dependabot[bot] opened a new pull request, #1423: URL: https://github.com/apache/wicket/pull/1423
Bumps [org.checkerframework:checker-qual](https://github.com/typetools/checker-framework) from 3.55.1 to 4.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/typetools/checker-framework/releases";>org.checkerframework:checker-qual's releases</a>.</em></p> <blockquote> <h2>Release 4.0.0 of the Checker Framework</h2> <h2>Version 4.0.0 (2026-04-07)</h2> <h3>User-visible changes</h3> <p>To run the Checker Framework, you need to use a JDK 17 or later version of javac. That is, you need to use JDK 17 or later when compiling your code.</p> <p>The Checker Framework can type-check any Java project, including projects that compile to Java 8 or 11 bytecodes and run on JRE versions 8 or 11. That is, your code can run under any release of Java, from Java 8 onward.</p> <p>The type qualifiers and utility libraries in <code>checker-qual.jar</code> and <code>checker-util.jar</code> still use Java 11 bytecode. Thus, they may be used in projects that run under Java 11 or later.</p> <h3>Changes since version 3.0.0</h3> <p>Since version 3.0.0, 91 authors have made over 4500 commits and closed over 600 issues. Thanks to everyone who contributed!</p> <p>New checkers include:</p> <ul> <li>The <a href="https://checkerframework.org/manual/#index-checker";>Index Checker</a> warns about out-of-bounds accesses to arrays and strings.</li> <li>The <a href="https://checkerframework.org/manual/#initialized-fields-checker";>Initialized Fields Checker</a> warns if a constructor does not initialize a field.</li> <li>The <a href="https://checkerframework.org/manual/#resource-leak-checker";>Resource Leak Checker</a> guarantees that every resource is closed rather than leaked. Examples of resources are a channel, executor, <code>ExecutionControl</code>, file, <code>FileLock</code>, <code>Formatter</code>, reader, <code>Scanner</code>, socket, stream, writer, etc.</li> <li>The <a href="https://checkerframework.org/manual/#sql-quotes-checker";>SQL Quotes Checker</a> helps prevent SQL injection vulnerabilities.</li> </ul> <p>New command-line arguments include:</p> <ul> <li><code>-AskipFiles</code>, <code>-AonlyFiles</code></li> <li><code>-AassumeSideEffectFree</code>, <code>-AassumeDeterministic</code>, <code>-AassumePure</code>, <code>-AassumePureGetters</code></li> <li><code>-AuseConservativeDefaultsForUncheckedCode</code></li> <li><code>-AignoreRawTypeArguments</code></li> <li><code>-AwarnRedundantAnnotations</code></li> <li><code>-Ainfer=ajava</code>, <code>-AinferOutputDirectory</code>, <code>-AinferOutputOriginal</code>, <code>-AshowWpiFailedInferences</code></li> <li><code>-AshowSuppressWarningsStrings</code>, <code>-AwarnUnneededSuppressionsExceptions</code></li> <li><code>-AshowPrefixInWarningMessages</code></li> <li><code>-AstubNoWarnIfNotFound</code>, <code>-AstubWarnNote</code>, <code>-AmergeStubsWithSource</code></li> <li><code>-Aonelinemsg</code>, <code>-AdumpOnErrors</code>, <code>-AexceptionLineSeparator</code></li> <li><code>-ApermitMissingJdk</code>, <code>-AparseAllJdk</code></li> <li><code>-AslowTypecheckingSeconds</code></li> <li><code>-Aversion</code>, <code>-AprintGitProperties</code></li> <li>You can pass an option to only a particular checker (not all checkers) by using an underscore prefix.</li> </ul> <p>Other improvements include thousands of enhancements and bug fixes -- too many to list here.</p> <h3>Implementation details</h3> <p>All previously-deprecated methods and classes have been removed. If your project builds upon the Checker Framework, we suggest that you upgrade to version 3.55.1, resolve all the deprecation warnings, then upgrade to version 4.0.0.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/typetools/checker-framework/blob/master/docs/CHANGELOG.md";>org.checkerframework:checker-qual's changelog</a>.</em></p> <blockquote> <h2>Version 4.0.0 (2026-04-07)</h2> <h3>User-visible changes</h3> <p>To run the Checker Framework, you need to use a JDK 17 or later version of javac. That is, you need to use JDK 17 or later when compiling your code.</p> <p>The Checker Framework can type-check any Java project, including projects that compile to Java 8 or 11 bytecodes and run on JRE versions 8 or 11. That is, your code can run under any release of Java, from Java 8 onward.</p> <p>The type qualifiers and utility libraries in <code>checker-qual.jar</code> and <code>checker-util.jar</code> still use Java 11 bytecode. Thus, they may be used in projects that run under Java 11 or later.</p> <h3>Changes since version 3.0.0</h3> <p>Since version 3.0.0, 91 authors have made over 4500 commits and closed over 600 issues. Thanks to everyone who contributed!</p> <p>New checkers include:</p> <ul> <li>The <a href="https://checkerframework.org/manual/#index-checker";>Index Checker</a> warns about out-of-bounds accesses to arrays and strings.</li> <li>The <a href="https://checkerframework.org/manual/#initialized-fields-checker";>Initialized Fields Checker</a> warns if a constructor does not initialize a field.</li> <li>The <a href="https://checkerframework.org/manual/#resource-leak-checker";>Resource Leak Checker</a> guarantees that every resource is closed rather than leaked. Examples of resources are a channel, executor, <code>ExecutionControl</code>, file, <code>FileLock</code>, <code>Formatter</code>, reader, <code>Scanner</code>, socket, stream, writer, etc.</li> <li>The <a href="https://checkerframework.org/manual/#sql-quotes-checker";>SQL Quotes Checker</a> helps prevent SQL injection vulnerabilities.</li> </ul> <p>New command-line arguments include:</p> <ul> <li><code>-AskipFiles</code>, <code>-AonlyFiles</code></li> <li><code>-AassumeSideEffectFree</code>, <code>-AassumeDeterministic</code>, <code>-AassumePure</code>, <code>-AassumePureGetters</code></li> <li><code>-AuseConservativeDefaultsForUncheckedCode</code></li> <li><code>-AignoreRawTypeArguments</code></li> <li><code>-AwarnRedundantAnnotations</code></li> <li><code>-Ainfer=ajava</code>, <code>-AinferOutputDirectory</code>, <code>-AinferOutputOriginal</code>, <code>-AshowWpiFailedInferences</code></li> <li><code>-AshowSuppressWarningsStrings</code>, <code>-AwarnUnneededSuppressionsExceptions</code></li> <li><code>-AshowPrefixInWarningMessages</code></li> <li><code>-AstubNoWarnIfNotFound</code>, <code>-AstubWarnNote</code>, <code>-AmergeStubsWithSource</code></li> <li><code>-Aonelinemsg</code>, <code>-AdumpOnErrors</code>, <code>-AexceptionLineSeparator</code></li> <li><code>-ApermitMissingJdk</code>, <code>-AparseAllJdk</code></li> <li><code>-AslowTypecheckingSeconds</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/typetools/checker-framework/commit/479d0875daa271447e2822c657896b5f9d02ce24";><code>479d087</code></a> new release 4.0.0</li> <li><a href="https://github.com/typetools/checker-framework/commit/bfff75751f4fa4094b7d3015c4b2cfbc2893fbc5";><code>bfff757</code></a> Put the manual in the right place.</li> <li><a href="https://github.com/typetools/checker-framework/commit/c532f6d12fd5352610f70215f010786e9a2e9924";><code>c532f6d</code></a> Put a copy of manual.pdf at top level of website as expected.</li> <li><a href="https://github.com/typetools/checker-framework/commit/5e53e6cfd1e5535623ea260342391037106778ec";><code>5e53e6c</code></a> No closed issues.</li> <li><a href="https://github.com/typetools/checker-framework/commit/e67ae858ed36f81ac586fbf42821fa3a483e7f23";><code>e67ae85</code></a> Prep for release.</li> <li><a href="https://github.com/typetools/checker-framework/commit/4192d0d88bc272c571a8dd3454d499982cd0ee42";><code>4192d0d</code></a> Remove file SKIP-REQUIRE-JAVADOC</li> <li><a href="https://github.com/typetools/checker-framework/commit/7d6d85687d2298dbe85d59692ab85d03566a29e7";><code>7d6d856</code></a> Remove or update references to JDK 8-16</li> <li><a href="https://github.com/typetools/checker-framework/commit/b1e3761bbf0dfb1185d7e8e0b850ef97cafd5ea8";><code>b1e3761</code></a> Remove all deprecated methods</li> <li><a href="https://github.com/typetools/checker-framework/commit/a1b30642b07d64603a9ec9ef093f910e5be0bf41";><code>a1b3064</code></a> Directly use Java 17 and below Javac APIs. (<a href="https://redirect.github.com/typetools/checker-framework/issues/7582";>#7582</a>)</li> <li><a href="https://github.com/typetools/checker-framework/commit/4efdbdbbda3ac5230bcae57341098816aa71abfb";><code>4efdbdb</code></a> Remove support for Java 8 from scripts and build scripts. (<a href="https://redirect.github.com/typetools/checker-framework/issues/7575";>#7575</a>)</li> <li>Additional commits viewable in <a href="https://github.com/typetools/checker-framework/compare/checker-framework-3.55.1...checker-framework-4.0.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
