Update com.github.spotbugs to v4.7.0 (minor)
This MR contains the following updates:
Package | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
com.github.spotbugs:spotbugs (source) |
4.6.0 -> 4.7.0
|
||||
com.github.spotbugs:spotbugs-annotations (source) |
4.6.0 -> 4.7.0
|
Release Notes
spotbugs/spotbugs
v4.7.0
Changed
- Updated documentation by adding parenthesis
()
to the negative odd check message (#1995) - Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024)
Fixed
- Fixed reports to truncate existing files before writing new content (#1950)
- Bumped Saxon-HE from 10.6 to 11.3 (#1955, #1999)
- Fixed traversal of nested archives governed by
-nested:true
(#1930) - Warnings of deprecated System::setSecurityManager calls on Java 17 (#1983)
- Fixed false positive SSD bug for locking on java.lang.Class objects (#1978)
- FindReturnRef throws an IllegalArgumentException unexpectedly (#2019)
- Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#2004)
Added
- New detector
ThrowingExceptions
and introduced new bug types:-
THROWS_METHOD_THROWS_RUNTIMEEXCEPTION
is reported in case of a method throwing RuntimeException, -
THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION
is reported when a method has Exception in its throws clause and -
THROWS_METHOD_THROWS_CLAUSE_THROWABLE
is reported when a method has Throwable in its throws clause (See SEI CERT ERR07-J)
-
- New rule
PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS
to warn for custom class loaders who do not call their superclasses'getPermissions()
in theirgetPermissions()
method. This rule based on the SEI CERT rule SEC07-J Call the superclass's getPermissions() method when writing a custom class loader. (#SEC07-J) - New rule
USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE
to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on SEC02-J. Do not base security checks on untrusted sources. (#SEC02-J) - New detector
DontUseFloatsAsLoopCounters
to detect usage of floating-point variables as loop counters (FL_FLOATS_AS_LOOP_COUNTERS
), according to SEI CERT rules NUM09-J. Do not use floating-point variables as loop counters - New test detector
ViewCFG
to visualize the control-flow graph forSpotBugs
developers
Configuration
-
If you want to rebase/retry this MR, click this checkbox.
This MR has been generated by Renovate Bot.