Releases: spotbugs/spotbugs-maven-plugin
Releases · spotbugs/spotbugs-maven-plugin
Spotbugs Maven Plugin 4.8.3.0
This release is much larger than most, all IT tests are good to go. Given scope of changes, if any issues seen, please raise ticket so we can quickly address. A lot was done here to fix-up lazy groovy usage.
Consumer
- Support for spotbugs 4.8.3
- library updates
- Add 'noClassOk' option (untested)
- Stop overusing 'def' from groovy and use concrete types
- Many plexus to standard java usage
- Switch 'Boolean' to 'boolean' for parameters
- Remove long deprecated and not actually used spotbugsXmlOutput
- Switch to using buffered writer
- Drop supporting 2005 version of jxr-maven-plugin
- Add support for usage of classifier (untested)
- Add better logging when plugin skipped
- Cleanup property usage and remove unused properties
Build
- For integration tests switch to jakarta namespace
- Cleanup site
- Add groovy doc annotations
- Let groovy create javadocs
- Remove obsolete groovy config from build
- Update groovy docs headers, footers, doc title
- Replace examples with modern site usage
- Replace all it with modern site usage
- Replace only bash IT test with groovy
Spotbugs Maven Plugin 4.8.2.0
- Supports spotbugs 4.8.2
- Fix loading of onlyAnalyze classes/packages from file on multi module projects per #674
- Force spotbugs log4j2 usage to pipe to slfj4 that we use
Spotbugs Maven Plugin 4.8.1.0
- Supports Spotbugs 4.8.1
Build
- Sorted pom now at 4 spaces instead of 2
- Various updates to GHA - primed for jdk 22 but waiting on groovy 4.0.16 release
See notes from 4.8.0 as important new feature added there that likely will be missed given released within hour of each other.
Spotbugs Maven Plugin 4.8.0.0
- Supports spotbugs 4.8.0 (note: there were considerable amount of issues with 4.8.0, this exists to be complete but suggest use 4.8.1.0 which will be out in a few).
User Items
- Support through jdk 21
- Moved code back to 'master' from 'spotbugs' branch given original fork is long archived and points to this repo
- Plexus Utils/Xml upgraded in prep for maven 4 and will still work correctly with maven 3 projects
- Add support to read a file for onlyAnalyze as follows
<onlyAnalyze>file:only-analyze.txt</onlyAnalyze>
Build
- Move sonar to ubuntu
- Use jdk 21 for coveralls
- Point all GHA back to master
- Bump base-parent pom to 41
- Bump gmavenplus to 3.0.2
- Bump commons-io to 2.15.0
- Bump asm to 9.6
- Bump maven to 3.9.5
- Bump guava to 32.1.3-jre
- Bump spotbugs to 4.8.0
- Remove extra enforcer rules version from pom as parent updated
- Bump junit to 5.10.0
- Bump plexus utils to 4.0.0
- Override pluxus xml to 3.0.0 so plexus continues to work with maven 3
- Bump surefire to 3.1.2
- Cleanup IT test names to match their usage
- Update hashCode check in tests due to new features in spotbugs 4.8.0
- Bump plugin plugin to 3.10.2
- Bump javaparser to 3.25.6
- Bump javadoc plugin to 3.6.2
- Bump jxr plugin to 3.3.1
- Bump surefire to 3.2.2
Spotbugs Maven Plugin 4.7.3.6
Supports spotbugs 4.7.3
Changes
- Groovy 4.0.15
- General Library Updates
Build
- Remove 'jformatstring' from any documentation as no longer in spotbugs [no-op document cleanup]
- Drop poms for 'jFormatString', 'jsr305', 'spotbugs-annotatinos', 'spotbugs-ant' and 'spotbugs' as not used in this build nor necessary
- Drop legacy findbugs groovy scripts that ran maven actions as not used to delivery software
Spotbugs Maven Plugin 4.7.3.5
Supports spotbugs 4.7.3
Changes
- Groovy 4.0.12
- General Library Updates
- Minor groovy code cleanup
- Due to spotbugs failing to be released for some time, we are not overriding safe levels of libraries to clear CVEs. These include gson to 2.10.1, bcel to 6.6.1, jaxon 2.0.0, guava 32.0.1-jre
- Cleanup exclusions throughout pom
- Exclude plexus-container-default fixing #589
Build
- Add support to run integration tests against maven 4.0.0-alpha4
- Dropped legacy changes.xml file as we do not use that since version 4 and instead use github releases
- Drop versionTest.groovy as not used
- Auto license files
- Remove old dependency check skip and pdf change as no longer necessary
- Use latest extra enforcer rule 1.7.0
Spotbugs Maven Plugin 4.7.3.4
Support for spotbugs 4.7.3
Now on groovy 4.0.11
Spotbugs Maven Plugin 4.7.3.3
- Support for spotbugs 4.7.3
- Now on groovy 4.0.10
- Small adjustment to line endings cross platform support
Spotbugs Maven Plugin 4.7.3.2
- Resolve #549 auxclasspath regression introduced from 4.7.3.1 release
- Bump base-parent usage to 38 resolving recursive issue with m2e (or more generally with maven itself) introduced from 4.7.3.1 release
- Add new integration tests to test that files are not left open (verify-clean) and test to ensure we do not reintroduce auxclasspath issue (check-no-missing-classes).
- Resolve #236 - inner classes links fixed
Spotbugs Maven Plugin 4.7.3.1
- Still supports spotbugs 4.7.3
- Updated to Groovy 4.0.7
- Fixes for doxia updates to support maven 4 reporting
- Remove invalid usage of 'auxclasspathFromInput' from inception of findbugs maven plugin. This surfaced when running parallel builds and possibly other related issues as it was causing spotbugs to rely on system.in.
- Support running xml and sarif reports at same time
- Add support to run html reports (htmlOutput parameter). Can be ran along side xml and sarif as well.
- Fixed integration tests for maven 3.3.9 confirmed support level.
note: Groovy 4.0.8 / 4.0.9 are broken for this project. Groovy fixed issue which will come with 4.0.10. Therefore, if overriding groovy, do not upgrade currently beyond 4.0.7. Other versions should be otherwise fine.