dependabot[bot] opened a new pull request, #1: URL: https://github.com/apache/logging-log4j-jmx-gui/pull/1
Bumps [com.github.spotbugs:spotbugs-annotations](https://github.com/spotbugs/spotbugs) from 4.7.3 to 4.8.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spotbugs/spotbugs/releases";>com.github.spotbugs:spotbugs-annotations's releases</a>.</em></p> <blockquote> <h2>SpotBugs 4.8.0</h2> <h3>CHANGELOG</h3> <ul> <li><a href="https://github.com/spotbugs/spotbugs/blob/4.8.0/CHANGELOG.md";>https://github.com/spotbugs/spotbugs/blob/4.8.0/CHANGELOG.md</a></li> </ul> <h3>CHECKSUM</h3> <table> <thead> <tr> <th>file</th> <th>checksum (sha256)</th> </tr> </thead> <tbody> <tr> <td>spotbugs-4.8.0-javadoc.jar</td> <td>4cf102aa474ce8f3728e7513c51c0710024e4cd9d6b7c07672b5e3ec0e70a848</td> </tr> <tr> <td>spotbugs-4.8.0-sources.jar</td> <td>d1e47bd320cae314a5c2b44e52152d8ca5f5f700713ba0f497dbed0a916540c2</td> </tr> <tr> <td>spotbugs-4.8.0.tgz</td> <td>15a97043faef7a371ae43137805ca83e89005c22253806b7c63a60a585e794c7</td> </tr> <tr> <td>spotbugs-4.8.0.zip</td> <td>768ac3bd6f5c49d1f12924ff3094ff281debc0ee218ae85ce5aae6f66ca0666a</td> </tr> <tr> <td>spotbugs-annotations-4.8.0-javadoc.jar</td> <td>d8ab5ebdaccff345d7167d2518fd74db72cf6b02b259d4f011689d48351c2b3e</td> </tr> <tr> <td>spotbugs-annotations-4.8.0-sources.jar</td> <td>b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b</td> </tr> <tr> <td>spotbugs-annotations.jar</td> <td>f6644de2f0dfe4b614d3c9a35e9a8f1e1da1074892c8cad7a00bb08ce7bf4eff</td> </tr> <tr> <td>spotbugs-ant-4.8.0-javadoc.jar</td> <td>1285df769e00a9fbeb6edceec856b361fb7f5f79762d3f2a768ce71d31cf7bb5</td> </tr> <tr> <td>spotbugs-ant-4.8.0-sources.jar</td> <td>9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61</td> </tr> <tr> <td>spotbugs-ant.jar</td> <td>a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c</td> </tr> <tr> <td>spotbugs.jar</td> <td>1ce2fa740d7f07b802881babb27dd26f74861ff2ac938718779ce8a7cb5fe14c</td> </tr> <tr> <td>test-harness-4.8.0-javadoc.jar</td> <td>3191c34729c1dedb4964dfc8a0cd5917457e6271291688ff6d5fc3b9c96868f6</td> </tr> <tr> <td>test-harness-4.8.0-sources.jar</td> <td>633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6</td> </tr> <tr> <td>test-harness-4.8.0.jar</td> <td>23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9</td> </tr> <tr> <td>test-harness-core-4.8.0-javadoc.jar</td> <td>33c6e66ac7a08344afe48aa5ba1d5be22ec79065e50b235530c02d46818a7018</td> </tr> <tr> <td>test-harness-core-4.8.0-sources.jar</td> <td>f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082</td> </tr> <tr> <td>test-harness-core-4.8.0.jar</td> <td>5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242</td> </tr> <tr> <td>test-harness-jupiter-4.8.0-javadoc.jar</td> <td>5ff08084863aa6f6579e97e83d9c0ba2b7620663d0f0b0a777f09d99ba06dc8c</td> </tr> <tr> <td>test-harness-jupiter-4.8.0-sources.jar</td> <td>0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800</td> </tr> <tr> <td>test-harness-jupiter-4.8.0.jar</td> <td>d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485</td> </tr> </tbody> </table> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md";>com.github.spotbugs:spotbugs-annotations's changelog</a>.</em></p> <blockquote> <h2>4.8.0 - 2023-10-11</h2> <h3>Changed</h3> <ul> <li>Bump up Apache Commons BCEL to the version 6.6.1 (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2223";>#2223</a>)</li> <li>Bump up slf4j-api to 2.0.3 (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2220";>#2220</a>)</li> <li>Bump up gson to 2.10 (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2235";>#2235</a>)</li> <li>Allowed for large command line through writing arguments to file (UnionResults/UnionBugs2)</li> <li>Use com.github.stephenc.jcip for jcip-annotations fixing <a href="https://redirect.github.com/spotbugs/spotbugs/issues/887";>#887</a></li> </ul> <h3>Fixed</h3> <ul> <li>Fixed missing classes not in report if using IErrorLogger.reportMissingClass(ClassDescriptor) (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/219";>#219</a>)</li> <li>Stop exposing junit-bom to consumers (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2255";>#2255</a>)</li> <li>Fixed AbstractBugReporter emits wrong non-sensical debug output during filtering (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/184";>#184</a>)</li> <li>Added support for jakarta namespace (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2289";>#2289</a>)</li> <li>Report a low priority bug for an unread field in reflective classes (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2325";>#2325</a>)</li> <li>Fixed "Unhandled event loop exception" opening Bug Filter Configuration dialog in Eclipse (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2327";>#2327</a>)</li> <li>Fixed detector <code>RandomOnceSubDetector</code> to not report when <code>doubles</code>, <code>ints</code>, or <code>longs</code> are called on a new <code>Random</code> or <code>SecureRandom</code> (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2325";>#2370</a>)</li> <li>Fixed detector <code>TestASM</code> throwing error during analysis, because it doesn't note that it reports bugs.</li> <li>Eclipse annotation classpath initializer is hard-coded to jsr305 version 3.0.1, fix to 3.0.2 per <a href="https://redirect.github.com/spotbugs/spotbugs/issues/2470";>#2470</a></li> <li>Fixed annotation on generic or array incorrectly considered for the nullability of a method parameter or return type (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2502";>#2502</a>)</li> <li>Added support for CONSTANT_Dynamic in constant class pool (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2506";>#2506</a>)</li> <li>Recognise enums and records as immutable (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2356";>#2356</a>)</li> <li>Added detections of reliance on default encoding in java.nio.file.Files (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2114";>#2114</a>)</li> <li>Fixed a regression in the Value Number Analysis (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2465";>#2465</a>)</li> <li>Fix XML Output incorrectly escaped in Eclipse Bug Info view (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2520";>#2520</a>)</li> <li>Updated the MS_EXPOSE_REP description to mention mutable objects, not just arrays (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/1669";>#1669</a>)</li> <li>Described Configuration option frc.suspicious for bug RC_REF_COMPARISON in bug description (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2297";>#2297</a>)</li> <li>Fixed FindHEMismatch not reporting HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS for some classes (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2402";>#2402</a>)</li> <li>Added execute file permission to files in the distribution zip (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2540";>#2540</a>)</li> <li>Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito.verify() call check (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/872";>#872</a>)</li> <li>Do not report SIC_INNER_SHOULD_BE_STATIC for classes annotated with JUnit Nested (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/560";>#560</a>)</li> <li>Detect created, but not-thrown exceptions, which are created by not the constructor (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2547";>#2547</a>)</li> <li>Fixed eclipse plugin Effort.values pass to effortViewer as required cast to varargs (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2579";>#2579</a>)</li> </ul> <h3>Added</h3> <ul> <li>New simple name-based AnnotationMatcher for exclude files (now bug annotations store the class java annotations in an attribute called <code>classAnnotationNames</code>). For example, use like <!-- raw HTML omitted --><!-- raw HTML omitted --><!-- raw HTML omitted --> in an excludeFilter.xml to ignore classes generated by the Immutable framework. This ignores all class, method or field bugs in classes with that annotation.</li> <li>Added the Common Weakness Enumeration (CWE) taxonomy to the Static Analysis Results Interchange Format (SARIF) report. The short and long description for the CWEs are retrived from a JSON file which is a slimmed down version of the official comprehensive CWE XML from MITRE. The JSON contains information about all CWEs. (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2410";>#2410</a>).</li> <li>New detector <code>FindAssertionsWithSideEffects</code> detecting bug <code>ASSERTION_WITH_SIDE_EFFECT</code> and <code>ASSERTION_WITH_SIDE_EFFECT_METHOD</code> in case of assertions which may have side effects (See <a href="https://wiki.sei.cmu.edu/confluence/display/java/EXP06-J.+Expressions+used+in+assertions+must+not+produce+side+effects";>EXP06-J. Expressions used in assertions must not produce side effects</a>)</li> <li>New rule set <code>PA_PUBLIC_PRIMITIVE_ATTRIBUTE</code>, <code>PA_PUBLIC_ARRAY_ATTRIBUTE</code> and <code>PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE</code> to warn for public attributes which are written by the methods of the class. This rule is loosely based on the SEI CERT rule <em>OBJ01-J Limit accessibility of fields</em>. (<a href="https://wiki.sei.cmu.edu/confluence/display/java/OBJ01-J.+Limit+accessibility+of+fields";>#OBJ01-J</a>)</li> <li>Extend <code>SerializableIdiom</code> detector with new bug type: <code>SE_PREVENT_EXT_OBJ_OVERWRITE</code>. It's reported in case of the <code>readExternal()</code> method allows any caller to reset any value of an object</li> <li>New Detector <code>FindVulnerableSecurityCheckMethods</code> for new bug type <code>VSC_VULNERABLE_SECURITY_CHECK_METHODS</code>. This bug is reported whenever a non-final and non-private method of a non-final class performs a security check using the <code>java.lang.SecurityManager</code>. (See [SEI CERT MET03-J] (<a href="https://wiki.sei.cmu.edu/confluence/display/java/MET03-J.+Methods+that+perform+a+security+check+must+be+declared+private+or+final";>https://wiki.sei.cmu.edu/confluence/display/java/MET03-J.+Methods+that+perform+a+security+check+must+be+declared+private+or+final</a>))</li> <li>New function added to detector <code>SynchronizationOnSharedBuiltinConstant</code>to detect <code>DL_SYNCHRONIZATION_ON_INTERNED_STRING</code> (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2266";>#2266</a>)</li> <li>Make TypeQualifierResolver recognize org.apache.avro.reflect.Nullable (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2066";>#2066</a>)</li> <li>New detector <code>FindArgumentAssertions</code> detecting bug <code>ASSERTION_OF_ARGUMENTS</code> in case of validation of arguments of public functions using assertions (See <a href="https://wiki.sei.cmu.edu/confluence/display/java/MET01-J.+Never+use+assertions+to+validate+method+arguments";>MET01-J. Never use assertions to validate method arguments</a>)</li> <li>Add new detector <code>CT_CONSTRUCTOR_THROW</code> for detecting constructors that throw exceptions.</li> <li>New detector <code>DontReusePublicIdentifiers</code> for new bug type <code>PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS</code>. This bug is reported whenever a new class, interface, field, method or variable is created reusing an identifier from the <em>Java Standard Library</em> . (See <a href="https://wiki.sei.cmu.edu/confluence/display/java/DCL01-J.+Do+not+reuse+public+identifiers+from+the+Java+Standard+Library";>SEI CERT rule DCL01-J</a>)</li> </ul> <h3>Security</h3> <ul> <li>Disable access to external entities when processing XML (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2217";>#2217</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spotbugs/spotbugs/commit/b8c498cc05dced2c6f101c6e838aa32dca993d6c";><code>b8c498c</code></a> release v4.8.0</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/b6fd746709f05e0198bc28e983c215c3e5d9baf7";><code>b6fd746</code></a> Migrate to full junit 5 and add some associated code expected to support juni...</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/4083f1f494ac5982796ddb506bcf9ec20b4a17ee";><code>4083f1f</code></a> fix(deps): update dependency com.google.guava:guava to v32.1.3-jre (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2620";>#2620</a>)</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/09d70e11c95cc3856b0c119150e9ee76c124186a";><code>09d70e1</code></a> Fix release (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2616";>#2616</a>)</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/cfcf9f2848277fedbf6d1285f9207a5aa588c882";><code>cfcf9f2</code></a> [eclipse-format] No longer supply version to spotless, use same configuration...</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/63618ab7c4c0c66fd89a19e9714d464a1febb449";><code>63618ab</code></a> Fix first batch of Gradle buildDir deprecations (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2609";>#2609</a>)</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/fe4442beb20b774705f91ff0bbdb95cbb2e9716e";><code>fe4442b</code></a> chore(deps): update plugin com.github.spotbugs to v6.0.0-beta.4 (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2615";>#2615</a>)</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/d3c49cb360cb2d91b2471cafedacd487c77a7d72";><code>d3c49cb</code></a> spell check (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2607";>#2607</a>)</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/bc6a9d4a606f74cbceef2a6f3fdd0ef029cdc8ac";><code>bc6a9d4</code></a> <a href="https://redirect.github.com/spotbugs/spotbugs/issues/2280";>#2280</a> Update Eclipse plugin release number to 4.29.0 (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2611";>#2611</a>)</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/d3b130cc95a38af8ba84cb687d48ba610f487094";><code>d3b130c</code></a> fix(deps): update dependency org.mockito:mockito-core to v5.6.0 (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2610";>#2610</a>)</li> <li>Additional commits viewable in <a href="https://github.com/spotbugs/spotbugs/compare/4.7.3...4.8.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@logging.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
