2024-06-03 05:36:48 +00:00
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
|
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
|
|
|
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
|
|
|
|
<!-- This module was also published with a richer model, Gradle metadata, -->
|
|
|
|
|
<!-- which should be used instead. Do not delete the following line which -->
|
|
|
|
|
<!-- is to indicate to Gradle or any Gradle module metadata file consumer -->
|
|
|
|
|
<!-- that they should prefer consuming it instead. -->
|
|
|
|
|
<!-- do_not_remove: published-with-gradle-metadata -->
|
|
|
|
|
<modelVersion>4.0.0</modelVersion>
|
|
|
|
|
<groupId>com.github.spotbugs</groupId>
|
|
|
|
|
<artifactId>spotbugs</artifactId>
|
2025-03-15 21:58:02 +00:00
|
|
|
<version>4.9.3</version>
|
2024-06-03 05:36:48 +00:00
|
|
|
<packaging>pom</packaging>
|
|
|
|
|
<name>SpotBugs</name>
|
|
|
|
|
<description>SpotBugs: Because it's easy!</description>
|
|
|
|
|
<url>https://spotbugs.github.io/</url>
|
|
|
|
|
<licenses>
|
|
|
|
|
<license>
|
|
|
|
|
<name>GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1</name>
|
|
|
|
|
<url>https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html</url>
|
|
|
|
|
</license>
|
|
|
|
|
</licenses>
|
|
|
|
|
<developers>
|
|
|
|
|
<developer>
|
|
|
|
|
<id>jsotuyod</id>
|
|
|
|
|
<name>Juan Martín Sotuyo Dodero</name>
|
|
|
|
|
<url>https://github.com/jsotuyod</url>
|
|
|
|
|
<timezone>-3</timezone>
|
|
|
|
|
</developer>
|
|
|
|
|
<developer>
|
|
|
|
|
<id>mebigfatguy</id>
|
|
|
|
|
<name>Dave Brosius</name>
|
|
|
|
|
<email>dbrosius@mebigfatguy.com</email>
|
|
|
|
|
<url>http://www.jroller.com/dbrosius/</url>
|
|
|
|
|
<timezone>-5</timezone>
|
|
|
|
|
</developer>
|
|
|
|
|
<developer>
|
|
|
|
|
<id>henrik242</id>
|
|
|
|
|
<url>https://github.com/henrik242</url>
|
|
|
|
|
</developer>
|
|
|
|
|
<developer>
|
|
|
|
|
<id>KengoTODA</id>
|
|
|
|
|
<name>Kengo TODA</name>
|
|
|
|
|
<email>skypencil@gmail.com</email>
|
|
|
|
|
<url>https://github.com/KengoTODA/</url>
|
|
|
|
|
<timezone>+8</timezone>
|
|
|
|
|
</developer>
|
|
|
|
|
<developer>
|
|
|
|
|
<id>iloveeclipse</id>
|
|
|
|
|
<name>Andrey Loskutov</name>
|
|
|
|
|
<email>loskutov@gmx.de</email>
|
|
|
|
|
<url>https://github.com/iloveeclipse</url>
|
|
|
|
|
<timezone>+2</timezone>
|
|
|
|
|
</developer>
|
|
|
|
|
<developer>
|
|
|
|
|
<id>ThrawnCA</id>
|
|
|
|
|
<url>https://github.com/ThrawnCA</url>
|
|
|
|
|
</developer>
|
|
|
|
|
<developer>
|
|
|
|
|
<id>sewe</id>
|
|
|
|
|
<name>Andreas Sewe</name>
|
|
|
|
|
<email>andreas.sewe@codetrails.com</email>
|
|
|
|
|
<url>https://github.com/sewe</url>
|
|
|
|
|
<timezone>+1</timezone>
|
|
|
|
|
</developer>
|
|
|
|
|
</developers>
|
|
|
|
|
<scm>
|
|
|
|
|
<connection>scm:git:git@github.com:spotbugs/spotbugs.git</connection>
|
|
|
|
|
<developerConnection>scm:git:git@github.com:spotbugs/spotbugs.git</developerConnection>
|
|
|
|
|
<url>https://github.com/spotbugs/spotbugs/</url>
|
|
|
|
|
</scm>
|
|
|
|
|
<dependencyManagement>
|
|
|
|
|
<dependencies>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>org.apache.logging.log4j</groupId>
|
|
|
|
|
<artifactId>log4j-core</artifactId>
|
|
|
|
|
<version>[2.17.1, 3)</version>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>ch.qos.logback</groupId>
|
|
|
|
|
<artifactId>logback-core</artifactId>
|
|
|
|
|
<version>[1.2.9, 2)</version>
|
|
|
|
|
</dependency>
|
|
|
|
|
</dependencies>
|
|
|
|
|
</dependencyManagement>
|
|
|
|
|
<dependencies>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>org.ow2.asm</groupId>
|
|
|
|
|
<artifactId>asm</artifactId>
|
Accepting request 1238225 from home:urbic:branches:Java:packages
- Update to v4.9.0
* Added
+ Updated the SuppressFBWarnings annotation to support finer
grained bug suppressions (#3102)
+ SimpleDateFormat, DateTimeFormatter, FastDateFormat string
check for bad combinations of flag formatting (#637)
+ New detector ResourceInMultipleThreadsDetector and introduced
new bug type:
~ AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of
unsafe resource access in multiple threads.
* Fixed
+ Do not consider Records as Singletons (#2981)
+ Keep a maximum of 10000 cached analysis entries for plugin's
analysis engines (#3025)
+ Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when
calling own methods (#2957)
+ Check the actual caught exceptions (instead of their common
type) when analyzing multi-catch blocks (#2968)
+ System property findbugs.refcomp.reportAll is now being used.
For some new conditions, it will emit an experimental warning
(#2988)
+ -version flag prints the version to the standard output
(#2797)
+ Revert the changes from (#2894) to get HTML stylesheets to
work again (#2969)
+ Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the
synchronization is in a called method (#3045)
+ Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by
Spring AOT (#3059)
+ Detect failure to close RocksDB's ReadOptions (#3069)
+ Fix FP EI_EXPOSE_REP when there are multiple immutable
assignments (#3023)
+ Fixed false positive
NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin,
handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
+ Fixed some CWE mappings (#3124)
+ Recognize some classes as immutable, fixing EI_EXPOSE and
MS_EXPOSE FPs (#3137)
+ Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for
fields initialized in method annotated with TestNG's
@BeforeClass. (#3152)
+ Fixed detector FindReturnRef not finding references exposed
from nested and inner classes (#2042)
+ Fix call graph, include non-parametric void methods (#3160)
+ Fix multiple reporting of identical bugs messing up
statistics (#3185)
+ Added missing comma between line number and confidence when
describing matching and mismatching bugs for tests (#3187)
+ Fixed method matchers with array types (#3203)
+ Fix SARIF report's message property in Exception to meet the
standard (#3197)
+ Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called
finalize() but not with the correct signature. (#3207)
+ Fixed an error in the detection of bridge methods causing
analysis crashes (#3208)
+ Fixed detector ThrowingExceptions by removing false positive
reports, such as synthetic methods (lambdas), methods which
inherited their exception specifications and methods which
call throwing methods (#2040)
+ Do not report DP_DO_INSIDE_DO_PRIVILEGED,
DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and
USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in
code targeting Java 17 and above, since it advises the usage
of deprecated method (#1515).
+ Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive
for a builder delegating to another builder (#3235)
* Cleanup
+ Cleanup thread issue and regex issue in test-harness (#3130)
+ Remove extra blank lines and remove public from interface
objects as inherently already public (#3131)
+ Fix order of modifiers on properties/methods and ensure
correct location in file (#3132, #3177)
+ Return objects directly instead of creating more garbage
collection by defining them (#3133, #3175)
+ Restrict the constructor of abstract classes visibility to
protected (#3178)
+ Cleanup double initialization and fix comments referring to
findbugs instead of spotbugs(#3134)
+ Use diamond operator in constructor calls of Collections
(#3176)
+ Use Collection.isEmpty() or String.isEmpty() to test for
emptiness (#3180, #3219)
+ Use method references instead of lambdas where possible
(#3179)
+ Move default clauses to the end of switches (#3222)
+ Remove unnecessary throws declarations (#3220)
+ Use Boolean.parseBoolean() for string-to-boolean conversion.
(#3217)
+ Rename shadowing fields (#3221)
+ Combine catch blocks with the same body (#3223)
+ Merge conditions of nested ifs (#3231)
+ Use non deprecated 'getDottedClassName' instead of
'toDottedClassName'(#3251)
+ Use try with resources where possible (#3253)
* Changed
+ Bump up Java version to 11
OBS-URL: https://build.opensuse.org/request/show/1238225
OBS-URL: https://build.opensuse.org/package/show/Java:packages/spotbugs?expand=0&rev=6
2025-01-16 11:29:12 +00:00
|
|
|
<version>9.7.1</version>
|
2024-06-03 05:36:48 +00:00
|
|
|
<scope>compile</scope>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>org.ow2.asm</groupId>
|
|
|
|
|
<artifactId>asm-analysis</artifactId>
|
Accepting request 1238225 from home:urbic:branches:Java:packages
- Update to v4.9.0
* Added
+ Updated the SuppressFBWarnings annotation to support finer
grained bug suppressions (#3102)
+ SimpleDateFormat, DateTimeFormatter, FastDateFormat string
check for bad combinations of flag formatting (#637)
+ New detector ResourceInMultipleThreadsDetector and introduced
new bug type:
~ AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of
unsafe resource access in multiple threads.
* Fixed
+ Do not consider Records as Singletons (#2981)
+ Keep a maximum of 10000 cached analysis entries for plugin's
analysis engines (#3025)
+ Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when
calling own methods (#2957)
+ Check the actual caught exceptions (instead of their common
type) when analyzing multi-catch blocks (#2968)
+ System property findbugs.refcomp.reportAll is now being used.
For some new conditions, it will emit an experimental warning
(#2988)
+ -version flag prints the version to the standard output
(#2797)
+ Revert the changes from (#2894) to get HTML stylesheets to
work again (#2969)
+ Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the
synchronization is in a called method (#3045)
+ Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by
Spring AOT (#3059)
+ Detect failure to close RocksDB's ReadOptions (#3069)
+ Fix FP EI_EXPOSE_REP when there are multiple immutable
assignments (#3023)
+ Fixed false positive
NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin,
handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
+ Fixed some CWE mappings (#3124)
+ Recognize some classes as immutable, fixing EI_EXPOSE and
MS_EXPOSE FPs (#3137)
+ Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for
fields initialized in method annotated with TestNG's
@BeforeClass. (#3152)
+ Fixed detector FindReturnRef not finding references exposed
from nested and inner classes (#2042)
+ Fix call graph, include non-parametric void methods (#3160)
+ Fix multiple reporting of identical bugs messing up
statistics (#3185)
+ Added missing comma between line number and confidence when
describing matching and mismatching bugs for tests (#3187)
+ Fixed method matchers with array types (#3203)
+ Fix SARIF report's message property in Exception to meet the
standard (#3197)
+ Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called
finalize() but not with the correct signature. (#3207)
+ Fixed an error in the detection of bridge methods causing
analysis crashes (#3208)
+ Fixed detector ThrowingExceptions by removing false positive
reports, such as synthetic methods (lambdas), methods which
inherited their exception specifications and methods which
call throwing methods (#2040)
+ Do not report DP_DO_INSIDE_DO_PRIVILEGED,
DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and
USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in
code targeting Java 17 and above, since it advises the usage
of deprecated method (#1515).
+ Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive
for a builder delegating to another builder (#3235)
* Cleanup
+ Cleanup thread issue and regex issue in test-harness (#3130)
+ Remove extra blank lines and remove public from interface
objects as inherently already public (#3131)
+ Fix order of modifiers on properties/methods and ensure
correct location in file (#3132, #3177)
+ Return objects directly instead of creating more garbage
collection by defining them (#3133, #3175)
+ Restrict the constructor of abstract classes visibility to
protected (#3178)
+ Cleanup double initialization and fix comments referring to
findbugs instead of spotbugs(#3134)
+ Use diamond operator in constructor calls of Collections
(#3176)
+ Use Collection.isEmpty() or String.isEmpty() to test for
emptiness (#3180, #3219)
+ Use method references instead of lambdas where possible
(#3179)
+ Move default clauses to the end of switches (#3222)
+ Remove unnecessary throws declarations (#3220)
+ Use Boolean.parseBoolean() for string-to-boolean conversion.
(#3217)
+ Rename shadowing fields (#3221)
+ Combine catch blocks with the same body (#3223)
+ Merge conditions of nested ifs (#3231)
+ Use non deprecated 'getDottedClassName' instead of
'toDottedClassName'(#3251)
+ Use try with resources where possible (#3253)
* Changed
+ Bump up Java version to 11
OBS-URL: https://build.opensuse.org/request/show/1238225
OBS-URL: https://build.opensuse.org/package/show/Java:packages/spotbugs?expand=0&rev=6
2025-01-16 11:29:12 +00:00
|
|
|
<version>9.7.1</version>
|
2024-06-03 05:36:48 +00:00
|
|
|
<scope>compile</scope>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>org.ow2.asm</groupId>
|
|
|
|
|
<artifactId>asm-commons</artifactId>
|
Accepting request 1238225 from home:urbic:branches:Java:packages
- Update to v4.9.0
* Added
+ Updated the SuppressFBWarnings annotation to support finer
grained bug suppressions (#3102)
+ SimpleDateFormat, DateTimeFormatter, FastDateFormat string
check for bad combinations of flag formatting (#637)
+ New detector ResourceInMultipleThreadsDetector and introduced
new bug type:
~ AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of
unsafe resource access in multiple threads.
* Fixed
+ Do not consider Records as Singletons (#2981)
+ Keep a maximum of 10000 cached analysis entries for plugin's
analysis engines (#3025)
+ Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when
calling own methods (#2957)
+ Check the actual caught exceptions (instead of their common
type) when analyzing multi-catch blocks (#2968)
+ System property findbugs.refcomp.reportAll is now being used.
For some new conditions, it will emit an experimental warning
(#2988)
+ -version flag prints the version to the standard output
(#2797)
+ Revert the changes from (#2894) to get HTML stylesheets to
work again (#2969)
+ Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the
synchronization is in a called method (#3045)
+ Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by
Spring AOT (#3059)
+ Detect failure to close RocksDB's ReadOptions (#3069)
+ Fix FP EI_EXPOSE_REP when there are multiple immutable
assignments (#3023)
+ Fixed false positive
NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin,
handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
+ Fixed some CWE mappings (#3124)
+ Recognize some classes as immutable, fixing EI_EXPOSE and
MS_EXPOSE FPs (#3137)
+ Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for
fields initialized in method annotated with TestNG's
@BeforeClass. (#3152)
+ Fixed detector FindReturnRef not finding references exposed
from nested and inner classes (#2042)
+ Fix call graph, include non-parametric void methods (#3160)
+ Fix multiple reporting of identical bugs messing up
statistics (#3185)
+ Added missing comma between line number and confidence when
describing matching and mismatching bugs for tests (#3187)
+ Fixed method matchers with array types (#3203)
+ Fix SARIF report's message property in Exception to meet the
standard (#3197)
+ Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called
finalize() but not with the correct signature. (#3207)
+ Fixed an error in the detection of bridge methods causing
analysis crashes (#3208)
+ Fixed detector ThrowingExceptions by removing false positive
reports, such as synthetic methods (lambdas), methods which
inherited their exception specifications and methods which
call throwing methods (#2040)
+ Do not report DP_DO_INSIDE_DO_PRIVILEGED,
DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and
USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in
code targeting Java 17 and above, since it advises the usage
of deprecated method (#1515).
+ Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive
for a builder delegating to another builder (#3235)
* Cleanup
+ Cleanup thread issue and regex issue in test-harness (#3130)
+ Remove extra blank lines and remove public from interface
objects as inherently already public (#3131)
+ Fix order of modifiers on properties/methods and ensure
correct location in file (#3132, #3177)
+ Return objects directly instead of creating more garbage
collection by defining them (#3133, #3175)
+ Restrict the constructor of abstract classes visibility to
protected (#3178)
+ Cleanup double initialization and fix comments referring to
findbugs instead of spotbugs(#3134)
+ Use diamond operator in constructor calls of Collections
(#3176)
+ Use Collection.isEmpty() or String.isEmpty() to test for
emptiness (#3180, #3219)
+ Use method references instead of lambdas where possible
(#3179)
+ Move default clauses to the end of switches (#3222)
+ Remove unnecessary throws declarations (#3220)
+ Use Boolean.parseBoolean() for string-to-boolean conversion.
(#3217)
+ Rename shadowing fields (#3221)
+ Combine catch blocks with the same body (#3223)
+ Merge conditions of nested ifs (#3231)
+ Use non deprecated 'getDottedClassName' instead of
'toDottedClassName'(#3251)
+ Use try with resources where possible (#3253)
* Changed
+ Bump up Java version to 11
OBS-URL: https://build.opensuse.org/request/show/1238225
OBS-URL: https://build.opensuse.org/package/show/Java:packages/spotbugs?expand=0&rev=6
2025-01-16 11:29:12 +00:00
|
|
|
<version>9.7.1</version>
|
2024-06-03 05:36:48 +00:00
|
|
|
<scope>compile</scope>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>org.ow2.asm</groupId>
|
|
|
|
|
<artifactId>asm-tree</artifactId>
|
Accepting request 1238225 from home:urbic:branches:Java:packages
- Update to v4.9.0
* Added
+ Updated the SuppressFBWarnings annotation to support finer
grained bug suppressions (#3102)
+ SimpleDateFormat, DateTimeFormatter, FastDateFormat string
check for bad combinations of flag formatting (#637)
+ New detector ResourceInMultipleThreadsDetector and introduced
new bug type:
~ AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of
unsafe resource access in multiple threads.
* Fixed
+ Do not consider Records as Singletons (#2981)
+ Keep a maximum of 10000 cached analysis entries for plugin's
analysis engines (#3025)
+ Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when
calling own methods (#2957)
+ Check the actual caught exceptions (instead of their common
type) when analyzing multi-catch blocks (#2968)
+ System property findbugs.refcomp.reportAll is now being used.
For some new conditions, it will emit an experimental warning
(#2988)
+ -version flag prints the version to the standard output
(#2797)
+ Revert the changes from (#2894) to get HTML stylesheets to
work again (#2969)
+ Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the
synchronization is in a called method (#3045)
+ Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by
Spring AOT (#3059)
+ Detect failure to close RocksDB's ReadOptions (#3069)
+ Fix FP EI_EXPOSE_REP when there are multiple immutable
assignments (#3023)
+ Fixed false positive
NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin,
handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
+ Fixed some CWE mappings (#3124)
+ Recognize some classes as immutable, fixing EI_EXPOSE and
MS_EXPOSE FPs (#3137)
+ Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for
fields initialized in method annotated with TestNG's
@BeforeClass. (#3152)
+ Fixed detector FindReturnRef not finding references exposed
from nested and inner classes (#2042)
+ Fix call graph, include non-parametric void methods (#3160)
+ Fix multiple reporting of identical bugs messing up
statistics (#3185)
+ Added missing comma between line number and confidence when
describing matching and mismatching bugs for tests (#3187)
+ Fixed method matchers with array types (#3203)
+ Fix SARIF report's message property in Exception to meet the
standard (#3197)
+ Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called
finalize() but not with the correct signature. (#3207)
+ Fixed an error in the detection of bridge methods causing
analysis crashes (#3208)
+ Fixed detector ThrowingExceptions by removing false positive
reports, such as synthetic methods (lambdas), methods which
inherited their exception specifications and methods which
call throwing methods (#2040)
+ Do not report DP_DO_INSIDE_DO_PRIVILEGED,
DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and
USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in
code targeting Java 17 and above, since it advises the usage
of deprecated method (#1515).
+ Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive
for a builder delegating to another builder (#3235)
* Cleanup
+ Cleanup thread issue and regex issue in test-harness (#3130)
+ Remove extra blank lines and remove public from interface
objects as inherently already public (#3131)
+ Fix order of modifiers on properties/methods and ensure
correct location in file (#3132, #3177)
+ Return objects directly instead of creating more garbage
collection by defining them (#3133, #3175)
+ Restrict the constructor of abstract classes visibility to
protected (#3178)
+ Cleanup double initialization and fix comments referring to
findbugs instead of spotbugs(#3134)
+ Use diamond operator in constructor calls of Collections
(#3176)
+ Use Collection.isEmpty() or String.isEmpty() to test for
emptiness (#3180, #3219)
+ Use method references instead of lambdas where possible
(#3179)
+ Move default clauses to the end of switches (#3222)
+ Remove unnecessary throws declarations (#3220)
+ Use Boolean.parseBoolean() for string-to-boolean conversion.
(#3217)
+ Rename shadowing fields (#3221)
+ Combine catch blocks with the same body (#3223)
+ Merge conditions of nested ifs (#3231)
+ Use non deprecated 'getDottedClassName' instead of
'toDottedClassName'(#3251)
+ Use try with resources where possible (#3253)
* Changed
+ Bump up Java version to 11
OBS-URL: https://build.opensuse.org/request/show/1238225
OBS-URL: https://build.opensuse.org/package/show/Java:packages/spotbugs?expand=0&rev=6
2025-01-16 11:29:12 +00:00
|
|
|
<version>9.7.1</version>
|
2024-06-03 05:36:48 +00:00
|
|
|
<scope>compile</scope>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>org.ow2.asm</groupId>
|
|
|
|
|
<artifactId>asm-util</artifactId>
|
Accepting request 1238225 from home:urbic:branches:Java:packages
- Update to v4.9.0
* Added
+ Updated the SuppressFBWarnings annotation to support finer
grained bug suppressions (#3102)
+ SimpleDateFormat, DateTimeFormatter, FastDateFormat string
check for bad combinations of flag formatting (#637)
+ New detector ResourceInMultipleThreadsDetector and introduced
new bug type:
~ AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of
unsafe resource access in multiple threads.
* Fixed
+ Do not consider Records as Singletons (#2981)
+ Keep a maximum of 10000 cached analysis entries for plugin's
analysis engines (#3025)
+ Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when
calling own methods (#2957)
+ Check the actual caught exceptions (instead of their common
type) when analyzing multi-catch blocks (#2968)
+ System property findbugs.refcomp.reportAll is now being used.
For some new conditions, it will emit an experimental warning
(#2988)
+ -version flag prints the version to the standard output
(#2797)
+ Revert the changes from (#2894) to get HTML stylesheets to
work again (#2969)
+ Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the
synchronization is in a called method (#3045)
+ Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by
Spring AOT (#3059)
+ Detect failure to close RocksDB's ReadOptions (#3069)
+ Fix FP EI_EXPOSE_REP when there are multiple immutable
assignments (#3023)
+ Fixed false positive
NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin,
handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
+ Fixed some CWE mappings (#3124)
+ Recognize some classes as immutable, fixing EI_EXPOSE and
MS_EXPOSE FPs (#3137)
+ Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for
fields initialized in method annotated with TestNG's
@BeforeClass. (#3152)
+ Fixed detector FindReturnRef not finding references exposed
from nested and inner classes (#2042)
+ Fix call graph, include non-parametric void methods (#3160)
+ Fix multiple reporting of identical bugs messing up
statistics (#3185)
+ Added missing comma between line number and confidence when
describing matching and mismatching bugs for tests (#3187)
+ Fixed method matchers with array types (#3203)
+ Fix SARIF report's message property in Exception to meet the
standard (#3197)
+ Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called
finalize() but not with the correct signature. (#3207)
+ Fixed an error in the detection of bridge methods causing
analysis crashes (#3208)
+ Fixed detector ThrowingExceptions by removing false positive
reports, such as synthetic methods (lambdas), methods which
inherited their exception specifications and methods which
call throwing methods (#2040)
+ Do not report DP_DO_INSIDE_DO_PRIVILEGED,
DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and
USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in
code targeting Java 17 and above, since it advises the usage
of deprecated method (#1515).
+ Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive
for a builder delegating to another builder (#3235)
* Cleanup
+ Cleanup thread issue and regex issue in test-harness (#3130)
+ Remove extra blank lines and remove public from interface
objects as inherently already public (#3131)
+ Fix order of modifiers on properties/methods and ensure
correct location in file (#3132, #3177)
+ Return objects directly instead of creating more garbage
collection by defining them (#3133, #3175)
+ Restrict the constructor of abstract classes visibility to
protected (#3178)
+ Cleanup double initialization and fix comments referring to
findbugs instead of spotbugs(#3134)
+ Use diamond operator in constructor calls of Collections
(#3176)
+ Use Collection.isEmpty() or String.isEmpty() to test for
emptiness (#3180, #3219)
+ Use method references instead of lambdas where possible
(#3179)
+ Move default clauses to the end of switches (#3222)
+ Remove unnecessary throws declarations (#3220)
+ Use Boolean.parseBoolean() for string-to-boolean conversion.
(#3217)
+ Rename shadowing fields (#3221)
+ Combine catch blocks with the same body (#3223)
+ Merge conditions of nested ifs (#3231)
+ Use non deprecated 'getDottedClassName' instead of
'toDottedClassName'(#3251)
+ Use try with resources where possible (#3253)
* Changed
+ Bump up Java version to 11
OBS-URL: https://build.opensuse.org/request/show/1238225
OBS-URL: https://build.opensuse.org/package/show/Java:packages/spotbugs?expand=0&rev=6
2025-01-16 11:29:12 +00:00
|
|
|
<version>9.7.1</version>
|
2024-06-03 05:36:48 +00:00
|
|
|
<scope>compile</scope>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>org.apache.bcel</groupId>
|
|
|
|
|
<artifactId>bcel</artifactId>
|
Accepting request 1238225 from home:urbic:branches:Java:packages
- Update to v4.9.0
* Added
+ Updated the SuppressFBWarnings annotation to support finer
grained bug suppressions (#3102)
+ SimpleDateFormat, DateTimeFormatter, FastDateFormat string
check for bad combinations of flag formatting (#637)
+ New detector ResourceInMultipleThreadsDetector and introduced
new bug type:
~ AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of
unsafe resource access in multiple threads.
* Fixed
+ Do not consider Records as Singletons (#2981)
+ Keep a maximum of 10000 cached analysis entries for plugin's
analysis engines (#3025)
+ Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when
calling own methods (#2957)
+ Check the actual caught exceptions (instead of their common
type) when analyzing multi-catch blocks (#2968)
+ System property findbugs.refcomp.reportAll is now being used.
For some new conditions, it will emit an experimental warning
(#2988)
+ -version flag prints the version to the standard output
(#2797)
+ Revert the changes from (#2894) to get HTML stylesheets to
work again (#2969)
+ Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the
synchronization is in a called method (#3045)
+ Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by
Spring AOT (#3059)
+ Detect failure to close RocksDB's ReadOptions (#3069)
+ Fix FP EI_EXPOSE_REP when there are multiple immutable
assignments (#3023)
+ Fixed false positive
NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin,
handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
+ Fixed some CWE mappings (#3124)
+ Recognize some classes as immutable, fixing EI_EXPOSE and
MS_EXPOSE FPs (#3137)
+ Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for
fields initialized in method annotated with TestNG's
@BeforeClass. (#3152)
+ Fixed detector FindReturnRef not finding references exposed
from nested and inner classes (#2042)
+ Fix call graph, include non-parametric void methods (#3160)
+ Fix multiple reporting of identical bugs messing up
statistics (#3185)
+ Added missing comma between line number and confidence when
describing matching and mismatching bugs for tests (#3187)
+ Fixed method matchers with array types (#3203)
+ Fix SARIF report's message property in Exception to meet the
standard (#3197)
+ Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called
finalize() but not with the correct signature. (#3207)
+ Fixed an error in the detection of bridge methods causing
analysis crashes (#3208)
+ Fixed detector ThrowingExceptions by removing false positive
reports, such as synthetic methods (lambdas), methods which
inherited their exception specifications and methods which
call throwing methods (#2040)
+ Do not report DP_DO_INSIDE_DO_PRIVILEGED,
DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and
USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in
code targeting Java 17 and above, since it advises the usage
of deprecated method (#1515).
+ Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive
for a builder delegating to another builder (#3235)
* Cleanup
+ Cleanup thread issue and regex issue in test-harness (#3130)
+ Remove extra blank lines and remove public from interface
objects as inherently already public (#3131)
+ Fix order of modifiers on properties/methods and ensure
correct location in file (#3132, #3177)
+ Return objects directly instead of creating more garbage
collection by defining them (#3133, #3175)
+ Restrict the constructor of abstract classes visibility to
protected (#3178)
+ Cleanup double initialization and fix comments referring to
findbugs instead of spotbugs(#3134)
+ Use diamond operator in constructor calls of Collections
(#3176)
+ Use Collection.isEmpty() or String.isEmpty() to test for
emptiness (#3180, #3219)
+ Use method references instead of lambdas where possible
(#3179)
+ Move default clauses to the end of switches (#3222)
+ Remove unnecessary throws declarations (#3220)
+ Use Boolean.parseBoolean() for string-to-boolean conversion.
(#3217)
+ Rename shadowing fields (#3221)
+ Combine catch blocks with the same body (#3223)
+ Merge conditions of nested ifs (#3231)
+ Use non deprecated 'getDottedClassName' instead of
'toDottedClassName'(#3251)
+ Use try with resources where possible (#3253)
* Changed
+ Bump up Java version to 11
OBS-URL: https://build.opensuse.org/request/show/1238225
OBS-URL: https://build.opensuse.org/package/show/Java:packages/spotbugs?expand=0&rev=6
2025-01-16 11:29:12 +00:00
|
|
|
<version>6.10.0</version>
|
2024-06-03 05:36:48 +00:00
|
|
|
<scope>compile</scope>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>com.github.stephenc.jcip</groupId>
|
|
|
|
|
<artifactId>jcip-annotations</artifactId>
|
|
|
|
|
<version>1.0-1</version>
|
|
|
|
|
<scope>compile</scope>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>org.dom4j</groupId>
|
|
|
|
|
<artifactId>dom4j</artifactId>
|
|
|
|
|
<version>2.1.4</version>
|
|
|
|
|
<scope>compile</scope>
|
|
|
|
|
<exclusions>
|
|
|
|
|
<exclusion>
|
|
|
|
|
<groupId>javax.xml.bind</groupId>
|
|
|
|
|
<artifactId>jaxb-api</artifactId>
|
|
|
|
|
</exclusion>
|
|
|
|
|
<exclusion>
|
|
|
|
|
<groupId>jaxen</groupId>
|
|
|
|
|
<artifactId>jaxen</artifactId>
|
|
|
|
|
</exclusion>
|
|
|
|
|
<exclusion>
|
|
|
|
|
<groupId>net.java.dev.msv</groupId>
|
|
|
|
|
<artifactId>xsdlib</artifactId>
|
|
|
|
|
</exclusion>
|
|
|
|
|
<exclusion>
|
|
|
|
|
<groupId>javax.xml.stream</groupId>
|
|
|
|
|
<artifactId>stax-api</artifactId>
|
|
|
|
|
</exclusion>
|
|
|
|
|
<exclusion>
|
|
|
|
|
<groupId>xpp3</groupId>
|
|
|
|
|
<artifactId>xpp3</artifactId>
|
|
|
|
|
</exclusion>
|
|
|
|
|
<exclusion>
|
|
|
|
|
<groupId>pull-parser</groupId>
|
|
|
|
|
<artifactId>pull-parser</artifactId>
|
|
|
|
|
</exclusion>
|
|
|
|
|
</exclusions>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>org.apache.commons</groupId>
|
|
|
|
|
<artifactId>commons-lang3</artifactId>
|
Accepting request 1238225 from home:urbic:branches:Java:packages
- Update to v4.9.0
* Added
+ Updated the SuppressFBWarnings annotation to support finer
grained bug suppressions (#3102)
+ SimpleDateFormat, DateTimeFormatter, FastDateFormat string
check for bad combinations of flag formatting (#637)
+ New detector ResourceInMultipleThreadsDetector and introduced
new bug type:
~ AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of
unsafe resource access in multiple threads.
* Fixed
+ Do not consider Records as Singletons (#2981)
+ Keep a maximum of 10000 cached analysis entries for plugin's
analysis engines (#3025)
+ Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when
calling own methods (#2957)
+ Check the actual caught exceptions (instead of their common
type) when analyzing multi-catch blocks (#2968)
+ System property findbugs.refcomp.reportAll is now being used.
For some new conditions, it will emit an experimental warning
(#2988)
+ -version flag prints the version to the standard output
(#2797)
+ Revert the changes from (#2894) to get HTML stylesheets to
work again (#2969)
+ Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the
synchronization is in a called method (#3045)
+ Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by
Spring AOT (#3059)
+ Detect failure to close RocksDB's ReadOptions (#3069)
+ Fix FP EI_EXPOSE_REP when there are multiple immutable
assignments (#3023)
+ Fixed false positive
NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin,
handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
+ Fixed some CWE mappings (#3124)
+ Recognize some classes as immutable, fixing EI_EXPOSE and
MS_EXPOSE FPs (#3137)
+ Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for
fields initialized in method annotated with TestNG's
@BeforeClass. (#3152)
+ Fixed detector FindReturnRef not finding references exposed
from nested and inner classes (#2042)
+ Fix call graph, include non-parametric void methods (#3160)
+ Fix multiple reporting of identical bugs messing up
statistics (#3185)
+ Added missing comma between line number and confidence when
describing matching and mismatching bugs for tests (#3187)
+ Fixed method matchers with array types (#3203)
+ Fix SARIF report's message property in Exception to meet the
standard (#3197)
+ Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called
finalize() but not with the correct signature. (#3207)
+ Fixed an error in the detection of bridge methods causing
analysis crashes (#3208)
+ Fixed detector ThrowingExceptions by removing false positive
reports, such as synthetic methods (lambdas), methods which
inherited their exception specifications and methods which
call throwing methods (#2040)
+ Do not report DP_DO_INSIDE_DO_PRIVILEGED,
DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and
USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in
code targeting Java 17 and above, since it advises the usage
of deprecated method (#1515).
+ Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive
for a builder delegating to another builder (#3235)
* Cleanup
+ Cleanup thread issue and regex issue in test-harness (#3130)
+ Remove extra blank lines and remove public from interface
objects as inherently already public (#3131)
+ Fix order of modifiers on properties/methods and ensure
correct location in file (#3132, #3177)
+ Return objects directly instead of creating more garbage
collection by defining them (#3133, #3175)
+ Restrict the constructor of abstract classes visibility to
protected (#3178)
+ Cleanup double initialization and fix comments referring to
findbugs instead of spotbugs(#3134)
+ Use diamond operator in constructor calls of Collections
(#3176)
+ Use Collection.isEmpty() or String.isEmpty() to test for
emptiness (#3180, #3219)
+ Use method references instead of lambdas where possible
(#3179)
+ Move default clauses to the end of switches (#3222)
+ Remove unnecessary throws declarations (#3220)
+ Use Boolean.parseBoolean() for string-to-boolean conversion.
(#3217)
+ Rename shadowing fields (#3221)
+ Combine catch blocks with the same body (#3223)
+ Merge conditions of nested ifs (#3231)
+ Use non deprecated 'getDottedClassName' instead of
'toDottedClassName'(#3251)
+ Use try with resources where possible (#3253)
* Changed
+ Bump up Java version to 11
OBS-URL: https://build.opensuse.org/request/show/1238225
OBS-URL: https://build.opensuse.org/package/show/Java:packages/spotbugs?expand=0&rev=6
2025-01-16 11:29:12 +00:00
|
|
|
<version>3.17.0</version>
|
2024-06-03 05:36:48 +00:00
|
|
|
<scope>compile</scope>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>org.apache.commons</groupId>
|
|
|
|
|
<artifactId>commons-text</artifactId>
|
Accepting request 1238225 from home:urbic:branches:Java:packages
- Update to v4.9.0
* Added
+ Updated the SuppressFBWarnings annotation to support finer
grained bug suppressions (#3102)
+ SimpleDateFormat, DateTimeFormatter, FastDateFormat string
check for bad combinations of flag formatting (#637)
+ New detector ResourceInMultipleThreadsDetector and introduced
new bug type:
~ AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of
unsafe resource access in multiple threads.
* Fixed
+ Do not consider Records as Singletons (#2981)
+ Keep a maximum of 10000 cached analysis entries for plugin's
analysis engines (#3025)
+ Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when
calling own methods (#2957)
+ Check the actual caught exceptions (instead of their common
type) when analyzing multi-catch blocks (#2968)
+ System property findbugs.refcomp.reportAll is now being used.
For some new conditions, it will emit an experimental warning
(#2988)
+ -version flag prints the version to the standard output
(#2797)
+ Revert the changes from (#2894) to get HTML stylesheets to
work again (#2969)
+ Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the
synchronization is in a called method (#3045)
+ Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by
Spring AOT (#3059)
+ Detect failure to close RocksDB's ReadOptions (#3069)
+ Fix FP EI_EXPOSE_REP when there are multiple immutable
assignments (#3023)
+ Fixed false positive
NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin,
handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
+ Fixed some CWE mappings (#3124)
+ Recognize some classes as immutable, fixing EI_EXPOSE and
MS_EXPOSE FPs (#3137)
+ Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for
fields initialized in method annotated with TestNG's
@BeforeClass. (#3152)
+ Fixed detector FindReturnRef not finding references exposed
from nested and inner classes (#2042)
+ Fix call graph, include non-parametric void methods (#3160)
+ Fix multiple reporting of identical bugs messing up
statistics (#3185)
+ Added missing comma between line number and confidence when
describing matching and mismatching bugs for tests (#3187)
+ Fixed method matchers with array types (#3203)
+ Fix SARIF report's message property in Exception to meet the
standard (#3197)
+ Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called
finalize() but not with the correct signature. (#3207)
+ Fixed an error in the detection of bridge methods causing
analysis crashes (#3208)
+ Fixed detector ThrowingExceptions by removing false positive
reports, such as synthetic methods (lambdas), methods which
inherited their exception specifications and methods which
call throwing methods (#2040)
+ Do not report DP_DO_INSIDE_DO_PRIVILEGED,
DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and
USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in
code targeting Java 17 and above, since it advises the usage
of deprecated method (#1515).
+ Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive
for a builder delegating to another builder (#3235)
* Cleanup
+ Cleanup thread issue and regex issue in test-harness (#3130)
+ Remove extra blank lines and remove public from interface
objects as inherently already public (#3131)
+ Fix order of modifiers on properties/methods and ensure
correct location in file (#3132, #3177)
+ Return objects directly instead of creating more garbage
collection by defining them (#3133, #3175)
+ Restrict the constructor of abstract classes visibility to
protected (#3178)
+ Cleanup double initialization and fix comments referring to
findbugs instead of spotbugs(#3134)
+ Use diamond operator in constructor calls of Collections
(#3176)
+ Use Collection.isEmpty() or String.isEmpty() to test for
emptiness (#3180, #3219)
+ Use method references instead of lambdas where possible
(#3179)
+ Move default clauses to the end of switches (#3222)
+ Remove unnecessary throws declarations (#3220)
+ Use Boolean.parseBoolean() for string-to-boolean conversion.
(#3217)
+ Rename shadowing fields (#3221)
+ Combine catch blocks with the same body (#3223)
+ Merge conditions of nested ifs (#3231)
+ Use non deprecated 'getDottedClassName' instead of
'toDottedClassName'(#3251)
+ Use try with resources where possible (#3253)
* Changed
+ Bump up Java version to 11
OBS-URL: https://build.opensuse.org/request/show/1238225
OBS-URL: https://build.opensuse.org/package/show/Java:packages/spotbugs?expand=0&rev=6
2025-01-16 11:29:12 +00:00
|
|
|
<version>1.13.0</version>
|
2024-06-03 05:36:48 +00:00
|
|
|
<scope>compile</scope>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>org.slf4j</groupId>
|
|
|
|
|
<artifactId>slf4j-api</artifactId>
|
2025-03-01 22:18:28 +00:00
|
|
|
<version>2.0.17</version>
|
2024-06-03 05:36:48 +00:00
|
|
|
<scope>compile</scope>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>com.github.spotbugs</groupId>
|
|
|
|
|
<artifactId>spotbugs-annotations</artifactId>
|
2025-03-15 21:58:02 +00:00
|
|
|
<version>4.9.3</version>
|
2024-06-03 05:36:48 +00:00
|
|
|
<scope>compile</scope>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>com.google.code.gson</groupId>
|
|
|
|
|
<artifactId>gson</artifactId>
|
2025-02-10 01:50:02 +00:00
|
|
|
<version>2.12.1</version>
|
2024-06-03 05:36:48 +00:00
|
|
|
<scope>compile</scope>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>jaxen</groupId>
|
|
|
|
|
<artifactId>jaxen</artifactId>
|
|
|
|
|
<version>2.0.0</version>
|
|
|
|
|
<scope>runtime</scope>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>net.sf.saxon</groupId>
|
|
|
|
|
<artifactId>Saxon-HE</artifactId>
|
Accepting request 1238225 from home:urbic:branches:Java:packages
- Update to v4.9.0
* Added
+ Updated the SuppressFBWarnings annotation to support finer
grained bug suppressions (#3102)
+ SimpleDateFormat, DateTimeFormatter, FastDateFormat string
check for bad combinations of flag formatting (#637)
+ New detector ResourceInMultipleThreadsDetector and introduced
new bug type:
~ AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of
unsafe resource access in multiple threads.
* Fixed
+ Do not consider Records as Singletons (#2981)
+ Keep a maximum of 10000 cached analysis entries for plugin's
analysis engines (#3025)
+ Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when
calling own methods (#2957)
+ Check the actual caught exceptions (instead of their common
type) when analyzing multi-catch blocks (#2968)
+ System property findbugs.refcomp.reportAll is now being used.
For some new conditions, it will emit an experimental warning
(#2988)
+ -version flag prints the version to the standard output
(#2797)
+ Revert the changes from (#2894) to get HTML stylesheets to
work again (#2969)
+ Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the
synchronization is in a called method (#3045)
+ Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by
Spring AOT (#3059)
+ Detect failure to close RocksDB's ReadOptions (#3069)
+ Fix FP EI_EXPOSE_REP when there are multiple immutable
assignments (#3023)
+ Fixed false positive
NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin,
handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
+ Fixed some CWE mappings (#3124)
+ Recognize some classes as immutable, fixing EI_EXPOSE and
MS_EXPOSE FPs (#3137)
+ Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for
fields initialized in method annotated with TestNG's
@BeforeClass. (#3152)
+ Fixed detector FindReturnRef not finding references exposed
from nested and inner classes (#2042)
+ Fix call graph, include non-parametric void methods (#3160)
+ Fix multiple reporting of identical bugs messing up
statistics (#3185)
+ Added missing comma between line number and confidence when
describing matching and mismatching bugs for tests (#3187)
+ Fixed method matchers with array types (#3203)
+ Fix SARIF report's message property in Exception to meet the
standard (#3197)
+ Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called
finalize() but not with the correct signature. (#3207)
+ Fixed an error in the detection of bridge methods causing
analysis crashes (#3208)
+ Fixed detector ThrowingExceptions by removing false positive
reports, such as synthetic methods (lambdas), methods which
inherited their exception specifications and methods which
call throwing methods (#2040)
+ Do not report DP_DO_INSIDE_DO_PRIVILEGED,
DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and
USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in
code targeting Java 17 and above, since it advises the usage
of deprecated method (#1515).
+ Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive
for a builder delegating to another builder (#3235)
* Cleanup
+ Cleanup thread issue and regex issue in test-harness (#3130)
+ Remove extra blank lines and remove public from interface
objects as inherently already public (#3131)
+ Fix order of modifiers on properties/methods and ensure
correct location in file (#3132, #3177)
+ Return objects directly instead of creating more garbage
collection by defining them (#3133, #3175)
+ Restrict the constructor of abstract classes visibility to
protected (#3178)
+ Cleanup double initialization and fix comments referring to
findbugs instead of spotbugs(#3134)
+ Use diamond operator in constructor calls of Collections
(#3176)
+ Use Collection.isEmpty() or String.isEmpty() to test for
emptiness (#3180, #3219)
+ Use method references instead of lambdas where possible
(#3179)
+ Move default clauses to the end of switches (#3222)
+ Remove unnecessary throws declarations (#3220)
+ Use Boolean.parseBoolean() for string-to-boolean conversion.
(#3217)
+ Rename shadowing fields (#3221)
+ Combine catch blocks with the same body (#3223)
+ Merge conditions of nested ifs (#3231)
+ Use non deprecated 'getDottedClassName' instead of
'toDottedClassName'(#3251)
+ Use try with resources where possible (#3253)
* Changed
+ Bump up Java version to 11
OBS-URL: https://build.opensuse.org/request/show/1238225
OBS-URL: https://build.opensuse.org/package/show/Java:packages/spotbugs?expand=0&rev=6
2025-01-16 11:29:12 +00:00
|
|
|
<version>12.5</version>
|
2024-06-03 05:36:48 +00:00
|
|
|
<scope>runtime</scope>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>org.apache.logging.log4j</groupId>
|
|
|
|
|
<artifactId>log4j-core</artifactId>
|
Accepting request 1238225 from home:urbic:branches:Java:packages
- Update to v4.9.0
* Added
+ Updated the SuppressFBWarnings annotation to support finer
grained bug suppressions (#3102)
+ SimpleDateFormat, DateTimeFormatter, FastDateFormat string
check for bad combinations of flag formatting (#637)
+ New detector ResourceInMultipleThreadsDetector and introduced
new bug type:
~ AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of
unsafe resource access in multiple threads.
* Fixed
+ Do not consider Records as Singletons (#2981)
+ Keep a maximum of 10000 cached analysis entries for plugin's
analysis engines (#3025)
+ Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when
calling own methods (#2957)
+ Check the actual caught exceptions (instead of their common
type) when analyzing multi-catch blocks (#2968)
+ System property findbugs.refcomp.reportAll is now being used.
For some new conditions, it will emit an experimental warning
(#2988)
+ -version flag prints the version to the standard output
(#2797)
+ Revert the changes from (#2894) to get HTML stylesheets to
work again (#2969)
+ Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the
synchronization is in a called method (#3045)
+ Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by
Spring AOT (#3059)
+ Detect failure to close RocksDB's ReadOptions (#3069)
+ Fix FP EI_EXPOSE_REP when there are multiple immutable
assignments (#3023)
+ Fixed false positive
NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin,
handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
+ Fixed some CWE mappings (#3124)
+ Recognize some classes as immutable, fixing EI_EXPOSE and
MS_EXPOSE FPs (#3137)
+ Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for
fields initialized in method annotated with TestNG's
@BeforeClass. (#3152)
+ Fixed detector FindReturnRef not finding references exposed
from nested and inner classes (#2042)
+ Fix call graph, include non-parametric void methods (#3160)
+ Fix multiple reporting of identical bugs messing up
statistics (#3185)
+ Added missing comma between line number and confidence when
describing matching and mismatching bugs for tests (#3187)
+ Fixed method matchers with array types (#3203)
+ Fix SARIF report's message property in Exception to meet the
standard (#3197)
+ Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called
finalize() but not with the correct signature. (#3207)
+ Fixed an error in the detection of bridge methods causing
analysis crashes (#3208)
+ Fixed detector ThrowingExceptions by removing false positive
reports, such as synthetic methods (lambdas), methods which
inherited their exception specifications and methods which
call throwing methods (#2040)
+ Do not report DP_DO_INSIDE_DO_PRIVILEGED,
DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and
USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in
code targeting Java 17 and above, since it advises the usage
of deprecated method (#1515).
+ Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive
for a builder delegating to another builder (#3235)
* Cleanup
+ Cleanup thread issue and regex issue in test-harness (#3130)
+ Remove extra blank lines and remove public from interface
objects as inherently already public (#3131)
+ Fix order of modifiers on properties/methods and ensure
correct location in file (#3132, #3177)
+ Return objects directly instead of creating more garbage
collection by defining them (#3133, #3175)
+ Restrict the constructor of abstract classes visibility to
protected (#3178)
+ Cleanup double initialization and fix comments referring to
findbugs instead of spotbugs(#3134)
+ Use diamond operator in constructor calls of Collections
(#3176)
+ Use Collection.isEmpty() or String.isEmpty() to test for
emptiness (#3180, #3219)
+ Use method references instead of lambdas where possible
(#3179)
+ Move default clauses to the end of switches (#3222)
+ Remove unnecessary throws declarations (#3220)
+ Use Boolean.parseBoolean() for string-to-boolean conversion.
(#3217)
+ Rename shadowing fields (#3221)
+ Combine catch blocks with the same body (#3223)
+ Merge conditions of nested ifs (#3231)
+ Use non deprecated 'getDottedClassName' instead of
'toDottedClassName'(#3251)
+ Use try with resources where possible (#3253)
* Changed
+ Bump up Java version to 11
OBS-URL: https://build.opensuse.org/request/show/1238225
OBS-URL: https://build.opensuse.org/package/show/Java:packages/spotbugs?expand=0&rev=6
2025-01-16 11:29:12 +00:00
|
|
|
<version>2.24.3</version>
|
2024-06-03 05:36:48 +00:00
|
|
|
<scope>runtime</scope>
|
|
|
|
|
</dependency>
|
|
|
|
|
</dependencies>
|
|
|
|
|
</project>
|
