build(deps): bump com.github.spotbugs:spotbugs from 3.1.12 to 4.8.6

Created by: dependabot[bot]

Bumps com.github.spotbugs:spotbugs from 3.1.12 to 4.8.6.

Release notes

Sourced from com.github.spotbugs:spotbugs's releases.

SpotBugs 4.8.6

CHANGELOG

Fixed

• Do not report BC_UNCONFIRMED_CAST for Java 21's type switches when the switch instruction is TABLESWITCH (#2782)
• Do not throw exception when inspecting empty switch statements (#2995)
• Adjust priority since relaxed mode reports even IGNORED_PRIORITY (#2994)
• Fix duplicated log4j2 jar in distribution (#3001)

CHECKSUM

file	checksum (sha256)
spotbugs-4.8.6-javadoc.jar	e0af15063395b5eb8002a896dad1d02da869dbc53a7a4b1eee76e9e0f0444fbc
spotbugs-4.8.6-sources.jar	fc38f6b06cf134a6b065e4e73747b17a8d9b107d935c828ebb1b8bee89527da1
spotbugs-4.8.6.tgz	b9d4d25e53cd4202b2dc19c549c0ff54f8a72fc76a71a8c40dee94422c67ebea
spotbugs-4.8.6.zip	67cdc52cceb17eae394f8fc3660f21659cf354908f818e4d1f45a6935c2e4425
spotbugs-annotations-4.8.6-javadoc.jar	0f095f2d0c766b3e2c21ebc226b4f228898fa8c141736f7615a47a2e3be14ba7
spotbugs-annotations-4.8.6-sources.jar	b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar	4548b74a815ed44f5480ca4f06204a8b00809dc7e5f6a825a9edf18f40377b65
spotbugs-ant-4.8.6-javadoc.jar	58f477c4fc59d8355a6c3ec972f216537baa2d30cb9afd38f16b511a31baaa89
spotbugs-ant-4.8.6-sources.jar	9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar	a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar	69fde8787971a26b2372d416015d806bf7df4f847f7121bd5eeef239324cf180
test-harness-4.8.6-javadoc.jar	1a220e01369a892e765f5956a38c7ebf1b54111eba623f5f79f430dd0336f901
test-harness-4.8.6-sources.jar	76788749afa9e2a8d6c39231f683bd8e3faab26947975c751c0ab0fbdfc3c17a
test-harness-4.8.6.jar	04c7c8e778a1688ab9636ab58b55f1236ae99bb5428a934a7ba0f54857263c74
test-harness-core-4.8.6-javadoc.jar	4a88789a52b52b4227d1f8384caa59f12e503dbb4ae266d4b5c3270e977afa35
test-harness-core-4.8.6-sources.jar	f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.6.jar	30c2b71900f38b77fb0e4a788b8ae1ea5b9e54f42636111576e338085c9c53dd
test-harness-jupiter-4.8.6-javadoc.jar	49ae6407f1ff6a72a6d49a19b3de55eae791223129ff3b56079f26b3f3a85b1f
test-harness-jupiter-4.8.6-sources.jar	0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.6.jar	94c5ceecb79b93f5e357b5d9805f0a7a22536a52c70a376182faa14923d86021

SpotBugs 4.8.5

CHANGELOG

Fixed

• Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED with eager instances (spotbugs/spotbugs#2932)
• Fix FPs when looking for multiple initialization of Singletons (spotbugs/spotbugs#2934)
• Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches when switch instruction is TABLESWITCH(spotbugs/spotbugs#2736)
• Fix FP SE_BAD_FIELD for record fields (spotbugs/spotbugs#2935)

CHECKSUM

file	checksum (sha256)
spotbugs-4.8.5-javadoc.jar	c8abae80768a5cd98bb09d13ae8baee1258efaf673e4c21688a581a8bc55cbe6
spotbugs-4.8.5-sources.jar	c21daa57e931c0ea342de685884251e198ea3a48993a6d4c0ac8a9513fc8dd89
spotbugs-4.8.5.tgz	c514054fd8f81f242ac6d64871d30bdb7b79cb49be7bd6b58067484efae8bfa0
spotbugs-4.8.5.zip	a4b7bad5bb8d2d3cdc42b07d6cdd2a0d7864c0b24732120426d0002df4a9dd0f
spotbugs-annotations-4.8.5-javadoc.jar	5e35895e56ea0c2c4beb71a5b6962070d7a7092a79297419482c123c14324096

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs's changelog.

4.8.6 - 2024-06-17

Fixed

• Do not report BC_UNCONFIRMED_CAST for Java 21's type switches when the switch instruction is TABLESWITCH (#2782)
• Do not throw exception when inspecting empty switch statements (#2995)
• Adjust priority since relaxed mode reports even IGNORED_PRIORITY (#2994)
• Fix duplicated log4j2 jar in distribution (#3001)

4.8.5 - 2024-05-03

Fixed

• Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED with eager instances (#2932)
• Fix FPs when looking for multiple initialization of Singletons (#2934)
• Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches when switch instruction is TABLESWITCH(#2736)
• Fix FP SE_BAD_FIELD for record fields (#2935)

4.8.4 - 2024-04-07

Fixed

• Fix FP in SE_PREVENT_EXT_OBJ_OVERWRITE when the if statement checking for null value, checking multiple variables or the method exiting in the if branch with an exception. (#2750)
• Fix possible null value in taxonomies of SARIF output (#2744)
• Fix executionSuccessful flag in SARIF report being set to false when bugs were found (#2116)
• Move information contained in the SARIF property exitSignalName to exitCodeDescription (#2739)
• Do not report SE_NO_SERIALVERSIONID or other serialization issues for records (#2793)
• Added support for CONSTANT_Dynamic (#2759)
• Ignore generic variable types when looking for BC_UNCONFIRMED_CAST_OF_RETURN_VALUE (#1219)
• Do not report BC_UNCONFIRMED_CAST for Java 21's type switches (#2813)
• Remove AppleExtension library (note: menus slightly changed) (#2823)
• Fix false positive NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE even if Objects.requireNonNull is used. (#651, #456)
• Fixed error preventing SpotBugs from reporting FE_FLOATING_POINT_EQUALITY (#2843)
• Fixed NP_LOAD_OF_KNOWN_NULL_VALUE and RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE false positives in try-with-resources generated finally blocks (#2844)
• Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches (#2828)
• Update UnreadFields detector to ignore warnings for fields with certain annotations (#574)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with @​PostConstruct, @​BeforeEach, etc. (#2872 #2870 #453)
• Do not report DLS_DEAD_LOCAL_STORE for Hibernate bytecode enhancements (#2865)
• Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positives due to source code formatting (#2874)
• Added more nullability annotations in TypeQualifierResolver (#2558 #2694)
• Improved the bug description for VA_FORMAT_STRING_USES_NEWLINE when using text blocks, check the usage of String.formatted() (#2881)
• Fixed crash in ValueRangeAnalysisFactory when looking for redundant conditions used in assertions #2887)
• Revert again commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
• Fixed false positive MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR when referencing but not calling an overridable method (#2837)
• Update the filter XSD namespace and location for the upcoming 4.8.4 release (#2909)

Added

• New detector MultipleInstantiationsOfSingletons and introduced new bug types:
  • SING_SINGLETON_HAS_NONPRIVATE_CONSTRUCTOR is reported in case of a non-private constructor,
  • SING_SINGLETON_IMPLEMENTS_CLONEABLE is reported in case of a class directly implementing the Cloneable interface,
  • SING_SINGLETON_INDIRECTLY_IMPLEMENTS_CLONEABLE is reported when a class indirectly implements the Cloneable interface,
  • SING_SINGLETON_IMPLEMENTS_CLONE_METHOD is reported when a class does not implement the Cloneable interface, but has a clone() method,
  • SING_SINGLETON_IMPLEMENTS_SERIALIZABLE is reported when a class directly or indirectly implements the Serializable interface and
  • SING_SINGLETON_GETTER_NOT_SYNCHRONIZED is reported when the instance-getter method of the singleton class is not synchronized. (See SEI CERT MSC07-J)
• Extend FindOverridableMethodCall detector with new bug type: MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT. It's reported when an overridable method is called from readObject(), according to SEI CERT rule SER09-J. Do not invoke overridable methods from the readObject() method.

... (truncated)

Commits

• 6cf7b2c release v4.8.6
• 760571c [sonatype] Use token for sonatype as now enforced
• 7f4ea03 prepare for the next release
• d419a05 release v4.8.6
• 8db7979 Release/4.8.6 (#3015)
• c5d4ca0 chore(deps): update plugin com.github.spotbugs to v6.0.17 (#3009)
• bd2fe15 Update spotbugs plugin to 6.0.16 (#3013)
• 6aecbaf fix: incorrect formatting for links and moved 3001 to unreleased (#3012)
• c246473 fix(deps): update dependency org.springframework:spring-core to v5.3.37 (#3011)
• 4deffa6 chore(deps): update plugin com.gradle.develocity to v3.17.5 (#3010)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)