Skip to content

Update com.github.spotbugs to v4.7.0 (minor)

Semyon Levin requested to merge renovate/com.github.spotbugs into develop

This MR contains the following updates:

Package Change Age Adoption Passing Confidence
com.github.spotbugs:spotbugs (source) 4.6.0 -> 4.7.0 age adoption passing confidence
com.github.spotbugs:spotbugs-annotations (source) 4.6.0 -> 4.7.0 age adoption passing confidence

Release Notes

spotbugs/spotbugs

v4.7.0

Compare Source

Changed
  • Updated documentation by adding parenthesis () to the negative odd check message (#​1995)
  • Let the Plugin class implement AutoCloseable so we can release the .jar file (#​2024)
Fixed
  • Fixed reports to truncate existing files before writing new content (#​1950)
  • Bumped Saxon-HE from 10.6 to 11.3 (#​1955, #​1999)
  • Fixed traversal of nested archives governed by -nested:true (#​1930)
  • Warnings of deprecated System::setSecurityManager calls on Java 17 (#​1983)
  • Fixed false positive SSD bug for locking on java.lang.Class objects (#​1978)
  • FindReturnRef throws an IllegalArgumentException unexpectedly (#​2019)
  • Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#​2004)
Added
  • New detector ThrowingExceptions and introduced new bug types:
    • THROWS_METHOD_THROWS_RUNTIMEEXCEPTION is reported in case of a method throwing RuntimeException,
    • THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION is reported when a method has Exception in its throws clause and
    • THROWS_METHOD_THROWS_CLAUSE_THROWABLE is reported when a method has Throwable in its throws clause (See SEI CERT ERR07-J)
  • New rule PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS to warn for custom class loaders who do not call their superclasses' getPermissions() in their getPermissions() method. This rule based on the SEI CERT rule SEC07-J Call the superclass's getPermissions() method when writing a custom class loader. (#SEC07-J)
  • New rule USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on SEC02-J. Do not base security checks on untrusted sources. (#SEC02-J)
  • New detector DontUseFloatsAsLoopCounters to detect usage of floating-point variables as loop counters (FL_FLOATS_AS_LOOP_COUNTERS), according to SEI CERT rules NUM09-J. Do not use floating-point variables as loop counters
  • New test detector ViewCFG to visualize the control-flow graph for SpotBugs developers

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.

  • If you want to rebase/retry this MR, click this checkbox.

This MR has been generated by Renovate Bot.

Merge request reports