solrbot opened a new pull request, #3538: URL: https://github.com/apache/solr/pull/3538
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [com.github.spotbugs:spotbugs-annotations](https://spotbugs.github.io/) ([source](https://redirect.github.com/spotbugs/spotbugs)) | dependencies | minor | `4.8.6` -> `4.9.4` | --- ### Release Notes <details> <summary>spotbugs/spotbugs (com.github.spotbugs:spotbugs-annotations)</summary> ### [`v4.9.4`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#494---2025-08-07) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.9.3...4.9.4) ##### Changed - `AnnotationMatcher` can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered. - Add relevant CWE ids to bugs and refer the CWEs in the bug messages ([#​3354](https://redirect.github.com/spotbugs/spotbugs/pull/3354)). - Replace `LOCAL_VARIABLE_UNKNOWN` with exact method name for `NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE` ([#​3485](https://redirect.github.com/spotbugs/spotbugs/pull/3485)) ##### Fixed - Widen main method recognition according to [JEP 445](https://openjdk.org/jeps/445). ([#​3371](https://redirect.github.com/spotbugs/spotbugs/pull/3371)) - Do not report `US_USELESS_SUPPRESSION_ON_*` on methods, fields, parameters, packages or classes with an `*.Generated` annotation with retention >= class ([#​3350](https://redirect.github.com/spotbugs/spotbugs/issues/3350))([#​3409](https://redirect.github.com/spotbugs/spotbugs/pull/3409)) - Rewrite some member in `ResourceValueFrame.java` to Enum ([#​2061](https://redirect.github.com/spotbugs/spotbugs/issues/2061)) - Ignore non-interpreted text when looking for `FS_BAD_DATE_FORMAT_FLAG_COMBO` ([#​3387](https://redirect.github.com/spotbugs/spotbugs/issues/3387)) - Fix IllegalArgumentException thrown from `FindNoSideEffectMethods` detector ([#​3320](https://redirect.github.com/spotbugs/spotbugs/issues/3320)) - Do not report `RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT` when part of a Mockito `doAnswer()`, `doCallRealMethod()`, `doNothing()`, `doThrow()` or `doReturn()` call ([#​3334](https://redirect.github.com/spotbugs/spotbugs/issues/3334)) - Fix `CT_CONSTRUCTOR_THROW` false positive with public and private constructors in specific order of methods ([#​3417](https://redirect.github.com/spotbugs/spotbugs/issues/3417)) - Fix `AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE`, `AT_NONATOMIC_64BIT_PRIMITIVE` and `AT_STALE_THREAD_WRITE_OF_PRIMITIVE` FP when the relevant code is in private method, which is only called with proper synchronization ([#​3428](https://redirect.github.com/spotbugs/spotbugs/issues/3428)) - Do not report `RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT` when part of a BDDMockito call ([#​3441](https://redirect.github.com/spotbugs/spotbugs/issues/3441)) - Fix `AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE` when field of a local variable is set. ([#​3459](https://redirect.github.com/spotbugs/spotbugs/pull/3459)) - Fix `AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE` FP when there was no compound operation ([#​3363](https://redirect.github.com/spotbugs/spotbugs/issues/3363)) - Fix `NM_FIELD_NAMING_CONVENTION` crash in the TestASM detector ([#​3489](https://redirect.github.com/spotbugs/spotbugs/pull/3489)) - Do not report `UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR` for fields initialized in JUnit 3/4 `setUp()` method. ([#​3169](https://redirect.github.com/spotbugs/spotbugs/issues/3169)) - Fix `US_USELESS_SUPPRESSION_ON_FIELD`/`UUF_UNUSED_FIELD` false positive ([#​3496](https://redirect.github.com/spotbugs/spotbugs/pull/3496)) - Make the osgi manifest of the annotations jar Java 8 compatible ([#​3498](https://redirect.github.com/spotbugs/spotbugs/pull/3498)) ([#​3500](https://redirect.github.com/spotbugs/spotbugs/pull/3500)) - `TextUICommandLine` supports all options encoded in Eclipse preferences file ([#​3520](https://redirect.github.com/spotbugs/spotbugs/issues/3520)) - Unnecessary suppressions fix for records headers ([#​3471](https://redirect.github.com/spotbugs/spotbugs/issues/3471)) - Dead store fix when switch case contains loops ([#​3530](https://redirect.github.com/spotbugs/spotbugs/issues/3530)) ([#​3449](https://redirect.github.com/spotbugs/spotbugs/issues/3449)) - Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects ([#​3463](https://redirect.github.com/spotbugs/spotbugs/issues/3463)) - Detect cases when equals() unconditionally returns true or false ([#​3528](https://redirect.github.com/spotbugs/spotbugs/issues/3528)) - Do not report that an Iterator does not throw `NoSuchElementException` when `hasNext()` returns true ([#​3501](https://redirect.github.com/spotbugs/spotbugs/issues/3501)) - Detect random value cast to int when stored in temporary variable ([#​3461](https://redirect.github.com/spotbugs/spotbugs/issues/3461)) - Look for interfaces default methods when searching uncalled private methods ([#​1988](https://redirect.github.com/spotbugs/spotbugs/issues/1988)) - Fixed field self assignment false positive ([#​2258](https://redirect.github.com/spotbugs/spotbugs/issues/2258)) - Fixed `DMI_INVOKING_TOSTRING_ON_ARRAY` on newer JDK ([#​1147](https://redirect.github.com/spotbugs/spotbugs/issues/1147)) - Fix `NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE` false positive with `Objects.requireNonNull` ([#​2965](https://redirect.github.com/spotbugs/spotbugs/issues/2965)) ([#​3573](https://redirect.github.com/spotbugs/spotbugs/issues/3573)) - Track inner classes access methods to correctly report the bugs ([#​2029](https://redirect.github.com/spotbugs/spotbugs/issues/2029)) - `SF_SWITCH_NO_DEFAULT` false positive fix ([#​1148](https://redirect.github.com/spotbugs/spotbugs/issues/1148)) ([#​3572](https://redirect.github.com/spotbugs/spotbugs/issues/3572)) ##### Added - Added the unnecessary annotation to the `US_USELESS_SUPPRESSION_ON_*` messages ([#​3395](https://redirect.github.com/spotbugs/spotbugs/issues/3395)) - Multi-threaded code checks can be skipped with `@NotThreadSafe` ([#​3390](https://redirect.github.com/spotbugs/spotbugs/issues/3390)) - New bug type `CWO_CLOSED_WITHOUT_OPENED` for locks that might be released without even being acquired. (See [SEI CERT rule LCK08-J](https://wiki.sei.cmu.edu/confluence/display/java/LCK08-J.+Ensure+actively+held+locks+are+released+on+exceptional+conditions)) ([#​2055](https://redirect.github.com/spotbugs/spotbugs/pull/2055)) - Breaking change: changed values and new items in `ResourceValueFrame`. - Inline access method for method. ([#​3481](https://redirect.github.com/spotbugs/spotbugs/issues/3481)) - Added `DMI_MISLEADING_SUBSTRING` for calling `subString(0)` on a StringBuffer/StringBuilder ([#​1928](https://redirect.github.com/spotbugs/spotbugs/issues/1928)) ##### Signing - Signing for Eclipse plugin has been removed at the current time due to signing keys being expired. The expired key produced a warning during install, the same is true without signing. ### [`v4.9.3`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#493---2025-03-14) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.9.2...4.9.3) ##### Added - Introduced `UselessSuppressionDetector` to report the useless annotations instead of `NoteSuppressedWarnings` ([#​3348](https://redirect.github.com/spotbugs/spotbugs/issues/3348)) ##### Fixed - Do not report `US_USELESS_SUPPRESSION_ON_METHOD` on synthetic methods ([#​3351](https://redirect.github.com/spotbugs/spotbugs/issues/3351)) ### [`v4.9.2`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#492---2025-03-01) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.9.1...4.9.2) ##### Added - Reporting useless `@SuppressFBWarnings` annotations ([#​641](https://redirect.github.com/spotbugs/spotbugs/issues/641)) ##### Fixed - Fixed html bug descriptions for AT\_STALE\_THREAD\_WRITE\_OF\_PRIMITIVE and AT\_NONATOMIC\_64BIT\_PRIMITIVE ([#​3303](https://redirect.github.com/spotbugs/spotbugs/issues/3303)) - Fixed an `HSM_HIDING_METHOD` false positive when ECJ generates a synthetic method for an enum switch ([#​3305](https://redirect.github.com/spotbugs/spotbugs/issues/3305)) - Fix `AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD` false negatives, detector depending on method order. - Fix `THROWS_METHOD_THROWS_CLAUSE_THROWABLE` reported in a method calling `MethodHandle.invokeExact` due to its polymorphic signature ([#​3309](https://redirect.github.com/spotbugs/spotbugs/issues/3309)) - Fix `AT_STALE_THREAD_WRITE_OF_PRIMITIVE` false positive in inner class ([#​3310](https://redirect.github.com/spotbugs/spotbugs/issues/3310)). - Fix `AT_STALE_THREAD_WRITE_OF_PRIMITIVE` false positive for ECJ compiled enum switches ([#​3316](https://redirect.github.com/spotbugs/spotbugs/issues/3316)) - Fix `RC_REF_COMPARISON` false positive with Lombok With annotation ([#​3319](https://redirect.github.com/spotbugs/spotbugs/pull/3319)) - Avoid calling File.getCanonicalPath twice to improve performance ([#​3325](https://redirect.github.com/spotbugs/spotbugs/pull/3325)) - Fix `MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR` and `MC_OVERRIDABLE_METHOD_CALL_IN_CLONE` false positive when the overridable method is outside the class ([#​3328](https://redirect.github.com/spotbugs/spotbugs/issues/3328)). - Fix NullPointerException thrown from `ThrowingExceptions` detector ([#​3337](https://redirect.github.com/spotbugs/spotbugs/pull/3337)). ##### Removed - Removed the `TLW_TWO_LOCK_NOTIFY`, `LI_LAZY_INIT_INSTANCE`, `BRSA_BAD_RESULTSET_ACCESS`, `BC_NULL_INSTANCEOF`, `NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR` and `RCN_REDUNDANT_CHECKED_NULL_COMPARISON` deprecated bug patterns. ### [`v4.9.1`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#491---2025-02-02) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.9.0...4.9.1) ##### Added - New detector `SharedVariableAtomicityDetector` for new bug types `AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE`, `AT_NONATOMIC_64BIT_PRIMITIVE` and `AT_STALE_THREAD_WRITE_OF_PRIMITIVE` (See SEI CERT rules [VNA00-J](https://wiki.sei.cmu.edu/confluence/display/java/VNA00-J.+Ensure+visibility+when+accessing+shared+primitive+variables), [VNA02-J](https://wiki.sei.cmu.edu/confluence/display/java/VNA02-J.+Ensure+that+compound+operations+on+shared+variables+are+atomic) and [VNA05-J](https://wiki.sei.cmu.edu/confluence/display/java/VNA05-J.+Ensure+atomicity+when+reading+and+writing+64-bit+values)). - New detector `FindHiddenMethod` for bug type `HSM_HIDING_METHOD`. This bug is reported whenever a subclass method hides the static method of super class. (See [SEI CERT MET07-J](https://wiki.sei.cmu.edu/confluence/display/java/MET07-J.+Never+declare+a+class+method+that+hides+a+method+declared+in+a+superclass+or+superinterface)). ##### Fixed - Fixed the parsing of generics methods in `ThrowingExceptions` ([#​3267](https://redirect.github.com/spotbugs/spotbugs/issues/3267)) - Accept the 1st parameter of `java.util.concurrent.CompletableFuture`'s `completeOnTimeout()`, `getNow()` and `obtrudeValue()` functions as nullable ([#​1001](https://redirect.github.com/spotbugs/spotbugs/issues/1001)). - Fixed the analysis error when `FindReturnRef` was checking instructions corresponding to a CFG branch that was optimized away ([#​3266](https://redirect.github.com/spotbugs/spotbugs/issues/3266)) - Added execute file permission to files in the distribution archive ([#​3274](https://redirect.github.com/spotbugs/spotbugs/issues/3274)) - Fixed a stack overflow in `MultipleInstantiationsOfSingletons` when a singleton initializer makes recursive calls ([#​3280](https://redirect.github.com/spotbugs/spotbugs/issues/3280)) - Fixed NPE in `FindReturnRef` on inner class fields ([#​3283](https://redirect.github.com/spotbugs/spotbugs/issues/3283)) - Fixed NP\_NULL\_ON\_SOME\_PATH\_FROM\_RETURN\_VALUE false positive when add edu.umd.cs.findbugs.annotations.Nullable ([#​3243](https://redirect.github.com/spotbugs/spotbugs/issues/3243)) ### [`v4.9.0`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#490---2025-01-15) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.8.6...4.9.0) ##### Added - Updated the `SuppressFBWarnings` annotation to support finer grained bug suppressions ([#​3102](https://redirect.github.com/spotbugs/spotbugs/pull/3102)) - SimpleDateFormat, DateTimeFormatter, FastDateFormat string check for bad combinations of flag formatting ([#​637](https://redirect.github.com/spotbugs/spotbugs/issues/637)) - New detector `ResourceInMultipleThreadsDetector` and introduced new bug type: - `AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD` is reported in case of unsafe resource access in multiple threads. ##### Fixed - Do not consider Records as Singletons ([#​2981](https://redirect.github.com/spotbugs/spotbugs/issues/2981)) - Keep a maximum of 10000 cached analysis entries for plugin's analysis engines ([#​3025](https://redirect.github.com/spotbugs/spotbugs/pull/3025)) - Only report `MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT` when calling own methods ([#​2957](https://redirect.github.com/spotbugs/spotbugs/issues/2957)) - Check the actual caught exceptions (instead of their common type) when analyzing multi-catch blocks ([#​2968](https://redirect.github.com/spotbugs/spotbugs/issues/2968)) - System property `findbugs.refcomp.reportAll` is now being used. For some new conditions, it will emit an experimental warning ([#​2988](https://redirect.github.com/spotbugs/spotbugs/pull/2988)) - `-version` flag prints the version to the standard output ([#​2797](https://redirect.github.com/spotbugs/spotbugs/issues/2797)) - Revert the changes from ([#​2894](https://redirect.github.com/spotbugs/spotbugs/pull/2894)) to get HTML stylesheets to work again ([#​2969](https://redirect.github.com/spotbugs/spotbugs/issues/2969)) - Fix FP `SING_SINGLETON_GETTER_NOT_SYNCHRONIZED` report when the synchronization is in a called method ([#​3045](https://redirect.github.com/spotbugs/spotbugs/issues/3045)) - Let `BetterCFGBuilder2.isPEI` handle `dup2` bytecode used by Spring AOT ([#​3059](https://redirect.github.com/spotbugs/spotbugs/issues/3059)) - Detect failure to close RocksDB's ReadOptions ([#​3069](https://redirect.github.com/spotbugs/spotbugs/issues/3069)) - Fix FP `EI_EXPOSE_REP` when there are multiple immutable assignments ([#​3023](https://redirect.github.com/spotbugs/spotbugs/issues/3023)) - Fixed false positive `NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR` for Kotlin, handle Kotlin's `Intrinsics.checkNotNullParameter()` ([#​3094](https://redirect.github.com/spotbugs/spotbugs/issues/3094)) - Fixed some CWE mappings ([#​3124](https://redirect.github.com/spotbugs/spotbugs/pull/3124)) - Recognize some classes as immutable, fixing EI\_EXPOSE and MS\_EXPOSE FPs ([#​3137](https://redirect.github.com/spotbugs/spotbugs/pull/3137)) - Do not report UWF\_FIELD\_NOT\_INITIALIZED\_IN\_CONSTRUCTOR for fields initialized in method annotated with TestNG's [@​BeforeClass](https://redirect.github.com/BeforeClass). ([#​3152](https://redirect.github.com/spotbugs/spotbugs/issues/3152)) - Fixed detector `FindReturnRef` not finding references exposed from nested and inner classes ([#​2042](https://redirect.github.com/spotbugs/spotbugs/issues/2042)) - Fix call graph, include non-parametric void methods ([#​3160](https://redirect.github.com/spotbugs/spotbugs/pull/3160)) - Fix multiple reporting of identical bugs messing up statistics ([#​3185](https://redirect.github.com/spotbugs/spotbugs/issues/3185)) - Added missing comma between line number and confidence when describing matching and mismatching bugs for tests ([#​3187](https://redirect.github.com/spotbugs/spotbugs/pull/3187)) - Fixed method matchers with array types ([#​3203](https://redirect.github.com/spotbugs/spotbugs/issues/3203)) - Fix SARIF report's message property in Exception to meet the standard ([#​3197](https://redirect.github.com/spotbugs/spotbugs/issues/3197)) - Fixed `FI_FINALIZER_NULLS_FIELDS` FPs for functions called finalize() but not with the correct signature. ([#​3207](https://redirect.github.com/spotbugs/spotbugs/issues/3207)) - Fixed an error in the detection of bridge methods causing analysis crashes ([#​3208](https://redirect.github.com/spotbugs/spotbugs/issues/3208)) - Fixed detector `ThrowingExceptions` by removing false positive reports, such as synthetic methods (lambdas), methods which inherited their exception specifications and methods which call throwing methods ([#​2040](https://redirect.github.com/spotbugs/spotbugs/issues/2040)) - Do not report `DP_DO_INSIDE_DO_PRIVILEGED`, `DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED` and `USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE` in code targeting Java 17 and above, since it advises the usage of deprecated method ([#​1515](https://redirect.github.com/spotbugs/spotbugs/issues/1515)). - Fixed a `RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT` false positive for a builder delegating to another builder ([#​3235](https://redirect.github.com/spotbugs/spotbugs/issues/3235)) ##### Cleanup - Cleanup thread issue and regex issue in test-harness ([#​3130](https://redirect.github.com/spotbugs/spotbugs/issues/3130)) - Remove extra blank lines and remove public from interface objects as inherently already public ([#​3131](https://redirect.github.com/spotbugs/spotbugs/issues/3131)) - Fix order of modifiers on properties/methods and ensure correct location in file ([#​3132](https://redirect.github.com/spotbugs/spotbugs/issues/3132), [#​3177](https://redirect.github.com/spotbugs/spotbugs/pull/3177)) - Return objects directly instead of creating more garbage collection by defining them ([#​3133](https://redirect.github.com/spotbugs/spotbugs/pull/3133), [#​3175](https://redirect.github.com/spotbugs/spotbugs/pull/3175)) - Restrict the constructor of abstract classes visibility to protected ([#​3178](https://redirect.github.com/spotbugs/spotbugs/pull/3178)) - Cleanup double initialization and fix comments referring to findbugs instead of spotbugs([#​3134](https://redirect.github.com/spotbugs/spotbugs/issues/3134)) - Use diamond operator in constructor calls of Collections ([#​3176](https://redirect.github.com/spotbugs/spotbugs/pull/3176)) - Use `Collection.isEmpty()` or `String.isEmpty()` to test for emptiness ([#​3180](https://redirect.github.com/spotbugs/spotbugs/pull/3180), [#​3219](https://redirect.github.com/spotbugs/spotbugs/pull/3219)) - Use method references instead of lambdas where possible ([#​3179](https://redirect.github.com/spotbugs/spotbugs/pull/3179)) - Move default clauses to the end of switches ([#​3222](https://redirect.github.com/spotbugs/spotbugs/pull/3222)) - Remove unnecessary throws declarations ([#​3220](https://redirect.github.com/spotbugs/spotbugs/pull/3220)) - Use `Boolean.parseBoolean()` for string-to-boolean conversion. ([#​3217](https://redirect.github.com/spotbugs/spotbugs/pull/3217)) - Rename shadowing fields ([#​3221](https://redirect.github.com/spotbugs/spotbugs/pull/3221)) - Combine catch blocks with the same body ([#​3223](https://redirect.github.com/spotbugs/spotbugs/pull/3223)) - Merge conditions of nested ifs ([#​3231](https://redirect.github.com/spotbugs/spotbugs/pull/3231)) - Use non deprecated 'getDottedClassName' instead of 'toDottedClassName'([#​3251](https://redirect.github.com/spotbugs/spotbugs/pull/3251)) - Use try with resources where possible ([#​3253](https://redirect.github.com/spotbugs/spotbugs/pull/3253)) ##### Changed - Bump up Java version to 11 </details> --- ### Configuration 📅 **Schedule**: Branch creation - Every minute ( * * * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. â™» **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/solrbot/renovate-github-action) <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS44Mi4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjgyLjEwIiwidGFyZ2V0QnJhbmNoIjoiYnJhbmNoXzl4IiwibGFiZWxzIjpbImV4ZW1wdC1zdGFsZSJdfQ==--> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
