Message-ID: From: "renovate-bot (@renovate-bot)" To: "pgjdbc/pgjdbc" Date: Tue, 04 Mar 2025 14:58:36 +0000 Subject: [pgjdbc/pgjdbc] PR #3556: fix(deps): update dependency spotbugs to v4.9.2 List-Id: X-GitHub-Author-Id: 25180681 X-GitHub-Author-Login: renovate-bot X-GitHub-Issue: 3556 X-GitHub-Labels: dependencies X-GitHub-Repo: pgjdbc/pgjdbc X-GitHub-State: merged X-GitHub-Type: pull_request X-GitHub-Url: https://github.com/pgjdbc/pgjdbc/pull/3556 Content-Type: text/plain; charset=utf-8 This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [spotbugs](https://spotbugs.github.io/) ([source](https://redirect.github.com/spotbugs/spotbugs)) | `4.8.6` -> `4.9.2` | [![age](https://developer.mend.io/api/mc/badges/age/maven/com.github.spotbugs:spotbugs/4.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/maven/com.github.spotbugs:spotbugs/4.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/maven/com.github.spotbugs:spotbugs/4.8.6/4.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/com.github.spotbugs:spotbugs/4.8.6/4.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
spotbugs/spotbugs (spotbugs) ### [`v4.9.2`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#492---2025-03-01) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.9.1...4.9.2) ##### Added - Reporting useless `@SuppressFBWarnings` annotations ([#​641](https://redirect.github.com/spotbugs/spotbugs/issues/641)) ##### Fixed - Fixed html bug descriptions for AT_STALE_THREAD_WRITE_OF_PRIMITIVE and AT_NONATOMIC\_64BIT_PRIMITIVE ([#​3303](https://redirect.github.com/spotbugs/spotbugs/issues/3303)) - Fixed an `HSM_HIDING_METHOD` false positive when ECJ generates a synthetic method for an enum switch ([#​3305](https://redirect.github.com/spotbugs/spotbugs/issues/3305)) - Fix `AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD` false negatives, detector depending on method order. - Fix `THROWS_METHOD_THROWS_CLAUSE_THROWABLE` reported in a method calling `MethodHandle.invokeExact` due to its polymorphic signature ([#​3309](https://redirect.github.com/spotbugs/spotbugs/issues/3309)) - Fix `AT_STALE_THREAD_WRITE_OF_PRIMITIVE` false positive in inner class ([#​3310](https://redirect.github.com/spotbugs/spotbugs/issues/3310)). - Fix `AT_STALE_THREAD_WRITE_OF_PRIMITIVE` false positive for ECJ compiled enum switches ([#​3316](https://redirect.github.com/spotbugs/spotbugs/issues/3316)) - Fix `RC_REF_COMPARISON` false positive with Lombok With annotation ([#​3319](https://redirect.github.com/spotbugs/spotbugs/pull/3319)) - Avoid calling File.getCanonicalPath twice to improve performance ([#​3325](https://redirect.github.com/spotbugs/spotbugs/pull/3325)) - Fix `MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR` and `MC_OVERRIDABLE_METHOD_CALL_IN_CLONE` false positive when the overridable method is outside the class ([#​3328](https://redirect.github.com/spotbugs/spotbugs/issues/3328)). - Fix NullPointerException thrown from `ThrowingExceptions` detector ([#​3337](https://redirect.github.com/spotbugs/spotbugs/pull/3337)). ##### Removed - Removed the `TLW_TWO_LOCK_NOTIFY`, `LI_LAZY_INIT_INSTANCE`, `BRSA_BAD_RESULTSET_ACCESS`, `BC_NULL_INSTANCEOF`, `NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR` and `RCN_REDUNDANT_CHECKED_NULL_COMPARISON` deprecated bug patterns. ### [`v4.9.1`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#491---2025-02-02) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.9.0...4.9.1) ##### Added - New detector `SharedVariableAtomicityDetector` for new bug types `AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE`, `AT_NONATOMIC_64BIT_PRIMITIVE` and `AT_STALE_THREAD_WRITE_OF_PRIMITIVE` (See SEI CERT rules [VNA00-J](https://wiki.sei.cmu.edu/confluence/display/java/VNA00-J.+Ensure+visibility+when+accessing+shared+primitive+variables), [VNA02-J](https://wiki.sei.cmu.edu/confluence/display/java/VNA02-J.+Ensure+that+compound+operations+on+shared+variables+are+atomic) and [VNA05-J](https://wiki.sei.cmu.edu/confluence/display/java/VNA05-J.+Ensure+atomicity+when+reading+and+writing+64-bit+values)). - New detector `FindHiddenMethod` for bug type `HSM_HIDING_METHOD`. This bug is reported whenever a subclass method hides the static method of super class. (See [SEI CERT MET07-J](https://wiki.sei.cmu.edu/confluence/display/java/MET07-J.+Never+declare+a+class+method+that+hides+a+method+declared+in+a+superclass+or+superinterface)). ##### Fixed - Fixed the parsing of generics methods in `ThrowingExceptions` ([#​3267](https://redirect.github.com/spotbugs/spotbugs/issues/3267)) - Accept the 1st parameter of `java.util.concurrent.CompletableFuture`'s `completeOnTimeout()`, `getNow()` and `obtrudeValue()` functions as nullable ([#​1001](https://redirect.github.com/spotbugs/spotbugs/issues/1001)). - Fixed the analysis error when `FindReturnRef` was checking instructions corresponding to a CFG branch that was optimized away ([#​3266](https://redirect.github.com/spotbugs/spotbugs/issues/3266)) - Added execute file permission to files in the distribution archive ([#​3274](https://redirect.github.com/spotbugs/spotbugs/issues/3274)) - Fixed a stack overflow in `MultipleInstantiationsOfSingletons` when a singleton initializer makes recursive calls ([#​3280](https://redirect.github.com/spotbugs/spotbugs/issues/3280)) - Fixed NPE in `FindReturnRef` on inner class fields ([#​3283](https://redirect.github.com/spotbugs/spotbugs/issues/3283)) - Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive when add edu.umd.cs.findbugs.annotations.Nullable ([#​3243](https://redirect.github.com/spotbugs/spotbugs/issues/3243)) ### [`v4.9.0`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#490---2025-01-15) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.8.6...4.9.0) ##### Added - Updated the `SuppressFBWarnings` annotation to support finer grained bug suppressions ([#​3102](https://redirect.github.com/spotbugs/spotbugs/pull/3102)) - SimpleDateFormat, DateTimeFormatter, FastDateFormat string check for bad combinations of flag formatting ([#​637](https://redirect.github.com/spotbugs/spotbugs/issues/637)) - New detector `ResourceInMultipleThreadsDetector` and introduced new bug type: - `AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD` is reported in case of unsafe resource access in multiple threads. ##### Fixed - Do not consider Records as Singletons ([#​2981](https://redirect.github.com/spotbugs/spotbugs/issues/2981)) - Keep a maximum of 10000 cached analysis entries for plugin's analysis engines ([#​3025](https://redirect.github.com/spotbugs/spotbugs/pull/3025)) - Only report `MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT` when calling own methods ([#​2957](https://redirect.github.com/spotbugs/spotbugs/issues/2957)) - Check the actual caught exceptions (instead of their common type) when analyzing multi-catch blocks ([#​2968](https://redirect.github.com/spotbugs/spotbugs/issues/2968)) - System property `findbugs.refcomp.reportAll` is now being used. For some new conditions, it will emit an experimental warning ([#​2988](https://redirect.github.com/spotbugs/spotbugs/pull/2988)) - `-version` flag prints the version to the standard output ([#​2797](https://redirect.github.com/spotbugs/spotbugs/issues/2797)) - Revert the changes from ([#​2894](https://redirect.github.com/spotbugs/spotbugs/pull/2894)) to get HTML stylesheets to work again ([#​2969](https://redirect.github.com/spotbugs/spotbugs/issues/2969)) - Fix FP `SING_SINGLETON_GETTER_NOT_SYNCHRONIZED` report when the synchronization is in a called method ([#​3045](https://redirect.github.com/spotbugs/spotbugs/issues/3045)) - Let `BetterCFGBuilder2.isPEI` handle `dup2` bytecode used by Spring AOT ([#​3059](https://redirect.github.com/spotbugs/spotbugs/issues/3059)) - Detect failure to close RocksDB's ReadOptions ([#​3069](https://redirect.github.com/spotbugs/spotbugs/issues/3069)) - Fix FP `EI_EXPOSE_REP` when there are multiple immutable assignments ([#​3023](https://redirect.github.com/spotbugs/spotbugs/issues/3023)) - Fixed false positive `NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR` for Kotlin, handle Kotlin's `Intrinsics.checkNotNullParameter()` ([#​3094](https://redirect.github.com/spotbugs/spotbugs/issues/3094)) - Fixed some CWE mappings ([#​3124](https://redirect.github.com/spotbugs/spotbugs/pull/3124)) - Recognize some classes as immutable, fixing EI_EXPOSE and MS_EXPOSE FPs ([#​3137](https://redirect.github.com/spotbugs/spotbugs/pull/3137)) - Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with TestNG's [@​BeforeClass](https://redirect.github.com/BeforeClass). ([#​3152](https://redirect.github.com/spotbugs/spotbugs/issues/3152)) - Fixed detector `FindReturnRef` not finding references exposed from nested and inner classes ([#​2042](https://redirect.github.com/spotbugs/spotbugs/issues/2042)) - Fix call graph, include non-parametric void methods ([#​3160](https://redirect.github.com/spotbugs/spotbugs/pull/3160)) - Fix multiple reporting of identical bugs messing up statistics ([#​3185](https://redirect.github.com/spotbugs/spotbugs/issues/3185)) - Added missing comma between line number and confidence when describing matching and mismatching bugs for tests ([#​3187](https://redirect.github.com/spotbugs/spotbugs/pull/3187)) - Fixed method matchers with array types ([#​3203](https://redirect.github.com/spotbugs/spotbugs/issues/3203)) - Fix SARIF report's message property in Exception to meet the standard ([#​3197](https://redirect.github.com/spotbugs/spotbugs/issues/3197)) - Fixed `FI_FINALIZER_NULLS_FIELDS` FPs for functions called finalize() but not with the correct signature. ([#​3207](https://redirect.github.com/spotbugs/spotbugs/issues/3207)) - Fixed an error in the detection of bridge methods causing analysis crashes ([#​3208](https://redirect.github.com/spotbugs/spotbugs/issues/3208)) - Fixed detector `ThrowingExceptions` by removing false positive reports, such as synthetic methods (lambdas), methods which inherited their exception specifications and methods which call throwing methods ([#​2040](https://redirect.github.com/spotbugs/spotbugs/issues/2040)) - Do not report `DP_DO_INSIDE_DO_PRIVILEGED`, `DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED` and `USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE` in code targeting Java 17 and above, since it advises the usage of deprecated method ([#​1515](https://redirect.github.com/spotbugs/spotbugs/issues/1515)). - Fixed a `RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT` false positive for a builder delegating to another builder ([#​3235](https://redirect.github.com/spotbugs/spotbugs/issues/3235)) ##### Cleanup - Cleanup thread issue and regex issue in test-harness ([#​3130](https://redirect.github.com/spotbugs/spotbugs/issues/3130)) - Remove extra blank lines and remove public from interface objects as inherently already public ([#​3131](https://redirect.github.com/spotbugs/spotbugs/issues/3131)) - Fix order of modifiers on properties/methods and ensure correct location in file ([#​3132](https://redirect.github.com/spotbugs/spotbugs/issues/3132), [#​3177](https://redirect.github.com/spotbugs/spotbugs/pull/3177)) - Return objects directly instead of creating more garbage collection by defining them ([#​3133](https://redirect.github.com/spotbugs/spotbugs/pull/3133), [#​3175](https://redirect.github.com/spotbugs/spotbugs/pull/3175)) - Restrict the constructor of abstract classes visibility to protected ([#​3178](https://redirect.github.com/spotbugs/spotbugs/pull/3178)) - Cleanup double initialization and fix comments referring to findbugs instead of spotbugs([#​3134](https://redirect.github.com/spotbugs/spotbugs/issues/3134)) - Use diamond operator in constructor calls of Collections ([#​3176](https://redirect.github.com/spotbugs/spotbugs/pull/3176)) - Use `Collection.isEmpty()` or `String.isEmpty()` to test for emptiness ([#​3180](https://redirect.github.com/spotbugs/spotbugs/pull/3180), [#​3219](https://redirect.github.com/spotbugs/spotbugs/pull/3219)) - Use method references instead of lambdas where possible ([#​3179](https://redirect.github.com/spotbugs/spotbugs/pull/3179)) - Move default clauses to the end of switches ([#​3222](https://redirect.github.com/spotbugs/spotbugs/pull/3222)) - Remove unnecessary throws declarations ([#​3220](https://redirect.github.com/spotbugs/spotbugs/pull/3220)) - Use `Boolean.parseBoolean()` for string-to-boolean conversion. ([#​3217](https://redirect.github.com/spotbugs/spotbugs/pull/3217)) - Rename shadowing fields ([#​3221](https://redirect.github.com/spotbugs/spotbugs/pull/3221)) - Combine catch blocks with the same body ([#​3223](https://redirect.github.com/spotbugs/spotbugs/pull/3223)) - Merge conditions of nested ifs ([#​3231](https://redirect.github.com/spotbugs/spotbugs/pull/3231)) - Use non deprecated 'getDottedClassName' instead of 'toDottedClassName'([#​3251](https://redirect.github.com/spotbugs/spotbugs/pull/3251)) - Use try with resources where possible ([#​3253](https://redirect.github.com/spotbugs/spotbugs/pull/3253)) ##### Changed - Bump up Java version to 11
--- ### Configuration 📅 **Schedule**: Branch creation - "every 3 weeks on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/pgjdbc/pgjdbc).