Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

build(deps): bump com.github.spotbugs:spotbugs from 4.9.1 to 4.9.4

Merged
Number: #790
Type: Pull Request
State: Merged
Author: dependabot[bot] dependabot[bot]
Association: Contributor
Comments: 0
Created: August 11, 2025 at 11:12 AM UTC
(10 months ago)
Updated: August 12, 2025 at 12:09 AM UTC
(10 months ago)
Merged: August 12, 2025 at 12:09 AM UTC
(10 months ago)
by baltzell
Time to Close: about 13 hours
Labels:
dependencies java
Description:

Bumps com.github.spotbugs:spotbugs from 4.9.1 to 4.9.4.

Release notes

Sourced from com.github.spotbugs:spotbugs's releases.

SpotBugs 4.9.4

CHANGELOG

CHECKSUM

file checksum (sha256)
note: The checksums were not produced here due to change with gradle 9 when we published. This is subsequently fixed for next releases.

SpotBugs 4.9.3

CHANGELOG

Added

  • Introduced UselessSuppressionDetector to report the useless annotations instead of NoteSuppressedWarnings (#3348)

Fixed

  • Do not report US_USELESS_SUPPRESSION_ON_METHOD on synthetic methods (#3351)

CHECKSUM

file checksum (sha256)
spotbugs-4.9.3-javadoc.jar 3d0d103724cbaaffc27f17d28d9b17f8972fb378397f8f04f6f05268bde110b7
spotbugs-4.9.3-sources.jar 0aa5c905469eb578a3dbe09dcf704cf892568610cdb58550b142d658e37a29d4
spotbugs-4.9.3.tgz d464d56050cf1dbda032e9482e1188f7cd7b7646eaff79c2e6cbe4d6822f4d9f
spotbugs-4.9.3.zip 3b2dcf86f97d701700121cee4bd22305d4b54fd9ed7666fa0f53933a4ab92251
spotbugs-annotations-4.9.3-javadoc.jar 5fce79dc01a97aae84670922dd3581aa621b980535e4f6695a71db553dcb9cb4
spotbugs-annotations-4.9.3-sources.jar 990ad9f3500499a99466b7c1e01284f4f41d1499358e7dc38c8defc59dab114c
spotbugs-annotations.jar 13532bfe2f45fcd491432221df72d9cd0efb8f987c9245e12befa192c8925ce3
spotbugs-ant-4.9.3-javadoc.jar 346eb5215f9d157ab46c3216a783416e2fa2e8c9d4458143267fb518f81c7d77
spotbugs-ant-4.9.3-sources.jar 591073402e4110093a380169acd3f33b26c2f893c2eaed5a6460d9be0b26014e
spotbugs-ant.jar 3a6f453696294d5314e648d4891d35e34315e11cb63c758a1601021cc0d803d1
spotbugs.jar 710e8b98f1ae23cdb71aaaf07e8d71fb63b44f2bbbaa1df3c3ba0de62aba6ec9
test-harness-4.9.3-javadoc.jar 57f51147e289b5c6493f844beaac97cde57773a1d16ce064e9deb8963b3f99ce
test-harness-4.9.3-sources.jar 22688f14ef808cde65cc46e86d41c617fc397fc4967516006a73ce8bad658b9f
test-harness-4.9.3.jar 9bf5bba9546e4f89032006261dd2921a79fc3044e473ee1fa73af870cb43da15
test-harness-core-4.9.3-javadoc.jar 15aac012f3a8c8d6600075efe824aecab8233778e58345fecca65d7970256311
test-harness-core-4.9.3-sources.jar 13825de35190089490c7e290b52bafe6a9b08ab431177c0191dae9cf2a88a55d
test-harness-core-4.9.3.jar 3c74cc6d2d6f999d403f00f97685587e617d2bf1bfc348bbd0597e785c83feec
test-harness-jupiter-4.9.3-javadoc.jar a8f276fb01743b8dc9f8cd6b517ae0748e38f673e31615a923c9c61f5fd9de58
test-harness-jupiter-4.9.3-sources.jar 0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.9.3.jar 0e9509de32f8fbc94cf088dbee80394fa93807a766532568e652cd622ce737c8

SpotBugs 4.9.2

CHANGELOG

Added

  • Reporting useless @SuppressFBWarnings annotations (#641)

Fixed

  • Fixed html bug descriptions for AT_STALE_THREAD_WRITE_OF_PRIMITIVE and AT_NONATOMIC_64BIT_PRIMITIVE (#3303)
  • Fixed an HSM_HIDING_METHOD false positive when ECJ generates a synthetic method for an enum switch (#3305)
  • Fix AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD false negatives, detector depending on method order.

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs's changelog.

4.9.4 - 2025-08-07

Changed

  • AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
  • Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
  • Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

Fixed

  • Widen main method recognition according to JEP 445. (#3371)
  • Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields, parameters, packages or classes with an *.Generated annotation with retention >= class (#3350)(#3409)
  • Rewrite some member in ResourceValueFrame.java to Enum (#2061)
  • Ignore non-interpreted text when looking for FS_BAD_DATE_FORMAT_FLAG_COMBO (#3387)
  • Fix IllegalArgumentException thrown from FindNoSideEffectMethods detector (#3320)
  • Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito doAnswer(), doCallRealMethod(), doNothing(), doThrow() or doReturn() call (#3334)
  • Fix CT_CONSTRUCTOR_THROW false positive with public and private constructors in specific order of methods (#3417)
  • Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE FP when the relevant code is in private method, which is only called with proper synchronization (#3428)
  • Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a BDDMockito call (#3441)
  • Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE when field of a local variable is set. (#3459)
  • Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE FP when there was no compound operation (#3363)
  • Fix NM_FIELD_NAMING_CONVENTION crash in the TestASM detector (#3489)
  • Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in JUnit 3/4 setUp() method. (#3169)
  • Fix US_USELESS_SUPPRESSION_ON_FIELD/UUF_UNUSED_FIELD false positive (#3496)
  • Make the osgi manifest of the annotations jar Java 8 compatible (#3498) (#3500)
  • TextUICommandLine supports all options encoded in Eclipse preferences file (#3520)
  • Unnecessary suppressions fix for records headers (#3471)
  • Dead store fix when switch case contains loops (#3530) (#3449)
  • Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects (#3463)
  • Detect cases when equals() unconditionally returns true or false (#3528)
  • Do not report that an Iterator does not throw NoSuchElementException when hasNext() returns true (#3501)
  • Detect random value cast to int when stored in temporary variable (#3461)
  • Look for interfaces default methods when searching uncalled private methods (#1988)
  • Fixed field self assignment false positive (#2258)
  • Fixed DMI_INVOKING_TOSTRING_ON_ARRAY on newer JDK (#1147)
  • Fix NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive with Objects.requireNonNull (#2965) (#3573)
  • Track inner classes access methods to correctly report the bugs (#2029)
  • SF_SWITCH_NO_DEFAULT false positive fix (#1148) (#3572)

Added

  • Added the unnecessary annotation to the US_USELESS_SUPPRESSION_ON_* messages (#3395)
  • Multi-threaded code checks can be skipped with @NotThreadSafe (#3390)
  • New bug type CWO_CLOSED_WITHOUT_OPENED for locks that might be released without even being acquired. (See SEI CERT rule LCK08-J) (#2055)
    • Breaking change: changed values and new items in ResourceValueFrame.
  • Inline access method for method. (#3481)
  • Added DMI_MISLEADING_SUBSTRING for calling subString(0) on a StringBuffer/StringBuilder (#1928)

Signing

  • Signing for Eclipse plugin has been removed at the current time due to signing keys being expired. The expired key produced a warning during install, the same is true without signing.

4.9.3 - 2025-03-14

Added

  • Introduced UselessSuppressionDetector to report the useless annotations instead of NoteSuppressedWarnings (#3348)

... (truncated)

Commits
  • 014b0ee release v4.9.4
  • 0c0f125 build: Adjustments to the tag checking
  • 788524b prepare for next release
  • 44656f0 release v4.9.4
  • da2f64d build: Make sure check is against origin/master not master
  • 0db0852 prepare for next release
  • 7ecaa15 release v4.9.4
  • a2845af build: Remove space in curl
  • b433c57 build: Disable parallel builds for now
  • a4e906f build: Cleanup release action to correctly work
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Pull Request Statistics
Commits:
1
Files Changed:
1
Additions:
+1
Deletions:
-1
Package Dependencies
Package:
com.github.spotbugs:spotbugs
Ecosystem:
maven
Version Change:
4.9.1 → 4.9.4
Update Type:
Patch
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 4877272
UUID: 2735091175
Node ID: PR_kwDOJkSOIc6jBi3n
Host: GitHub
Repository: JeffersonLab/coatjava
Merge State: Unknown