fix(deps): update dependency com.github.spotbugs:spotbugs-annotations to v4.9.8

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
com.github.spotbugs:spotbugs-annotations (source)	compile	patch	4.9.3 -> 4.9.8

---

Release Notes

spotbugs/spotbugs (com.github.spotbugs:spotbugs-annotations)

v4.9.8

Compare Source

Fixed

• Maven plugin reporting issue if -adjustPriority is not set (#​3774)

v4.9.7

Compare Source

Fixed

• Fix Eclipse not always using latest preferences file state (#​3740)
• Fix exception throw when singleton implementing Cloneable has no clone() method (#​3727)
• Fix for missing -adjustPriority parameter in Eclipse preferences (#​3687)
• Documentation of -adjustPriority parameter
• Functionality from DetectorFactory setEnabledButNonReporting(), getPriorityAdjustment() methods and BugInstance.adjustForDetector() is deprecated and moved to PriorityAdjuster (#​3753)
• Improved FindNakedNotify to handle the case when the lock is loaded from a field (#​3634)

Changed

• Support for fully qualified class names for detectors in -adjustPriority parameter
• Support for numerical and absolute priority adjustments
• Bump up Apache Commons BCEL to the version 6.11.0 (#​3569)

Deprecated

• Add back and deprecate edu.umd.cs.findbugs.io.IO.close(InputStream) method. (#​3756)

Build

• Allow our GA builds to work with JDK 25 (and drop support for JDK 24) (#​3564)

v4.9.6

Compare Source

Fixed

• Fix exception throw when analyzing jakarta.servlet.http.HttpServletRequest method calls (#​3711)

v4.9.5

Compare Source

Fixed

• Fix for an error when a record method has the @SuppressFBWarnings annotation (#​3622)
• Fix SF_SWITCH_FALLTHROUGH false positive when continuing a loop (#​3617)
• CWO_CLOSED_WITHOUT_OPENED false positive (#​3616)
• SF_SWITCH_NO_DEFAULT false positive fix for switch-arrow (#​3645)
• Fix the issue with BCEL logging Duplicating value: ... (#​3621)
• Add missing jakarta support for servlets / pre/post destroy (#​3694)

Added

• Add 'java.nio.file.Path.of' to known types for path traversal checks (#​3699)

Cleanup

• S1481: Unused local variables should be removed (#​3654)
• Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotatoin (#​3695)

v4.9.4

Compare Source

Changed

• AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
• Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#​3354).
• Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#​3485)

Fixed

• Widen main method recognition according to JEP 445. (#​3371)
• Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields, parameters, packages or classes with an *.Generated annotation with retention >= class (#​3350)(#​3409)
• Rewrite some member in ResourceValueFrame.java to Enum (#​2061)
• Ignore non-interpreted text when looking for FS_BAD_DATE_FORMAT_FLAG_COMBO (#​3387)
• Fix IllegalArgumentException thrown from FindNoSideEffectMethods detector (#​3320)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito doAnswer(), doCallRealMethod(), doNothing(), doThrow() or doReturn() call (#​3334)
• Fix CT_CONSTRUCTOR_THROW false positive with public and private constructors in specific order of methods (#​3417)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE FP when the relevant code is in private method, which is only called with proper synchronization (#​3428)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a BDDMockito call (#​3441)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE when field of a local variable is set. (#​3459)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE FP when there was no compound operation (#​3363)
• Fix NM_FIELD_NAMING_CONVENTION crash in the TestASM detector (#​3489)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in JUnit 3/4 setUp() method. (#​3169)
• Fix US_USELESS_SUPPRESSION_ON_FIELD/UUF_UNUSED_FIELD false positive (#​3496)
• Make the osgi manifest of the annotations jar Java 8 compatible (#​3498) (#​3500)
• TextUICommandLine supports all options encoded in Eclipse preferences file (#​3520)
• Unnecessary suppressions fix for records headers (#​3471)
• Dead store fix when switch case contains loops (#​3530) (#​3449)
• Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects (#​3463)
• Detect cases when equals() unconditionally returns true or false (#​3528)
• Do not report that an Iterator does not throw NoSuchElementException when hasNext() returns true (#​3501)
• Detect random value cast to int when stored in temporary variable (#​3461)
• Look for interfaces default methods when searching uncalled private methods (#​1988)
• Fixed field self assignment false positive (#​2258)
• Fixed DMI_INVOKING_TOSTRING_ON_ARRAY on newer JDK (#​1147)
• Fix NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive with Objects.requireNonNull (#​2965) (#​3573)
• Track inner classes access methods to correctly report the bugs (#​2029)
• SF_SWITCH_NO_DEFAULT false positive fix (#​1148) (#​3572)

Added

• Added the unnecessary annotation to the US_USELESS_SUPPRESSION_ON_* messages (#​3395)
• Multi-threaded code checks can be skipped with @NotThreadSafe (#​3390)
• New bug type CWO_CLOSED_WITHOUT_OPENED for locks that might be released without even being acquired. (See SEI CERT rule LCK08-J) (#​2055)
  • Breaking change: changed values and new items in ResourceValueFrame.
• Inline access method for method. (#​3481)
• Added DMI_MISLEADING_SUBSTRING for calling subString(0) on a StringBuffer/StringBuilder (#​1928)

Signing

• Signing for Eclipse plugin has been removed at the current time due to signing keys being expired. The expired key produced a warning during install, the same is true without signing.

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}