build(deps): bump the dependencies group across 1 directory with 33 updates

[dependabot]

Bumps the dependencies group with 33 updates in the / directory:

Package	From	To
io.netty:netty-bom	4.1.116.Final	4.1.117.Final
io.netty:netty-common	4.1.116.Final	4.1.117.Final
io.netty:netty-buffer	4.1.116.Final	4.1.117.Final
io.netty:netty-handler	4.1.116.Final	4.1.117.Final
io.netty:netty-transport	4.1.116.Final	4.1.117.Final
io.netty:netty-transport-native-epoll	4.1.116.Final	4.1.117.Final
io.netty:netty-codec-http	4.1.116.Final	4.1.117.Final
io.netty:netty-codec-http2	4.1.116.Final	4.1.117.Final
io.netty:netty-transport-native-kqueue	4.1.116.Final	4.1.117.Final
com.github.ben-manes.caffeine:caffeine	3.1.8	3.2.0
io.avaje:avaje-inject	11.0	11.1
io.avaje:avaje-inject-generator	11.0	11.1
io.avaje:avaje-validator	2.4	2.5
io.avaje:avaje-validator-generator	2.4	2.5
io.swagger.core.v3:swagger-annotations	2.2.27	2.2.28
io.swagger.core.v3:swagger-models	2.2.27	2.2.28
io.swagger.parser.v3:swagger-parser	2.1.24	2.1.25
org.hibernate.orm:hibernate-core	6.6.4.Final	6.6.5.Final
com.github.spotbugs:spotbugs-annotations	4.8.6	4.9.0
com.fizzed:rocker-runtime	2.1.0	2.2.1
com.fizzed:rocker-compiler	2.1.0	2.2.1
io.dropwizard.metrics:metrics-core	4.2.29	4.2.30
io.dropwizard.metrics:metrics-healthchecks	4.2.29	4.2.30
io.dropwizard.metrics:metrics-jvm	4.2.29	4.2.30
org.assertj:assertj-core	3.27.2	3.27.3
com.diffplug.spotless:spotless-maven-plugin	2.44.0	2.44.2
gg.jte:jte	3.1.15	3.1.16
gg.jte:jte-models	3.1.15	3.1.16
com.github.kagkarlsson:db-scheduler	15.1.1	15.1.2
software.amazon.awssdk:bom	2.29.46	2.30.6
com.fizzed:stork-maven-plugin	3.1.3	3.2.0
io.projectreactor:reactor-core	3.7.1	3.7.2
io.smallrye.reactive:mutiny	2.7.0	2.8.0

Updates io.netty:netty-bom from 4.1.116.Final to 4.1.117.Final

Commits

• 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
• 28a81c6 Update java versions (#14660)
• 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
• ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
• cd3dfe9 Update maven to 3.9.9 (#14654)
• 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
• 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
• d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
• b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
• 9f0b38b Reentrant close in EmbeddedChannel (#14642)
• Additional commits viewable in compare view

Updates io.netty:netty-common from 4.1.116.Final to 4.1.117.Final

Commits

• 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
• 28a81c6 Update java versions (#14660)
• 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
• ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
• cd3dfe9 Update maven to 3.9.9 (#14654)
• 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
• 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
• d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
• b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
• 9f0b38b Reentrant close in EmbeddedChannel (#14642)
• Additional commits viewable in compare view

Updates io.netty:netty-buffer from 4.1.116.Final to 4.1.117.Final

Commits

• 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
• 28a81c6 Update java versions (#14660)
• 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
• ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
• cd3dfe9 Update maven to 3.9.9 (#14654)
• 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
• 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
• d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
• b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
• 9f0b38b Reentrant close in EmbeddedChannel (#14642)
• Additional commits viewable in compare view

Updates io.netty:netty-handler from 4.1.116.Final to 4.1.117.Final

Commits

• 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
• 28a81c6 Update java versions (#14660)
• 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
• ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
• cd3dfe9 Update maven to 3.9.9 (#14654)
• 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
• 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
• d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
• b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
• 9f0b38b Reentrant close in EmbeddedChannel (#14642)
• Additional commits viewable in compare view

Updates io.netty:netty-transport from 4.1.116.Final to 4.1.117.Final

Commits

• 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
• 28a81c6 Update java versions (#14660)
• 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
• ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
• cd3dfe9 Update maven to 3.9.9 (#14654)
• 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
• 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
• d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
• b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
• 9f0b38b Reentrant close in EmbeddedChannel (#14642)
• Additional commits viewable in compare view

Updates io.netty:netty-transport-native-epoll from 4.1.116.Final to 4.1.117.Final

Commits

• 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
• 28a81c6 Update java versions (#14660)
• 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
• ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
• cd3dfe9 Update maven to 3.9.9 (#14654)
• 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
• 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
• d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
• b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
• 9f0b38b Reentrant close in EmbeddedChannel (#14642)
• Additional commits viewable in compare view

Updates io.netty:netty-codec-http from 4.1.116.Final to 4.1.117.Final

Commits

• 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
• 28a81c6 Update java versions (#14660)
• 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
• ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
• cd3dfe9 Update maven to 3.9.9 (#14654)
• 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
• 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
• d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
• b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
• 9f0b38b Reentrant close in EmbeddedChannel (#14642)
• Additional commits viewable in compare view

Updates io.netty:netty-codec-http2 from 4.1.116.Final to 4.1.117.Final

Commits

• 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
• 28a81c6 Update java versions (#14660)
• 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
• ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
• cd3dfe9 Update maven to 3.9.9 (#14654)
• 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
• 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
• d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
• b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
• 9f0b38b Reentrant close in EmbeddedChannel (#14642)
• Additional commits viewable in compare view

Updates io.netty:netty-transport-native-kqueue from 4.1.116.Final to 4.1.117.Final

Commits

• 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
• 28a81c6 Update java versions (#14660)
• 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
• ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
• cd3dfe9 Update maven to 3.9.9 (#14654)
• 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
• 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
• d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
• b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
• 9f0b38b Reentrant close in EmbeddedChannel (#14642)
• Additional commits viewable in compare view

Updates com.github.ben-manes.caffeine:caffeine from 3.1.8 to 3.2.0

Release notes

Sourced from com.github.ben-manes.caffeine:caffeine's releases.

3.2.0

Cache

• Added Sigstore signing of maven artifacts
• Added Expiry static factory methods (#1499)
• Migrated to JSpecify annotations (was checker framework)
• Fixed variable expiration calculation when nearing overflow
• Added logging when an async cache's removal listener fails
• Added an expiration write optimization to more operations (#1320)
• Fixed when a Weigher or Expiry fail on an async completion (#1687)
• Fixed cases when the expiration ticker was also used for statistics (#1678)
• Fixed refresh handling to skip if the async cache's entry is still loading (#1478)
• Fixed containsKey for an async cache's synchronous view while in-flight (#1626)
• Fixed premature expiration for an async cache when using nearly immediate expiration (#1623)
• For a bulk async load returning extra mappings, wait to be added to the cache before returning (#1409)

Guava

• Relaxed the OSGi version requirement (#1160)

JCache

• Allow hibernate.javax.cache.uri to load the configuration from a jar (#1347)

Commits

• 93d845e prepare for next release
• 8022a16 expand expire write optimization to more operations (fixes #1320)
• 9b65365 Avoid early expiration of an pending future due to delayed pinning (fixes #1623)
• 25405d6 skip refreshing if the async cache entry is still loading (fixes #1478)
• 2d93f2b fix variable expiration calculation when nearing overflow
• 3ff2445 migrate to the maintained javapoet project
• bbf54be minor polish and fixes #1820
• b09770f upgrade to apache commons collections' junit5 test suite
• 70f5cf8 use jakarta.inject for jcache guice integration test
• ae21802 add missing asserts to openjdk tests that check only in their custom harness
• Additional commits viewable in compare view

Updates io.avaje:avaje-inject from 11.0 to 11.1

Release notes

Sourced from io.avaje:avaje-inject's releases.

11.1

What's Changed

• Fix Module Validation by @​SentryMan in avaje/avaje-inject#740
• Update Valhalla build, not compatible with maven reproducible build by @​rbygrave in avaje/avaje-inject#741
• Update Valhalla build, sed use explicit current dir? by @​rbygrave in avaje/avaje-inject#742
• Auto add the maven plugin by @​SentryMan in avaje/avaje-inject#743
• Use runtime retention in Prototype annotation by @​iajn in avaje/avaje-inject#747
• javadoc only - RequiresBean use code instead of link by @​rbygrave in avaje/avaje-inject#748
• #749 Add support for chained methods in @​Bean(destroyMethod) by @​rbygrave in avaje/avaje-inject#754
• Now can import Prototype/Lazy Beans by @​SentryMan in avaje/avaje-inject#751
• PostConstruct method Direct Injection by @​SentryMan in avaje/avaje-inject#752
• #749 Add support for a @​PreDestroy method on a factory, alternative to @​Bean(destroyMethod) by @​rbygrave in avaje/avaje-inject#756
• [Internals] Make generation easier to debug by @​SentryMan in avaje/avaje-inject#753

Dependencies

• Bump the dependencies group with 3 updates by @​dependabot in avaje/avaje-inject#744
• Bump the dependencies group with 4 updates by @​dependabot in avaje/avaje-inject#745
• Bump the dependencies group with 3 updates by @​dependabot in avaje/avaje-inject#755

New Contributors

• @​iajn made their first contribution in avaje/avaje-inject#747

Full Changelog: avaje/avaje-inject@11.0...11.1

Commits

• 7ad2927 Version 11.1
• ed57918 make generation easier to debug (#753)
• 7b349ea #749 Add support for a @​PreDestroy method on a factory, alternative to @​Bean(...
• e6255b8 Merge pull request #752 from SentryMan/postConstructBeans
• 65d9321 Add @​Prototype scope test and b -> beanScope in generated source
• 4011c7a Adjust writeLifeCycleGet() and format changes
• e78b8ff Add tests for @​PostConstruct argument options
• 502f084 Update BeanReader.java
• 300cdbb Merge remote-tracking branch 'upstream/master' into postConstructBeans
• fa79dda Now can import Prototype/Lazy Beans (#751)
• Additional commits viewable in compare view

Updates io.avaje:avaje-inject-generator from 11.0 to 11.1

Updates io.avaje:avaje-inject-generator from 11.0 to 11.1

Updates io.avaje:avaje-validator from 2.4 to 2.5

Release notes

Sourced from io.avaje:avaje-validator's releases.

2.5

What's Changed

• Handle Repeatable Constraints by @​SentryMan in avaje/avaje-validator#267

Full Changelog: avaje/avaje-validator@2.4...2.5

Commits

• 004e7a8 Version 2.5
• c5d0414 Handle Repeatable Constraints (#267)
• 1a41fdc Bump to next snapshot
• See full diff in compare view

Updates io.avaje:avaje-validator-generator from 2.4 to 2.5

Updates io.avaje:avaje-validator-generator from 2.4 to 2.5

Updates io.swagger.core.v3:swagger-annotations from 2.2.27 to 2.2.28

Updates io.swagger.core.v3:swagger-models from 2.2.27 to 2.2.28

Updates io.swagger.core.v3:swagger-models from 2.2.27 to 2.2.28

Updates io.swagger.parser.v3:swagger-parser from 2.1.24 to 2.1.25

Release notes

Sourced from io.swagger.parser.v3:swagger-parser's releases.

Swagger-parser 2.1.25 released!

• update dependencies (Jackson to 2.18.2, fix quotes in tests) (#2153)

Commits

• e549281 prepare release 2.1.25
• 9d7fe7c update dependencies (Jackson to 2.18.2, fix quotes in tests)
• 153070c bump snapshot 2.1.25-SNAPSHOT
• See full diff in compare view

Updates org.hibernate.orm:hibernate-core from 6.6.4.Final to 6.6.5.Final

Release notes

Sourced from org.hibernate.orm:hibernate-core's releases.

Hibernate ORM 6.6.5.Final released

Today, we published a new release of Hibernate ORM 6.6: 6.6.5.Final.

You can find the full list of 6.6.5.Final changes here.

What's new

This release introduces a few minor improvements as well as bug fixes.

Conclusion

For additional details, see:

• the release page
• the Migration Guide
• the Introduction Guide
• the User Guide

See also the following resources related to supported APIs:

• the compatibility policy
• the incubating API report (@Incubating)
• the deprecated API report (@Deprecated + @Remove)
• the internal API report (internal packages, @Internal)

Visit the website for details on getting in touch with us.

Changelog

Sourced from org.hibernate.orm:hibernate-core's changelog.

Changes in 6.6.5.Final (January 19, 2025)

https://hibernate.atlassian.net/projects/HHH/versions/32379

** Bug * [HHH-19011] - @​ElementCollection comment overrides class level comment on an Entity * [HHH-18819] - Error resolving persistent property of @​MapperSuperclass if subtype @​Embeddable used as @​IdClass * [HHH-17652] - Cannot invoke "org.hibernate.envers.internal.entities.EntityConfiguration.getRelationDescription(String)" because "entCfg" is null

** Task * [HHH-18972] - Upgrade to ByteBuddy 1.15.11

Commits

• 3ea729d Pre-steps for release : 6.6.5.Final
• 2da013e HHH-19011 Applied review suggestion
• 973da8c HHH-19011 Backport to 6.6
• 9645ebf HHH-19011 Reproducing test
• ee8b43a HHH-19011 two extra fixes
• 38d4fe6 HHH-19011 fix incorrect placement of table comment with @​Comment
• b0746b8 Revert "Allow Jenkins to parse the release Jenkinsfile before cancelling non-...
• ffecd7d Allow Jenkins to parse the release Jenkinsfile before cancelling non-release ...
• 1044a0d Use specific Jenkins nodes for releases
• 9d52e3c HHH-18819 Fix metamodel of id-class extending from mapped-superclasses
• Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-annotations from 4.8.6 to 4.9.0

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

SpotBugs 4.9.0

CHANGELOG

Added

• Updated the SuppressFBWarnings annotation to support finer grained bug suppressions (#3102)
• SimpleDateFormat, DateTimeFormatter, FastDateFormat string check for bad combinations of flag formatting (#637)
• New detector ResourceInMultipleThreadsDetector and introduced new bug type:
  • AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of unsafe resource access in multiple threads.

Fixed

• Do not consider Records as Singletons (#2981)
• Keep a maximum of 10000 cached analysis entries for plugin's analysis engines (#3025)
• Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when calling own methods (#2957)
• Check the actual caught exceptions (instead of their common type) when analyzing multi-catch blocks (#2968)
• System property findbugs.refcomp.reportAll is now being used. For some new conditions, it will emit an experimental warning (#2988)
• -version flag prints the version to the standard output (#2797)
• Revert the changes from (#2894) to get HTML stylesheets to work again (#2969)
• Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the synchronization is in a called method (#3045)
• Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by Spring AOT (#3059)
• Detect failure to close RocksDB's ReadOptions (#3069)
• Fix FP EI_EXPOSE_REP when there are multiple immutable assignments (#3023)
• Fixed false positive NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin, handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
• Fixed some CWE mappings (#3124)
• Recognize some classes as immutable, fixing EI_EXPOSE and MS_EXPOSE FPs (#3137)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with TestNG's @​BeforeClass. (#3152)
• Fixed detector FindReturnRef not finding references exposed from nested and inner classes (#2042)
• Fix call graph, include non-parametric void methods (#3160)
• Fix multiple reporting of identical bugs messing up statistics (#3185)
• Added missing comma between line number and confidence when describing matching and mismatching bugs for tests (#3187)
• Fixed method matchers with array types (#3203)
• Fix SARIF report's message property in Exception to meet the standard (#3197)
• Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called finalize() but not with the correct signature. (#3207)
• Fixed an error in the detection of bridge methods causing analysis crashes (#3208)
• Fixed detector ThrowingExceptions by removing false positive reports, such as synthetic methods (lambdas), methods which inherited their exception specifications and methods which call throwing methods (#2040)
• Do not report DP_DO_INSIDE_DO_PRIVILEGED, DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in code targeting Java 17 and above, since it advises the usage of deprecated method (#1515).
• Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive for a builder delegating to another builder (#3235)

Cleanup

• Cleanup thread issue and regex issue in test-harness (#3130)
• Remove extra blank lines and remove public from interface objects as inherently already public (#3131)
• Fix order of modifiers on properties/methods and ensure correct location in file (#3132, #3177)
• Return objects directly instead of creating more garbage collection by defining them (#3133, #3175)
• Restrict the constructor of abstract classes visibility to protected (#3178)
• Cleanup double initialization and fix comments referring to findbugs instead of spotbugs(#3134)
• Use diamond operator in constructor calls of Collections (#3176)
• Use Collection.isEmpty() or String.isEmpty() to test for emptiness (#3180, #3219)
• Use method references instead of lambdas where possible (#3179)
• Move default clauses to the end of switches (#3222)
• Remove unnecessary throws declarations (#3220)
• Use Boolean.parseBoolean() for string-to-boolean conversion. (#3217)
• Rename shadowing fields (#3221)

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.9.0 - 2025-01-15

Added

• Updated the SuppressFBWarnings annotation to support finer grained bug suppressions (#3102)
• SimpleDateFormat, DateTimeFormatter, FastDateFormat string check for bad combinations of flag formatting (#637)
• New detector ResourceInMultipleThreadsDetector and introduced new bug type:
  • AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of unsafe resource access in multiple threads.

Fixed

• Do not consider Records as Singletons (#2981)
• Keep a maximum of 10000 cached analysis entries for plugin's analysis engines (#3025)
• Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when calling own methods (#2957)
• Check the actual caught exceptions (instead of their common type) when analyzing multi-catch blocks (#2968)
• System property findbugs.refcomp.reportAll is now being used. For some new conditions, it will emit an experimental warning (#2988)
• -version flag prints the version to the standard output (#2797)
• Revert the changes from (#2894) to get HTML stylesheets to work again (#2969)
• Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the synchronization is in a called method (#3045)
• Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by Spring AOT (#3059)
• Detect failure to close RocksDB's ReadOptions (#3069)
• Fix FP EI_EXPOSE_REP when there are multiple immutable assignments (#3023)
• Fixed false positive NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin, handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
• Fixed some CWE mappings (#3124)
• Recognize some classes as immutable, fixing EI_EXPOSE and MS_EXPOSE FPs (#3137)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with TestNG's @​BeforeClass. (#3152)
• Fixed detector FindReturnRef not finding references exposed from nested and inner classes (#2042)
• Fix call graph, include non-parametric void methods (#3160)
• Fix multiple reporting of identical bugs messing up statistics (#3185)
• Added missing comma between line number and confidence when describing matching and mismatching bugs for tests (#3187)
• Fixed method matchers with array types (#3203)
• Fix SARIF report's message property in Exception to meet the standard (#3197)
• Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called finalize() but not with the correct signature. (#3207)
• Fixed an error in the detection of bridge methods causing analysis crashes (#3208)
• Fixed detector ThrowingExceptions by removing false positive reports, such as synthetic methods (lambdas), methods which inherited their exception specifications and methods which call throwing methods (#2040)
• Do not report DP_DO_INSIDE_DO_PRIVILEGED, DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in code targeting Java 17 and above, since it advises the usage of deprecated method (#1515).
• Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive for a builder delegating to another builder (#3235)

Cleanup

• Cleanup thread issue and regex issue in test-harness (#3130)
• Remove extra blank lines and remove public from interface objects as inherently already public (#3131)
• Fix order of modifiers on properties/methods and ensure correct location in file (#3132, #3177)
• Return objects directly instead of creating more garbage collection by defining them (#3133, #3175)
• Restrict the constructor of abstract classes visibility to protected (#3178)
• Cleanup double initialization and fix comments referring to findbugs instead of spotbugs(#3134)
• Use diamond operator in constructor calls of Collections (#3176)
• Use Collection.isEmpty() or String.isEmpty() to test for emptiness (#3180, #3219)
• Use method references instead of lambdas where possible (#3179)
• Move default clauses to the end of switches (#3222)
• Remove unnecessary throws declarations (#3220)
• Use Boolean.parseBoolean() for string-to-boolean conversion. (#3217)
• Rename shadowing fields (#3221)
• Combine catch blocks with the same body (#3223)

... (truncated)

Commits

• ef76e9b release v4.9.0
• d64bfd2 Remove legacy cvs / svn revision data as git doesn't use that (#3262)
• 3d80c80 Move documentation items and other build items to java 11 (#3260)
• ab2a9f7 Fix map container to use interface, few missed double initialization, and mis...
• b7f48c9 [tests] Cleanup code within tests (#3259)

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.