Bump spotbugs-maven-plugin from 4.2.3 to 4.3.0 #423
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.2.3 to 4.3.0. - [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases) - [Commits](spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.2.3...spotbugs-maven-plugin-4.3.0) --- updated-dependencies: - dependency-name: com.github.spotbugs:spotbugs-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
the
dependencies
dependabot
bot
deleted the
dependabot/maven/com.github.spotbugs-spotbugs-maven-plugin-4.3.0
branch
|
FYI this new version of SpotBugs is throwing a lot of new warnings for |
|
https://spotbugs.readthedocs.io/en/stable/bugDescriptions.html#ei-may-expose-internal-representation-by-returning-reference-to-mutable-object-ei-expose-rep I guess? Sounds rather broad. Do you have code samples it is complaining about? |
|
Yeah the first one I looked at was an assignment of an |
I concur. I would be surprised if we were the only folks that complained about this. |
Bumps spotbugs-maven-plugin from 4.2.3 to 4.3.0.
Commits
5530040[maven-release-plugin] prepare release spotbugs-maven-plugin-4.3.0a32d2b3[pom] Bump junit to 5.7.28a31260Merge pull request #336 from hazendaz/spotbugsc9733e9[pom] Bump spotbugs to 4.3.092876e8[pom] Remove old maven comment as we are now going to latest 3.8.18ebfd75[ci] Update since date as we switched to 4.3.xe8e34a4Merge pull request #334 from spotbugs/dependabot/maven/slf4jVersion-2.0.0-alpha26891b9dMerge pull request #311 from spotbugs/dependabot/maven/mavenVersion-3.8.11d7f14cMerge pull request #312 from spotbugs/dependabot/maven/org.apache.maven-maven...7ba7755Merge pull request #335 from spotbugs/dependabot/maven/com.github.spotbugs-sp...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)