Title: Bump com.github.spotbugs:spotbugs from 4.9.8 to 4.10.1 by dependabot[bot] · Pull Request #472 · OWASP-Benchmark/BenchmarkJava · GitHub
Open Graph Title: Bump com.github.spotbugs:spotbugs from 4.9.8 to 4.10.1 by dependabot[bot] · Pull Request #472 · OWASP-Benchmark/BenchmarkJava
X Title: Bump com.github.spotbugs:spotbugs from 4.9.8 to 4.10.1 by dependabot[bot] · Pull Request #472 · OWASP-Benchmark/BenchmarkJava
Description: Bumps com.github.spotbugs:spotbugs from 4.9.8 to 4.10.1.
Release notes
Sourced from com.github.spotbugs:spotbugs's releases.
4.10.1
SpotBugs 4.10.1
Note
SpotBugs 4.10.0 was superseded by 4.10.1 due to a release issue. Users should use 4.10.1. See the discussion below for additional details:
https://github.com/spotbugs/spotbugs/discussions/4155
CHANGELOG
https://github.com/spotbugs/spotbugs/blob/4.10.1/CHANGELOG.md
CHECKSUM
file
checksum (sha256)
spotbugs-4.10.1-javadoc.jar
582dc49e95b080333b1025dc23e76630e5f6f1648b2f9fa71ee34918f6d9dd2c
spotbugs-4.10.1-sources.jar
76476f61ce6dc0eb0c38801e21da44e77043ba21226aef6c1b9d21df06d2395a
spotbugs-4.10.1.tgz
9264ee04afc8a3945c065916ffb5180d13b938245be91f90ef65c4a4cc1d4f5b
spotbugs-4.10.1.zip
010fdccc06430588a8eeab40db8c6708d836a4dd321623f785aee19343fd682f
spotbugs-annotations-4.10.1-javadoc.jar
1c878bc3dd98eff234149725a7acfaa2dcae11397d793b8d03cd8abf49f1f516
spotbugs-annotations-4.10.1-sources.jar
87974d23caffbc8c6e66c567747627267b5ed06573cee966d7af6d236b8d65bd
spotbugs-annotations.jar
3e2aa962f3099b55362483a6db3e92afa579dc1e030d967093bbcd0935fd67a1
spotbugs-ant-4.10.1-javadoc.jar
c3b2376b23dbcd8a161c8b9e7e251d61dbcd9ecd34a835c5b3c59b239c6b79f6
spotbugs-ant-4.10.1-sources.jar
91477d93b1fd1bebae35d318427b5238fb458e726478dc1a8ac41ce74838a1e6
spotbugs-ant.jar
22f2fa397e86663adcd4828cc1c91e63aa6cc2bfc56832885b749a86fac5c784
spotbugs.jar
736a409ecfd5b86ec6746fd809ef4c75d507f6f6528810f165663d12564a2c20
test-harness-4.10.1-javadoc.jar
579974414765d90bd1fc0d1998de0a6a66e8566a1aaf34753f0243536c56c57c
test-harness-4.10.1-sources.jar
805d2d124b0d4ea513ee9262d4ad6027c3471d45defd80fd7d20e23425d17df7
test-harness-4.10.1.jar
bd10d1f11a1b93e4ca4db4d27772f611bd3407f9452dbbd2d1ba62584ddc171f
test-harness-core-4.10.1-javadoc.jar
6b7c82de6f040717d4557257d20886b086de20d57e184a7aa74d73768047f903
test-harness-core-4.10.1-sources.jar
043a55d99a517c0d9cf702b0c183b4afd3f03af9eff4a86d59bb37df1b35b532
test-harness-core-4.10.1.jar
1f9a0ee8f150dd71f960ca4f59dcf7912a45d0e9e6aefc4585fd44b975454bc0
test-harness-jupiter-4.10.1-javadoc.jar
2762335276588d3787d7940bfc65181d37b1629b7c579e01ddad81d184ea3fac
test-harness-jupiter-4.10.1-sources.jar
17144f315686bfd01c02fa4ae7c916060c41de8eed58d5b8470416fa08f46ced
test-harness-jupiter-4.10.1.jar
a91146da3e993479cfefd2690781cbd102c6360ecc63a96d88995be3bd60fcbb
4.10.0
Note: SpotBugs 4.10.0 has been superseded by 4.10.1 due to a release issue. Please use 4.10.1 instead. See https://github.com/spotbugs/spotbugs/discussions/4155
SpotBugs 4.10.0-SNAPSHOT
CHANGELOG
Refactor
Move internal usage of 'javax.annotation.Nonnull' to 'jakarta.annotation.NonNull'. (#3858)
Move internal usage of 'javax.annotation.Nullable' to 'jakarta.annotation.Nullable'. (#3861)
Renamed methods from edu.umd.cs.findbugs.SwitchHandler to reflect that they return a PC, not an offset (#3869)
Make the progress bar more visually appealing by adding some borders (#3896)
Reuse DismantleBytecode.isIf introduced in (#3869)
Added
... (truncated)
Changelog
Sourced from com.github.spotbugs:spotbugs's changelog.
4.10.1 - 2026-06-08
4.10.0 was not released due to a release process error (artifacts were built from a -SNAPSHOT version). 4.10.1 is the corrected release and contains the intended 4.10.0 contents.
4.10.0 - 2026-06-07
Refactor
Move internal usage of 'javax.annotation.Nonnull' to 'jakarta.annotation.NonNull'. (#3858)
Move internal usage of 'javax.annotation.Nullable' to 'jakarta.annotation.Nullable'. (#3861)
Renamed methods from edu.umd.cs.findbugs.SwitchHandler to reflect that they return a PC, not an offset (#3869)
Make the progress bar more visually appealing by adding some borders (#3896)
Reuse DismantleBytecode.isIf introduced in (#3869)
Added
Add partial support for org.jspecify.annotations.Nullable, org.jspecify.annotations.NonNull, org.jspecify.annotations.NullUnmarked and org.jspecify.annotations.NullMarked annotations. These are aliased to the closest existing SpotBugs nullness annotations. This is not a complete implementation of the JSpecify spec; scope-level semantics of @NullMarked and @NullUnmarked are not yet supported. (#3996)
Recognize jakarta.annotation.Nonnull and jakarta.annotation.Nullable (#3780)
Detect use of sun.misc.Unsafe and jdk.internal.misc.Unsafe (#3804)
New bug type is introduced: NCR_NOT_PROPERLY_CHECKED_READ. Improper validation of the return value from the read() method in InputStream and Reader classes may result in an array not being fully filled. (#3766)
New detector FindImproperSynchronization and introduced new bug types:
USO_UNSAFE_METHOD_SYNCHRONIZATION is reported when using synchronized methods with the class' accessible intrinsic lock,
USO_UNSAFE_STATIC_METHOD_SYNCHRONIZATION is reported when using static synchronized methods with the class' exposed intrinsic lock,
USO_UNSAFE_OBJECT_SYNCHRONIZATION is reported when the lock used for synchronization is visible from the outside,
USO_UNSAFE_ACCESSIBLE_OBJECT_SYNCHRONIZATION is reported when the lock used for synchronization is made accessible, with methods that update or return the lock, to the outside,
USO_UNSAFE_INHERITABLE_OBJECT_SYNCHRONIZATION is reported when the lock used for synchronization is can be altered by subclasses,
USO_UNSAFE_EXPOSED_OBJECT_SYNCHRONIZATION is reported when the lock used for synchronization is later exposed in the subclasses.
USBC_UNSAFE_SYNCHRONIZATION_WITH_BACKING_COLLECTION is reported when the backing collection of a lock is visible from the outside,
USBC_UNSAFE_SYNCHRONIZATION_WITH_ACCESSIBLE_BACKING_COLLECTION is reported when the backing collection of a lock is made accessible, with methods that update or return the lock, to the outside,
USBC_UNSAFE_SYNCHRONIZATION_WITH_INHERITABLE_BACKING_COLLECTION is reported when the backing collection of a lock can be altered by subclasses.
(See SEI CERT rule LCK00-J and SEI CERT rule LCK04-J)
New detector FindIncreasedAccessibilityOfMethods for new bug type IAOM_DO_NOT_INCREASE_METHOD_ACCESSIBILITY. This detector reports a bug if a class increases the accessibility of overridden or hidden methods. (See SEI CERT rule MET04-J)
Fixed
Fix DM_STRING_TOSTRING false negative when toString() is chained before a method call (e.g., s.toString().toLowerCase()); multiple occurrences in the same method are now all reported (#3966)
Stop exposing JUnit BOM as a transitive dependency to consumers (#3908)
Fix incorrect bug counts and sizes when unioning reports (#3721)
Classes containing only methods throwing UnsupportedOperationException with setter-like names are no longer considered as mutable (#1601)
Enhanced SARIF output with full description sections - adding markdown is still an open issue (#2339)
Added missing null check to MultipleInstantiationsOfSingletons detector (#3823)
Fix invalid syntax in findbugsfilter.xsd (#3832)
Fix CT_CONSTRUCTOR_THROW FP with public and private constructors (#3822)
Fix tool name in usage info, (#3847)
Fix the building of relative chains of ./././ in filenames in fbp files (#3852)
Fix IllegalArgumentException initializing spotbugs when inside a fat jar on Java 25 (#3875)
Do not report DM_DEFAULT_ENCODING for classes compiled with target >= 18 (#3866)
Fix FS_BAD_DATE_FORMAT_FLAG_COMBO not suppressed by field-level annotation (#3838)
Fix SF_SWITCH_FALLTHROUGH false positives (#3767)
Recognize well-known exception-throwing utility methods when looking for exceptions thrown from constructors (#3821)
Fix RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE false negative when non-null value is on the left side of null comparison (#3920)
Fix IM_BAD_CHECK_FOR_ODD false negative when using Yoda-style comparison (1 == i % 2) (#3886)
Fix PluginLoader.close() to continue closing all URLClassLoaders when one close operation fails, suppressing subsequent IOExceptions. (#3958)
Fix broken bugDescriptions.html#TYPE links by restoring legacy bug type anchors in generated docs (#2113)
Fix EI_EXPOSE_REP false negative in package-private classes that expose mutable state through methods overriding a public super-type (#4027)
... (truncated)
Commits
7460889 release v4.10.1
f6c4597 prepare for next release
6e64d99 release v4.10.0
73a6f59 feat: add partial JSpecify annotations support (from PR #3142) (#3996)
85a0cba Add targeted tests for UI launch and class feature transformations (#4153)
3404e1d Raise SpotBugs core coverage with focused unit tests for previously untested ...
654c208 Add VS Code link to README
70e5d15 Clarify detector-fix guidance for Copilot agents (#4151)
d6db565 chore(build): Update comments for commons-compress version details (#4150)
9d7cc2f Update dependency jaxen:jaxen to v2.0.6 (#4145)
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show
Open Graph Description: Bumps com.github.spotbugs:spotbugs from 4.9.8 to 4.10.1. Release notes Sourced from com.github.spotbugs:spotbugs's releases. 4.10.1 SpotBugs 4.10.1 Note SpotBugs 4.10.0 was superseded by 4.10...
X Description: Bumps com.github.spotbugs:spotbugs from 4.9.8 to 4.10.1. Release notes Sourced from com.github.spotbugs:spotbugs's releases. 4.10.1 SpotBugs 4.10.1 Note SpotBugs 4.10.0 was superseded by ...
Opengraph URL: https://github.com/OWASP-Benchmark/BenchmarkJava/pull/472
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:43106d71-fd89-0aaf-3c76-b7dbe1c15988 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | 927E:1C9D94:23A0883:2E62CED:6A5C99D7 |
| html-safe-nonce | bbef05814d0d810b8f2f8425613e7b99b126fe91da38d8dfbd1eb07ebbdbe732 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5MjdFOjFDOUQ5NDoyM0EwODgzOjJFNjJDRUQ6NkE1Qzk5RDciLCJ2aXNpdG9yX2lkIjoiODQ2NjI3MjM5NjQ1NDQzNTI4NyIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | bcd9cf8d3a51bb101e6a7b6594d61f3327bfebabbb584efdf9fc3e2e3fe426e5 |
| hovercard-subject-tag | pull_request:3830951043 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/OWASP-Benchmark/BenchmarkJava/pull/472/files |
| twitter:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| og:image:alt | Bumps com.github.spotbugs:spotbugs from 4.9.8 to 4.10.1. Release notes Sourced from com.github.spotbugs:spotbugs's releases. 4.10.1 SpotBugs 4.10.1 Note SpotBugs 4.10.0 was superseded by 4.10... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | 5290d7e14309ad1e76106a9c4237bd1041517e83ea182c8ab756752cb0c6940b |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/OWASP-Benchmark/BenchmarkJava git https://github.com/OWASP-Benchmark/BenchmarkJava.git |
| octolytics-dimension-user_id | 80600360 |
| octolytics-dimension-user_login | OWASP-Benchmark |
| octolytics-dimension-repository_id | 33565372 |
| octolytics-dimension-repository_nwo | OWASP-Benchmark/BenchmarkJava |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 33565372 |
| octolytics-dimension-repository_network_root_nwo | OWASP-Benchmark/BenchmarkJava |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 9c975978430e9ad293956f2bbdaf153b1bd84a99 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width