chore(deps): bump com.github.spotbugs:spotbugs-annotations from 4.7.3 to 4.8.3

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps com.github.spotbugs:spotbugs-annotations from 4.7.3 to 4.8.3.

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

SpotBugs 4.8.3

CHANGELOG

Fixed

• Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits for checked exceptions (#2710)
• Applied changes for bcel 6.8.0 with adjustments to constant pool (#2756)
  • More information bcel changes can be found on (#2757)
• Fix FN in CT_CONSTRUCTOR_THROW when the return value of the called method is not void or primitive type.

Changed

• Improved Matcher checks for empty strings (#2755)
• Allow 'onlyAnalyze' option to specify negative matches, such that this facility can be used to prevent a subset of classes to be excluded from analysis (#2754)
• Strictly require logback 1.2.13 due to CVE-2023-6481 and CVE-23-6378 (#2760)
• Prefer log4j2 at 2.22.0 and logback at 1.4.14 (#2760)

CHECKSUM

file	checksum (sha256)
spotbugs-4.8.3-javadoc.jar	2e01e937ceb24dc02796690e73caa9d06e576741af497f22f2b1ccd41e98065d
spotbugs-4.8.3-sources.jar	383f1434925a9b5df46c03dc79aac9dbc9ac1e5020f40b34f4e6ab565b8082f5
spotbugs-4.8.3.tgz	4713c0ebcc76125ba11be3cfcb288a39b809fdabfbeec0acd0ac7494ef649851
spotbugs-4.8.3.zip	7468aaaf370ec9df0601a46cf0157b83022d00227ef724d80ebbfbb11cb26270
spotbugs-annotations-4.8.3-javadoc.jar	eb513a89ac812f50e3d7de5efbb0e135994849c18412b04759e6d67e991e356e
spotbugs-annotations-4.8.3-sources.jar	b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar	e5d4f60be8e57595766ba7f1d4535dc46aebf98dae05e16372a4d4120d3ebb6b
spotbugs-ant-4.8.3-javadoc.jar	a9713955805838408ed7b6adf030bffc4cd2036fa2fdb8fb772bc1857e4ac4a6
spotbugs-ant-4.8.3-sources.jar	9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar	a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar	84a286b65d1c2441ac24a57a998c83d43b9d287fd68ac0df7c7524b5f419fc2b
test-harness-4.8.3-javadoc.jar	e3c3997b3a26bee7833b9e7ae634b32f7b060fe11af0a4111d0d62b2a872f760
test-harness-4.8.3-sources.jar	633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6
test-harness-4.8.3.jar	23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9
test-harness-core-4.8.3-javadoc.jar	cd3a2bbcff93aba606a4e3340733d06684e2e456211068f8cb7069890c71efa0
test-harness-core-4.8.3-sources.jar	f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.3.jar	5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242
test-harness-jupiter-4.8.3-javadoc.jar	35631be40804da4e5613dfa70efc491c52d5b9d4e6d35d706efce78a4ceb1669
test-harness-jupiter-4.8.3-sources.jar	0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.3.jar	d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485

SpotBugs 4.8.2

CHANGELOG

Fixed

• Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource (#2379)
• Use java.nio to load filter files (#2684)
• Eclipse: Do not export javax.annotation packages (#2699)
• Fixed not thread safe FindOverridableMethodCall detector (#2701)
• Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. (#2646)
• Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
• Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits (#2710)

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.8.3 - 2023-12-12

Fixed

• Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits for checked exceptions (#2710)
• Applied changes for bcel 6.8.0 with adjustments to constant pool (#2756)
  • More information bcel changes can be found on (#2757)
• Fix FN in CT_CONSTRUCTOR_THROW when the return value of the called method is not void or primitive type.
• Fix FP in CT_CONSTRUCTOR_THROW when exception throwing lambda is created, but not called in constructor (#2695)

Changed

• Improved Matcher checks for empty strings (#2755)
• Allow 'onlyAnalyze' option to specify negative matches, such that this facility can be used to prevent a subset of classes to be excluded from analysis (#2754)
• Strictly require logback 1.2.13 due to CVE-2023-6481 and CVE-23-6378 (#2760)
• Prefer log4j2 at 2.22.0 and logback at 1.4.14 (#2760)

4.8.2 - 2023-11-28

Fixed

• Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource (#2379)
• Use java.nio to load filter files (#2684)
• Eclipse: Do not export javax.annotation packages (#2699)
• Fixed not thread safe FindOverridableMethodCall detector (#2701)
• Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. (#2646)
• Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
• Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits (#2710)

Added

• New detector finding System.getenv() calls, where the corresponding Java property could be used (See ENV02-J).

Build

• Run build using jdk 17 and 21 without usage of toolchains so we do not defeat the purpose of building on both. (#2722)

4.8.1 - 2023-11-06

Fixed

• Fixed schema location for findbugsfilter.xsd (#1416)
• Fixed missing null checks (#2629)
• Disabled DontReusePublicIdentifiers due to the high false positives rate (#2627)
• Removed signature of methods using UTF-8 in DefaultEncodingDetector (#2634)
• Fix exception escapes when calling functions of JUnit Assert or Assertions (#2640)
• Fixed an error in the SARIF export when a bug annotation is missing (#2632)
• Fixed false positive RV_EXCEPTION_NOT_THROWN when asserting to exception throws (#2628)
• Fix false positive CT_CONSTRUCTOR_THROW when supertype has final finalize (#2665)
• Lowered the priority of PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE bug (#2652)
• Eclipse: fixed startup overhead (on computing classpath) for PDE projects (#2671)

Build

• Fix deprecated GHA on '::set-output' by using GITHUB_OUTPUT (#2651)

4.8.0 - 2023-10-11

... (truncated)

Commits

• 1e42fc9 release v4.8.3
• 44dd360 Fix FNs in CT_CONSTRUCTOR_THROW (#2747)
• 10422e8 Adjust log binding requirements due to CVEs from logback (#2760)
• e720004 Support negated onlyAnalyze items (#2754)
• 8a41d8f Sonar Analyses fixes (#2753)
• a7aada2 fix(deps): update dependency org.apache.bcel:bcel to v6.8.0 (#2756)
• c176966 chore(deps): update dependency com.diffplug.gradle:goomph to v3.44.0 (#2758)
• 0f7a97f chore(deps): update plugin com.github.spotbugs to v6.0.2 (#2742)
• 5495d4b chore(deps): update plugin com.gradle.enterprise to v3.16 (#2746)
• 194f19b Use String.isEmpty() with null guards (#2755)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)