chore(deps): update dependency com.github.spotbugs:spotbugs to v4.9.4

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
com.github.spotbugs:spotbugs (source)	4.9.0 -> 4.9.4
com.github.spotbugs:spotbugs (source)	4.8.6 -> 4.9.4

---

Release Notes

spotbugs/spotbugs (com.github.spotbugs:spotbugs)

v4.9.4

Compare Source

Changed

• AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
• Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#​3354).
• Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#​3485)

Fixed

• Widen main method recognition according to JEP 445. (#​3371)
• Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields, parameters, packages or classes with an *.Generated annotation with retention >= class (#​3350)(#​3409)
• Rewrite some member in ResourceValueFrame.java to Enum (#​2061)
• Ignore non-interpreted text when looking for FS_BAD_DATE_FORMAT_FLAG_COMBO (#​3387)
• Fix IllegalArgumentException thrown from FindNoSideEffectMethods detector (#​3320)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito doAnswer(), doCallRealMethod(), doNothing(), doThrow() or doReturn() call (#​3334)
• Fix CT_CONSTRUCTOR_THROW false positive with public and private constructors in specific order of methods (#​3417)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE FP when the relevant code is in private method, which is only called with proper synchronization (#​3428)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a BDDMockito call (#​3441)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE when field of a local variable is set. (#​3459)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE FP when there was no compound operation (#​3363)
• Fix NM_FIELD_NAMING_CONVENTION crash in the TestASM detector (#​3489)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in JUnit 3/4 setUp() method. (#​3169)
• Fix US_USELESS_SUPPRESSION_ON_FIELD/UUF_UNUSED_FIELD false positive (#​3496)
• Make the osgi manifest of the annotations jar Java 8 compatible (#​3498) (#​3500)
• TextUICommandLine supports all options encoded in Eclipse preferences file (#​3520)
• Unnecessary suppressions fix for records headers (#​3471)
• Dead store fix when switch case contains loops (#​3530) (#​3449)
• Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects (#​3463)
• Detect cases when equals() unconditionally returns true or false (#​3528)
• Do not report that an Iterator does not throw NoSuchElementException when hasNext() returns true (#​3501)
• Detect random value cast to int when stored in temporary variable (#​3461)
• Look for interfaces default methods when searching uncalled private methods (#​1988)
• Fixed field self assignment false positive (#​2258)
• Fixed DMI_INVOKING_TOSTRING_ON_ARRAY on newer JDK (#​1147)
• Fix NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive with Objects.requireNonNull (#​2965) (#​3573)
• Track inner classes access methods to correctly report the bugs (#​2029)
• SF_SWITCH_NO_DEFAULT false positive fix (#​1148) (#​3572)

Added

• Added the unnecessary annotation to the US_USELESS_SUPPRESSION_ON_* messages (#​3395)
• Multi-threaded code checks can be skipped with @NotThreadSafe (#​3390)
• New bug type CWO_CLOSED_WITHOUT_OPENED for locks that might be released without even being acquired. (See SEI CERT rule LCK08-J) (#​2055)
  • Breaking change: changed values and new items in ResourceValueFrame.
• Inline access method for method. (#​3481)
• Added DMI_MISLEADING_SUBSTRING for calling subString(0) on a StringBuffer/StringBuilder (#​1928)

Signing

• Signing for Eclipse plugin has been removed at the current time due to signing keys being expired. The expired key produced a warning during install, the same is true without signing.

v4.9.3

Compare Source

Added

• Introduced UselessSuppressionDetector to report the useless annotations instead of NoteSuppressedWarnings (#​3348)

Fixed

• Do not report US_USELESS_SUPPRESSION_ON_METHOD on synthetic methods (#​3351)

v4.9.2

Compare Source

Added

• Reporting useless @SuppressFBWarnings annotations (#​641)

Fixed

• Fixed html bug descriptions for AT_STALE_THREAD_WRITE_OF_PRIMITIVE and AT_NONATOMIC_64BIT_PRIMITIVE (#​3303)
• Fixed an HSM_HIDING_METHOD false positive when ECJ generates a synthetic method for an enum switch (#​3305)
• Fix AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD false negatives, detector depending on method order.
• Fix THROWS_METHOD_THROWS_CLAUSE_THROWABLE reported in a method calling MethodHandle.invokeExact due to its polymorphic signature (#​3309)
• Fix AT_STALE_THREAD_WRITE_OF_PRIMITIVE false positive in inner class (#​3310).
• Fix AT_STALE_THREAD_WRITE_OF_PRIMITIVE false positive for ECJ compiled enum switches (#​3316)
• Fix RC_REF_COMPARISON false positive with Lombok With annotation (#​3319)
• Avoid calling File.getCanonicalPath twice to improve performance (#​3325)
• Fix MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR and MC_OVERRIDABLE_METHOD_CALL_IN_CLONE false positive when the overridable method is outside the class (#​3328).
• Fix NullPointerException thrown from ThrowingExceptions detector (#​3337).

Removed

• Removed the TLW_TWO_LOCK_NOTIFY, LI_LAZY_INIT_INSTANCE, BRSA_BAD_RESULTSET_ACCESS, BC_NULL_INSTANCEOF, NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR and RCN_REDUNDANT_CHECKED_NULL_COMPARISON deprecated bug patterns.

v4.9.1

Compare Source

Added

• New detector SharedVariableAtomicityDetector for new bug types AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE (See SEI CERT rules VNA00-J, VNA02-J and VNA05-J).
• New detector FindHiddenMethod for bug type HSM_HIDING_METHOD. This bug is reported whenever a subclass method hides the static method of super class. (See SEI CERT MET07-J).

Fixed

• Fixed the parsing of generics methods in ThrowingExceptions (#​3267)
• Accept the 1st parameter of java.util.concurrent.CompletableFuture's completeOnTimeout(), getNow() and obtrudeValue() functions as nullable (#​1001).
• Fixed the analysis error when FindReturnRef was checking instructions corresponding to a CFG branch that was optimized away (#​3266)
• Added execute file permission to files in the distribution archive (#​3274)
• Fixed a stack overflow in MultipleInstantiationsOfSingletons when a singleton initializer makes recursive calls (#​3280)
• Fixed NPE in FindReturnRef on inner class fields (#​3283)
• Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive when add edu.umd.cs.findbugs.annotations.Nullable (#​3243)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.