Update all minor versions (master) (minor)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
com.github.spotbugs:spotbugs-annotations (source)	4.4.2 -> 4.7.3						minor
jquery (source)	3.6.4 -> 3.7.0						minor
io.sentry:sentry-logback	6.18.1 -> 6.21.0					dependencies	minor
org.geotools:gt-cql	29.0 -> 29.1					dependencies	minor
org.geotools:gt-svg	29.0 -> 29.1					dependencies	minor
org.geotools.xsd:gt-xsd-gml3	29.0 -> 29.1					dependencies	minor
org.geotools:gt-wms	29.0 -> 29.1					dependencies	minor
org.geotools:gt-geotiff	29.0 -> 29.1					dependencies	minor
org.geotools:gt-geojson	29.0 -> 29.1					dependencies	minor
org.geotools:gt-render	29.0 -> 29.1					dependencies	minor
org.geotools:gt-epsg-hsql	29.0 -> 29.1					dependencies	minor
commons-io:commons-io (source)	2.11.0 -> 2.12.0					dependencies	minor

---

Release Notes

spotbugs/spotbugs

v4.7.3

Compare Source

Fixed

• Fixed detector DontUseFloatsAsLoopCounters to prevent false positives. (#​2126)
• Fixed regression in 4.7.2 caused by (#​2141)
• improve compatibility with later version of jdk (>= 13). (#​2188)
• Fixed detector UncallableMethodOfAnonymousClass to not report unused methods of method-local enumerations and records (#​2120)
• Fixed detector FindSqlInjection to detect bug SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE SQL with high priority in case of unsafe appends also in Java 11 and above (#​2183)
• Fixed detector StringConcatenation to detect bug SBSC_USE_STRINGBUFFER_CONCATENATION also in Java 11 and above (#​2182)
• Fixed OpcodeStackDetector to to handle propagation of taints properly in case of string concatenation in Java 9 and above (#​2195)
• Bump up log4j2 binding to 2.19.0
• Bump ObjectWeb ASM from 9.3 to 9.4 supporting JDK 20 (#​2200)
• Bump up commons-text to 1.10.0 (#​2197)
• Fixed debug detector ViewCFG to generate file names that are also valid on Windows (#​2209)

v4.7.2

Compare Source

Fixed

• Bumped gson from 2.9.0 to 2.9.1 (#​2136)
• Bump up SLF4J API to 2.0.0
• Bump up logback to 1.4.0
• Bump up log4j2 binding to 2.18.0
• Bump up Saxon-HE to 11.4 (#​2160)
• Fixed InvalidInputException in Eclipse while bug reporting (#​2134)
• Bug SA_FIELD_SELF_ASSIGNMENT is now reported from nested classes as well (#​2142)
• Avoid warning on use of security manager on Java 17 and newer. (#​1579)
• Fixed false positives EI_EXPOSE_REP thrown in case of fields initialized by the of or copyOf method of a List, Map or Set (#​1771)
• Fixed CFGBuilderException thrown when dup_x2 is used to swap the reference and wide-value (double, long) in the stack (#​2146)

v4.7.1

Compare Source

Fixed

• Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE on try-with-resources with interface references (#​1931)
• Fixed NullPointerException thrown by detector FindPotentialSecurityCheckBasedOnUntrustedSource on Kotlin files. (#​2041)
• Disabled detector ThrowingExceptions by default to avoid many false positives (#​2040)
• Fixed False positives for THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION and THROWS_METHOD_THROWS_CLAUSE_THROWABLE on evaluating synthetic classes (#​2040)
• Fixed False positive for SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA on proper protection by using static lock for synchronized block, but inside an unsecured (synchronized and not static) method (#​2089)

v4.7.0

Compare Source

Changed

• Updated documentation by adding parenthesis () to the negative odd check message (#​1995)
• Let the Plugin class implement AutoCloseable so we can release the .jar file (#​2024)

Fixed

• Fixed reports to truncate existing files before writing new content (#​1950)
• Bumped Saxon-HE from 10.6 to 11.3 (#​1955, #​1999)
• Fixed traversal of nested archives governed by -nested:true (#​1930)
• Warnings of deprecated System::setSecurityManager calls on Java 17 (#​1983)
• Fixed false positive SSD bug for locking on java.lang.Class objects (#​1978)
• FindReturnRef throws an IllegalArgumentException unexpectedly (#​2019)
• Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#​2004)

Added

• New detector ThrowingExceptions and introduced new bug types:
  • THROWS_METHOD_THROWS_RUNTIMEEXCEPTION is reported in case of a method throwing RuntimeException,
  • THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION is reported when a method has Exception in its throws clause and
  • THROWS_METHOD_THROWS_CLAUSE_THROWABLE is reported when a method has Throwable in its throws clause (See SEI CERT ERR07-J)
• New rule PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS to warn for custom class loaders who do not call their superclasses' getPermissions() in their getPermissions() method. This rule based on the SEI CERT rule SEC07-J Call the superclass's getPermissions() method when writing a custom class loader. (#SEC07-J)
• New rule USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on SEC02-J. Do not base security checks on untrusted sources. (#SEC02-J)
• New detector DontUseFloatsAsLoopCounters to detect usage of floating-point variables as loop counters (FL_FLOATS_AS_LOOP_COUNTERS), according to SEI CERT rules NUM09-J. Do not use floating-point variables as loop counters
• New test detector ViewCFG to visualize the control-flow graph for SpotBugs developers

v4.6.0

Compare Source

Fixed

• Fixed spotbugs build with ecj compiler (#​1903)
• Moved tests from spotbugs project to spotbugs-tests project (#​1914)
• Fixed UI freezes in Eclipse on bug count decorations update (#​285)
• Bumped log4j from 2.17.1 to 2.17.2 (#​1960)
• Bumped gson from 2.8.9 to 2.9.0 (#​1960)

Added

• New detector FindInstanceLockOnSharedStaticData for new bug type SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA. This detector reports a bug if an instance level lock is used to modify a shared static data. (See SEI CERT rule LCK06-J)

v4.5.3

Compare Source

Security

• Bumped log4j from 2.16.0 to 2.17.1 to address CVE-2021-45105 and CVE-2021-44832 (#​1885, #​1897)

Fixed

• Remove duplicated logging frameworks from the Eclipse plugin distribution (#​1868)
• Corrected class name validation to no longer fail for Kotlin classes on class path containing special characters. (#​1883)

v4.5.2

Compare Source

Security

• Bumped log4j from 2.14.1 to 2.16.0 to address CVE-2021-44228

Fixed

• False negative about the rule RV_DONT_JUST_NULL_CHECK_READLINE (#​1821#​1820#​1819#​1818)
• Updated RV_01_TO_INT to handle float and long checks (#​1518)

v4.5.1

Compare Source

Fixed

• Ant task does not produce XML anymore (#​1827)
• Do not emit false positives of MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR and MC_OVERRIDABLE_METHOD_CALL_IN_CLONE for final classes (#​1812).
• Reports cannot be created on Windows platform (#​1842)

v4.5.0

Compare Source

Changed

• Replace "分析" with "解析" in Japanese document (#​1573)
• Add a section to document how to integrate find-sec-bugs into spotbugs-maven-plugin (#​540)
• Bump gson from 2.8.8 to 2.8.9 (#​1784)
• Changes related to dominators analysis in package edu.umd.cs.findbugs.classfile.engine.bcel (#​1741):
  • DominatorsAnalysisFactory renamed to NonExceptionDominatorsAnalysisFactory (clarification)
  • NonExceptionPostdominatorsAnalysisFactory renamed to NonExceptionPostDominatorsAnalysisFactory (spelling)
  • NonImplicitExceptionDominatorsAnalysis introduced (API consistency)

Added

• Rule DCN_NULLPOINTER_EXCEPTION covers catching NullPointerExceptions in accordance with SEI Cert rule ERR08-J (#​1740)
• Multiple types of report can be generated in batch. Set multiple commandline options for report configuration like -html=report/spotbugs.html -xml:withMessages=report/spotbugs.xml.
• New rule REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS to detect public methods instantiating a class they get in their parameter. This rule based on the SEI CERT rule SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields. (#SEC05-J)
• New detector FindOverridableMethodCall to detect invocation of overridable method in constructors (MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR) and clone() method (MC_OVERRIDABLE_METHOD_CALL_IN_CLONE), according to SEI CERT rules MET05-J. Ensure that constructors do not call overridable methods and MET06-J. Do not invoke overridable methods in clone().
• Translation of online manual to Brazilian Portuguese (PT-BR).

Fixed

• False negative about the rule ES_COMPARING_STRINGS_WITH_EQ (#​1764)
• False negative about the rule IM_MULTIPLYING_RESULT_OF_IREM ([#​1498])(https://github.com/spotbugs/spotbugs/issues/1498)

Deprecated

• -output commandline option is deprecated. Use commandline options for report configuration like -xml=spotbugs.xml instead.

getsentry/sentry-java

v6.21.0

Compare Source

Features

• Introduce new sentry-android-sqlite integration (#​2722)
  • This integration replaces the old androidx.sqlite database instrumentation in the Sentry Android Gradle plugin
  • A new capability to manually instrument your androidx.sqlite databases.
    • You can wrap your custom SupportSQLiteOpenHelper instance into SentrySupportSQLiteOpenHelper(myHelper) if you're not using the Sentry Android Gradle plugin and still benefit from performance auto-instrumentation.
• Add SentryWrapper for Callable and Supplier Interface (#​2720)
• Load sentry-debug-meta.properties (#​2734)
  • This enables source context for Java
  • For more information on how to enable source context, please refer to #​633

Fixes

• Finish WebFlux transaction before popping scope (#​2724)
• Use daemon threads for SentryExecutorService (#​2747)
  • We started using SentryExecutorService in 6.19.0 which caused the application to hang on shutdown unless Sentry.close() was called. By using daemon threads we no longer block shutdown.
• Use Base64.NO_WRAP to avoid unexpected char errors in Apollo (#​2745)
• Don't warn R8 on missing ComposeViewHierarchyExporter class (#​2743)

v6.20.0

Compare Source

Features

• Add support for Sentry Kotlin Compiler Plugin (#​2695)
  • In conjunction with our sentry-kotlin-compiler-plugin we improved Jetpack Compose support for
    • View Hierarchy support for Jetpack Compose screens
    • Automatic breadcrumbs for user interactions
• More granular http requests instrumentation with a new SentryOkHttpEventListener (#​2659)
  • Create spans for time spent on:
    • Proxy selection
    • DNS resolution
    • HTTPS setup
    • Connection
    • Requesting headers
    • Receiving response
  • You can attach the event listener to your OkHttpClient through client.eventListener(new SentryOkHttpEventListener()).addInterceptor(new SentryOkHttpInterceptor()).build();
  • In case you already have an event listener you can use the SentryOkHttpEventListener as well through client.eventListener(new SentryOkHttpEventListener(myListener)).addInterceptor(new SentryOkHttpInterceptor()).build();
• Add a new option to disable RootChecker (#​2735)

Fixes

• Base64 encode internal Apollo3 Headers (#​2707)
• Fix SentryTracer crash when scheduling auto-finish of a transaction, but the timer has already been cancelled (#​2731)
• Fix AndroidTransactionProfiler crash when finishing a profile that happened due to race condition (#​2731)

v6.19.1

Compare Source

Fixes

• Ensure screenshots and view hierarchies are captured on the main thread (#​2712)

v6.19.0

Compare Source

Features

• Add Screenshot and ViewHierarchy to integrations list (#​2698)
• New ANR detection based on ApplicationExitInfo API (#​2697)
  • This implementation completely replaces the old one (based on a watchdog) on devices running Android 11 and above:
    • New implementation provides more precise ANR events/ANR rate detection as well as system thread dump information. The new implementation reports ANRs exactly as Google Play Console, without producing false positives or missing important background ANR events.
    • New implementation reports ANR events with a new mechanism mechanism:AppExitInfo.
    • However, despite producing many false positives, the old implementation is capable of better enriching ANR errors (which is not available with the new implementation), for example:
      • Capturing screenshots at the time of ANR event;
      • Capturing transactions and profiling data corresponding to the ANR event;
      • Auxiliary information (such as current memory load) at the time of ANR event.
    • If you would like us to provide support for the old approach working alongside the new one on Android 11 and above (e.g. for raising events for slow code on main thread), consider upvoting this issue.
  • The old watchdog implementation will continue working for older API versions (Android < 11):
    • The old implementation reports ANR events with the existing mechanism mechanism:ANR.
• Open up TransactionOptions, ITransaction and IHub methods allowing consumers modify start/end timestamp of transactions and spans (#​2701)
• Send source bundle IDs to Sentry to enable source context (#​2663)
  • For more information on how to enable source context, please refer to #​633

Fixes

• Android Profiler on calling thread (#​2691)
• Use configureScope instead of withScope in Hub.close(). This ensures that the main scope releases the in-memory data when closing a hub instance. (#​2688)
• Remove null keys/values before creating concurrent hashmap in order to avoid NPE (#​2708)
• Exclude SentryOptions from R8/ProGuard obfuscation (#​2699)
  • This fixes AGP 8.+ incompatibility, where full R8 mode is enforced

Dependencies

• Bump Gradle from v8.1.0 to v8.1.1 (#​2666)
  • [changelog](https://github.com/gradle/gradle/blob/master release-test/CHANGELOG.md#v811)
  • diff
• Bump Native SDK from v0.6.1 to v0.6.2 (#​2689)
  • changelog
  • diff

geotools/geotools

v29.1

Compare Source

---

Configuration

📅 Schedule: Branch creation - "after 5pm on the first day of the month" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions]

Success approve. Enjoy 🏳️‍🌈🎉.