dependabot[bot] opened a new pull request, #1421: URL: https://github.com/apache/ratis/pull/1421
Bumps [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.8.6.2 to 4.8.6.8. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spotbugs/spotbugs-maven-plugin/releases";>com.github.spotbugs:spotbugs-maven-plugin's releases</a>.</em></p> <blockquote> <h2>Spotbugs Maven Plugin 4.8.6.8</h2> <ul> <li>Backports all updates to java 8 line</li> <li>Prior java 8 compatibility issues with 4.8.6.7 release have been addressed</li> </ul> <h2>Spotbugs Maven Plugin 4.8.6.7</h2> <ul> <li>back ported all of 4.9.4.1</li> </ul> <p>3/28/2025 - Use 4.8.6.8 if you need java 8 support.</p> <p>10/19/2025 Notice</p> <p>This is a backport release of all changes from 4.9.4.1 line. It was intended to provide some support for java 8 users with a very old bug issue since this plugin first came about. Unfortunately due to sonatype changes all of 4.9.x had to come back and that came with changes to java 11 apis that groovy build does not care about binary compatibility. If not using java 11 at least, don't use this version. If you are using java 8 still and want this backwards compatibility fix, please look at the source and contribute patches for at least Path.of to Paths.get and presumably others to get the compatibility back for java 8.</p> <p>Using java 11+ - ok Using java 8 - don't use this version until compatibility is restored.</p> <p>There really is no true reason anyone needs to stick to java 8 at all for a build so it is rather advisable to upgrade in said case to newer java version and cross compile with release flags and use enforcer plugin for transient library byte code checks instead. While the back port issue will be addressed at some point, it may be some time.</p> <h2>Spotbugs Maven Plugin 4.8.6.6</h2> <ul> <li>Cleanup groovy code</li> <li>Cleanup character encoding</li> <li>Update deprecated maven calls</li> <li>Groovy moved to 4.0.24</li> </ul> <p>Compatibility remains with 4.8.6 of spotbugs</p> <h2>Spotbugs Maven Plugin 4.8.6.5</h2> <ul> <li>Moved most 'read' only maven injections to read data from maven session instead to overcome many deprecated usage. This puts it on their api and thus if things are internally deprecated, its then maven's issue rather than this plugin to figure out.</li> <li>remove obsolete script source roots as no longer support in maven 4 and technically I've never seen them used. Please let me know if this negatively affects you as there are other manually coded items like kotlin / groovy that are in the code there so scripts could be manually added back.</li> <li>Remove some of the read only attributes for maven injection that were not actually used.</li> <li>More def to object type</li> <li>Various lib / plugin updates</li> <li>Enable partial formatting (mostly removing trailing whitespace)</li> </ul> <p>Compatibility remains with 4.8.6 of spotbugs</p> <h2>Spotbugs Maven Plugin 4.8.6.4</h2> <ul> <li>Groovy set to 4.0.23</li> <li>Drop maven site plugin 3.6 and before support.</li> </ul> <h2>Spotbugs Maven Plugin 4.8.6.3</h2> <ul> <li>Ability to disable logs in quite mode (spotbugs.quiet) <a href="https://redirect.github.com/spotbugs/spotbugs-maven-plugin/issues/842";>#842</a></li> <li>Fix output directory per <a href="https://redirect.github.com/spotbugs/spotbugs-maven-plugin/issues/807";>#807</a></li> <li>Update plugins / dependencies</li> <li>Fix tag used to build spotbugs during GHA</li> <li>Use inject annotation from jsr330 instead of deprecated component annotation</li> </ul> <p>Build</p> <ul> <li>Remove old overrides from pom as addressed</li> <li>Cleanup javadocs</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/3da15a75e0024ef68f77b1674655b6e4642a3f45";><code>3da15a7</code></a> [maven-release-plugin] prepare release spotbugs-maven-plugin-4.8.6.8</li> <li><a href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/8aeb8e6d108fe2732a8f349f7d2f5f4c91fdd962";><code>8aeb8e6</code></a> Merge pull request <a href="https://redirect.github.com/spotbugs/spotbugs-maven-plugin/issues/1352";>#1352</a> from hazendaz/java8</li> <li><a href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/15f0b9662082fa6fd215dbfccd6f548bb224bbc6";><code>15f0b96</code></a> Merge remote-tracking branch 'upstream/master' into java8</li> <li><a href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/5579b8651112db55468be6069b46670aab5a6af9";><code>5579b86</code></a> Merge pull request <a href="https://redirect.github.com/spotbugs/spotbugs-maven-plugin/issues/1350";>#1350</a> from hazendaz/master</li> <li><a href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/e8d634415d40f69877231e4aba1db12710a6228d";><code>e8d6344</code></a> [ci] formatting</li> <li><a href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/cb28317ffae4c6e4e9a42c0316ebc83979fc9170";><code>cb28317</code></a> [pom] Update byte buddy to 1.18.7 (no jdk5)</li> <li><a href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/c5075c3dd5ee29d8f46d3b595c12009d989a004b";><code>c5075c3</code></a> Merge pull request <a href="https://redirect.github.com/spotbugs/spotbugs-maven-plugin/issues/1349";>#1349</a> from hazendaz/java8</li> <li><a href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/47a946852186bf4edca1ffd033934b37a4b7e43d";><code>47a9468</code></a> Correct site goal determination</li> <li><a href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/72c361281ea06e51ea40106996557f731b290203";><code>72c3612</code></a> Merge pull request <a href="https://redirect.github.com/spotbugs/spotbugs-maven-plugin/issues/1348";>#1348</a> from hazendaz/java8</li> <li><a href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/ed10bf6d62ac4bafae37d2b158e3a26ebe511130";><code>ed10bf6</code></a> Merge remote-tracking branch 'upstream/master' into java8</li> <li>Additional commits viewable in <a href="https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.8.6.2...spotbugs-maven-plugin-4.8.6.8";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
