Skip to content

fix(deps): update dependency com.github.spotbugs:spotbugs-annotations to v4.9.4#2312

Merged
snazy merged 1 commit intoapache:mainfrom
renovate-bot:renovate/com.github.spotbugs-spotbugs-annotations-4.x
Aug 11, 2025
Merged

fix(deps): update dependency com.github.spotbugs:spotbugs-annotations to v4.9.4#2312
snazy merged 1 commit intoapache:mainfrom
renovate-bot:renovate/com.github.spotbugs-spotbugs-annotations-4.x

Conversation

@renovate-bot
Copy link
Collaborator

@renovate-bot renovate-bot commented Aug 10, 2025

This PR contains the following updates:

Package Change Age Confidence
com.github.spotbugs:spotbugs-annotations (source) 4.9.3 -> 4.9.4 age confidence

Release Notes

spotbugs/spotbugs (com.github.spotbugs:spotbugs-annotations)

v4.9.4

Compare Source

Changed
  • AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
  • Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#​3354).
  • Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#​3485)
Fixed
  • Widen main method recognition according to JEP 445. (#​3371)
  • Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields, parameters, packages or classes with an *.Generated annotation with retention >= class (#​3350)(#​3409)
  • Rewrite some member in ResourceValueFrame.java to Enum (#​2061)
  • Ignore non-interpreted text when looking for FS_BAD_DATE_FORMAT_FLAG_COMBO (#​3387)
  • Fix IllegalArgumentException thrown from FindNoSideEffectMethods detector (#​3320)
  • Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito doAnswer(), doCallRealMethod(), doNothing(), doThrow() or doReturn() call (#​3334)
  • Fix CT_CONSTRUCTOR_THROW false positive with public and private constructors in specific order of methods (#​3417)
  • Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE FP when the relevant code is in private method, which is only called with proper synchronization (#​3428)
  • Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a BDDMockito call (#​3441)
  • Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE when field of a local variable is set. (#​3459)
  • Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE FP when there was no compound operation (#​3363)
  • Fix NM_FIELD_NAMING_CONVENTION crash in the TestASM detector (#​3489)
  • Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in JUnit 3/4 setUp() method. (#​3169)
  • Fix US_USELESS_SUPPRESSION_ON_FIELD/UUF_UNUSED_FIELD false positive (#​3496)
  • Make the osgi manifest of the annotations jar Java 8 compatible (#​3498) (#​3500)
  • TextUICommandLine supports all options encoded in Eclipse preferences file (#​3520)
  • Unnecessary suppressions fix for records headers (#​3471)
  • Dead store fix when switch case contains loops (#​3530) (#​3449)
  • Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects (#​3463)
  • Detect cases when equals() unconditionally returns true or false (#​3528)
  • Do not report that an Iterator does not throw NoSuchElementException when hasNext() returns true (#​3501)
  • Detect random value cast to int when stored in temporary variable (#​3461)
  • Look for interfaces default methods when searching uncalled private methods (#​1988)
  • Fixed field self assignment false positive (#​2258)
  • Fixed DMI_INVOKING_TOSTRING_ON_ARRAY on newer JDK (#​1147)
  • Fix NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive with Objects.requireNonNull (#​2965) (#​3573)
  • Track inner classes access methods to correctly report the bugs (#​2029)
  • SF_SWITCH_NO_DEFAULT false positive fix (#​1148) (#​3572)
Added
  • Added the unnecessary annotation to the US_USELESS_SUPPRESSION_ON_* messages (#​3395)
  • Multi-threaded code checks can be skipped with @NotThreadSafe (#​3390)
  • New bug type CWO_CLOSED_WITHOUT_OPENED for locks that might be released without even being acquired. (See SEI CERT rule LCK08-J) (#​2055)
    • Breaking change: changed values and new items in ResourceValueFrame.
  • Inline access method for method. (#​3481)
  • Added DMI_MISLEADING_SUBSTRING for calling subString(0) on a StringBuffer/StringBuilder (#​1928)
Signing
  • Signing for Eclipse plugin has been removed at the current time due to signing keys being expired. The expired key produced a warning during install, the same is true without signing.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-project-automation github-project-automation bot moved this to PRs In Progress in Basic Kanban Board Aug 10, 2025
@renovate-bot renovate-bot force-pushed the renovate/com.github.spotbugs-spotbugs-annotations-4.x branch from 7b1c763 to f0b57bd Compare August 10, 2025 13:27
@github-project-automation github-project-automation bot moved this from PRs In Progress to Ready to merge in Basic Kanban Board Aug 11, 2025
@snazy snazy merged commit 01c6471 into apache:main Aug 11, 2025
12 checks passed
@github-project-automation github-project-automation bot moved this from Ready to merge to Done in Basic Kanban Board Aug 11, 2025
@renovate-bot renovate-bot deleted the renovate/com.github.spotbugs-spotbugs-annotations-4.x branch August 11, 2025 06:59
snazy added a commit to snazy/polaris that referenced this pull request Nov 20, 2025
@snazy @adutra
@MonkeyCanCode @renovate-bot @XN137 @zhongyujiang @poojanilangekar @tmater @rockwotj
Dremio merge 2025 08 12 09 21 (apache#102)
e05d575 
* Helm Chart: remove duplicate line in authenticationOptions template (apache#2297)

* Move python client Makefile into the root level one (apache#2140)

* Move python client Makefile into the root level one

* Update workflow

* add client-lint to pre-commit

* Update README.md to include client

* fix(deps): update dependency boto3 to v1.40.5 (apache#2300)

* fix(deps): update dependency org.assertj:assertj-core to v3.27.4 (apache#2298)

* Fix python CI client-integration-test (apache#2305)

`CONTAINER_TOOL` got renamed to `DOCKER` in
6764a88
but then
eda7074
added more `CONTAINER_TOOL` usage

* fix(docs): update BasePolarisAuthenticator to DefaultAuthenticator (apache#2303)

* Fix Hadoop federation to initialize the configuration prior to catalog initialization (apache#2282)

This PR addresses the gap in Hadoop federation to ensure that we initialize the hadoop configuration prior to initializing the catalog object.

The iceberg library expects the hadoop configuration to be initialized before creating a HadoopCatalog object. This change ensures that Polaris is compatible with the underlying iceberg library. Additionally, since the config initialization is based on the underlying (default) core-site.xml file, the change ensures that the federated catalog was created using `IMPLICIT` authentication mode. 

Testing: 
Due to current limitations in the current test setup, tested the change manually.
[TODO] Add a regtest with hadoop federation once the change is baked into the apache/polaris docker image.

* fix(deps): update dependency boto3 to v1.40.6 (apache#2308)

* fix(deps): update dependency io.opentelemetry:opentelemetry-bom to v1.53.0 (apache#2309)

* Perform force repair when polaris not found (apache#2313)

* fix(deps): update dependency com.github.spotbugs:spotbugs-annotations to v4.9.4 (apache#2312)

* chore(deps): update dependency pre-commit to v4.3.0 (apache#2311)

* fix(deps): update dependency software.amazon.awssdk:bom to v2.32.19 (apache#2314)

* fix(deps): update dependency com.gradleup.shadow:shadow-gradle-plugin to v9.0.1 (apache#2310)

* Separate Cloud Integration Tests (apache#2283)

Currently, cloud integration tests are part of the regular test suite
but require cloud credentials to execute properly. This creates
unnecessary overhead for developers who just want to run local builds
or for CI jobs that don't have cloud access configured.

* chore(deps): update actions/checkout action to v5 (apache#2319)

* CatalogEntity: internal endpoint not considered (apache#2292)

Setting an S3 internal endpoint doesn't work, because the property's not carried over from the OpenAPI model type into `AwsStorageConfigInfo`.

* client/python: loosen boto3 dep (apache#2188)

It's hard to depend on this package when the boto3 dependency is so strict.

* fix(deps): update dependency io.micrometer:micrometer-bom to v1.15.3 (apache#2321)

* NoSQL: test adjustment

* Last merged commit 45e8e02

---------

Co-authored-by: Alexandre Dutra <[email protected]>
Co-authored-by: Yong Zheng <[email protected]>
Co-authored-by: Mend Renovate <[email protected]>
Co-authored-by: Christopher Lambert <[email protected]>
Co-authored-by: Yujiang Zhong <[email protected]>
Co-authored-by: Pooja Nilangekar <[email protected]>
Co-authored-by: Tamas Mate <[email protected]>
Co-authored-by: Tyler Rockwood <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@snazy snazy snazy approved these changes

Assignees

No one assigned

Labels

renovate-polaris

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@renovate-bot @snazy