Bump spotbugs.version from 4.7.3 to 4.8.1

[dependabot]

Bumps spotbugs.version from 4.7.3 to 4.8.1.
Updates com.github.spotbugs:spotbugs-annotations from 4.7.3 to 4.8.1

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

SpotBugs 4.8.1

CHANGELOG

• https://github.com/spotbugs/spotbugs/blob/4.8.1/CHANGELOG.md

CHECKSUM

file	checksum (sha256)
spotbugs-4.8.1-javadoc.jar	f8ef08283a500d3f250f87f5b01fac2ed19acc11bc78657fd277ca7d27c9c211
spotbugs-4.8.1-sources.jar	29fef7bebfe1597f8477e21cf139ac6f1ef01afabce8bb3e6ae258a3d6c3de8f
spotbugs-4.8.1.tgz	b8e8f755c3e629885616d898e1a857162273253559f9e0e329983c671c02cd4e
spotbugs-4.8.1.zip	5cb639cf1ce79dc58ba07ee459a6da8bd665e06e10cfb66a79c685601326c111
spotbugs-annotations-4.8.1-javadoc.jar	56be7c8808111619cf87f4385368b8c0d30e4a01bcea4add878780608a6e932a
spotbugs-annotations-4.8.1-sources.jar	b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar	06eba41a81aaccb011c3f75afa019e509cda7f1eb7a4e057bb860c60845f915e
spotbugs-ant-4.8.1-javadoc.jar	3862ce0fe8a201562cb32ddfbff3d78745950aeb0d0ea8c849bf55d1aa9b71de
spotbugs-ant-4.8.1-sources.jar	9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar	a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar	e49adbc51addf00264042d82075db98a10ad2af9348f7275de6bc075b7245a95
test-harness-4.8.1-javadoc.jar	6f2d3a6c452c972e2890161ee1ff84437bba0877bcd302041df73e9d02217d7b
test-harness-4.8.1-sources.jar	633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6
test-harness-4.8.1.jar	23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9
test-harness-core-4.8.1-javadoc.jar	af4e056c212f1039e9f756067fce7125f24160f2e70918fa710e6e3cd9993e92
test-harness-core-4.8.1-sources.jar	f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.1.jar	5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242
test-harness-jupiter-4.8.1-javadoc.jar	1d84b2c269263a7eb0641d021e99da9a6da2bfac05430b341a38a4b0530e57a9
test-harness-jupiter-4.8.1-sources.jar	0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.1.jar	d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485

SpotBugs 4.8.0

CHANGELOG

• https://github.com/spotbugs/spotbugs/blob/4.8.0/CHANGELOG.md

CHECKSUM

file	checksum (sha256)
spotbugs-4.8.0-javadoc.jar	4cf102aa474ce8f3728e7513c51c0710024e4cd9d6b7c07672b5e3ec0e70a848
spotbugs-4.8.0-sources.jar	d1e47bd320cae314a5c2b44e52152d8ca5f5f700713ba0f497dbed0a916540c2
spotbugs-4.8.0.tgz	15a97043faef7a371ae43137805ca83e89005c22253806b7c63a60a585e794c7
spotbugs-4.8.0.zip	768ac3bd6f5c49d1f12924ff3094ff281debc0ee218ae85ce5aae6f66ca0666a
spotbugs-annotations-4.8.0-javadoc.jar	d8ab5ebdaccff345d7167d2518fd74db72cf6b02b259d4f011689d48351c2b3e
spotbugs-annotations-4.8.0-sources.jar	b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar	f6644de2f0dfe4b614d3c9a35e9a8f1e1da1074892c8cad7a00bb08ce7bf4eff
spotbugs-ant-4.8.0-javadoc.jar	1285df769e00a9fbeb6edceec856b361fb7f5f79762d3f2a768ce71d31cf7bb5
spotbugs-ant-4.8.0-sources.jar	9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar	a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar	1ce2fa740d7f07b802881babb27dd26f74861ff2ac938718779ce8a7cb5fe14c
test-harness-4.8.0-javadoc.jar	3191c34729c1dedb4964dfc8a0cd5917457e6271291688ff6d5fc3b9c96868f6
test-harness-4.8.0-sources.jar	633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6
test-harness-4.8.0.jar	23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9
test-harness-core-4.8.0-javadoc.jar	33c6e66ac7a08344afe48aa5ba1d5be22ec79065e50b235530c02d46818a7018

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.8.1 - 2023-11-06

Fixed

• Fixed schema location for findbugsfilter.xsd ([#1416])
• Fixed missing null checks ([#2629])
• Disabled DontReusePublicIdentifiers due to the high false positives rate ([#2627])
• Removed signature of methods using UTF-8 in DefaultEncodingDetector ([#2634])
• Fix exception escapes when calling functions of JUnit Assert or Assertions ([#2640])
• Fixed an error in the SARIF export when a bug annotation is missing ([#2632])
• Fixed false positive RV_EXCEPTION_NOT_THROWN when asserting to exception throws ([#2628])
• Fix false positive CT_CONSTRUCTOR_THROW when supertype has final finalize ([#2665])
• Lowered the priority of PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE bug ([#2652])
• Eclipse: fixed startup overhead (on computing classpath) for PDE projects ([#2671])

Build

• Fix deprecated GHA on '::set-output' by using GITHUB_OUTPUT ([#2651])

4.8.0 - 2023-10-11

Changed

• Bump up Apache Commons BCEL to the version 6.6.1 (#2223)
• Bump up slf4j-api to 2.0.3 (#2220)
• Bump up gson to 2.10 (#2235)
• Allowed for large command line through writing arguments to file (UnionResults/UnionBugs2)
• Use com.github.stephenc.jcip for jcip-annotations fixing #887

Fixed

• Fixed missing classes not in report if using IErrorLogger.reportMissingClass(ClassDescriptor) (#219)
• Stop exposing junit-bom to consumers (#2255)
• Fixed AbstractBugReporter emits wrong non-sensical debug output during filtering (#184)
• Added support for jakarta namespace (#2289)
• Report a low priority bug for an unread field in reflective classes (#2325)
• Fixed "Unhandled event loop exception" opening Bug Filter Configuration dialog in Eclipse (#2327)
• Fixed detector RandomOnceSubDetector to not report when doubles, ints, or longs are called on a new Random or SecureRandom (#2370)
• Fixed detector TestASM throwing error during analysis, because it doesn't note that it reports bugs.
• Eclipse annotation classpath initializer is hard-coded to jsr305 version 3.0.1, fix to 3.0.2 per #2470
• Fixed annotation on generic or array incorrectly considered for the nullability of a method parameter or return type (#2502)
• Added support for CONSTANT_Dynamic in constant class pool (#2506)
• Recognise enums and records as immutable (#2356)
• Added detections of reliance on default encoding in java.nio.file.Files (#2114)
• Fixed a regression in the Value Number Analysis (#2465)
• Fix XML Output incorrectly escaped in Eclipse Bug Info view (#2520)
• Updated the MS_EXPOSE_REP description to mention mutable objects, not just arrays (#1669)
• Described Configuration option frc.suspicious for bug RC_REF_COMPARISON in bug description (#2297)
• Fixed FindHEMismatch not reporting HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS for some classes (#2402)
• Added execute file permission to files in the distribution zip (#2540)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito.verify() call check (#872)
• Do not report SIC_INNER_SHOULD_BE_STATIC for classes annotated with JUnit Nested (#560)
• Detect created, but not-thrown exceptions, which are created by not the constructor (#2547)
• Fixed eclipse plugin Effort.values pass to effortViewer as required cast to varargs (#2579)

... (truncated)

Commits

• a93f606 release v4.8.1
• 2f8d6ac fix(deps): update junit5 monorepo to v5.10.1 (#2678)
• fc46873 fix(deps): update dependency org.mockito:mockito-core to v5.7.0 (#2675)
• 2541a96 Add more bundles for PDE classpath resolving (#2673)
• 65c8c37 Simplify PDE classpath resolving (#2671)
• 2ea7c1d fix(deps): update dependency org.checkerframework:checker-qual to v3.40.0 (#2...
• 17bb20b Lower the priority of PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE (#2669)
• 0ed9c56 fix(deps): update dependency org.apache.commons:commons-text to v1.11.0 (#2668)
• 674a7d0 Fix CT_CONSTRUCTOR_THROW FP when Supertype has final finalize (#2666)
• a834b53 fix(deps): update log4j to v2.21.1 (#2663)
• Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs from 4.7.3 to 4.8.1

Release notes

Sourced from com.github.spotbugs:spotbugs's releases.

SpotBugs 4.8.1

CHANGELOG

• https://github.com/spotbugs/spotbugs/blob/4.8.1/CHANGELOG.md

CHECKSUM

file	checksum (sha256)
spotbugs-4.8.1-javadoc.jar	f8ef08283a500d3f250f87f5b01fac2ed19acc11bc78657fd277ca7d27c9c211
spotbugs-4.8.1-sources.jar	29fef7bebfe1597f8477e21cf139ac6f1ef01afabce8bb3e6ae258a3d6c3de8f
spotbugs-4.8.1.tgz	b8e8f755c3e629885616d898e1a857162273253559f9e0e329983c671c02cd4e
spotbugs-4.8.1.zip	5cb639cf1ce79dc58ba07ee459a6da8bd665e06e10cfb66a79c685601326c111
spotbugs-annotations-4.8.1-javadoc.jar	56be7c8808111619cf87f4385368b8c0d30e4a01bcea4add878780608a6e932a
spotbugs-annotations-4.8.1-sources.jar	b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar	06eba41a81aaccb011c3f75afa019e509cda7f1eb7a4e057bb860c60845f915e
spotbugs-ant-4.8.1-javadoc.jar	3862ce0fe8a201562cb32ddfbff3d78745950aeb0d0ea8c849bf55d1aa9b71de
spotbugs-ant-4.8.1-sources.jar	9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar	a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar	e49adbc51addf00264042d82075db98a10ad2af9348f7275de6bc075b7245a95
test-harness-4.8.1-javadoc.jar	6f2d3a6c452c972e2890161ee1ff84437bba0877bcd302041df73e9d02217d7b
test-harness-4.8.1-sources.jar	633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6
test-harness-4.8.1.jar	23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9
test-harness-core-4.8.1-javadoc.jar	af4e056c212f1039e9f756067fce7125f24160f2e70918fa710e6e3cd9993e92
test-harness-core-4.8.1-sources.jar	f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.1.jar	5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242
test-harness-jupiter-4.8.1-javadoc.jar	1d84b2c269263a7eb0641d021e99da9a6da2bfac05430b341a38a4b0530e57a9
test-harness-jupiter-4.8.1-sources.jar	0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.1.jar	d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485

SpotBugs 4.8.0

CHANGELOG

• https://github.com/spotbugs/spotbugs/blob/4.8.0/CHANGELOG.md

CHECKSUM

file	checksum (sha256)
spotbugs-4.8.0-javadoc.jar	4cf102aa474ce8f3728e7513c51c0710024e4cd9d6b7c07672b5e3ec0e70a848
spotbugs-4.8.0-sources.jar	d1e47bd320cae314a5c2b44e52152d8ca5f5f700713ba0f497dbed0a916540c2
spotbugs-4.8.0.tgz	15a97043faef7a371ae43137805ca83e89005c22253806b7c63a60a585e794c7
spotbugs-4.8.0.zip	768ac3bd6f5c49d1f12924ff3094ff281debc0ee218ae85ce5aae6f66ca0666a
spotbugs-annotations-4.8.0-javadoc.jar	d8ab5ebdaccff345d7167d2518fd74db72cf6b02b259d4f011689d48351c2b3e
spotbugs-annotations-4.8.0-sources.jar	b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar	f6644de2f0dfe4b614d3c9a35e9a8f1e1da1074892c8cad7a00bb08ce7bf4eff
spotbugs-ant-4.8.0-javadoc.jar	1285df769e00a9fbeb6edceec856b361fb7f5f79762d3f2a768ce71d31cf7bb5
spotbugs-ant-4.8.0-sources.jar	9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar	a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar	1ce2fa740d7f07b802881babb27dd26f74861ff2ac938718779ce8a7cb5fe14c
test-harness-4.8.0-javadoc.jar	3191c34729c1dedb4964dfc8a0cd5917457e6271291688ff6d5fc3b9c96868f6
test-harness-4.8.0-sources.jar	633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6
test-harness-4.8.0.jar	23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9
test-harness-core-4.8.0-javadoc.jar	33c6e66ac7a08344afe48aa5ba1d5be22ec79065e50b235530c02d46818a7018

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs's changelog.

4.8.1 - 2023-11-06

Fixed

• Fixed schema location for findbugsfilter.xsd ([#1416])
• Fixed missing null checks ([#2629])
• Disabled DontReusePublicIdentifiers due to the high false positives rate ([#2627])
• Removed signature of methods using UTF-8 in DefaultEncodingDetector ([#2634])
• Fix exception escapes when calling functions of JUnit Assert or Assertions ([#2640])
• Fixed an error in the SARIF export when a bug annotation is missing ([#2632])
• Fixed false positive RV_EXCEPTION_NOT_THROWN when asserting to exception throws ([#2628])
• Fix false positive CT_CONSTRUCTOR_THROW when supertype has final finalize ([#2665])
• Lowered the priority of PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE bug ([#2652])
• Eclipse: fixed startup overhead (on computing classpath) for PDE projects ([#2671])

Build

• Fix deprecated GHA on '::set-output' by using GITHUB_OUTPUT ([#2651])

4.8.0 - 2023-10-11

Changed

• Bump up Apache Commons BCEL to the version 6.6.1 (#2223)
• Bump up slf4j-api to 2.0.3 (#2220)
• Bump up gson to 2.10 (#2235)
• Allowed for large command line through writing arguments to file (UnionResults/UnionBugs2)
• Use com.github.stephenc.jcip for jcip-annotations fixing #887

Fixed

• Fixed missing classes not in report if using IErrorLogger.reportMissingClass(ClassDescriptor) (#219)
• Stop exposing junit-bom to consumers (#2255)
• Fixed AbstractBugReporter emits wrong non-sensical debug output during filtering (#184)
• Added support for jakarta namespace (#2289)
• Report a low priority bug for an unread field in reflective classes (#2325)
• Fixed "Unhandled event loop exception" opening Bug Filter Configuration dialog in Eclipse (#2327)
• Fixed detector RandomOnceSubDetector to not report when doubles, ints, or longs are called on a new Random or SecureRandom (#2370)
• Fixed detector TestASM throwing error during analysis, because it doesn't note that it reports bugs.
• Eclipse annotation classpath initializer is hard-coded to jsr305 version 3.0.1, fix to 3.0.2 per #2470
• Fixed annotation on generic or array incorrectly considered for the nullability of a method parameter or return type (#2502)
• Added support for CONSTANT_Dynamic in constant class pool (#2506)
• Recognise enums and records as immutable (#2356)
• Added detections of reliance on default encoding in java.nio.file.Files (#2114)
• Fixed a regression in the Value Number Analysis (#2465)
• Fix XML Output incorrectly escaped in Eclipse Bug Info view (#2520)
• Updated the MS_EXPOSE_REP description to mention mutable objects, not just arrays (#1669)
• Described Configuration option frc.suspicious for bug RC_REF_COMPARISON in bug description (#2297)
• Fixed FindHEMismatch not reporting HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS for some classes (#2402)
• Added execute file permission to files in the distribution zip (#2540)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito.verify() call check (#872)
• Do not report SIC_INNER_SHOULD_BE_STATIC for classes annotated with JUnit Nested (#560)
• Detect created, but not-thrown exceptions, which are created by not the constructor (#2547)
• Fixed eclipse plugin Effort.values pass to effortViewer as required cast to varargs (#2579)

... (truncated)

Commits

• a93f606 release v4.8.1
• 2f8d6ac fix(deps): update junit5 monorepo to v5.10.1 (#2678)
• fc46873 fix(deps): update dependency org.mockito:mockito-core to v5.7.0 (#2675)
• 2541a96 Add more bundles for PDE classpath resolving (#2673)
• 65c8c37 Simplify PDE classpath resolving (#2671)
• 2ea7c1d fix(deps): update dependency org.checkerframework:checker-qual to v3.40.0 (#2...
• 17bb20b Lower the priority of PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE (#2669)
• 0ed9c56 fix(deps): update dependency org.apache.commons:commons-text to v1.11.0 (#2668)
• 674a7d0 Fix CT_CONSTRUCTOR_THROW FP when Supertype has final finalize (#2666)
• a834b53 fix(deps): update log4j to v2.21.1 (#2663)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (8858d4f) 88.67% compared to head (c0c4813) 88.67%.
Report is 16 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##               main     #847   +/-   ##
=========================================
  Coverage     88.67%   88.67%           
  Complexity      164      164           
=========================================
  Files            11       11           
  Lines           689      689           
  Branches         85       85           
=========================================
  Hits            611      611           
  Misses           63       63           
  Partials         15       15           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.