pom/spring-boot-starter
pom/spring-boot-starter
4
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases 13 Packages Wiki Activity Actions

chore(deps): update all non-major dependencies #13

Merged
oliver merged 1 commit from renovate/all-minor-patch into main 2025-01-21 20:21:00 +01:00
Conversation 2 Commits 1 Files changed 1 +2 -2
renovatebot commented 2025-01-16 19:01:44 +01:00
Member
Copy link

This PR contains the following updates:

Package Type Update Change
com.github.spotbugs:spotbugs (source) build minor 4.8.6 -> 4.9.0
org.owasp:dependency-check-maven (source) build patch 12.0.0 -> 12.0.1

Release Notes

spotbugs/spotbugs (com.github.spotbugs:spotbugs)

v4.9.0

Compare Source

Added
  • Updated the SuppressFBWarnings annotation to support finer grained bug suppressions (#​3102)
  • SimpleDateFormat, DateTimeFormatter, FastDateFormat string check for bad combinations of flag formatting (#​637)
  • New detector ResourceInMultipleThreadsDetector and introduced new bug type:
    • AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of unsafe resource access in multiple threads.
Fixed
  • Do not consider Records as Singletons (#​2981)
  • Keep a maximum of 10000 cached analysis entries for plugin's analysis engines (#​3025)
  • Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when calling own methods (#​2957)
  • Check the actual caught exceptions (instead of their common type) when analyzing multi-catch blocks (#​2968)
  • System property findbugs.refcomp.reportAll is now being used. For some new conditions, it will emit an experimental warning (#​2988)
  • -version flag prints the version to the standard output (#​2797)
  • Revert the changes from (#​2894) to get HTML stylesheets to work again (#​2969)
  • Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the synchronization is in a called method (#​3045)
  • Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by Spring AOT (#​3059)
  • Detect failure to close RocksDB's ReadOptions (#​3069)
  • Fix FP EI_EXPOSE_REP when there are multiple immutable assignments (#​3023)
  • Fixed false positive NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin, handle Kotlin's Intrinsics.checkNotNullParameter() (#​3094)
  • Fixed some CWE mappings (#​3124)
  • Recognize some classes as immutable, fixing EI_EXPOSE and MS_EXPOSE FPs (#​3137)
  • Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with TestNG's @​BeforeClass. (#​3152)
  • Fixed detector FindReturnRef not finding references exposed from nested and inner classes (#​2042)
  • Fix call graph, include non-parametric void methods (#​3160)
  • Fix multiple reporting of identical bugs messing up statistics (#​3185)
  • Added missing comma between line number and confidence when describing matching and mismatching bugs for tests (#​3187)
  • Fixed method matchers with array types (#​3203)
  • Fix SARIF report's message property in Exception to meet the standard (#​3197)
  • Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called finalize() but not with the correct signature. (#​3207)
  • Fixed an error in the detection of bridge methods causing analysis crashes (#​3208)
  • Fixed detector ThrowingExceptions by removing false positive reports, such as synthetic methods (lambdas), methods which inherited their exception specifications and methods which call throwing methods (#​2040)
  • Do not report DP_DO_INSIDE_DO_PRIVILEGED, DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in code targeting Java 17 and above, since it advises the usage of deprecated method (#​1515).
  • Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive for a builder delegating to another builder (#​3235)
Cleanup
  • Cleanup thread issue and regex issue in test-harness (#​3130)
  • Remove extra blank lines and remove public from interface objects as inherently already public (#​3131)
  • Fix order of modifiers on properties/methods and ensure correct location in file (#​3132, #​3177)
  • Return objects directly instead of creating more garbage collection by defining them (#​3133, #​3175)
  • Restrict the constructor of abstract classes visibility to protected (#​3178)
  • Cleanup double initialization and fix comments referring to findbugs instead of spotbugs(#​3134)
  • Use diamond operator in constructor calls of Collections (#​3176)
  • Use Collection.isEmpty() or String.isEmpty() to test for emptiness (#​3180, #​3219)
  • Use method references instead of lambdas where possible (#​3179)
  • Move default clauses to the end of switches (#​3222)
  • Remove unnecessary throws declarations (#​3220)
  • Use Boolean.parseBoolean() for string-to-boolean conversion. (#​3217)
  • Rename shadowing fields (#​3221)
  • Combine catch blocks with the same body (#​3223)
  • Merge conditions of nested ifs (#​3231)
  • Use non deprecated 'getDottedClassName' instead of 'toDottedClassName'(#​3251)
  • Use try with resources where possible (#​3253)
Changed
  • Bump up Java version to 11
jeremylong/DependencyCheck (org.owasp:dependency-check-maven)

v12.0.1

Compare Source

  • docs: Fix OSS Index Maven config documentation (#​7322)
  • Fix OSS Index Maven config documentation
  • chore(docs): Document Gradle plugin support for failBuildOnUnusedSuppressionRule (#​7307)
  • chore(docs): Correct analyzers config example to use Gradle dot-syntax (#​7305)
  • fix: improve error message on improperly configured serverId credentials in settings.xml (#​7313)
  • fix: Lower Basic serverId when Bearer was expected to a warning
  • fix: improve error message on improperly configured serverId credentials
  • fix: Correct nonProxyHosts support when no sys properties set (#​7306)
  • core(docs): Group failBuildOnUnusedSuppressionRule flag next to suppression file configuration
  • core(docs): Update Gradle plugin documentation for failBuildOnUnusedSuppressionRule support
  • fix: Correct nonProxyHosts support when no sys properties set
  • chore(docs): Correct analyzers config example to use Gradle dot-syntax

See the full listing of changes.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [com.github.spotbugs:spotbugs](https://spotbugs.github.io/) ([source](https://github.com/spotbugs/spotbugs)) | build | minor | `4.8.6` -> `4.9.0` | | [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck.git) ([source](https://github.com/jeremylong/DependencyCheck/tree/HEAD/maven)) | build | patch | `12.0.0` -> `12.0.1` | --- ### Release Notes <details> <summary>spotbugs/spotbugs (com.github.spotbugs:spotbugs)</summary> ### [`v4.9.0`](https://github.com/spotbugs/spotbugs/blob/HEAD/CHANGELOG.md#490---2025-01-15) [Compare Source](https://github.com/spotbugs/spotbugs/compare/4.8.6...4.9.0) ##### Added - Updated the `SuppressFBWarnings` annotation to support finer grained bug suppressions ([#&#8203;3102](https://github.com/spotbugs/spotbugs/pull/3102)) - SimpleDateFormat, DateTimeFormatter, FastDateFormat string check for bad combinations of flag formatting ([#&#8203;637](https://github.com/spotbugs/spotbugs/issues/637)) - New detector `ResourceInMultipleThreadsDetector` and introduced new bug type: - `AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD` is reported in case of unsafe resource access in multiple threads. ##### Fixed - Do not consider Records as Singletons ([#&#8203;2981](https://github.com/spotbugs/spotbugs/issues/2981)) - Keep a maximum of 10000 cached analysis entries for plugin's analysis engines ([#&#8203;3025](https://github.com/spotbugs/spotbugs/pull/3025)) - Only report `MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT` when calling own methods ([#&#8203;2957](https://github.com/spotbugs/spotbugs/issues/2957)) - Check the actual caught exceptions (instead of their common type) when analyzing multi-catch blocks ([#&#8203;2968](https://github.com/spotbugs/spotbugs/issues/2968)) - System property `findbugs.refcomp.reportAll` is now being used. For some new conditions, it will emit an experimental warning ([#&#8203;2988](https://github.com/spotbugs/spotbugs/pull/2988)) - `-version` flag prints the version to the standard output ([#&#8203;2797](https://github.com/spotbugs/spotbugs/issues/2797)) - Revert the changes from ([#&#8203;2894](https://github.com/spotbugs/spotbugs/pull/2894)) to get HTML stylesheets to work again ([#&#8203;2969](https://github.com/spotbugs/spotbugs/issues/2969)) - Fix FP `SING_SINGLETON_GETTER_NOT_SYNCHRONIZED` report when the synchronization is in a called method ([#&#8203;3045](https://github.com/spotbugs/spotbugs/issues/3045)) - Let `BetterCFGBuilder2.isPEI` handle `dup2` bytecode used by Spring AOT ([#&#8203;3059](https://github.com/spotbugs/spotbugs/issues/3059)) - Detect failure to close RocksDB's ReadOptions ([#&#8203;3069](https://github.com/spotbugs/spotbugs/issues/3069)) - Fix FP `EI_EXPOSE_REP` when there are multiple immutable assignments ([#&#8203;3023](https://github.com/spotbugs/spotbugs/issues/3023)) - Fixed false positive `NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR` for Kotlin, handle Kotlin's `Intrinsics.checkNotNullParameter()` ([#&#8203;3094](https://github.com/spotbugs/spotbugs/issues/3094)) - Fixed some CWE mappings ([#&#8203;3124](https://github.com/spotbugs/spotbugs/pull/3124)) - Recognize some classes as immutable, fixing EI_EXPOSE and MS_EXPOSE FPs ([#&#8203;3137](https://github.com/spotbugs/spotbugs/pull/3137)) - Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with TestNG's [@&#8203;BeforeClass](https://github.com/BeforeClass). ([#&#8203;3152](https://github.com/spotbugs/spotbugs/issues/3152)) - Fixed detector `FindReturnRef` not finding references exposed from nested and inner classes ([#&#8203;2042](https://github.com/spotbugs/spotbugs/issues/2042)) - Fix call graph, include non-parametric void methods ([#&#8203;3160](https://github.com/spotbugs/spotbugs/pull/3160)) - Fix multiple reporting of identical bugs messing up statistics ([#&#8203;3185](https://github.com/spotbugs/spotbugs/issues/3185)) - Added missing comma between line number and confidence when describing matching and mismatching bugs for tests ([#&#8203;3187](https://github.com/spotbugs/spotbugs/pull/3187)) - Fixed method matchers with array types ([#&#8203;3203](https://github.com/spotbugs/spotbugs/issues/3203)) - Fix SARIF report's message property in Exception to meet the standard ([#&#8203;3197](https://github.com/spotbugs/spotbugs/issues/3197)) - Fixed `FI_FINALIZER_NULLS_FIELDS` FPs for functions called finalize() but not with the correct signature. ([#&#8203;3207](https://github.com/spotbugs/spotbugs/issues/3207)) - Fixed an error in the detection of bridge methods causing analysis crashes ([#&#8203;3208](https://github.com/spotbugs/spotbugs/issues/3208)) - Fixed detector `ThrowingExceptions` by removing false positive reports, such as synthetic methods (lambdas), methods which inherited their exception specifications and methods which call throwing methods ([#&#8203;2040](https://github.com/spotbugs/spotbugs/issues/2040)) - Do not report `DP_DO_INSIDE_DO_PRIVILEGED`, `DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED` and `USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE` in code targeting Java 17 and above, since it advises the usage of deprecated method ([#&#8203;1515](https://github.com/spotbugs/spotbugs/issues/1515)). - Fixed a `RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT` false positive for a builder delegating to another builder ([#&#8203;3235](https://github.com/spotbugs/spotbugs/issues/3235)) ##### Cleanup - Cleanup thread issue and regex issue in test-harness ([#&#8203;3130](https://github.com/spotbugs/spotbugs/issues/3130)) - Remove extra blank lines and remove public from interface objects as inherently already public ([#&#8203;3131](https://github.com/spotbugs/spotbugs/issues/3131)) - Fix order of modifiers on properties/methods and ensure correct location in file ([#&#8203;3132](https://github.com/spotbugs/spotbugs/issues/3132), [#&#8203;3177](https://github.com/spotbugs/spotbugs/pull/3177)) - Return objects directly instead of creating more garbage collection by defining them ([#&#8203;3133](https://github.com/spotbugs/spotbugs/pull/3133), [#&#8203;3175](https://github.com/spotbugs/spotbugs/pull/3175)) - Restrict the constructor of abstract classes visibility to protected ([#&#8203;3178](https://github.com/spotbugs/spotbugs/pull/3178)) - Cleanup double initialization and fix comments referring to findbugs instead of spotbugs([#&#8203;3134](https://github.com/spotbugs/spotbugs/issues/3134)) - Use diamond operator in constructor calls of Collections ([#&#8203;3176](https://github.com/spotbugs/spotbugs/pull/3176)) - Use `Collection.isEmpty()` or `String.isEmpty()` to test for emptiness ([#&#8203;3180](https://github.com/spotbugs/spotbugs/pull/3180), [#&#8203;3219](https://github.com/spotbugs/spotbugs/pull/3219)) - Use method references instead of lambdas where possible ([#&#8203;3179](https://github.com/spotbugs/spotbugs/pull/3179)) - Move default clauses to the end of switches ([#&#8203;3222](https://github.com/spotbugs/spotbugs/pull/3222)) - Remove unnecessary throws declarations ([#&#8203;3220](https://github.com/spotbugs/spotbugs/pull/3220)) - Use `Boolean.parseBoolean()` for string-to-boolean conversion. ([#&#8203;3217](https://github.com/spotbugs/spotbugs/pull/3217)) - Rename shadowing fields ([#&#8203;3221](https://github.com/spotbugs/spotbugs/pull/3221)) - Combine catch blocks with the same body ([#&#8203;3223](https://github.com/spotbugs/spotbugs/pull/3223)) - Merge conditions of nested ifs ([#&#8203;3231](https://github.com/spotbugs/spotbugs/pull/3231)) - Use non deprecated 'getDottedClassName' instead of 'toDottedClassName'([#&#8203;3251](https://github.com/spotbugs/spotbugs/pull/3251)) - Use try with resources where possible ([#&#8203;3253](https://github.com/spotbugs/spotbugs/pull/3253)) ##### Changed - Bump up Java version to 11 </details> <details> <summary>jeremylong/DependencyCheck (org.owasp:dependency-check-maven)</summary> ### [`v12.0.1`](https://github.com/jeremylong/DependencyCheck/blob/HEAD/CHANGELOG.md#Version-1201-2025-01-19) [Compare Source](https://github.com/jeremylong/DependencyCheck/compare/v12.0.0...v12.0.1) - docs: Fix OSS Index Maven config documentation ([#&#8203;7322](https://github.com/jeremylong/DependencyCheck/issues/7322)) - Fix OSS Index Maven config documentation - chore(docs): Document Gradle plugin support for failBuildOnUnusedSuppressionRule ([#&#8203;7307](https://github.com/jeremylong/DependencyCheck/issues/7307)) - chore(docs): Correct analyzers config example to use Gradle dot-syntax ([#&#8203;7305](https://github.com/jeremylong/DependencyCheck/issues/7305)) - fix: improve error message on improperly configured serverId credentials in settings.xml ([#&#8203;7313](https://github.com/jeremylong/DependencyCheck/issues/7313)) - fix: Lower Basic serverId when Bearer was expected to a warning - fix: improve error message on improperly configured serverId credentials - fix: Correct nonProxyHosts support when no sys properties set ([#&#8203;7306](https://github.com/jeremylong/DependencyCheck/issues/7306)) - core(docs): Group failBuildOnUnusedSuppressionRule flag next to suppression file configuration - core(docs): Update Gradle plugin documentation for failBuildOnUnusedSuppressionRule support - fix: Correct nonProxyHosts support when no sys properties set - chore(docs): Correct analyzers config example to use Gradle dot-syntax See the full listing of [changes](https://github.com/jeremylong/DependencyCheck/milestone/92?closed=1). </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDQuMyIsInVwZGF0ZWRJblZlciI6IjM5LjExNy4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZSJdfQ==-->
oliver was assigned by renovatebot 2025-01-16 19:01:45 +01:00
requested review from oliver 2025-01-16 19:01:45 +01:00
forgejo commented 2025-01-16 19:01:49 +01:00
Owner
Copy link

This PR contains the following updates:

Package Type Update Change com.github.spotbugs:spotbugs ( https://spotbugs.github.io/ ) ( source ( https://github.com/spotbugs/spotbugs ) ) build minor 4.8.6 -> 4.9.0

Release Notes

This PR contains the following updates: Package Type Update Change com.github.spotbugs:spotbugs ( https://spotbugs.github.io/ ) ( source ( https://github.com/spotbugs/spotbugs ) ) build minor 4.8.6 -> 4.9.0 Release Notes
renovatebot force-pushed renovate/all-minor-patch from d7d923d01e to fc209e83d6 2025-01-19 21:01:25 +01:00 Compare
renovatebot changed title from chore(deps): update dependency com.github.spotbugs:spotbugs to v4.9.0 to chore(deps): update all non-major dependencies 2025-01-19 21:01:26 +01:00
oliver merged commit fc209e83d6 into main 2025-01-21 20:21:00 +01:00
oliver deleted branch renovate/all-minor-patch 2025-01-21 20:21:00 +01:00
forgejo commented 2025-01-21 20:21:04 +01:00
Owner
Copy link

@oliver hat #13 in main zusammengeführt.

Auf Forgejo: Beyond coding. We Forge. ansehen ( #13 ) oder antworte direkt auf diese E-Mail.

*@oliver* hat #13 in main zusammengeführt. --- Auf Forgejo: Beyond coding. We Forge. ansehen ( https://w9r.dev/pom/spring-boot-starter/pulls/13 ) oder antworte direkt auf diese E-Mail.
Sign in to join this conversation.
Reviewers
No reviewers
oliver
Labels
Clear labels   
released

Issue has been released

No labels
released
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
oliver
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: pom/spring-boot-starter#13
No description provided.
Delete branch "renovate/all-minor-patch"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?