Bump com.github.spotbugs:spotbugs-annotations from 4.7.3 to 4.8.2

[dependabot]

Bumps com.github.spotbugs:spotbugs-annotations from 4.7.3 to 4.8.2.

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

SpotBugs 4.8.2

CHANGELOG

Fixed

• Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource (#2379)
• Use java.nio to load filter files (#2684)
• Eclipse: Do not export javax.annotation packages (#2699)
• Fixed not thread safe FindOverridableMethodCall detector (#2701)
• Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. (#2646)
• Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
• Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits (#2710)

Added

• New detector finding System.getenv() calls, where the corresponding Java property could be used (See ENV02-J).

Build

• Run build using jdk 17 and 21 without usage of toolchains so we do not defeat the purpose of building on both. (#2722)

CHECKSUM

file	checksum (sha256)
spotbugs-4.8.2-javadoc.jar	9147da4187712ba3ec7fd232510181366f394443cf70a76ee918738a11c539e9
spotbugs-4.8.2-sources.jar	4486c8404debe8de2d5a7d71c14ad66480f463d84586cb3077c639c72192924c
spotbugs-4.8.2.tgz	c3eb4e2077310bf19b06ed232dc8d71f3a4884a4619fd8a7c041ed5ce5af4819
spotbugs-4.8.2.zip	615400e86ee19ee1b74d0f8d1a170e2dfdb8f49d02b60fa7b276a8179c3b584a
spotbugs-annotations-4.8.2-javadoc.jar	22ec9f9658a7e569893db728a5cdcdb4121b4bca1ae1ee154189f2cbbc42f187
spotbugs-annotations-4.8.2-sources.jar	b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar	3d02aacbf2d094d510c087c2a25a85e04f655b22260016473d02258237d0df27
spotbugs-ant-4.8.2-javadoc.jar	b210ddbee668f591f0ff57ea8d546ac47e2753cbf56b6f1bbeb61a8d4c82d233
spotbugs-ant-4.8.2-sources.jar	9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar	a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar	01974233a0da943700b9b9d190f872f6dd155d5825e05d1fae5a531bebb284eb
test-harness-4.8.2-javadoc.jar	a362bb855074be294da341b5ba7406c013174246c63061fc7dfc91f28795adbe
test-harness-4.8.2-sources.jar	633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6
test-harness-4.8.2.jar	23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9
test-harness-core-4.8.2-javadoc.jar	9b32bd7cc9e5af80379207b0b4ad2f6217c4e46db2db3f371d886e227b2ee266
test-harness-core-4.8.2-sources.jar	f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.2.jar	5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242
test-harness-jupiter-4.8.2-javadoc.jar	8029e928d3dfa2a93ff8d877693421f265122c5d0f4caee17fd6796d0c7e566d
test-harness-jupiter-4.8.2-sources.jar	0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.2.jar	d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485

SpotBugs 4.8.1

CHANGELOG

Fixed

• Fixed schema location for findbugsfilter.xsd ([#1416])
• Fixed missing null checks ([#2629])
• Disabled DontReusePublicIdentifiers due to the high false positives rate ([#2627])
• Removed signature of methods using UTF-8 in DefaultEncodingDetector ([#2634])
• Fix exception escapes when calling functions of JUnit Assert or Assertions ([#2640])
• Fixed an error in the SARIF export when a bug annotation is missing ([#2632])

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.8.2 - 2023-11-28

Fixed

• Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource (#2379)
• Use java.nio to load filter files (#2684)
• Eclipse: Do not export javax.annotation packages (#2699)
• Fixed not thread safe FindOverridableMethodCall detector (#2701)
• Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. (#2646)
• Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
• Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits (#2710)

Added

• New detector finding System.getenv() calls, where the corresponding Java property could be used (See ENV02-J).

Build

• Run build using jdk 17 and 21 without usage of toolchains so we do not defeat the purpose of building on both. (#2722)

4.8.1 - 2023-11-06

Fixed

• Fixed schema location for findbugsfilter.xsd (#1416)
• Fixed missing null checks (#2629)
• Disabled DontReusePublicIdentifiers due to the high false positives rate (#2627)
• Removed signature of methods using UTF-8 in DefaultEncodingDetector (#2634)
• Fix exception escapes when calling functions of JUnit Assert or Assertions (#2640)
• Fixed an error in the SARIF export when a bug annotation is missing (#2632)
• Fixed false positive RV_EXCEPTION_NOT_THROWN when asserting to exception throws (#2628)
• Fix false positive CT_CONSTRUCTOR_THROW when supertype has final finalize (#2665)
• Lowered the priority of PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE bug (#2652)
• Eclipse: fixed startup overhead (on computing classpath) for PDE projects (#2671)

Build

• Fix deprecated GHA on '::set-output' by using GITHUB_OUTPUT (#2651)

4.8.0 - 2023-10-11

Changed

• Bump up Apache Commons BCEL to the version 6.6.1 (#2223)
• Bump up slf4j-api to 2.0.3 (#2220)
• Bump up gson to 2.10 (#2235)
• Allowed for large command line through writing arguments to file (UnionResults/UnionBugs2)
• Use com.github.stephenc.jcip for jcip-annotations fixing (#887)
• Bump ObjectWeb ASM from 9.4 to 9.6, supporting JDK 21 (#2578)

Fixed

• Fixed missing classes not in report if using IErrorLogger.reportMissingClass(ClassDescriptor) (#219)
• Stop exposing junit-bom to consumers (#2255)
• Fixed AbstractBugReporter emits wrong non-sensical debug output during filtering (#184)
• Added support for jakarta namespace (#2289)
• Report a low priority bug for an unread field in reflective classes (#2325)

... (truncated)

Commits

• 0f0e4b2 release v4.8.2
• 02f7366 Run build on both jdk 17 and 21 (#2722)
• a659725 Fix doc on gradle plugin version and run on gradle 8.5 rc4 (#2721)
• e3d4f6e Update RELEASE_PROCEDURE.md (#2719)
• 4e7ace1 chore(deps): update dependency sphinx_rtd_theme to v2 (#2718)
• 8e04ba7 Fix link stuck to earlier version
• e847d62 Fixed extra brackets added to issues in changelog
• 126a750 Fix changelog entry
• b694dd1 Fix issue in ConstructorThrow
• 9558fbd Add tests
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)