dependabot[bot] opened a new pull request, #68: URL: https://github.com/apache/logging-parent/pull/68
Bumps [com.github.spotbugs:spotbugs-annotations](https://github.com/spotbugs/spotbugs) from 4.8.1 to 4.8.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spotbugs/spotbugs/releases";>com.github.spotbugs:spotbugs-annotations's releases</a>.</em></p> <blockquote> <h2>SpotBugs 4.8.2</h2> <h3>CHANGELOG</h3> <h3>Fixed</h3> <ul> <li>Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2379";>#2379</a>)</li> <li>Use java.nio to load filter files (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2684";>#2684</a>)</li> <li>Eclipse: Do not export javax.annotation packages (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2699";>#2699</a>)</li> <li>Fixed not thread safe FindOverridableMethodCall detector (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2701";>#2701</a>)</li> <li>Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2646";>#2646</a>)</li> <li>Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2686";>#2686</a>)</li> <li>Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2710";>#2710</a>)</li> </ul> <h3>Added</h3> <ul> <li>New detector finding <code>System.getenv()</code> calls, where the corresponding Java property could be used (See <a href="https://wiki.sei.cmu.edu/confluence/display/java/ENV02-J.+Do+not+trust+the+values+of+environment+variables";>ENV02-J</a>).</li> </ul> <h3>Build</h3> <ul> <li>Run build using jdk 17 and 21 without usage of toolchains so we do not defeat the purpose of building on both. (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2722";>#2722</a>)</li> </ul> <h3>CHECKSUM</h3> <table> <thead> <tr> <th>file</th> <th>checksum (sha256)</th> </tr> </thead> <tbody> <tr> <td>spotbugs-4.8.2-javadoc.jar</td> <td>9147da4187712ba3ec7fd232510181366f394443cf70a76ee918738a11c539e9</td> </tr> <tr> <td>spotbugs-4.8.2-sources.jar</td> <td>4486c8404debe8de2d5a7d71c14ad66480f463d84586cb3077c639c72192924c</td> </tr> <tr> <td>spotbugs-4.8.2.tgz</td> <td>c3eb4e2077310bf19b06ed232dc8d71f3a4884a4619fd8a7c041ed5ce5af4819</td> </tr> <tr> <td>spotbugs-4.8.2.zip</td> <td>615400e86ee19ee1b74d0f8d1a170e2dfdb8f49d02b60fa7b276a8179c3b584a</td> </tr> <tr> <td>spotbugs-annotations-4.8.2-javadoc.jar</td> <td>22ec9f9658a7e569893db728a5cdcdb4121b4bca1ae1ee154189f2cbbc42f187</td> </tr> <tr> <td>spotbugs-annotations-4.8.2-sources.jar</td> <td>b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b</td> </tr> <tr> <td>spotbugs-annotations.jar</td> <td>3d02aacbf2d094d510c087c2a25a85e04f655b22260016473d02258237d0df27</td> </tr> <tr> <td>spotbugs-ant-4.8.2-javadoc.jar</td> <td>b210ddbee668f591f0ff57ea8d546ac47e2753cbf56b6f1bbeb61a8d4c82d233</td> </tr> <tr> <td>spotbugs-ant-4.8.2-sources.jar</td> <td>9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61</td> </tr> <tr> <td>spotbugs-ant.jar</td> <td>a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c</td> </tr> <tr> <td>spotbugs.jar</td> <td>01974233a0da943700b9b9d190f872f6dd155d5825e05d1fae5a531bebb284eb</td> </tr> <tr> <td>test-harness-4.8.2-javadoc.jar</td> <td>a362bb855074be294da341b5ba7406c013174246c63061fc7dfc91f28795adbe</td> </tr> <tr> <td>test-harness-4.8.2-sources.jar</td> <td>633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6</td> </tr> <tr> <td>test-harness-4.8.2.jar</td> <td>23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9</td> </tr> <tr> <td>test-harness-core-4.8.2-javadoc.jar</td> <td>9b32bd7cc9e5af80379207b0b4ad2f6217c4e46db2db3f371d886e227b2ee266</td> </tr> <tr> <td>test-harness-core-4.8.2-sources.jar</td> <td>f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082</td> </tr> <tr> <td>test-harness-core-4.8.2.jar</td> <td>5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242</td> </tr> <tr> <td>test-harness-jupiter-4.8.2-javadoc.jar</td> <td>8029e928d3dfa2a93ff8d877693421f265122c5d0f4caee17fd6796d0c7e566d</td> </tr> <tr> <td>test-harness-jupiter-4.8.2-sources.jar</td> <td>0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800</td> </tr> <tr> <td>test-harness-jupiter-4.8.2.jar</td> <td>d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485</td> </tr> </tbody> </table> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md";>com.github.spotbugs:spotbugs-annotations's changelog</a>.</em></p> <blockquote> <h2>4.8.2 - 2023-11-28</h2> <h3>Fixed</h3> <ul> <li>Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2379";>#2379</a>)</li> <li>Use java.nio to load filter files (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2684";>#2684</a>)</li> <li>Eclipse: Do not export javax.annotation packages (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2699";>#2699</a>)</li> <li>Fixed not thread safe FindOverridableMethodCall detector (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2701";>#2701</a>)</li> <li>Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2646";>#2646</a>)</li> <li>Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2686";>#2686</a>)</li> <li>Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2710";>#2710</a>)</li> </ul> <h3>Added</h3> <ul> <li>New detector finding <code>System.getenv()</code> calls, where the corresponding Java property could be used (See <a href="https://wiki.sei.cmu.edu/confluence/display/java/ENV02-J.+Do+not+trust+the+values+of+environment+variables";>ENV02-J</a>).</li> </ul> <h3>Build</h3> <ul> <li>Run build using jdk 17 and 21 without usage of toolchains so we do not defeat the purpose of building on both. (<a href="https://redirect.github.com/spotbugs/spotbugs/pull/2722";>#2722</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spotbugs/spotbugs/commit/0f0e4b20302fbd7438683d6fe505e6f5629bf8cc";><code>0f0e4b2</code></a> release v4.8.2</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/02f73665c299507c64bc600602a90e94b5824894";><code>02f7366</code></a> Run build on both jdk 17 and 21 (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2722";>#2722</a>)</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/a659725c67bc5d2eb53004caaaf4c03c44c5fd60";><code>a659725</code></a> Fix doc on gradle plugin version and run on gradle 8.5 rc4 (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2721";>#2721</a>)</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/e3d4f6ecb71b952058aa7ba23cf7f71027f0dfc5";><code>e3d4f6e</code></a> Update RELEASE_PROCEDURE.md (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2719";>#2719</a>)</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/4e7ace12df81d682b677b4507e7ae17e381fbda6";><code>4e7ace1</code></a> chore(deps): update dependency sphinx_rtd_theme to v2 (<a href="https://redirect.github.com/spotbugs/spotbugs/issues/2718";>#2718</a>)</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/8e04ba7610e4f7ba878c4ffa7d4e9e4980e9dfab";><code>8e04ba7</code></a> Fix link stuck to earlier version</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/e847d627044011b326791f8a31b8596cabc9a01a";><code>e847d62</code></a> Fixed extra brackets added to issues in changelog</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/126a7502d84625b91af95b14f74e855ae59f7d9f";><code>126a750</code></a> Fix changelog entry</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/b694dd1686e68e2fd6e9dbe7603debd32b76e105";><code>b694dd1</code></a> Fix issue in ConstructorThrow</li> <li><a href="https://github.com/spotbugs/spotbugs/commit/9558fbd885de7eb58fa24b41277bf3ba93b82389";><code>9558fbd</code></a> Add tests</li> <li>Additional commits viewable in <a href="https://github.com/spotbugs/spotbugs/compare/4.8.1...4.8.2";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
