Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update all dependencies #457

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update all dependencies #457

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 23, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
com.github.spotbugs:spotbugs (source) 4.8.6 -> 4.9.1 age adoption passing confidence
com.google.guava:guava 33.3.1-jre -> 33.4.0-jre age adoption passing confidence
com.github.spotbugs:spotbugs-annotations (source) 4.8.6 -> 4.9.1 age adoption passing confidence
org.webjars.npm:bootstrap (source) 4.6.0 -> 4.6.2 age adoption passing confidence

Release Notes

spotbugs/spotbugs (com.github.spotbugs:spotbugs)

v4.9.1

Compare Source

Added
  • New detector SharedVariableAtomicityDetector for new bug types AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE (See SEI CERT rules VNA00-J, VNA02-J and VNA05-J).
  • New detector FindHiddenMethod for bug type HSM_HIDING_METHOD. This bug is reported whenever a subclass method hides the static method of super class. (See SEI CERT MET07-J).
Fixed
  • Fixed the parsing of generics methods in ThrowingExceptions (#​3267)
  • Accept the 1st parameter of java.util.concurrent.CompletableFuture's completeOnTimeout(), getNow() and obtrudeValue() functions as nullable (#​1001).
  • Fixed the analysis error when FindReturnRef was checking instructions corresponding to a CFG branch that was optimized away (#​3266)
  • Added execute file permission to files in the distribution archive (#​3274)
  • Fixed a stack overflow in MultipleInstantiationsOfSingletons when a singleton initializer makes recursive calls (#​3280)
  • Fixed NPE in FindReturnRef on inner class fields (#​3283)
  • Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive when add edu.umd.cs.findbugs.annotations.Nullable (#​3243)

v4.9.0

Compare Source

Added
  • Updated the SuppressFBWarnings annotation to support finer grained bug suppressions (#​3102)
  • SimpleDateFormat, DateTimeFormatter, FastDateFormat string check for bad combinations of flag formatting (#​637)
  • New detector ResourceInMultipleThreadsDetector and introduced new bug type:
    • AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of unsafe resource access in multiple threads.
Fixed
  • Do not consider Records as Singletons (#​2981)
  • Keep a maximum of 10000 cached analysis entries for plugin's analysis engines (#​3025)
  • Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when calling own methods (#​2957)
  • Check the actual caught exceptions (instead of their common type) when analyzing multi-catch blocks (#​2968)
  • System property findbugs.refcomp.reportAll is now being used. For some new conditions, it will emit an experimental warning (#​2988)
  • -version flag prints the version to the standard output (#​2797)
  • Revert the changes from (#​2894) to get HTML stylesheets to work again (#​2969)
  • Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the synchronization is in a called method (#​3045)
  • Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by Spring AOT (#​3059)
  • Detect failure to close RocksDB's ReadOptions (#​3069)
  • Fix FP EI_EXPOSE_REP when there are multiple immutable assignments (#​3023)
  • Fixed false positive NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin, handle Kotlin's Intrinsics.checkNotNullParameter() (#​3094)
  • Fixed some CWE mappings (#​3124)
  • Recognize some classes as immutable, fixing EI_EXPOSE and MS_EXPOSE FPs (#​3137)
  • Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with TestNG's @​BeforeClass. (#​3152)
  • Fixed detector FindReturnRef not finding references exposed from nested and inner classes (#​2042)
  • Fix call graph, include non-parametric void methods (#​3160)
  • Fix multiple reporting of identical bugs messing up statistics (#​3185)
  • Added missing comma between line number and confidence when describing matching and mismatching bugs for tests (#​3187)
  • Fixed method matchers with array types (#​3203)
  • Fix SARIF report's message property in Exception to meet the standard (#​3197)
  • Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called finalize() but not with the correct signature. (#​3207)
  • Fixed an error in the detection of bridge methods causing analysis crashes (#​3208)
  • Fixed detector ThrowingExceptions by removing false positive reports, such as synthetic methods (lambdas), methods which inherited their exception specifications and methods which call throwing methods (#​2040)
  • Do not report DP_DO_INSIDE_DO_PRIVILEGED, DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in code targeting Java 17 and above, since it advises the usage of deprecated method (#​1515).
  • Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive for a builder delegating to another builder (#​3235)
Cleanup
  • Cleanup thread issue and regex issue in test-harness (#​3130)
  • Remove extra blank lines and remove public from interface objects as inherently already public (#​3131)
  • Fix order of modifiers on properties/methods and ensure correct location in file (#​3132, #​3177)
  • Return objects directly instead of creating more garbage collection by defining them (#​3133, #​3175)
  • Restrict the constructor of abstract classes visibility to protected (#​3178)
  • Cleanup double initialization and fix comments referring to findbugs instead of spotbugs(#​3134)
  • Use diamond operator in constructor calls of Collections (#​3176)
  • Use Collection.isEmpty() or String.isEmpty() to test for emptiness (#​3180, #​3219)
  • Use method references instead of lambdas where possible (#​3179)
  • Move default clauses to the end of switches (#​3222)
  • Remove unnecessary throws declarations (#​3220)
  • Use Boolean.parseBoolean() for string-to-boolean conversion. (#​3217)
  • Rename shadowing fields (#​3221)
  • Combine catch blocks with the same body (#​3223)
  • Merge conditions of nested ifs (#​3231)
  • Use non deprecated 'getDottedClassName' instead of 'toDottedClassName'(#​3251)
  • Use try with resources where possible (#​3253)
Changed
  • Bump up Java version to 11
twbs/bootstrap (org.webjars.npm:bootstrap)

v4.6.2

Compare Source

Highlights

  • Added an example to our Collapse plugin docs to show how to use horizontal collapsing. This has long been possible via our JS, but we never had an official class to utilize it.
  • We've replaced the deprecated color-adjust with print-color-adjust in our Sass files as part of the Autoprefixer v10.4.6 issues. This should quiet the issues folks have seen from that dependency change. If you're using our distribution CSS files, like bootstrap.min.css, you may still see the warning.
  • Tweaked the size of small and .small to compute to a whole pixel value (was 12.8px and now is 14px).
  • Improved accessibility around our dropdowns, color contrast, and role attributes.
  • Fixed some broken links to supporting documentation.
  • Updated dependencies across the board.

What's Changed

New Contributors

Full Changelog: twbs/bootstrap@v4.6.1...v4.6.2

v4.6.1: 4.6.1

Compare Source

What's changed
Full changelog

twbs/bootstrap@v4.6.0...v4.6.1

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Nov 23, 2024
@renovate renovate bot changed the title fix(deps): update dependency org.webjars.npm:bootstrap to v4.6.2 fix(deps): update all dependencies Dec 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants