): bump goomph from 3.36.0 to 3.36.1 in /buildSrc
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [spotbugs](https://github.com/spotbugs/spotbugs) from 4.6.0 to 4.7.0.
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.6.0...4.7.0)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Update of dependencies java Pull requests that update Maven Java dependencies labels May 5, 2022
@uhafner uhafner merged commit 2e3e372 into master May 5, 2022
@dependabot dependabot bot deleted the dependabot/maven/com.github.spotbugs-spotbugs-4.7.0 branch May 5, 2022 19:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Update of dependencies java Pull requests that update Maven Java dependencies
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant