java-packages/spotbugs
SHA256
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
spotbugs/spotbugs.changes

238 lines
10 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

-------------------------------------------------------------------
Thu May 1 07:46:31 UTC 2025 - Fridrich Strba <fstrba@suse.com>
- Explicitely state all relevant build requires
-------------------------------------------------------------------
Thu Mar 27 21:37:22 UTC 2025 - Fridrich Strba <fstrba@suse.com>
- Fix javadoc generation with javadoc:aggregate
-------------------------------------------------------------------
Sat Mar 15 21:48:59 UTC 2025 - Anton Shvetz <shvetz.anton@gmail.com>
- Update to v4.9.3
* Added
+ Introduced UselessSuppressionDetector to report the useless
annotations instead of NoteSuppressedWarnings (#3348)
* Fixed
+ Do not report US_USELESS_SUPPRESSION_ON_METHOD on synthetic
methods (#3351)
-------------------------------------------------------------------
Sat Mar 1 22:14:16 UTC 2025 - Anton Shvetz <shvetz.anton@gmail.com>
- Update to v4.9.2
* Added
+ Reporting useless @SuppressFBWarnings annotations (#641)
* Fixed
+ Fixed html bug descriptions for
AT_STALE_THREAD_WRITE_OF_PRIMITIVE and
AT_NONATOMIC_64BIT_PRIMITIVE (#3303)
+ Fixed an HSM_HIDING_METHOD false positive when ECJ generates
a synthetic method for an enum switch (#3305)
+ Fix AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD false negatives,
detector depending on method order.
+ Fix THROWS_METHOD_THROWS_CLAUSE_THROWABLE reported in a
method calling MethodHandle.invokeExact due to its
polymorphic signature (#3309)
+ Fix AT_STALE_THREAD_WRITE_OF_PRIMITIVE false positive in
inner class (#3310).
+ Fix AT_STALE_THREAD_WRITE_OF_PRIMITIVE false positive for ECJ
compiled enum switches (#3316)
+ Fix RC_REF_COMPARISON false positive with Lombok With
annotation (#3319)
+ Avoid calling File.getCanonicalPath twice to improve
performance (#3325)
+ Fix MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR and
MC_OVERRIDABLE_METHOD_CALL_IN_CLONE false positive when the
overridable method is outside the class (#3328).
+ Fix NullPointerException thrown from ThrowingExceptions
detector (#3337).
* Removed
+ Removed the TLW_TWO_LOCK_NOTIFY, LI_LAZY_INIT_INSTANCE,
BRSA_BAD_RESULTSET_ACCESS, BC_NULL_INSTANCEOF,
NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR and
RCN_REDUNDANT_CHECKED_NULL_COMPARISON deprecated bug
patterns.
-------------------------------------------------------------------
Mon Feb 10 01:42:47 UTC 2025 - Anton Shvetz <shvetz.anton@gmail.com>
- Update to v4.9.1
* Added
+ New detector SharedVariableAtomicityDetector for new bug
types AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE,
AT_NONATOMIC_64BIT_PRIMITIVE and
AT_STALE_THREAD_WRITE_OF_PRIMITIVE (See SEI CERT rules
VNA00-J, VNA02-J and VNA05-J).
+ New detector FindHiddenMethod for bug type HSM_HIDING_METHOD.
This bug is reported whenever a subclass method hides the
static method of super class. (See SEI CERT MET07-J).
* Fixed
+ Fixed the parsing of generics methods in ThrowingExceptions
(#3267)
+ Accept the 1st parameter of
java.util.concurrent.CompletableFuture's completeOnTimeout(),
getNow() and obtrudeValue() functions as nullable (#1001).
+ Fixed the analysis error when FindReturnRef was checking
instructions corresponding to a CFG branch that was optimized
away (#3266)
+ Added execute file permission to files in the distribution
archive (#3274)
+ Fixed a stack overflow in MultipleInstantiationsOfSingletons
when a singleton initializer makes recursive calls (#3280)
+ Fixed NPE in FindReturnRef on inner class fields (#3283)
+ Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive
when add edu.umd.cs.findbugs.annotations.Nullable (#3243)
-------------------------------------------------------------------
Thu Jan 16 19:07:52 UTC 2025 - Anton Shvetz <shvetz.anton@gmail.com>
- Specify build and runtime dependencies on
mvn(net.sf.saxon:Saxon-HE) < 11 to avoid ambiguity with newer
versions of Saxon.
-------------------------------------------------------------------
Thu Jan 16 10:36:16 UTC 2025 - Anton Shvetz <shvetz.anton@gmail.com>
- Update to v4.9.0
* Added
+ Updated the SuppressFBWarnings annotation to support finer
grained bug suppressions (#3102)
+ SimpleDateFormat, DateTimeFormatter, FastDateFormat string
check for bad combinations of flag formatting (#637)
+ New detector ResourceInMultipleThreadsDetector and introduced
new bug type:
~ AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of
unsafe resource access in multiple threads.
* Fixed
+ Do not consider Records as Singletons (#2981)
+ Keep a maximum of 10000 cached analysis entries for plugin's
analysis engines (#3025)
+ Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when
calling own methods (#2957)
+ Check the actual caught exceptions (instead of their common
type) when analyzing multi-catch blocks (#2968)
+ System property findbugs.refcomp.reportAll is now being used.
For some new conditions, it will emit an experimental warning
(#2988)
+ -version flag prints the version to the standard output
(#2797)
+ Revert the changes from (#2894) to get HTML stylesheets to
work again (#2969)
+ Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the
synchronization is in a called method (#3045)
+ Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by
Spring AOT (#3059)
+ Detect failure to close RocksDB's ReadOptions (#3069)
+ Fix FP EI_EXPOSE_REP when there are multiple immutable
assignments (#3023)
+ Fixed false positive
NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin,
handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
+ Fixed some CWE mappings (#3124)
+ Recognize some classes as immutable, fixing EI_EXPOSE and
MS_EXPOSE FPs (#3137)
+ Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for
fields initialized in method annotated with TestNG's
@BeforeClass. (#3152)
+ Fixed detector FindReturnRef not finding references exposed
from nested and inner classes (#2042)
+ Fix call graph, include non-parametric void methods (#3160)
+ Fix multiple reporting of identical bugs messing up
statistics (#3185)
+ Added missing comma between line number and confidence when
describing matching and mismatching bugs for tests (#3187)
+ Fixed method matchers with array types (#3203)
+ Fix SARIF report's message property in Exception to meet the
standard (#3197)
+ Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called
finalize() but not with the correct signature. (#3207)
+ Fixed an error in the detection of bridge methods causing
analysis crashes (#3208)
+ Fixed detector ThrowingExceptions by removing false positive
reports, such as synthetic methods (lambdas), methods which
inherited their exception specifications and methods which
call throwing methods (#2040)
+ Do not report DP_DO_INSIDE_DO_PRIVILEGED,
DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and
USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in
code targeting Java 17 and above, since it advises the usage
of deprecated method (#1515).
+ Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive
for a builder delegating to another builder (#3235)
* Cleanup
+ Cleanup thread issue and regex issue in test-harness (#3130)
+ Remove extra blank lines and remove public from interface
objects as inherently already public (#3131)
+ Fix order of modifiers on properties/methods and ensure
correct location in file (#3132, #3177)
+ Return objects directly instead of creating more garbage
collection by defining them (#3133, #3175)
+ Restrict the constructor of abstract classes visibility to
protected (#3178)
+ Cleanup double initialization and fix comments referring to
findbugs instead of spotbugs(#3134)
+ Use diamond operator in constructor calls of Collections
(#3176)
+ Use Collection.isEmpty() or String.isEmpty() to test for
emptiness (#3180, #3219)
+ Use method references instead of lambdas where possible
(#3179)
+ Move default clauses to the end of switches (#3222)
+ Remove unnecessary throws declarations (#3220)
+ Use Boolean.parseBoolean() for string-to-boolean conversion.
(#3217)
+ Rename shadowing fields (#3221)
+ Combine catch blocks with the same body (#3223)
+ Merge conditions of nested ifs (#3231)
+ Use non deprecated 'getDottedClassName' instead of
'toDottedClassName'(#3251)
+ Use try with resources where possible (#3253)
* Changed
+ Bump up Java version to 11
-------------------------------------------------------------------
Fri Oct 25 21:39:05 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Build against saxon10 which is the default saxon in Tumbleweed
and exists in Leap 15.x. It also works just fine without sucking
in new dependencies including circular dependency between saxon
and xmlresolver.
-------------------------------------------------------------------
Mon Oct 14 05:00:57 UTC 2024 - Anton Shvetz <shvetz.anton@gmail.com>
- Add runtime dependencies on
mvn(org.apache.logging.log4j:log4j-{api,core,slf4j-impl}) and
mvn(net.sf.saxon:Saxon-HE:12)
-------------------------------------------------------------------
Thu Sep 26 08:34:21 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Runtime dependencies are auto-generated
-------------------------------------------------------------------
Wed Jul 3 12:22:53 UTC 2024 - Anton Shvetz <shvetz.anton@gmail.com>
- Update to v4.8.6
* Fixed
+ Do not report BC_UNCONFIRMED_CAST for Java 21's type switches
when the switch instruction is TABLESWITCH (#2782)
+ Do not throw exception when inspecting empty switch
statements (#2995)
+ Adjust priority since relaxed mode reports even
IGNORED_PRIORITY (#2994)
+ Fix duplicated log4j2 jar in distribution (#3001)
-------------------------------------------------------------------
Thu May 30 17:25:50 UTC 2024 - Anton Shvetz <shvetz.anton@gmail.com>
- Initial packaging with v4.8.5
- Add patch:
* 00-dont-use-manifest-classpath.patch
+ Construct classpath from all the items in the
$SPOTBUGS_HOME/lib directory instead of relying on manifests
classpath.
Reference in New Issue View Git Blame Copy Permalink