renovate-bot opened a new pull request, #6598: URL: https://github.com/apache/jmeter/pull/6598
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [spotbugs](https://spotbugs.github.io/) ([source](https://redirect.github.com/spotbugs/spotbugs)) | `4.8.3` -> `4.9.8` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>spotbugs/spotbugs (spotbugs)</summary> ### [`v4.9.8`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#498---2025-10-18) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.9.7...4.9.8) ##### Fixed - Maven plugin reporting issue if -adjustPriority is not set ([#​3774](https://redirect.github.com/spotbugs/spotbugs/issues/3774)) ### [`v4.9.7`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#497---2025-10-14) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.9.6...4.9.7) ##### Fixed - Fix Eclipse not always using latest preferences file state ([#​3740](https://redirect.github.com/spotbugs/spotbugs/issues/3740)) - Fix exception throw when singleton implementing Cloneable has no clone() method ([#​3727](https://redirect.github.com/spotbugs/spotbugs/issues/3727)) - Fix for missing -adjustPriority parameter in Eclipse preferences ([#​3687](https://redirect.github.com/spotbugs/spotbugs/issues/3687)) - Documentation of -adjustPriority parameter - Functionality from DetectorFactory setEnabledButNonReporting(), getPriorityAdjustment() methods and BugInstance.adjustForDetector() is deprecated and moved to PriorityAdjuster ([#​3753](https://redirect.github.com/spotbugs/spotbugs/issues/3753)) - Improved `FindNakedNotify` to handle the case when the lock is loaded from a field ([#​3634](https://redirect.github.com/spotbugs/spotbugs/issues/3634)) ##### Changed - Support for fully qualified class names for detectors in -adjustPriority parameter - Support for numerical and absolute priority adjustments - Bump up Apache Commons BCEL to the version 6.11.0 ([#​3569](https://redirect.github.com/spotbugs/spotbugs/issues/3569)) ##### Deprecated - Add back and deprecate `edu.umd.cs.findbugs.io.IO.close(InputStream)` method. ([#​3756](https://redirect.github.com/spotbugs/spotbugs/pull/3756)) ##### Build - Allow our GA builds to work with JDK 25 (and drop support for JDK 24) ([#​3564](https://redirect.github.com/spotbugs/spotbugs/pull/3564)) ### [`v4.9.6`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#496---2025-09-16) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.9.5...4.9.6) ##### Fixed - Fix exception throw when analyzing `jakarta.servlet.http.HttpServletRequest` method calls ([#​3711](https://redirect.github.com/spotbugs/spotbugs/issues/3711)) ### [`v4.9.5`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#495---2025-09-14) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.9.4...4.9.5) ##### Fixed - Fix for an error when a record method has the `@SuppressFBWarnings` annotation ([#​3622](https://redirect.github.com/spotbugs/spotbugs/pull/3622)) - Fix `SF_SWITCH_FALLTHROUGH` false positive when continuing a loop ([#​3617](https://redirect.github.com/spotbugs/spotbugs/issues/3617)) - `CWO_CLOSED_WITHOUT_OPENED` false positive ([#​3616](https://redirect.github.com/spotbugs/spotbugs/issues/3616)) - `SF_SWITCH_NO_DEFAULT` false positive fix for switch-arrow ([#​3645](https://redirect.github.com/spotbugs/spotbugs/issues/3645)) - Fix the issue with BCEL logging `Duplicating value: ...` ([#​3621](https://redirect.github.com/spotbugs/spotbugs/issues/3621)) - Add missing jakarta support for servlets / pre/post destroy ([#​3694](https://redirect.github.com/spotbugs/spotbugs/pull/3694)) ##### Added - Add 'java.nio.file.Path.of' to known types for path traversal checks ([#​3699](https://redirect.github.com/spotbugs/spotbugs/pull/3699)) ##### Cleanup - S1481: Unused local variables should be removed ([#​3654](https://redirect.github.com/spotbugs/spotbugs/pull/3654)) - Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotation ([#​3695](https://redirect.github.com/spotbugs/spotbugs/pull/3695)) ### [`v4.9.4`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#494---2025-08-07) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.9.3...4.9.4) ##### Changed - `AnnotationMatcher` can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered. - Add relevant CWE ids to bugs and refer the CWEs in the bug messages ([#​3354](https://redirect.github.com/spotbugs/spotbugs/pull/3354)). - Replace `LOCAL_VARIABLE_UNKNOWN` with exact method name for `NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE` ([#​3485](https://redirect.github.com/spotbugs/spotbugs/pull/3485)) ##### Fixed - Widen main method recognition according to [JEP 445](https://openjdk.org/jeps/445). ([#​3371](https://redirect.github.com/spotbugs/spotbugs/pull/3371)) - Do not report `US_USELESS_SUPPRESSION_ON_*` on methods, fields, parameters, packages or classes with an `*.Generated` annotation with retention >= class ([#​3350](https://redirect.github.com/spotbugs/spotbugs/issues/3350))([#​3409](https://redirect.github.com/spotbugs/spotbugs/pull/3409)) - Rewrite some member in `ResourceValueFrame.java` to Enum ([#​2061](https://redirect.github.com/spotbugs/spotbugs/issues/2061)) - Ignore non-interpreted text when looking for `FS_BAD_DATE_FORMAT_FLAG_COMBO` ([#​3387](https://redirect.github.com/spotbugs/spotbugs/issues/3387)) - Fix IllegalArgumentException thrown from `FindNoSideEffectMethods` detector ([#​3320](https://redirect.github.com/spotbugs/spotbugs/issues/3320)) - Do not report `RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT` when part of a Mockito `doAnswer()`, `doCallRealMethod()`, `doNothing()`, `doThrow()` or `doReturn()` call ([#​3334](https://redirect.github.com/spotbugs/spotbugs/issues/3334)) - Fix `CT_CONSTRUCTOR_THROW` false positive with public and private constructors in specific order of methods ([#​3417](https://redirect.github.com/spotbugs/spotbugs/issues/3417)) - Fix `AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE`, `AT_NONATOMIC_64BIT_PRIMITIVE` and `AT_STALE_THREAD_WRITE_OF_PRIMITIVE` FP when the relevant code is in private method, which is only called with proper synchronization ([#​3428](https://redirect.github.com/spotbugs/spotbugs/issues/3428)) - Do not report `RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT` when part of a BDDMockito call ([#​3441](https://redirect.github.com/spotbugs/spotbugs/issues/3441)) - Fix `AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE` when field of a local variable is set. ([#​3459](https://redirect.github.com/spotbugs/spotbugs/pull/3459)) - Fix `AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE` FP when there was no compound operation ([#​3363](https://redirect.github.com/spotbugs/spotbugs/issues/3363)) - Fix `NM_FIELD_NAMING_CONVENTION` crash in the TestASM detector ([#​3489](https://redirect.github.com/spotbugs/spotbugs/pull/3489)) - Do not report `UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR` for fields initialized in JUnit 3/4 `setUp()` method. ([#​3169](https://redirect.github.com/spotbugs/spotbugs/issues/3169)) - Fix `US_USELESS_SUPPRESSION_ON_FIELD`/`UUF_UNUSED_FIELD` false positive ([#​3496](https://redirect.github.com/spotbugs/spotbugs/pull/3496)) - Make the osgi manifest of the annotations jar Java 8 compatible ([#​3498](https://redirect.github.com/spotbugs/spotbugs/pull/3498)) ([#​3500](https://redirect.github.com/spotbugs/spotbugs/pull/3500)) - `TextUICommandLine` supports all options encoded in Eclipse preferences file ([#​3520](https://redirect.github.com/spotbugs/spotbugs/issues/3520)) - Unnecessary suppressions fix for records headers ([#​3471](https://redirect.github.com/spotbugs/spotbugs/issues/3471)) - Dead store fix when switch case contains loops ([#​3530](https://redirect.github.com/spotbugs/spotbugs/issues/3530)) ([#​3449](https://redirect.github.com/spotbugs/spotbugs/issues/3449)) - Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects ([#​3463](https://redirect.github.com/spotbugs/spotbugs/issues/3463)) - Detect cases when equals() unconditionally returns true or false ([#​3528](https://redirect.github.com/spotbugs/spotbugs/issues/3528)) - Do not report that an Iterator does not throw `NoSuchElementException` when `hasNext()` returns true ([#​3501](https://redirect.github.com/spotbugs/spotbugs/issues/3501)) - Detect random value cast to int when stored in temporary variable ([#​3461](https://redirect.github.com/spotbugs/spotbugs/issues/3461)) - Look for interfaces default methods when searching uncalled private methods ([#​1988](https://redirect.github.com/spotbugs/spotbugs/issues/1988)) - Fixed field self assignment false positive ([#​2258](https://redirect.github.com/spotbugs/spotbugs/issues/2258)) - Fixed `DMI_INVOKING_TOSTRING_ON_ARRAY` on newer JDK ([#​1147](https://redirect.github.com/spotbugs/spotbugs/issues/1147)) - Fix `NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE` false positive with `Objects.requireNonNull` ([#​2965](https://redirect.github.com/spotbugs/spotbugs/issues/2965)) ([#​3573](https://redirect.github.com/spotbugs/spotbugs/issues/3573)) - Track inner classes access methods to correctly report the bugs ([#​2029](https://redirect.github.com/spotbugs/spotbugs/issues/2029)) - `SF_SWITCH_NO_DEFAULT` false positive fix ([#​1148](https://redirect.github.com/spotbugs/spotbugs/issues/1148)) ([#​3572](https://redirect.github.com/spotbugs/spotbugs/issues/3572)) ##### Added - Added the unnecessary annotation to the `US_USELESS_SUPPRESSION_ON_*` messages ([#​3395](https://redirect.github.com/spotbugs/spotbugs/issues/3395)) - Multi-threaded code checks can be skipped with `@NotThreadSafe` ([#​3390](https://redirect.github.com/spotbugs/spotbugs/issues/3390)) - New bug type `CWO_CLOSED_WITHOUT_OPENED` for locks that might be released without even being acquired. (See [SEI CERT rule LCK08-J](https://wiki.sei.cmu.edu/confluence/display/java/LCK08-J.+Ensure+actively+held+locks+are+released+on+exceptional+conditions)) ([#​2055](https://redirect.github.com/spotbugs/spotbugs/pull/2055)) - Breaking change: changed values and new items in `ResourceValueFrame`. - Inline access method for method. ([#​3481](https://redirect.github.com/spotbugs/spotbugs/issues/3481)) - Added `DMI_MISLEADING_SUBSTRING` for calling `subString(0)` on a StringBuffer/StringBuilder ([#​1928](https://redirect.github.com/spotbugs/spotbugs/issues/1928)) ##### Signing - Signing for Eclipse plugin has been removed at the current time due to signing keys being expired. The expired key produced a warning during install, the same is true without signing. ### [`v4.9.3`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#493---2025-03-14) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.9.2...4.9.3) ##### Added - Introduced `UselessSuppressionDetector` to report the useless annotations instead of `NoteSuppressedWarnings` ([#​3348](https://redirect.github.com/spotbugs/spotbugs/issues/3348)) ##### Fixed - Do not report `US_USELESS_SUPPRESSION_ON_METHOD` on synthetic methods ([#​3351](https://redirect.github.com/spotbugs/spotbugs/issues/3351)) ### [`v4.9.2`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#492---2025-03-01) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.9.1...4.9.2) ##### Added - Reporting useless `@SuppressFBWarnings` annotations ([#​641](https://redirect.github.com/spotbugs/spotbugs/issues/641)) ##### Fixed - Fixed html bug descriptions for AT\_STALE\_THREAD\_WRITE\_OF\_PRIMITIVE and AT\_NONATOMIC\_64BIT\_PRIMITIVE ([#​3303](https://redirect.github.com/spotbugs/spotbugs/issues/3303)) - Fixed an `HSM_HIDING_METHOD` false positive when ECJ generates a synthetic method for an enum switch ([#​3305](https://redirect.github.com/spotbugs/spotbugs/issues/3305)) - Fix `AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD` false negatives, detector depending on method order. - Fix `THROWS_METHOD_THROWS_CLAUSE_THROWABLE` reported in a method calling `MethodHandle.invokeExact` due to its polymorphic signature ([#​3309](https://redirect.github.com/spotbugs/spotbugs/issues/3309)) - Fix `AT_STALE_THREAD_WRITE_OF_PRIMITIVE` false positive in inner class ([#​3310](https://redirect.github.com/spotbugs/spotbugs/issues/3310)). - Fix `AT_STALE_THREAD_WRITE_OF_PRIMITIVE` false positive for ECJ compiled enum switches ([#​3316](https://redirect.github.com/spotbugs/spotbugs/issues/3316)) - Fix `RC_REF_COMPARISON` false positive with Lombok With annotation ([#​3319](https://redirect.github.com/spotbugs/spotbugs/pull/3319)) - Avoid calling File.getCanonicalPath twice to improve performance ([#​3325](https://redirect.github.com/spotbugs/spotbugs/pull/3325)) - Fix `MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR` and `MC_OVERRIDABLE_METHOD_CALL_IN_CLONE` false positive when the overridable method is outside the class ([#​3328](https://redirect.github.com/spotbugs/spotbugs/issues/3328)). - Fix NullPointerException thrown from `ThrowingExceptions` detector ([#​3337](https://redirect.github.com/spotbugs/spotbugs/pull/3337)). ##### Removed - Removed the `TLW_TWO_LOCK_NOTIFY`, `LI_LAZY_INIT_INSTANCE`, `BRSA_BAD_RESULTSET_ACCESS`, `BC_NULL_INSTANCEOF`, `NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR` and `RCN_REDUNDANT_CHECKED_NULL_COMPARISON` deprecated bug patterns. ### [`v4.9.1`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#491---2025-02-02) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.9.0...4.9.1) ##### Added - New detector `SharedVariableAtomicityDetector` for new bug types `AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE`, `AT_NONATOMIC_64BIT_PRIMITIVE` and `AT_STALE_THREAD_WRITE_OF_PRIMITIVE` (See SEI CERT rules [VNA00-J](https://wiki.sei.cmu.edu/confluence/display/java/VNA00-J.+Ensure+visibility+when+accessing+shared+primitive+variables), [VNA02-J](https://wiki.sei.cmu.edu/confluence/display/java/VNA02-J.+Ensure+that+compound+operations+on+shared+variables+are+atomic) and [VNA05-J](https://wiki.sei.cmu.edu/confluence/display/java/VNA05-J.+Ensure+atomicity+when+reading+and+writing+64-bit+values)). - New detector `FindHiddenMethod` for bug type `HSM_HIDING_METHOD`. This bug is reported whenever a subclass method hides the static method of super class. (See [SEI CERT MET07-J](https://wiki.sei.cmu.edu/confluence/display/java/MET07-J.+Never+declare+a+class+method+that+hides+a+method+declared+in+a+superclass+or+superinterface)). ##### Fixed - Fixed the parsing of generics methods in `ThrowingExceptions` ([#​3267](https://redirect.github.com/spotbugs/spotbugs/issues/3267)) - Accept the 1st parameter of `java.util.concurrent.CompletableFuture`'s `completeOnTimeout()`, `getNow()` and `obtrudeValue()` functions as nullable ([#​1001](https://redirect.github.com/spotbugs/spotbugs/issues/1001)). - Fixed the analysis error when `FindReturnRef` was checking instructions corresponding to a CFG branch that was optimized away ([#​3266](https://redirect.github.com/spotbugs/spotbugs/issues/3266)) - Added execute file permission to files in the distribution archive ([#​3274](https://redirect.github.com/spotbugs/spotbugs/issues/3274)) - Fixed a stack overflow in `MultipleInstantiationsOfSingletons` when a singleton initializer makes recursive calls ([#​3280](https://redirect.github.com/spotbugs/spotbugs/issues/3280)) - Fixed NPE in `FindReturnRef` on inner class fields ([#​3283](https://redirect.github.com/spotbugs/spotbugs/issues/3283)) - Fixed NP\_NULL\_ON\_SOME\_PATH\_FROM\_RETURN\_VALUE false positive when add edu.umd.cs.findbugs.annotations.Nullable ([#​3243](https://redirect.github.com/spotbugs/spotbugs/issues/3243)) ### [`v4.9.0`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#490---2025-01-15) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.8.6...4.9.0) ##### Added - Updated the `SuppressFBWarnings` annotation to support finer grained bug suppressions ([#​3102](https://redirect.github.com/spotbugs/spotbugs/pull/3102)) - SimpleDateFormat, DateTimeFormatter, FastDateFormat string check for bad combinations of flag formatting ([#​637](https://redirect.github.com/spotbugs/spotbugs/issues/637)) - New detector `ResourceInMultipleThreadsDetector` and introduced new bug type: - `AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD` is reported in case of unsafe resource access in multiple threads. ##### Fixed - Do not consider Records as Singletons ([#​2981](https://redirect.github.com/spotbugs/spotbugs/issues/2981)) - Keep a maximum of 10000 cached analysis entries for plugin's analysis engines ([#​3025](https://redirect.github.com/spotbugs/spotbugs/pull/3025)) - Only report `MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT` when calling own methods ([#​2957](https://redirect.github.com/spotbugs/spotbugs/issues/2957)) - Check the actual caught exceptions (instead of their common type) when analyzing multi-catch blocks ([#​2968](https://redirect.github.com/spotbugs/spotbugs/issues/2968)) - System property `findbugs.refcomp.reportAll` is now being used. For some new conditions, it will emit an experimental warning ([#​2988](https://redirect.github.com/spotbugs/spotbugs/pull/2988)) - `-version` flag prints the version to the standard output ([#​2797](https://redirect.github.com/spotbugs/spotbugs/issues/2797)) - Revert the changes from ([#​2894](https://redirect.github.com/spotbugs/spotbugs/pull/2894)) to get HTML stylesheets to work again ([#​2969](https://redirect.github.com/spotbugs/spotbugs/issues/2969)) - Fix FP `SING_SINGLETON_GETTER_NOT_SYNCHRONIZED` report when the synchronization is in a called method ([#​3045](https://redirect.github.com/spotbugs/spotbugs/issues/3045)) - Let `BetterCFGBuilder2.isPEI` handle `dup2` bytecode used by Spring AOT ([#​3059](https://redirect.github.com/spotbugs/spotbugs/issues/3059)) - Detect failure to close RocksDB's ReadOptions ([#​3069](https://redirect.github.com/spotbugs/spotbugs/issues/3069)) - Fix FP `EI_EXPOSE_REP` when there are multiple immutable assignments ([#​3023](https://redirect.github.com/spotbugs/spotbugs/issues/3023)) - Fixed false positive `NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR` for Kotlin, handle Kotlin's `Intrinsics.checkNotNullParameter()` ([#​3094](https://redirect.github.com/spotbugs/spotbugs/issues/3094)) - Fixed some CWE mappings ([#​3124](https://redirect.github.com/spotbugs/spotbugs/pull/3124)) - Recognize some classes as immutable, fixing EI\_EXPOSE and MS\_EXPOSE FPs ([#​3137](https://redirect.github.com/spotbugs/spotbugs/pull/3137)) - Do not report UWF\_FIELD\_NOT\_INITIALIZED\_IN\_CONSTRUCTOR for fields initialized in method annotated with TestNG's [@​BeforeClass](https://redirect.github.com/BeforeClass). ([#​3152](https://redirect.github.com/spotbugs/spotbugs/issues/3152)) - Fixed detector `FindReturnRef` not finding references exposed from nested and inner classes ([#​2042](https://redirect.github.com/spotbugs/spotbugs/issues/2042)) - Fix call graph, include non-parametric void methods ([#​3160](https://redirect.github.com/spotbugs/spotbugs/pull/3160)) - Fix multiple reporting of identical bugs messing up statistics ([#​3185](https://redirect.github.com/spotbugs/spotbugs/issues/3185)) - Added missing comma between line number and confidence when describing matching and mismatching bugs for tests ([#​3187](https://redirect.github.com/spotbugs/spotbugs/pull/3187)) - Fixed method matchers with array types ([#​3203](https://redirect.github.com/spotbugs/spotbugs/issues/3203)) - Fix SARIF report's message property in Exception to meet the standard ([#​3197](https://redirect.github.com/spotbugs/spotbugs/issues/3197)) - Fixed `FI_FINALIZER_NULLS_FIELDS` FPs for functions called finalize() but not with the correct signature. ([#​3207](https://redirect.github.com/spotbugs/spotbugs/issues/3207)) - Fixed an error in the detection of bridge methods causing analysis crashes ([#​3208](https://redirect.github.com/spotbugs/spotbugs/issues/3208)) - Fixed detector `ThrowingExceptions` by removing false positive reports, such as synthetic methods (lambdas), methods which inherited their exception specifications and methods which call throwing methods ([#​2040](https://redirect.github.com/spotbugs/spotbugs/issues/2040)) - Do not report `DP_DO_INSIDE_DO_PRIVILEGED`, `DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED` and `USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE` in code targeting Java 17 and above, since it advises the usage of deprecated method ([#​1515](https://redirect.github.com/spotbugs/spotbugs/issues/1515)). - Fixed a `RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT` false positive for a builder delegating to another builder ([#​3235](https://redirect.github.com/spotbugs/spotbugs/issues/3235)) ##### Cleanup - Cleanup thread issue and regex issue in test-harness ([#​3130](https://redirect.github.com/spotbugs/spotbugs/issues/3130)) - Remove extra blank lines and remove public from interface objects as inherently already public ([#​3131](https://redirect.github.com/spotbugs/spotbugs/issues/3131)) - Fix order of modifiers on properties/methods and ensure correct location in file ([#​3132](https://redirect.github.com/spotbugs/spotbugs/issues/3132), [#​3177](https://redirect.github.com/spotbugs/spotbugs/pull/3177)) - Return objects directly instead of creating more garbage collection by defining them ([#​3133](https://redirect.github.com/spotbugs/spotbugs/pull/3133), [#​3175](https://redirect.github.com/spotbugs/spotbugs/pull/3175)) - Restrict the constructor of abstract classes visibility to protected ([#​3178](https://redirect.github.com/spotbugs/spotbugs/pull/3178)) - Cleanup double initialization and fix comments referring to findbugs instead of spotbugs([#​3134](https://redirect.github.com/spotbugs/spotbugs/issues/3134)) - Use diamond operator in constructor calls of Collections ([#​3176](https://redirect.github.com/spotbugs/spotbugs/pull/3176)) - Use `Collection.isEmpty()` or `String.isEmpty()` to test for emptiness ([#​3180](https://redirect.github.com/spotbugs/spotbugs/pull/3180), [#​3219](https://redirect.github.com/spotbugs/spotbugs/pull/3219)) - Use method references instead of lambdas where possible ([#​3179](https://redirect.github.com/spotbugs/spotbugs/pull/3179)) - Move default clauses to the end of switches ([#​3222](https://redirect.github.com/spotbugs/spotbugs/pull/3222)) - Remove unnecessary throws declarations ([#​3220](https://redirect.github.com/spotbugs/spotbugs/pull/3220)) - Use `Boolean.parseBoolean()` for string-to-boolean conversion. ([#​3217](https://redirect.github.com/spotbugs/spotbugs/pull/3217)) - Rename shadowing fields ([#​3221](https://redirect.github.com/spotbugs/spotbugs/pull/3221)) - Combine catch blocks with the same body ([#​3223](https://redirect.github.com/spotbugs/spotbugs/pull/3223)) - Merge conditions of nested ifs ([#​3231](https://redirect.github.com/spotbugs/spotbugs/pull/3231)) - Use non deprecated 'getDottedClassName' instead of 'toDottedClassName'([#​3251](https://redirect.github.com/spotbugs/spotbugs/pull/3251)) - Use try with resources where possible ([#​3253](https://redirect.github.com/spotbugs/spotbugs/pull/3253)) ##### Changed - Bump up Java version to 11 ### [`v4.8.6`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#486---2024-06-17) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.8.5...4.8.6) ##### Fixed - Do not report BC\_UNCONFIRMED\_CAST for Java 21's type switches when the switch instruction is TABLESWITCH ([#​2782](https://redirect.github.com/spotbugs/spotbugs/issues/2782)) - Do not throw exception when inspecting empty switch statements ([#​2995](https://redirect.github.com/spotbugs/spotbugs/issues/2995)) - Adjust priority since relaxed mode reports even `IGNORED_PRIORITY` ([#​2994](https://redirect.github.com/spotbugs/spotbugs/issues/2994)) - Fix duplicated log4j2 jar in distribution ([#​3001](https://redirect.github.com/spotbugs/spotbugs/issues/3001)) ### [`v4.8.5`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#485---2024-05-03) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.8.4...4.8.5) ##### Fixed - Fix FP `SING_SINGLETON_GETTER_NOT_SYNCHRONIZED` with eager instances ([#​2932](https://redirect.github.com/spotbugs/spotbugs/issues/2932)) - Fix FPs when looking for multiple initialization of Singletons ([#​2934](https://redirect.github.com/spotbugs/spotbugs/issues/2934)) - Do not report DLS\_DEAD\_LOCAL\_STORE for Java 21's type switches when switch instruction is TABLESWITCH([#​2736](https://redirect.github.com/spotbugs/spotbugs/issues/2736)) - Fix FP `SE_BAD_FIELD` for record fields ([#​2935](https://redirect.github.com/spotbugs/spotbugs/issues/2935)) ### [`v4.8.4`](https://redirect.github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#484---2024-04-07) [Compare Source](https://redirect.github.com/spotbugs/spotbugs/compare/4.8.3...4.8.4) ##### Fixed - Fix FP in SE\_PREVENT\_EXT\_OBJ\_OVERWRITE when the if statement checking for null value, checking multiple variables or the method exiting in the if branch with an exception. ([#​2750](https://redirect.github.com/spotbugs/spotbugs/issues/2750)) - Fix possible null value in taxonomies of SARIF output ([#​2744](https://redirect.github.com/spotbugs/spotbugs/issues/2744)) - Fix `executionSuccessful` flag in SARIF report being set to false when bugs were found ([#​2116](https://redirect.github.com/spotbugs/spotbugs/issues/2116)) - Move information contained in the SARIF property `exitSignalName` to `exitCodeDescription` ([#​2739](https://redirect.github.com/spotbugs/spotbugs/issues/2739)) - Do not report SE\_NO\_SERIALVERSIONID or other serialization issues for records ([#​2793](https://redirect.github.com/spotbugs/spotbugs/issues/2793)) - Added support for CONSTANT\_Dynamic ([#​2759](https://redirect.github.com/spotbugs/spotbugs/issues/2759)) - Ignore generic variable types when looking for BC\_UNCONFIRMED\_CAST\_OF\_RETURN\_VALUE ([#​1219](https://redirect.github.com/spotbugs/spotbugs/issues/1219)) - Do not report BC\_UNCONFIRMED\_CAST for Java 21's type switches ([#​2813](https://redirect.github.com/spotbugs/spotbugs/pull/2813)) - Remove AppleExtension library (note: menus slightly changed) ([#​2823](https://redirect.github.com/spotbugs/spotbugs/pull/2823)) - Fix false positive NP\_NULL\_ON\_SOME\_PATH\_FROM\_RETURN\_VALUE even if Objects.requireNonNull is used. ([#​651](https://redirect.github.com/spotbugs/spotbugs/issues/651), [#​456](https://redirect.github.com/spotbugs/spotbugs/issues/456)) - Fixed error preventing SpotBugs from reporting FE\_FLOATING\_POINT\_EQUALITY ([#​2843](https://redirect.github.com/spotbugs/spotbugs/pull/2843)) - Fixed NP\_LOAD\_OF\_KNOWN\_NULL\_VALUE and RCN\_REDUNDANT\_NULLCHECK\_OF\_NULL\_VALUE false positives in try-with-resources generated finally blocks ([#​2844](https://redirect.github.com/spotbugs/spotbugs/pull/2844)) - Do not report DLS\_DEAD\_LOCAL\_STORE for Java 21's type switches ([#​2828](https://redirect.github.com/spotbugs/spotbugs/pull/2828)) - Update UnreadFields detector to ignore warnings for fields with certain annotations ([#​574](https://redirect.github.com/spotbugs/spotbugs/issues/574)) - Do not report UWF\_FIELD\_NOT\_INITIALIZED\_IN\_CONSTRUCTOR for fields initialized in method annotated with [@​PostConstruct](https://redirect.github.com/PostConstruct), [@​BeforeEach](https://redirect.github.com/BeforeEach), etc. ([#​2872](https://redirect.github.com/spotbugs/spotbugs/pull/2872) [#​2870](https://redirect.github.com/spotbugs/spotbugs/issues/2870) [#​453](https://redirect.github.com/spotbugs/spotbugs/issues/453)) - Do not report DLS\_DEAD\_LOCAL\_STORE for Hibernate bytecode enhancements ([#​2865](https://redirect.github.com/spotbugs/spotbugs/pull/2865)) - Fixed NP\_NULL\_ON\_SOME\_PATH\_FROM\_RETURN\_VALUE false positives due to source code formatting ([#​2874](https://redirect.github.com/spotbugs/spotbugs/pull/2874)) - Added more nullability annotations in TypeQualifierResolver ([#​2558](https://redirect.github.com/spotbugs/spotbugs/issues/2558) [#​2694](https://redirect.github.com/spotbugs/spotbugs/pull/2694)) - Improved the bug description for VA\_FORMAT\_STRING\_USES\_NEWLINE when using text blocks, check the usage of String.formatted() ([#​2881](https://redirect.github.com/spotbugs/spotbugs/pull/2881)) - Fixed crash in ValueRangeAnalysisFactory when looking for redundant conditions used in assertions ([#​2887](https://redirect.github.com/spotbugs/spotbugs/pull/2887)) - Revert again commons-text from 1.11.0 to 1.10.0 to resolve a version conflict ([#​2686](https://redirect.github.com/spotbugs/spotbugs/issues/2686)) - Fixed false positive MC\_OVERRIDABLE\_METHOD\_CALL\_IN\_CONSTRUCTOR when referencing but not calling an overridable method ([#​2837](https://redirect.github.com/spotbugs/spotbugs/pull/2837)) - Update the filter XSD namespace and location for the upcoming 4.8.4 release ([#​2909](https://redirect.github.com/spotbugs/spotbugs/issues/2909)) ##### Added - New detector `MultipleInstantiationsOfSingletons` and introduced new bug types: - `SING_SINGLETON_HAS_NONPRIVATE_CONSTRUCTOR` is reported in case of a non-private constructor, - `SING_SINGLETON_IMPLEMENTS_CLONEABLE` is reported in case of a class directly implementing the `Cloneable` interface, - `SING_SINGLETON_INDIRECTLY_IMPLEMENTS_CLONEABLE` is reported when a class indirectly implements the `Cloneable` interface, - `SING_SINGLETON_IMPLEMENTS_CLONE_METHOD` is reported when a class does not implement the `Cloneable` interface, but has a `clone()` method, - `SING_SINGLETON_IMPLEMENTS_SERIALIZABLE` is reported when a class directly or indirectly implements the `Serializable` interface and - `SING_SINGLETON_GETTER_NOT_SYNCHRONIZED` is reported when the instance-getter method of the singleton class is not synchronized. (See [SEI CERT MSC07-J](https://wiki.sei.cmu.edu/confluence/display/java/MSC07-J.+Prevent+multiple+instantiations+of+singleton+objects)) - Extend `FindOverridableMethodCall` detector with new bug type: `MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT`. It's reported when an overridable method is called from `readObject()`, according to SEI CERT rule [SER09-J. Do not invoke overridable methods from the readObject() method](https://wiki.sei.cmu.edu/confluence/display/java/SER09-J.+Do+not+invoke+overridable+methods+from+the+readObject%28%29+method). ##### Changed - Minor cleanup in connection with slashed and dotted names ([#​2805](https://redirect.github.com/spotbugs/spotbugs/pull/2805)) ##### Build - Fix sonar coverage for project ([#​2796](https://redirect.github.com/spotbugs/spotbugs/issues/2796)) - Upgraded the build to compile bug samples using Java 21 language features ([#​2813](https://redirect.github.com/spotbugs/spotbugs/pull/2813)) - Add 'configurations.checkstyle resolution starategy' to control bug in gradle on exclusions not being excluded properly as seen in checkstyle usage. See [checkstyle/checkstyle#14211](https://redirect.github.com/checkstyle/checkstyle/issues/14211) for more information. ([#​2798](https://redirect.github.com/spotbugs/spotbugs/issues/2798)) - Allow our builds to work with jdk 11 with drop back on Eclipse to 4.24 and spring to 5.3.31. ([#​2604](https://redirect.github.com/spotbugs/spotbugs/pull/2604/)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every 3 weeks on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. â™» **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/apache/jmeter). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTkuNCIsInVwZGF0ZWRJblZlciI6IjQxLjE1OS40IiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
