You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@fineract.apache.org by GitBox <gi...@apache.org> on 2021/07/01 23:48:57 UTC
[GitHub] [fineract] renovate-bot opened a new pull request #1782: chore(deps): update dependency com.github.spotbugs:spotbugs-annotations to v4.3.0
renovate-bot opened a new pull request #1782:
URL: https://github.com/apache/fineract/pull/1782
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [com.github.spotbugs:spotbugs-annotations](https://spotbugs.github.io/) ([source](https://togithub.com/spotbugs/spotbugs)) | `4.2.3` -> `4.3.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) |
---
### Release Notes
<details>
<summary>spotbugs/spotbugs</summary>
### [`v4.3.0`](https://togithub.com/spotbugs/spotbugs/blob/master/CHANGELOG.md#​430---2021-07-01)
[Compare Source](https://togithub.com/spotbugs/spotbugs/compare/4.2.3...4.3.0)
##### Fixed
- `MS_EXPOSE_REP` and `EI_EXPOSE_REP` are now reported for code returning a reference to a mutable object indirectly (e.g. via a local variable)
##### Changed
- Bump ObjectWeb ASM from 9.1 to 9.2 supporting JDK 18 ([#​1591](https://togithub.com/spotbugs/spotbugs/pull/1591))
- Bump Saxon-HE from 10.3 to 10.5 ([#​1513](https://togithub.com/spotbugs/spotbugs/pull/1513))
- Bump gson from 2.8.6 to 2.8.7 ([#​1556](https://togithub.com/spotbugs/spotbugs/pull/1556))
- Function `mutableSignature()` improved and factored out from the `MutableStaticFields` detector
##### Added
- New bugs `MS_EXPOSE_BUF`, `EI_EXPOSE_BUF`, `EI_EXPOSE_STATIC_BUF2` and `EI_EXPOSE_BUF2` by the `FindReturnRef` detector to detect cases where buffers or their backing arrays are exposed (see [SEI CERT rule FIO05-J](https://wiki.sei.cmu.edu/confluence/display/java/FIO05-J.+Do+not+expose+buffers+or+their+backing+arrays+methods+to+untrusted+code))
- `MS_EXPOSE_REP`, `EI_EXPOSE_REP`, `EI_EXPOSE_STATIC_REP2` and `EI_EXPOSE_REP2` now report for shallowly copied arrays (using clone()) of mutable objects
</details>
---
### Configuration
📅 **Schedule**: At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
â™» **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box.
---
This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/apache/fineract).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [fineract] ptuomola merged pull request #1782: chore(deps): update dependency com.github.spotbugs:spotbugs-annotations to v4.3.0
Posted by GitBox <gi...@apache.org>.
ptuomola merged pull request #1782:
URL: https://github.com/apache/fineract/pull/1782
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org