This is an automated email from the ASF dual-hosted git repository.
dongjoon pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/orc.git
The following commit(s) were added to refs/heads/main by this push:
new 44dd512fd ORC-2005: Upgrade `spotbugs-maven-plugin` to 4.9.6
44dd512fd is described below
commit 44dd512fda6c076b7f53e570c2bb7aabb0d33cf3
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Thu Sep 25 15:33:49 2025 -0700
ORC-2005: Upgrade `spotbugs-maven-plugin` to 4.9.6
Bumps
[com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin)
from 4.9.3.0 to 4.9.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spotbugs/spotbugs-maven-plugin/releases";>com.github.spotbugs:spotbugs-maven-plugin's
releases</a>.</em></p>
<blockquote>
<h2>Spotbugs Maven Plugin 4.9.6.0</h2>
<ul>
<li>Supports spotbugs 4.9.6</li>
<li>note: 4.9.5 had a defect with detection of jakarta in servlets that was
unexpected and quickly patched for this release.</li>
</ul>
<h2>Spotbugs Maven Plugin 4.9.5.0</h2>
<ul>
<li>Support spotbugs 4.9.5</li>
</ul>
<h2>Spotbugs Maven Plugin 4.9.4.2</h2>
<p>Consumer</p>
<ul>
<li>Add support for 'chooseVisitors'</li>
<li>Minor code cleanup</li>
<li>Still supports spotbugs 4.9.4</li>
</ul>
<p>Producer</p>
<ul>
<li>Remove add opens from jvm.config as no longer needed</li>
</ul>
<h2>Spotbugs Maven Plugin 4.9.4.1</h2>
<p>Consumer</p>
<ul>
<li>Cleanup readme to better support plugin</li>
<li>Dropped direct usage of plexus utils and commons io</li>
<li>Groovy 5 now run engine</li>
<li>Correct issue since 4.9.2.0 resulting in most runs getting
spotbugs.html file incorrectly. This has been refactored to restore doxia 1
overrides to produce xml report only when not running in site lifecycle</li>
<li>Correct defects with handling of various files on disk such as
exclusion filters that were introduced into 4.9.4.0. Integration tests have
been applied to prevent future regression.</li>
<li>Commons io fileutils replaced by files.walk with detailed output moved
to debug collection only rather than all runs</li>
<li>Normalization of path to linux style</li>
<li>Any regex usage is now precompiled</li>
<li>Use re-entrant lock for source indexer</li>
<li>Correct locale usage to use default if not given</li>
<li>Block doctype and XXE when processing xml files</li>
<li>Cleanup some fields from resources and in code never used</li>
</ul>
<p>Producer</p>
<ul>
<li>Pin versions of github actions tools</li>
<li>Run maven 3.6.3 integration test on windows to get more broad
support</li>
<li>Run maven integration test on mac to get more broad support</li>
<li>Maven 4 integration tests will continue on linux</li>
<li>Fix maven wrapper perceived path traversal issue</li>
<li>Corrections to invoker to re-establish integration test
verification's</li>
<li>Fix bugs in integration tests</li>
<li>Better secure xml usage in integration tests</li>
<li>Cleanup integration test warnings</li>
<li>Make sure transfer of artifacts is correctly disabled on integration
tests</li>
</ul>
<h2>Spotbugs Maven Plugin 4.9.4.0</h2>
<p>Release is large but mainly rewriting of underlying code. This supports
spotbugs 4.9.4, additional details below.</p>
<p>Consumer</p>
<ul>
<li>Supporting spotbugs 4.9.4</li>
<li>Updated all underlying dependencies</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/9e8ce9daca2100ecb65dd5bbc0a95d0bc02754d8";><code>9e8ce9d</code></a>
[maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.6.0</li>
<li><a
href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/96d53475ce8148e235920530175b9e59d63f1146";><code>96d5347</code></a>
[pom] Bump spotbugs to 4.9.6</li>
<li><a
href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/3408913abe89aae213481995642b6f2b64c78d53";><code>3408913</code></a>
Merge pull request <a
href="https://redirect.github.com/spotbugs/spotbugs-maven-plugin/issues/1210";>#1210</a>
from spotbugs/renovate/spotbugs.version</li>
<li><a
href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/13c11ab32d26fd9eb2e8fe63ce19c37637982455";><code>13c11ab</code></a>
Update dependency com.github.spotbugs:spotbugs to v4.9.6</li>
<li><a
href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/560c4693a21a36ffc0634f24abd22e534c85f81e";><code>560c469</code></a>
Merge pull request <a
href="https://redirect.github.com/spotbugs/spotbugs-maven-plugin/issues/1208";>#1208</a>
from spotbugs/release/4.9.5.0</li>
<li><a
href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/7cf0beb9701aea02c3243937b8892c444e0d034b";><code>7cf0beb</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li><a
href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/9cd9b6ff6a8b9506ecdbaee4fb08fa798a58ed30";><code>9cd9b6f</code></a>
[maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.5.0</li>
<li><a
href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/3171de8452be9ef69536e51d828de6bbb292f705";><code>3171de8</code></a>
Set version for next release to 4.9.5.0 snapshot</li>
<li><a
href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/777042031fb37a089ada5419c9d5e0de1c5dd9a7";><code>7770420</code></a>
Merge pull request <a
href="https://redirect.github.com/spotbugs/spotbugs-maven-plugin/issues/1207";>#1207</a>
from spotbugs/renovate/spotbugs.version</li>
<li><a
href="https://github.com/spotbugs/spotbugs-maven-plugin/commit/03f9784769cd180f24ac22b93ed2f7b21ba2bb4d";><code>03f9784</code></a>
Update dependency com.github.spotbugs:spotbugs to v4.9.5</li>
<li>Additional commits viewable in <a
href="https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.9.3.0...spotbugs-maven-plugin-4.9.6.0";>compare
view</a></li>
</ul>
</details>
<br />
<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>
| Dependency Name | Ignore Conditions |
| --- | --- |
| com.github.spotbugs:spotbugs-maven-plugin | [< 4.8, > 4.7.3.4] |
</details>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that
have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI
passes on it
- `dependabot cancel merge` will cancel a previously requested merge and
block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it.
You can achieve the same result by closing it manually
- `dependabot show <dependency name> ignore conditions` will show all of
the ignore conditions of the specified dependency
- `dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen the PR
or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen the PR
or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the PR or
upgrade to it yourself)
</details>
Closes #2411 from
dependabot[bot]/dependabot/maven/java/com.github.spotbugs-spotbugs-maven-plugin-4.9.6.0.
Authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Dongjoon Hyun <[email protected]>
---
java/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/pom.xml b/java/pom.xml
index 87bf18147..2957b2195 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -395,7 +395,7 @@
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
- <version>4.9.3.0</version>
+ <version>4.9.6.0</version>
<configuration>
<includeFilterFile>spotbugs-include.xml</includeFilterFile>
<excludeFilterFile>spotbugs-exclude.xml</excludeFilterFile>
