Bump com.github.spotbugs:spotbugs-annotations from 4.8.6 to 4.9.0 in /CedarJava

[dependabot]

Bumps com.github.spotbugs:spotbugs-annotations from 4.8.6 to 4.9.0.

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

SpotBugs 4.9.0

CHANGELOG

• https://github.com/spotbugs/spotbugs/blob/4.9.0/CHANGELOG.md

CHECKSUM

file	checksum (sha256)
spotbugs-4.9.0-javadoc.jar	5d577a6bc5a67ea1ed93c132caa5825228aecf7814b7d54406b93ab182d6e7b6
spotbugs-4.9.0-sources.jar	310d5b46d76d06698303b21a26482d070c04df78fe0807b8f734ca6477cc6028
spotbugs-4.9.0.tgz	d9fec1c0d0d2771153ed3f654a2a793558cefa7796cca3a5cad801f5529ec82d
spotbugs-4.9.0.zip	47a8fcafb93da34dcaa8ab862c24dfd16263b9d0feb89fc68bdf75445ac0fe25
spotbugs-annotations-4.9.0-javadoc.jar	4a75bb25717e01513b37f1214710bdeeafe8b23472c5880de9951ccd2b746515
spotbugs-annotations-4.9.0-sources.jar	990ad9f3500499a99466b7c1e01284f4f41d1499358e7dc38c8defc59dab114c
spotbugs-annotations.jar	c13d24d43609a1418472f046d739bceda714ed7aa500e0589c872e0d684a47da
spotbugs-ant-4.9.0-javadoc.jar	19742deb83c58bc9cc7a415d1b9afed9d4e9144869f4b618fea94c7dcd9b6942
spotbugs-ant-4.9.0-sources.jar	591073402e4110093a380169acd3f33b26c2f893c2eaed5a6460d9be0b26014e
spotbugs-ant.jar	3a6f453696294d5314e648d4891d35e34315e11cb63c758a1601021cc0d803d1
spotbugs.jar	a4a29bc8c1080e03bfc33bee2aa8f5f37003c8a568fff034a39f126623b7b536
test-harness-4.9.0-javadoc.jar	187bd2f939d9b0eed59498606ead50f6175d7c0d30f9274637a5910e6488a156
test-harness-4.9.0-sources.jar	22688f14ef808cde65cc46e86d41c617fc397fc4967516006a73ce8bad658b9f
test-harness-4.9.0.jar	9bf5bba9546e4f89032006261dd2921a79fc3044e473ee1fa73af870cb43da15
test-harness-core-4.9.0-javadoc.jar	16754b3383b694650aef3ecfc2ed88e66574db9ebb42aad96e252e78912a5dd0
test-harness-core-4.9.0-sources.jar	13825de35190089490c7e290b52bafe6a9b08ab431177c0191dae9cf2a88a55d
test-harness-core-4.9.0.jar	3c74cc6d2d6f999d403f00f97685587e617d2bf1bfc348bbd0597e785c83feec
test-harness-jupiter-4.9.0-javadoc.jar	cbbdc4038e5a3aa04278e9a82139679e5044a7f63571b88abd6818531230c736
test-harness-jupiter-4.9.0-sources.jar	0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.9.0.jar	0e9509de32f8fbc94cf088dbee80394fa93807a766532568e652cd622ce737c8

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.9.0 - 2025-01-15

Added

• Updated the SuppressFBWarnings annotation to support finer grained bug suppressions (#3102)
• SimpleDateFormat, DateTimeFormatter, FastDateFormat string check for bad combinations of flag formatting (#637)
• New detector ResourceInMultipleThreadsDetector and introduced new bug type:
  • AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of unsafe resource access in multiple threads.

Fixed

• Do not consider Records as Singletons (#2981)
• Keep a maximum of 10000 cached analysis entries for plugin's analysis engines (#3025)
• Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when calling own methods (#2957)
• Check the actual caught exceptions (instead of their common type) when analyzing multi-catch blocks (#2968)
• System property findbugs.refcomp.reportAll is now being used. For some new conditions, it will emit an experimental warning (#2988)
• -version flag prints the version to the standard output (#2797)
• Revert the changes from (#2894) to get HTML stylesheets to work again (#2969)
• Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the synchronization is in a called method (#3045)
• Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by Spring AOT (#3059)
• Detect failure to close RocksDB's ReadOptions (#3069)
• Fix FP EI_EXPOSE_REP when there are multiple immutable assignments (#3023)
• Fixed false positive NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin, handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
• Fixed some CWE mappings (#3124)
• Recognize some classes as immutable, fixing EI_EXPOSE and MS_EXPOSE FPs (#3137)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with TestNG's @​BeforeClass. (#3152)
• Fixed detector FindReturnRef not finding references exposed from nested and inner classes (#2042)
• Fix call graph, include non-parametric void methods (#3160)
• Fix multiple reporting of identical bugs messing up statistics (#3185)
• Added missing comma between line number and confidence when describing matching and mismatching bugs for tests (#3187)
• Fixed method matchers with array types (#3203)
• Fix SARIF report's message property in Exception to meet the standard (#3197)
• Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called finalize() but not with the correct signature. (#3207)
• Fixed an error in the detection of bridge methods causing analysis crashes (#3208)
• Fixed detector ThrowingExceptions by removing false positive reports, such as synthetic methods (lambdas), methods which inherited their exception specifications and methods which call throwing methods (#2040)
• Do not report DP_DO_INSIDE_DO_PRIVILEGED, DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in code targeting Java 17 and above, since it advises the usage of deprecated method (#1515).
• Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive for a builder delegating to another builder (#3235)

Cleanup

• Cleanup thread issue and regex issue in test-harness (#3130)
• Remove extra blank lines and remove public from interface objects as inherently already public (#3131)
• Fix order of modifiers on properties/methods and ensure correct location in file (#3132, #3177)
• Return objects directly instead of creating more garbage collection by defining them (#3133, #3175)
• Restrict the constructor of abstract classes visibility to protected (#3178)
• Cleanup double initialization and fix comments referring to findbugs instead of spotbugs(#3134)
• Use diamond operator in constructor calls of Collections (#3176)
• Use Collection.isEmpty() or String.isEmpty() to test for emptiness (#3180, #3219)
• Use method references instead of lambdas where possible (#3179)
• Move default clauses to the end of switches (#3222)
• Remove unnecessary throws declarations (#3220)
• Use Boolean.parseBoolean() for string-to-boolean conversion. (#3217)
• Rename shadowing fields (#3221)
• Combine catch blocks with the same body (#3223)

... (truncated)

Commits

• ef76e9b release v4.9.0
• d64bfd2 Remove legacy cvs / svn revision data as git doesn't use that (#3262)
• 3d80c80 Move documentation items and other build items to java 11 (#3260)
• ab2a9f7 Fix map container to use interface, few missed double initialization, and mis...
• b7f48c9 [tests] Cleanup code within tests (#3259)
• 8bc2966 Move Eclipse to java 11 to match rest of the project (#3258)
• d3f97b3 Correct object creation for object to contain array marker not the variable n...
• ce7eac9 Use try with resources where possible (#3253)
• 97ac6b6 chore(deps): update plugin com.diffplug.spotless to v7.0.2 (#3255)
• 9f652a4 chore(deps): update dependency com.diffplug.spotless:spotless-plugin-gradle t...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #291.