Skip to content

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 15, 2025

Bumps com.github.spotbugs:spotbugs from 4.8.6 to 4.9.7.

Release notes

Sourced from com.github.spotbugs:spotbugs's releases.

4.9.7

SpotBugs 4.9.7

CHANGELOG

Fixed

  • Fix Eclipse not always using latest preferences file state (#3740)
  • Fix exception throw when singleton implementing Cloneable has no clone() method (#3727)
  • Fix for missing -adjustPriority parameter in Eclipse preferences (#3687)
  • Documentation of -adjustPriority parameter
  • Functionality from DetectorFactory setEnabledButNonReporting(), getPriorityAdjustment() methods and BugInstance.adjustForDetector() is deprecated and moved to PriorityAdjuster (#3753)
  • Improved FindNakedNotify to handle the case when the lock is loaded from a field (#3634)

Changed

  • Support for fully qualified class names for detectors in -adjustPriority parameter
  • Support for numerical and absolute priority adjustments
  • Bump up Apache Commons BCEL to the version 6.11.0 (#3569)

Deprecated

  • Add back and deprecate edu.umd.cs.findbugs.io.IO.close(InputStream) method. (#3756)

Build

  • Allow our GA builds to work with JDK 25 (and drop support for JDK 24) (#3564)

CHECKSUM

file checksum (sha256)
spotbugs-4.9.7-javadoc.jar 8147e7bbbf6d4690bf52c823efb788073366db99bedbf056c97c755c6a5160c8
spotbugs-4.9.7-sources.jar 67d554c54e1000b1da43f0404028ac41a1fbdb0e1ae052177923fc0bc6199d04
spotbugs-4.9.7.tgz 3dc8cea89e38237bd7da8ddf0ce61508c4da0d3b4490f86ed37fb99967ec0a81
spotbugs-4.9.7.zip aa5d06e17b820910aa71a52518c78f38282ee098918ad15036f0aab12ae3c3a5
spotbugs-annotations-4.9.7-javadoc.jar 47ae4240d19ff644c90620ce5eb313a5f1165bbe246dc0b4dccacd27c16849a5
spotbugs-annotations-4.9.7-sources.jar 075b2eed660c2fe2fb1ad1de028f8fdff5f358e25c1318706b95ab17bb28be44
spotbugs-annotations.jar e2f3cde66bf683e02d0b0a439a1a4898fcb79776682707e1fd50700a18f27a45
spotbugs-ant-4.9.7-javadoc.jar 1ef62c58d5547ef72d25ea7979c5c76ffb69455927ed83a1ad3955a1d8084d0f
spotbugs-ant-4.9.7-sources.jar 91477d93b1fd1bebae35d318427b5238fb458e726478dc1a8ac41ce74838a1e6
spotbugs-ant.jar 22f2fa397e86663adcd4828cc1c91e63aa6cc2bfc56832885b749a86fac5c784
spotbugs.jar c728dffc561e6844c02571a29bc62bf876b142fd71b682ee9eaea32fe773254c
test-harness-4.9.7-javadoc.jar 1562d31885c1cb356127023f4864b1255169d3af968db262929e2beea5e10d65
test-harness-4.9.7-sources.jar 805d2d124b0d4ea513ee9262d4ad6027c3471d45defd80fd7d20e23425d17df7
test-harness-4.9.7.jar 0076a3bc9602c78d73edb048e625a96ee6a182fa3dd39300aa739af67b954189
test-harness-core-4.9.7-javadoc.jar b77ba2437fb1b62482fe4407d1956eeace03716ed2753cd510febd7ef5260e6c
test-harness-core-4.9.7-sources.jar 043a55d99a517c0d9cf702b0c183b4afd3f03af9eff4a86d59bb37df1b35b532
test-harness-core-4.9.7.jar 4e439df3b499660d91a659d7c523fcdc4945c932dfc7fee68e796193f9dff6bb
test-harness-jupiter-4.9.7-javadoc.jar ce0143bd5566628a645cde31b7ca6d3bedff0f09292139a9392e18e5f262a0e5
test-harness-jupiter-4.9.7-sources.jar 17144f315686bfd01c02fa4ae7c916060c41de8eed58d5b8470416fa08f46ced
test-harness-jupiter-4.9.7.jar 9e1bc39da08c6c80091f34f1fd92ec092109d0cdfd8009910bc22772df06eea7

4.9.6

SpotBugs 4.9.6

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs's changelog.

4.9.7 - 2025-10-14

Fixed

  • Fix Eclipse not always using latest preferences file state (#3740)
  • Fix exception throw when singleton implementing Cloneable has no clone() method (#3727)
  • Fix for missing -adjustPriority parameter in Eclipse preferences (#3687)
  • Documentation of -adjustPriority parameter
  • Functionality from DetectorFactory setEnabledButNonReporting(), getPriorityAdjustment() methods and BugInstance.adjustForDetector() is deprecated and moved to PriorityAdjuster (#3753)
  • Improved FindNakedNotify to handle the case when the lock is loaded from a field (#3634)

Changed

  • Support for fully qualified class names for detectors in -adjustPriority parameter
  • Support for numerical and absolute priority adjustments
  • Bump up Apache Commons BCEL to the version 6.11.0 (#3569)

Deprecated

  • Add back and deprecate edu.umd.cs.findbugs.io.IO.close(InputStream) method. (#3756)

Build

  • Allow our GA builds to work with JDK 25 (and drop support for JDK 24) (#3564)

4.9.6 - 2025-09-16

Fixed

  • Fix exception throw when analyzing jakarta.servlet.http.HttpServletRequest method calls (#3711)

4.9.5 - 2025-09-14

Fixed

  • Fix for an error when a record method has the @SuppressFBWarnings annotation (#3622)
  • Fix SF_SWITCH_FALLTHROUGH false positive when continuing a loop (#3617)
  • CWO_CLOSED_WITHOUT_OPENED false positive (#3616)
  • SF_SWITCH_NO_DEFAULT false positive fix for switch-arrow (#3645)
  • Fix the issue with BCEL logging Duplicating value: ... (#3621)
  • Add missing jakarta support for servlets / pre/post destroy (#3694)

Added

  • Add 'java.nio.file.Path.of' to known types for path traversal checks (#3699)

Cleanup

  • S1481: Unused local variables should be removed (#3654)
  • Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotatoin (#3695)

4.9.4 - 2025-08-07

Changed

  • AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
  • Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
  • Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

Fixed

  • Widen main method recognition according to JEP 445. (#3371)
  • Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields, parameters, packages or classes with an *.Generated annotation with retention >= class (#3350)(#3409)
  • Rewrite some member in ResourceValueFrame.java to Enum (#2061)

... (truncated)

Commits
  • 4f7bc6d release v4.9.7
  • 36bc19a chore(docs): Update archetype to 0.4.9
  • 3916029 False Negative NN_NAKED_NOTIFY when loading a field (#3635)
  • 76acf73 chore(deps): update plugin org.sonarqube to v7 (#3772)
  • 834ef51 chore(deps): update plugin com.gradle.develocity to v4.2.2 (#3770)
  • d03960f ci: run the build against JDK 25
  • 17b4ebe chore(deps): version upgrade org.apache.bcel:bcel: 6.10.0 -->> 6.11.0
  • 891a646 fix(deps): update dependency checkstyle to v12.0.1 (#3764)
  • 6891394 fix(deps): update dependency jacoco to v0.8.14 (#3765)
  • 2c7270c fix(deps): update dependency checkstyle to v12 (#3760)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [com.github.spotbugs:spotbugs](https://github.com/spotbugs/spotbugs) from 4.8.6 to 4.9.7.
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.8.6...4.9.7)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs
  dependency-version: 4.9.7
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Oct 15, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 20, 2025

Superseded by #730.

@dependabot dependabot bot closed this Oct 20, 2025
@dependabot dependabot bot deleted the dependabot/gradle/libcobj/com.github.spotbugs-spotbugs-4.9.7 branch October 20, 2025 09:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants