deps: upgrade SpotBugs to 4.7.1

- upgraded SpotBugs to 4.7.1
- changed next version to 4.2.0, prepared for next release

.github/workflows/build.yml

@@ -113,7 +113,7 @@ jobs:
  uses: ./.github/actions/sonar-update-center
  with:
  prop-file: findbugs.properties
- description: Use SpotBugs 4.7.0, sb-contrib 7.4.7, and findsecbugs 1.12.0
+ description: Use SpotBugs 4.7.1, sb-contrib 7.4.7, and findsecbugs 1.12.0
  minimal-supported-sq-version: 8.9
  latest-supported-sq-version: LATEST
  changelog-url: https://github.com/spotbugs/sonar-findbugs/releases/tag/${{ github.event.release.tag_name }}
@@ -122,5 +122,5 @@ jobs:
  sonar-cloud-url: https://sonarcloud.io/summary/new_code?id=com.github.spotbugs:sonar-findbugs-plugin
  github-token: ${{ secrets.PAT_TO_FORK }}
  discourse-api-key: ${{ secrets.DISCOURSE_API_KEY }}
- skip-creating-pull-request: true
- skip-announcing: true
+ skip-creating-pull-request: false
+ skip-announcing: false

README.md

@@ -54,4 +54,4 @@ Findbugs Plugin version|Embedded SpotBugs/Findbugs version|Embedded Findsecbugs
 4.1.4 | 4.6.0 (SpotBugs) | 1.12.0 | 7.4.7 (sb-contrib) | 1.8|7.9~|5.10.1.16922
 4.1.5 | 4.7.0 (SpotBugs) | 1.12.0 | 7.4.7 (sb-contrib) | 1.8|7.9~|5.10.1.16922
 4.1.6 | 4.7.0 (SpotBugs) | 1.12.0 | 7.4.7 (sb-contrib) | 1.8|7.9~|5.10.1.16922
-4.1.7-SNAPSHOT | 4.7.0 (SpotBugs) | 1.12.0 | 7.4.7 (sb-contrib) | 1.8|7.9~|5.10.1.16922
+4.2.0-SNAPSHOT | 4.7.1 (SpotBugs) | 1.12.0 | 7.4.7 (sb-contrib) | 1.8|7.9~|5.10.1.16922

generate_profiles/BuildXmlFiles.groovy

@@ -7,13 +7,13 @@ import groovy.json.JsonSlurper;
 
 @Grapes([
 
- @Grab(group='com.github.spotbugs', module='spotbugs', version='4.7.0'),
+ @Grab(group='com.github.spotbugs', module='spotbugs', version='4.7.1'),
  @Grab(group='com.mebigfatguy.sb-contrib', module='sb-contrib', version='7.4.7'),
  @Grab(group='com.h3xstream.findsecbugs' , module='findsecbugs-plugin', version='1.12.0')]
 )
 
 
-FB = new Plugin(groupId: 'com.github.spotbugs', artifactId: 'spotbugs', version: '4.7.0')
+FB = new Plugin(groupId: 'com.github.spotbugs', artifactId: 'spotbugs', version: '4.7.1')
 CONTRIB = new Plugin(groupId: 'com.mebigfatguy.sb-contrib', artifactId: 'sb-contrib', version: '7.4.7')
 FSB = new Plugin(groupId: 'com.h3xstream.findsecbugs', artifactId: 'findsecbugs-plugin', version: '1.12.0')
 

pom.xml

@@ -4,7 +4,7 @@
 
  <groupId>com.github.spotbugs</groupId>
  <artifactId>sonar-findbugs-plugin</artifactId>
- <version>4.1.7-SNAPSHOT</version>
+ <version>4.2.0-SNAPSHOT</version>
  <packaging>sonar-plugin</packaging>
 
  <name>SonarQube SpotBugs Plugin</name>
@@ -52,7 +52,7 @@
  Also need to update profiles, see ./generate_profiles/README.md for detail.
  Update the version table and the rules count badge in README.md
  -->
- <spotbugs.version>4.7.0</spotbugs.version>
+ <spotbugs.version>4.7.1</spotbugs.version>
  <sbcontrib.version>7.4.7</sbcontrib.version>
  <findsecbugs.version>1.12.0</findsecbugs.version>
 

src/main/resources/org/sonar/plugins/findbugs/rules-findbugs.xml

@@ -5606,11 +5606,10 @@ object explicitly.&lt;/p&gt;</description>
  <tag>malicious-code</tag>
  </rule>
  <rule key='SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA' priority='MAJOR'>
- <name>Correctness - Instance level lock was used on a shared static data</name>
+ <name>Multi-threading - Instance level lock was used on a shared static data</name>
  <configKey>SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA</configKey>
  <description>&lt;p&gt;
- Instance level synchronization, that modifies a static shared object could cause security leaks.
- If the lock or the method is not static, that modifies the static field, and is synchronized,
+ If the lock or the synchronized method is not static, that modifies the static field,
  that could leave the shared static data unprotected against concurrent access.
  This could occur in two ways, if a synchronization method uses a non-static lock object,
  or a synchronized method is declared as non-static. Both ways are ineffective.
@@ -5620,7 +5619,7 @@ object explicitly.&lt;/p&gt;</description>
  &lt;a href="https://wiki.sei.cmu.edu/confluence/display/java/LCK06-J.+Do+not+use+an+instance+lock+to+protect+shared+static+data"&gt;
  LCK06-J. Do not use an instance lock to protect shared static data&lt;/a&gt;.
  &lt;/p&gt;</description>
- <tag>correctness</tag>
+ <tag>multi-threading</tag>
  <tag>bug</tag>
  </rule>
  <rule key='FL_FLOATS_AS_LOOP_COUNTERS' priority='MAJOR'>