pgjdbc/pgjdbc GitHub issues and pull requests (mirror)
help / color / mirror / Atom feedFrom: renovate-bot (@renovate-bot) <[email protected]>
To: pgjdbc/pgjdbc <[email protected]>
Subject: [pgjdbc/pgjdbc] PR #3556: fix(deps): update dependency spotbugs to v4.9.2
Date: Tue, 04 Mar 2025 14:58:36 +0000
Message-ID: <[email protected]> (raw)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [spotbugs](https://spotbugs.github.io/) ([source](https://redirect.github.com/spotbugs/spotbugs)) | `4.8.6` -> `4.9.2` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) |
---
### Release Notes
<details>
<summary>spotbugs/spotbugs (spotbugs)</summary>
### [`v4.9.2`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#492---2025-03-01)
[Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.9.1...4.9.2)
##### Added
- Reporting useless `@SuppressFBWarnings` annotations ([#​641](https://redirect.github.com/spotbugs/spotbugs/issues/641))
##### Fixed
- Fixed html bug descriptions for AT_STALE_THREAD_WRITE_OF_PRIMITIVE and AT_NONATOMIC\_64BIT_PRIMITIVE ([#​3303](https://redirect.github.com/spotbugs/spotbugs/issues/3303))
- Fixed an `HSM_HIDING_METHOD` false positive when ECJ generates a synthetic method for an enum switch ([#​3305](https://redirect.github.com/spotbugs/spotbugs/issues/3305))
- Fix `AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD` false negatives, detector depending on method order.
- Fix `THROWS_METHOD_THROWS_CLAUSE_THROWABLE` reported in a method calling `MethodHandle.invokeExact` due to its polymorphic signature ([#​3309](https://redirect.github.com/spotbugs/spotbugs/issues/3309))
- Fix `AT_STALE_THREAD_WRITE_OF_PRIMITIVE` false positive in inner class ([#​3310](https://redirect.github.com/spotbugs/spotbugs/issues/3310)).
- Fix `AT_STALE_THREAD_WRITE_OF_PRIMITIVE` false positive for ECJ compiled enum switches ([#​3316](https://redirect.github.com/spotbugs/spotbugs/issues/3316))
- Fix `RC_REF_COMPARISON` false positive with Lombok With annotation ([#​3319](https://redirect.github.com/spotbugs/spotbugs/pull/3319))
- Avoid calling File.getCanonicalPath twice to improve performance ([#​3325](https://redirect.github.com/spotbugs/spotbugs/pull/3325))
- Fix `MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR` and `MC_OVERRIDABLE_METHOD_CALL_IN_CLONE` false positive when the overridable method is outside the class ([#​3328](https://redirect.github.com/spotbugs/spotbugs/issues/3328)).
- Fix NullPointerException thrown from `ThrowingExceptions` detector ([#​3337](https://redirect.github.com/spotbugs/spotbugs/pull/3337)).
##### Removed
- Removed the `TLW_TWO_LOCK_NOTIFY`, `LI_LAZY_INIT_INSTANCE`, `BRSA_BAD_RESULTSET_ACCESS`, `BC_NULL_INSTANCEOF`, `NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR` and `RCN_REDUNDANT_CHECKED_NULL_COMPARISON` deprecated bug patterns.
### [`v4.9.1`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#491---2025-02-02)
[Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.9.0...4.9.1)
##### Added
- New detector `SharedVariableAtomicityDetector` for new bug types `AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE`, `AT_NONATOMIC_64BIT_PRIMITIVE` and `AT_STALE_THREAD_WRITE_OF_PRIMITIVE` (See SEI CERT rules [VNA00-J](https://wiki.sei.cmu.edu/confluence/display/java/VNA00-J.+Ensure+visibility+when+accessing+shared+pr...), [VNA02-J](https://wiki.sei.cmu.edu/confluence/display/java/VNA02-J.+Ensure+that+compound+operations+on+shared+...) and [VNA05-J](https://wiki.sei.cmu.edu/confluence/display/java/VNA05-J.+Ensure+atomicity+when+reading+and+writing+...)).
- New detector `FindHiddenMethod` for bug type `HSM_HIDING_METHOD`. This bug is reported whenever a subclass method hides the static method of super class. (See [SEI CERT MET07-J](https://wiki.sei.cmu.edu/confluence/display/java/MET07-J.+Never+declare+a+class+method+that+hides+a+...)).
##### Fixed
- Fixed the parsing of generics methods in `ThrowingExceptions` ([#​3267](https://redirect.github.com/spotbugs/spotbugs/issues/3267))
- Accept the 1st parameter of `java.util.concurrent.CompletableFuture`'s `completeOnTimeout()`, `getNow()` and `obtrudeValue()` functions as nullable ([#​1001](https://redirect.github.com/spotbugs/spotbugs/issues/1001)).
- Fixed the analysis error when `FindReturnRef` was checking instructions corresponding to a CFG branch that was optimized away ([#​3266](https://redirect.github.com/spotbugs/spotbugs/issues/3266))
- Added execute file permission to files in the distribution archive ([#​3274](https://redirect.github.com/spotbugs/spotbugs/issues/3274))
- Fixed a stack overflow in `MultipleInstantiationsOfSingletons` when a singleton initializer makes recursive calls ([#​3280](https://redirect.github.com/spotbugs/spotbugs/issues/3280))
- Fixed NPE in `FindReturnRef` on inner class fields ([#​3283](https://redirect.github.com/spotbugs/spotbugs/issues/3283))
- Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive when add edu.umd.cs.findbugs.annotations.Nullable ([#​3243](https://redirect.github.com/spotbugs/spotbugs/issues/3243))
### [`v4.9.0`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#490---2025-01-15)
[Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.8.6...4.9.0)
##### Added
- Updated the `SuppressFBWarnings` annotation to support finer grained bug suppressions ([#​3102](https://redirect.github.com/spotbugs/spotbugs/pull/3102))
- SimpleDateFormat, DateTimeFormatter, FastDateFormat string check for bad combinations of flag formatting ([#​637](https://redirect.github.com/spotbugs/spotbugs/issues/637))
- New detector `ResourceInMultipleThreadsDetector` and introduced new bug type:
- `AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD` is reported in case of unsafe resource access in multiple threads.
##### Fixed
- Do not consider Records as Singletons ([#​2981](https://redirect.github.com/spotbugs/spotbugs/issues/2981))
- Keep a maximum of 10000 cached analysis entries for plugin's analysis engines ([#​3025](https://redirect.github.com/spotbugs/spotbugs/pull/3025))
- Only report `MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT` when calling own methods ([#​2957](https://redirect.github.com/spotbugs/spotbugs/issues/2957))
- Check the actual caught exceptions (instead of their common type) when analyzing multi-catch blocks ([#​2968](https://redirect.github.com/spotbugs/spotbugs/issues/2968))
- System property `findbugs.refcomp.reportAll` is now being used. For some new conditions, it will emit an experimental warning ([#​2988](https://redirect.github.com/spotbugs/spotbugs/pull/2988))
- `-version` flag prints the version to the standard output ([#​2797](https://redirect.github.com/spotbugs/spotbugs/issues/2797))
- Revert the changes from ([#​2894](https://redirect.github.com/spotbugs/spotbugs/pull/2894)) to get HTML stylesheets to work again ([#​2969](https://redirect.github.com/spotbugs/spotbugs/issues/2969))
- Fix FP `SING_SINGLETON_GETTER_NOT_SYNCHRONIZED` report when the synchronization is in a called method ([#​3045](https://redirect.github.com/spotbugs/spotbugs/issues/3045))
- Let `BetterCFGBuilder2.isPEI` handle `dup2` bytecode used by Spring AOT ([#​3059](https://redirect.github.com/spotbugs/spotbugs/issues/3059))
- Detect failure to close RocksDB's ReadOptions ([#​3069](https://redirect.github.com/spotbugs/spotbugs/issues/3069))
- Fix FP `EI_EXPOSE_REP` when there are multiple immutable assignments ([#​3023](https://redirect.github.com/spotbugs/spotbugs/issues/3023))
- Fixed false positive `NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR` for Kotlin, handle Kotlin's `Intrinsics.checkNotNullParameter()` ([#​3094](https://redirect.github.com/spotbugs/spotbugs/issues/3094))
- Fixed some CWE mappings ([#​3124](https://redirect.github.com/spotbugs/spotbugs/pull/3124))
- Recognize some classes as immutable, fixing EI_EXPOSE and MS_EXPOSE FPs ([#​3137](https://redirect.github.com/spotbugs/spotbugs/pull/3137))
- Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with TestNG's [@​BeforeClass](https://redirect.github.com/BeforeClass). ([#​3152](https://redirect.github.com/spotbugs/spotbugs/issues/3152))
- Fixed detector `FindReturnRef` not finding references exposed from nested and inner classes ([#​2042](https://redirect.github.com/spotbugs/spotbugs/issues/2042))
- Fix call graph, include non-parametric void methods ([#​3160](https://redirect.github.com/spotbugs/spotbugs/pull/3160))
- Fix multiple reporting of identical bugs messing up statistics ([#​3185](https://redirect.github.com/spotbugs/spotbugs/issues/3185))
- Added missing comma between line number and confidence when describing matching and mismatching bugs for tests ([#​3187](https://redirect.github.com/spotbugs/spotbugs/pull/3187))
- Fixed method matchers with array types ([#​3203](https://redirect.github.com/spotbugs/spotbugs/issues/3203))
- Fix SARIF report's message property in Exception to meet the standard ([#​3197](https://redirect.github.com/spotbugs/spotbugs/issues/3197))
- Fixed `FI_FINALIZER_NULLS_FIELDS` FPs for functions called finalize() but not with the correct signature. ([#​3207](https://redirect.github.com/spotbugs/spotbugs/issues/3207))
- Fixed an error in the detection of bridge methods causing analysis crashes ([#​3208](https://redirect.github.com/spotbugs/spotbugs/issues/3208))
- Fixed detector `ThrowingExceptions` by removing false positive reports, such as synthetic methods (lambdas), methods which inherited their exception specifications and methods which call throwing methods ([#​2040](https://redirect.github.com/spotbugs/spotbugs/issues/2040))
- Do not report `DP_DO_INSIDE_DO_PRIVILEGED`, `DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED` and `USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE` in code targeting Java 17 and above, since it advises the usage of deprecated method ([#​1515](https://redirect.github.com/spotbugs/spotbugs/issues/1515)).
- Fixed a `RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT` false positive for a builder delegating to another builder ([#​3235](https://redirect.github.com/spotbugs/spotbugs/issues/3235))
##### Cleanup
- Cleanup thread issue and regex issue in test-harness ([#​3130](https://redirect.github.com/spotbugs/spotbugs/issues/3130))
- Remove extra blank lines and remove public from interface objects as inherently already public ([#​3131](https://redirect.github.com/spotbugs/spotbugs/issues/3131))
- Fix order of modifiers on properties/methods and ensure correct location in file ([#​3132](https://redirect.github.com/spotbugs/spotbugs/issues/3132), [#​3177](https://redirect.github.com/spotbugs/spotbugs/pull/3177))
- Return objects directly instead of creating more garbage collection by defining them ([#​3133](https://redirect.github.com/spotbugs/spotbugs/pull/3133), [#​3175](https://redirect.github.com/spotbugs/spotbugs/pull/3175))
- Restrict the constructor of abstract classes visibility to protected ([#​3178](https://redirect.github.com/spotbugs/spotbugs/pull/3178))
- Cleanup double initialization and fix comments referring to findbugs instead of spotbugs([#​3134](https://redirect.github.com/spotbugs/spotbugs/issues/3134))
- Use diamond operator in constructor calls of Collections ([#​3176](https://redirect.github.com/spotbugs/spotbugs/pull/3176))
- Use `Collection.isEmpty()` or `String.isEmpty()` to test for emptiness ([#​3180](https://redirect.github.com/spotbugs/spotbugs/pull/3180), [#​3219](https://redirect.github.com/spotbugs/spotbugs/pull/3219))
- Use method references instead of lambdas where possible ([#​3179](https://redirect.github.com/spotbugs/spotbugs/pull/3179))
- Move default clauses to the end of switches ([#​3222](https://redirect.github.com/spotbugs/spotbugs/pull/3222))
- Remove unnecessary throws declarations ([#​3220](https://redirect.github.com/spotbugs/spotbugs/pull/3220))
- Use `Boolean.parseBoolean()` for string-to-boolean conversion. ([#​3217](https://redirect.github.com/spotbugs/spotbugs/pull/3217))
- Rename shadowing fields ([#​3221](https://redirect.github.com/spotbugs/spotbugs/pull/3221))
- Combine catch blocks with the same body ([#​3223](https://redirect.github.com/spotbugs/spotbugs/pull/3223))
- Merge conditions of nested ifs ([#​3231](https://redirect.github.com/spotbugs/spotbugs/pull/3231))
- Use non deprecated 'getDottedClassName' instead of 'toDottedClassName'([#​3251](https://redirect.github.com/spotbugs/spotbugs/pull/3251))
- Use try with resources where possible ([#​3253](https://redirect.github.com/spotbugs/spotbugs/pull/3253))
##### Changed
- Bump up Java version to 11
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "every 3 weeks on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
â™» **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/pgjdbc/pgjdbc).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xODUuNCIsInVwZGF0ZWRJblZlciI6IjM5LjE4NS40IiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: github://pgjdbc/pgjdbc
Cc: [email protected], [email protected]
Subject: Re: [pgjdbc/pgjdbc] PR #3556: fix(deps): update dependency spotbugs to v4.9.2
In-Reply-To: <<[email protected]>>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox