Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update java #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update java #1

wants to merge 1 commit into from

Conversation

renovate-demo
Copy link
Owner

This PR contains the following updates:

Package Type Update Change
com.github.spotbugs plugin patch 5.0.3 -> 5.0.13
com.github.ben-manes.versions plugin minor 0.40.0 -> 0.44.0
com.github.spotbugs:spotbugs-annotations (source) dependencies minor 4.5.2 -> 4.7.3

Release Notes

spotbugs/spotbugs

v4.7.3

Compare Source

Fixed
  • Fixed detector DontUseFloatsAsLoopCounters to prevent false positives. (#​2126)
  • Fixed regression in 4.7.2 caused by (#​2141)
  • improve compatibility with later version of jdk (>= 13). (#​2188)
  • Fixed detector UncallableMethodOfAnonymousClass to not report unused methods of method-local enumerations and records (#​2120)
  • Fixed detector FindSqlInjection to detect bug SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE SQL with high priority in case of unsafe appends also in Java 11 and above (#​2183)
  • Fixed detector StringConcatenation to detect bug SBSC_USE_STRINGBUFFER_CONCATENATION also in Java 11 and above (#​2182)
  • Fixed OpcodeStackDetector to to handle propagation of taints properly in case of string concatenation in Java 9 and above (#​2195)
  • Bump up log4j2 binding to 2.19.0
  • Bump ObjectWeb ASM from 9.3 to 9.4 supporting JDK 20 (#​2200)
  • Bump up commons-text to 1.10.0 (#​2197)
  • Fixed debug detector ViewCFG to generate file names that are also valid on Windows (#​2209)

v4.7.2

Compare Source

Fixed
  • Bumped gson from 2.9.0 to 2.9.1 (#​2136)
  • Bump up SLF4J API to 2.0.0
  • Bump up logback to 1.4.0
  • Bump up log4j2 binding to 2.18.0
  • Bump up Saxon-HE to 11.4 (#​2160)
  • Fixed InvalidInputException in Eclipse while bug reporting (#​2134)
  • Bug SA_FIELD_SELF_ASSIGNMENT is now reported from nested classes as well (#​2142)
  • Avoid warning on use of security manager on Java 17 and newer. (#​1579)
  • Fixed false positives EI_EXPOSE_REP thrown in case of fields initialized by the of or copyOf method of a List, Map or Set (#​1771)
  • Fixed CFGBuilderException thrown when dup_x2 is used to swap the reference and wide-value (double, long) in the stack (#​2146)

v4.7.1

Compare Source

Fixed
  • Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE on try-with-resources with interface references (#​1931)
  • Fixed NullPointerException thrown by detector FindPotentialSecurityCheckBasedOnUntrustedSource on Kotlin files. (#​2041)
  • Disabled detector ThrowingExceptions by default to avoid many false positives (#​2040)
  • Fixed False positives for THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION and THROWS_METHOD_THROWS_CLAUSE_THROWABLE on evaluating synthetic classes (#​2040)
  • Fixed False positive for SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA on proper protection by using static lock for synchronized block, but inside an unsecured (synchronized and not static) method (#​2089)

v4.7.0

Compare Source

Changed
  • Updated documentation by adding parenthesis () to the negative odd check message (#​1995)
  • Let the Plugin class implement AutoCloseable so we can release the .jar file (#​2024)
Fixed
  • Fixed reports to truncate existing files before writing new content (#​1950)
  • Bumped Saxon-HE from 10.6 to 11.3 (#​1955, #​1999)
  • Fixed traversal of nested archives governed by -nested:true (#​1930)
  • Warnings of deprecated System::setSecurityManager calls on Java 17 (#​1983)
  • Fixed false positive SSD bug for locking on java.lang.Class objects (#​1978)
  • FindReturnRef throws an IllegalArgumentException unexpectedly (#​2019)
  • Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#​2004)
Added
  • New detector ThrowingExceptions and introduced new bug types:
    • THROWS_METHOD_THROWS_RUNTIMEEXCEPTION is reported in case of a method throwing RuntimeException,
    • THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION is reported when a method has Exception in its throws clause and
    • THROWS_METHOD_THROWS_CLAUSE_THROWABLE is reported when a method has Throwable in its throws clause (See SEI CERT ERR07-J)
  • New rule PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS to warn for custom class loaders who do not call their superclasses' getPermissions() in their getPermissions() method. This rule based on the SEI CERT rule SEC07-J Call the superclass's getPermissions() method when writing a custom class loader. (#SEC07-J)
  • New rule USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on SEC02-J. Do not base security checks on untrusted sources. (#SEC02-J)
  • New detector DontUseFloatsAsLoopCounters to detect usage of floating-point variables as loop counters (FL_FLOATS_AS_LOOP_COUNTERS), according to SEI CERT rules NUM09-J. Do not use floating-point variables as loop counters
  • New test detector ViewCFG to visualize the control-flow graph for SpotBugs developers

v4.6.0

Compare Source

Fixed
  • Fixed spotbugs build with ecj compiler (#​1903)
  • Moved tests from spotbugs project to spotbugs-tests project (#​1914)
  • Fixed UI freezes in Eclipse on bug count decorations update (#​285)
  • Bumped log4j from 2.17.1 to 2.17.2 (#​1960)
  • Bumped gson from 2.8.9 to 2.9.0 (#​1960)
Added
  • New detector FindInstanceLockOnSharedStaticData for new bug type SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA. This detector reports a bug if an instance level lock is used to modify a shared static data. (See SEI CERT rule LCK06-J)

v4.5.3

Compare Source

Security
Fixed
  • Remove duplicated logging frameworks from the Eclipse plugin distribution (#​1868)
  • Corrected class name validation to no longer fail for Kotlin classes on class path containing special characters. (#​1883)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@Churro Churro mentioned this pull request Nov 27, 2022
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
java
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@renovate-demo