Title: Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.2 to 4.9.4.0 by dependabot[bot] · Pull Request #352 · OWASP-Benchmark/BenchmarkJava · GitHub
Open Graph Title: Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.2 to 4.9.4.0 by dependabot[bot] · Pull Request #352 · OWASP-Benchmark/BenchmarkJava
X Title: Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.2 to 4.9.4.0 by dependabot[bot] · Pull Request #352 · OWASP-Benchmark/BenchmarkJava
Description: Bumps com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.2 to 4.9.4.0.
Release notes
Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.
Spotbugs Maven Plugin 4.9.4.0
Release is large but mainly rewriting of underlying code. This supports spotbugs 4.9.4, additional details below.
Consumer
Supporting spotbugs 4.9.4
Updated all underlying dependencies
Groovy now at 4.0.28
Groovydocs now published with release
Modernize groovy code usage including typing everything, avoiding any usage of groovy 'it' idiom
Due to how groovy resolves logging, wrap any logging that needs groovy to resolve gstring with check on logger being enabled
No longer use plexus file resource loader as it was mostly duplicated, its deprecated, and cleaner to directly implement enhancement
Use objects require non null where appropriate
Make sure files closed appropriately to prevent leaks
Fix invalid look at debug flag to determine debug logging by additionally checking info logging instead and log at info
Fix invalid usage of logging at debug where debug flag should have been used
Plugin artifact is now a list rather than array
Various nio updates
Fix javadoc issues
Cleanup regex usage for hyperlink to code off reporting
Do not use 'assert' in code, use correct checks with illegal argument exceptions
Producer
gha now implements concurrency restrictions to prevent unwanted builds now that github is showing costs associated with runners
gha now implements timeout at 30 minutes to prevent long running jobs now that github is showing costs associated with runners
github actions are now pinned to digests to prevent potential supply chain hacks
renamed codeql.yml to codeql.yaml (all are yaml now)
maven wrapper is updated to support defects with maven 4 usage since beta-5 was released. Now runner on maven 4.0.0-rc-4 now fully works
maven wrapper is protected from path transversal issues
.gitignore updated to ignore .pmd and .groovy directories
maven wrapper now defaulted to maven 3.9.11
central badge updated for new central hosting
Corrected test source directory for groovy in build pom
Add additional code coverage
Correct spotbugs version on documentation
Site now generating again as gmavenplus fixed defect introduced by groovy changes
renovate set to pin github action digests
All integration tests updated to more modern groovy usage
Commits
34c4962 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.4.0
5ac441b Merge pull request #1145 from hazendaz/cleanup
37a8737 [GHA] Move to maven 4.0.0-rc-4 in maven 4 integration test
bdcaa2c Merge pull request #1144 from hazendaz/cleanup
a7591e5 Add support for maven 4 mainClass to maven wrapper
f7ea524 Merge pull request #1143 from spotbugs/renovate/pin-dependencies
28706a7 Pin dependencies
f4cd7d0 Merge pull request #1142 from hazendaz/master
0990344 [gha] Run max parallel to 6
2da6164 [renovate] Ping github action digests security!
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show
Open Graph Description: Bumps com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.2 to 4.9.4.0. Release notes Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases. Spotbugs Maven Plugin 4.9.4.0 Release...
X Description: Bumps com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.2 to 4.9.4.0. Release notes Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases. Spotbugs Maven Plugin 4.9.4.0 Rel...
Opengraph URL: https://github.com/OWASP-Benchmark/BenchmarkJava/pull/352
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:df939762-8f00-d832-7a49-7f49fd3a2903 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | E37A:15BB49:1374171:19964C4:6A5C5440 |
| html-safe-nonce | a6ff47b25bd465ed286184ee51d99a090ace9ba3a14adbd7e8b54e33c55f991c |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJFMzdBOjE1QkI0OToxMzc0MTcxOjE5OTY0QzQ6NkE1QzU0NDAiLCJ2aXNpdG9yX2lkIjoiMTU3ODkzNjAzOTcxNjQ0MzIwMCIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | df2e5e9efcc07a9d1c4d4ca0e66bb0c4dd065a821e91242ed57dd7a3b02d2418 |
| hovercard-subject-tag | pull_request:2765982836 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/OWASP-Benchmark/BenchmarkJava/pull/352/files |
| twitter:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| og:image:alt | Bumps com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.2 to 4.9.4.0. Release notes Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases. Spotbugs Maven Plugin 4.9.4.0 Release... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | 5290d7e14309ad1e76106a9c4237bd1041517e83ea182c8ab756752cb0c6940b |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/OWASP-Benchmark/BenchmarkJava git https://github.com/OWASP-Benchmark/BenchmarkJava.git |
| octolytics-dimension-user_id | 80600360 |
| octolytics-dimension-user_login | OWASP-Benchmark |
| octolytics-dimension-repository_id | 33565372 |
| octolytics-dimension-repository_nwo | OWASP-Benchmark/BenchmarkJava |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 33565372 |
| octolytics-dimension-repository_network_root_nwo | OWASP-Benchmark/BenchmarkJava |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 9c975978430e9ad293956f2bbdaf153b1bd84a99 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width