This is an automated email from the ASF dual-hosted git repository.
dongjoon pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/orc.git
The following commit(s) were added to refs/heads/main by this push:
new d085b647e ORC-1265: Upgrade spotbugs to 4.7.2
d085b647e is described below
commit d085b647eec6b4e0ffc61ee0481049507b741746
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Wed Sep 7 20:08:53 2022 -0700
ORC-1265: Upgrade spotbugs to 4.7.2
Bumps [spotbugs](https://github.com/spotbugs/spotbugs) from 4.7.1 to 4.7.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spotbugs/spotbugs/releases";>spotbugs's
releases</a>.</em></p>
<blockquote>
<h2>SpotBugs 4.7.2</h2>
<h2>CHANGELOG</h2>
<h3>Fixed</h3>
<ul>
<li>Bumped gson from 2.9.0 to 2.9.1 (<a
href="https://github-redirect.dependabot.com/spotbugs/spotbugs/pull/2136";>#2136</a>)</li>
<li>Bump up SLF4J API to <code>2.0.0</code></li>
<li>Bump up logback to <code>1.4.0</code></li>
<li>Bump up log4j2 binding to <code>2.18.0</code></li>
<li>Bump up Saxon-HE to <code>11.4</code> (<a
href="https://github-redirect.dependabot.com/spotbugs/spotbugs/pull/2160";>#2160</a>)</li>
<li>Fixed InvalidInputException in Eclipse while bug reporting (<a
href="https://github-redirect.dependabot.com/spotbugs/spotbugs/issues/2134";>#2134</a>)
<a href="https://github.com/iloveeclipse";><code>iloveeclipse</code></a></li>
<li>Bug <code>SA_FIELD_SELF_ASSIGNMENT</code> is now reported from nested
classes as well (<a
href="https://github-redirect.dependabot.com/spotbugs/spotbugs/issues/2142";>#2142</a>)
<a
href="https://github.com/baloghadamsoftware";><code>baloghadamsoftware</code></a></li>
<li>Avoid warning on use of security manager on Java 17 and newer. (<a
href="https://github-redirect.dependabot.com/spotbugs/spotbugs/issues/1579";>#1579</a>)
<a href="https://github.com/raphw";><code>raphw</code></a></li>
<li>Fixed false positives <code>EI_EXPOSE_REP</code> thrown in case of
fields initialized by the <code>of</code> or <code>copyOf</code> method of a
<code>List</code>, <code>Map</code> or <code>Set</code> (<a
href="https://github-redirect.dependabot.com/spotbugs/spotbugs/issues/1771";>#1771</a>)
<a
href="https://github.com/baloghadamsoftware";><code>baloghadamsoftware</code></a></li>
<li>Fixed CFGBuilderException thrown when <code>dup_x2</code> is used to
swap the reference and wide-value (double, long) in the stack (<a
href="https://github-redirect.dependabot.com/spotbugs/spotbugs/pull/2146";>#2146</a>)
<a href="https://github.com/KengoTODA";><code>KengoTODA</code></a></li>
</ul>
<h2>CHECKSUM</h2>
<table>
<thead>
<tr>
<th>file</th>
<th>checksum (sha256)</th>
</tr>
</thead>
<tbody>
<tr>
<td>spotbugs-4.7.2-javadoc.jar</td>
<td>a40e94961c8b99e020aacfa7012cce4e818eac6fb8effa678e20177814113248</td>
</tr>
<tr>
<td>spotbugs-4.7.2-sources.jar</td>
<td>fca5bab29e0373944cbb07e3329ce1c0c18133885f558fb25e3bc2ebba6a7018</td>
</tr>
<tr>
<td>spotbugs-4.7.2.tgz</td>
<td>f02a023d03b0fde70038ccb4bc8d4a964a504262d13024a97b14d9070f7d4d96</td>
</tr>
<tr>
<td>spotbugs-4.7.2.zip</td>
<td>3974d90eb70aad26bb647e0bbaae810c7cf927587e28ce939c2b6531414afe7d</td>
</tr>
<tr>
<td>spotbugs-annotations-4.7.2-javadoc.jar</td>
<td>b8e9f92e17a62766f86b82442a07b0f57ff4f919796e944a6e2a5bacc76e4399</td>
</tr>
<tr>
<td>spotbugs-annotations-4.7.2-sources.jar</td>
<td>b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad</td>
</tr>
<tr>
<td>spotbugs-annotations.jar</td>
<td>e2b4c654b2d7897490cf1f22a009ac677be4c92bfc493a0dedb5706f5e489839</td>
</tr>
<tr>
<td>spotbugs-ant-4.7.2-javadoc.jar</td>
<td>632af1c4043b35eab37318eed7ab301655553a124248b4467fb30cbd0f2f24de</td>
</tr>
<tr>
<td>spotbugs-ant-4.7.2-sources.jar</td>
<td>ce7cfbed848ccb0e3765cec6b9c60c458699aa51f60ad9216cf89dbf38d8d793</td>
</tr>
<tr>
<td>spotbugs-ant.jar</td>
<td>b866a2a89a03b49e60b5f27e0f5987eb8c12c2d2aefc6e9ddcbcdae345c765db</td>
</tr>
<tr>
<td>spotbugs.jar</td>
<td>df5205f4d87ed53ff5b847c6aedc55d605966c0f8f9820d9c6be5ba517b09bcd</td>
</tr>
<tr>
<td>test-harness-4.7.2-javadoc.jar</td>
<td>1486f4f4be29dc24a19ad95b809b42d08f34ec9c68abfd43c5fe44d6087d8845</td>
</tr>
<tr>
<td>test-harness-4.7.2-sources.jar</td>
<td>7efb06093ea5f6f330a7bd76b894f396d6cb466665fcefc01a3743b07910dc29</td>
</tr>
<tr>
<td>test-harness-4.7.2.jar</td>
<td>50b4a72c668ea7d29bf1234b4aa380df903374216f68b0a87f7ca28d4fa225f3</td>
</tr>
<tr>
<td>test-harness-core-4.7.2-javadoc.jar</td>
<td>f10c5bbe98b2666ea775cc5c0a9a94e99b116706d75254d079741ff410dbdd33</td>
</tr>
<tr>
<td>test-harness-core-4.7.2-sources.jar</td>
<td>f8aab3c5cdd456d6b6d632e9fc65897e657447a2e925b6b3f61bd2d15c22cb24</td>
</tr>
<tr>
<td>test-harness-core-4.7.2.jar</td>
<td>7165f7f45a6e82e8a6d6a0a4033b6473b310c14f645cb62ebc2fbc6ce5338350</td>
</tr>
<tr>
<td>test-harness-jupiter-4.7.2-javadoc.jar</td>
<td>1bdd8c97fbef6009945e30821ba26f722d1d037c33d780f75d922e30c900ef04</td>
</tr>
<tr>
<td>test-harness-jupiter-4.7.2-sources.jar</td>
<td>210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315</td>
</tr>
<tr>
<td>test-harness-jupiter-4.7.2.jar</td>
<td>18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4</td>
</tr>
</tbody>
</table>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md";>spotbugs's
changelog</a>.</em></p>
<blockquote>
<h2>4.7.2 - 2022-09-02</h2>
<h3>Fixed</h3>
<ul>
<li>Bumped gson from 2.9.0 to 2.9.1 (<a
href="https://github-redirect.dependabot.com/spotbugs/spotbugs/pull/2136";>#2136</a>)</li>
<li>Bump up SLF4J API to <code>2.0.0</code></li>
<li>Bump up logback to <code>1.4.0</code></li>
<li>Bump up log4j2 binding to <code>2.18.0</code></li>
<li>Bump up Saxon-HE to <code>11.4</code> (<a
href="https://github-redirect.dependabot.com/spotbugs/spotbugs/pull/2160";>#2160</a>)</li>
<li>Fixed InvalidInputException in Eclipse while bug reporting (<a
href="https://github-redirect.dependabot.com/spotbugs/spotbugs/issues/2134";>#2134</a>)</li>
<li>Bug <code>SA_FIELD_SELF_ASSIGNMENT</code> is now reported from nested
classes as well (<a
href="https://github-redirect.dependabot.com/spotbugs/spotbugs/issues/2142";>#2142</a>)</li>
<li>Avoid warning on use of security manager on Java 17 and newer. (<a
href="https://github-redirect.dependabot.com/spotbugs/spotbugs/issues/1579";>#1579</a>)</li>
<li>Fixed false positives <code>EI_EXPOSE_REP</code> thrown in case of
fields initialized by the <code>of</code> or <code>copyOf</code> method of a
<code>List</code>, <code>Map</code> or <code>Set</code> (<a
href="https://github-redirect.dependabot.com/spotbugs/spotbugs/issues/1771";>#1771</a>)</li>
<li>Fixed CFGBuilderException thrown when <code>dup_x2</code> is used to
swap the reference and wide-value (double, long) in the stack (<a
href="https://github-redirect.dependabot.com/spotbugs/spotbugs/pull/2146";>#2146</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spotbugs/spotbugs/commit/1f42a5bb7c69436d2784cea1647e1576a4843ac0";><code>1f42a5b</code></a>
release v4.7.1</li>
<li><a
href="https://github.com/spotbugs/spotbugs/commit/9147e58a7bd7ee2c45a66180cdbbd2ac0ba5d39a";><code>9147e58</code></a>
docs: update CHANGELOG for Saxon-HE</li>
<li><a
href="https://github.com/spotbugs/spotbugs/commit/7c835b6f5e6345e3d4c0753c53a28071ce0ecce6";><code>7c835b6</code></a>
Report bug <code>SA_FIELD_SELF_ASSIGNMENT</code> in nested classes as well (<a
href="https://github-redirect.dependabot.com/spotbugs/spotbugs/issues/2161";>#2161</a>)</li>
<li><a
href="https://github.com/spotbugs/spotbugs/commit/4c0c1b9bded230ceeb2f2eb2bd22b26be8f6cf9f";><code>4c0c1b9</code></a>
Do not disable the security manager on Java 17 VMs and newer as it is
depreca...</li>
<li><a
href="https://github.com/spotbugs/spotbugs/commit/e1ebefc3b1e13fae22ee6df6ef1c1dad9a61e38c";><code>e1ebefc</code></a>
build(deps): bump com.gradle.enterprise from 3.10.2 to 3.11.1</li>
<li><a
href="https://github.com/spotbugs/spotbugs/commit/4c9b635d8de26e691add3f291f980ad21cf5abd1";><code>4c9b635</code></a>
Fix for false positives <code>EI_EXPOSE_REP</code> in case of unmodifiable
collections (...</li>
<li><a
href="https://github.com/spotbugs/spotbugs/commit/06a1eeb5739e655e863f0998c2bcce6a51ccce94";><code>06a1eeb</code></a>
build(deps): bump Saxon-HE from 11.3 to 11.4</li>
<li><a
href="https://github.com/spotbugs/spotbugs/commit/2e9d29c649befbce20b58a51cd8515e1f1e25165";><code>2e9d29c</code></a>
chore: add a comment to describe why we check <code>depth == 1</code></li>
<li><a
href="https://github.com/spotbugs/spotbugs/commit/a3636519c2a586d931fa562f0cbac705b48087f5";><code>a363651</code></a>
fix: consider the possibility of dup_x2 and dup_x1</li>
<li><a
href="https://github.com/spotbugs/spotbugs/commit/05eb8b734910257961a848aea7d058609dae734f";><code>05eb8b7</code></a>
chore: apply spotless</li>
<li>Additional commits viewable in <a
href="https://github.com/spotbugs/spotbugs/compare/4.7.1...4.7.2";>compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that
have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI
passes on it
- `dependabot cancel merge` will cancel a previously requested merge and
block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it.
You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen the PR
or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen the PR
or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the PR or
upgrade to it yourself)
</details>
Closes #1243 from
dependabot[bot]/dependabot/maven/java/com.github.spotbugs-spotbugs-4.7.2.
Authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Dongjoon Hyun <[email protected]>
---
java/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/pom.xml b/java/pom.xml
index dd43c7f20..27611ca4b 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -317,7 +317,7 @@
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs</artifactId>
- <version>4.7.1</version>
+ <version>4.7.2</version>
</dependency>
</dependencies>
<configuration>
