Skip to content

Releases: spotbugs/spotbugs-maven-plugin

Spotbugs Maven Plugin 4.8.3.0

15 Jan 01:49
Compare
Choose a tag to compare

This release is much larger than most, all IT tests are good to go. Given scope of changes, if any issues seen, please raise ticket so we can quickly address. A lot was done here to fix-up lazy groovy usage.

Consumer

  • Support for spotbugs 4.8.3
  • library updates
  • Add 'noClassOk' option (untested)
  • Stop overusing 'def' from groovy and use concrete types
  • Many plexus to standard java usage
  • Switch 'Boolean' to 'boolean' for parameters
  • Remove long deprecated and not actually used spotbugsXmlOutput
  • Switch to using buffered writer
  • Drop supporting 2005 version of jxr-maven-plugin
  • Add support for usage of classifier (untested)
  • Add better logging when plugin skipped
  • Cleanup property usage and remove unused properties

Build

  • For integration tests switch to jakarta namespace
  • Cleanup site
  • Add groovy doc annotations
  • Let groovy create javadocs
  • Remove obsolete groovy config from build
  • Update groovy docs headers, footers, doc title
  • Replace examples with modern site usage
  • Replace all it with modern site usage
  • Replace only bash IT test with groovy

Spotbugs Maven Plugin 4.8.2.0

02 Dec 23:28
Compare
Choose a tag to compare
  • Supports spotbugs 4.8.2
  • Fix loading of onlyAnalyze classes/packages from file on multi module projects per #674
  • Force spotbugs log4j2 usage to pipe to slfj4 that we use

Spotbugs Maven Plugin 4.8.1.0

07 Nov 02:50
Compare
Choose a tag to compare
  • Supports Spotbugs 4.8.1

Build

  • Sorted pom now at 4 spaces instead of 2
  • Various updates to GHA - primed for jdk 22 but waiting on groovy 4.0.16 release

See notes from 4.8.0 as important new feature added there that likely will be missed given released within hour of each other.

Spotbugs Maven Plugin 4.8.0.0

07 Nov 02:15
Compare
Choose a tag to compare
  • Supports spotbugs 4.8.0 (note: there were considerable amount of issues with 4.8.0, this exists to be complete but suggest use 4.8.1.0 which will be out in a few).

User Items

  • Support through jdk 21
  • Moved code back to 'master' from 'spotbugs' branch given original fork is long archived and points to this repo
  • Plexus Utils/Xml upgraded in prep for maven 4 and will still work correctly with maven 3 projects
  • Add support to read a file for onlyAnalyze as follows
<onlyAnalyze>file:only-analyze.txt</onlyAnalyze>

Build

  • Move sonar to ubuntu
  • Use jdk 21 for coveralls
  • Point all GHA back to master
  • Bump base-parent pom to 41
  • Bump gmavenplus to 3.0.2
  • Bump commons-io to 2.15.0
  • Bump asm to 9.6
  • Bump maven to 3.9.5
  • Bump guava to 32.1.3-jre
  • Bump spotbugs to 4.8.0
  • Remove extra enforcer rules version from pom as parent updated
  • Bump junit to 5.10.0
  • Bump plexus utils to 4.0.0
  • Override pluxus xml to 3.0.0 so plexus continues to work with maven 3
  • Bump surefire to 3.1.2
  • Cleanup IT test names to match their usage
  • Update hashCode check in tests due to new features in spotbugs 4.8.0
  • Bump plugin plugin to 3.10.2
  • Bump javaparser to 3.25.6
  • Bump javadoc plugin to 3.6.2
  • Bump jxr plugin to 3.3.1
  • Bump surefire to 3.2.2

Spotbugs Maven Plugin 4.7.3.6

25 Sep 01:02
Compare
Choose a tag to compare

Supports spotbugs 4.7.3

Changes

  • Groovy 4.0.15
  • General Library Updates

Build

  • Remove 'jformatstring' from any documentation as no longer in spotbugs [no-op document cleanup]
  • Drop poms for 'jFormatString', 'jsr305', 'spotbugs-annotatinos', 'spotbugs-ant' and 'spotbugs' as not used in this build nor necessary
  • Drop legacy findbugs groovy scripts that ran maven actions as not used to delivery software

Spotbugs Maven Plugin 4.7.3.5

20 Jun 00:01
Compare
Choose a tag to compare

Supports spotbugs 4.7.3

Changes

  • Groovy 4.0.12
  • General Library Updates
  • Minor groovy code cleanup
  • Due to spotbugs failing to be released for some time, we are not overriding safe levels of libraries to clear CVEs. These include gson to 2.10.1, bcel to 6.6.1, jaxon 2.0.0, guava 32.0.1-jre
  • Cleanup exclusions throughout pom
  • Exclude plexus-container-default fixing #589

Build

  • Add support to run integration tests against maven 4.0.0-alpha4
  • Dropped legacy changes.xml file as we do not use that since version 4 and instead use github releases
  • Drop versionTest.groovy as not used
  • Auto license files
  • Remove old dependency check skip and pdf change as no longer necessary
  • Use latest extra enforcer rule 1.7.0

Spotbugs Maven Plugin 4.7.3.4

06 Apr 22:53
Compare
Choose a tag to compare

Support for spotbugs 4.7.3
Now on groovy 4.0.11

Spotbugs Maven Plugin 4.7.3.3

23 Mar 14:05
Compare
Choose a tag to compare
  • Support for spotbugs 4.7.3
  • Now on groovy 4.0.10
  • Small adjustment to line endings cross platform support

Spotbugs Maven Plugin 4.7.3.2

26 Feb 01:31
Compare
Choose a tag to compare
  • Resolve #549 auxclasspath regression introduced from 4.7.3.1 release
  • Bump base-parent usage to 38 resolving recursive issue with m2e (or more generally with maven itself) introduced from 4.7.3.1 release
  • Add new integration tests to test that files are not left open (verify-clean) and test to ensure we do not reintroduce auxclasspath issue (check-no-missing-classes).
  • Resolve #236 - inner classes links fixed

Spotbugs Maven Plugin 4.7.3.1

24 Feb 03:27
Compare
Choose a tag to compare
  • Still supports spotbugs 4.7.3
  • Updated to Groovy 4.0.7
  • Fixes for doxia updates to support maven 4 reporting
  • Remove invalid usage of 'auxclasspathFromInput' from inception of findbugs maven plugin. This surfaced when running parallel builds and possibly other related issues as it was causing spotbugs to rely on system.in.
  • Support running xml and sarif reports at same time
  • Add support to run html reports (htmlOutput parameter). Can be ran along side xml and sarif as well.
  • Fixed integration tests for maven 3.3.9 confirmed support level.

note: Groovy 4.0.8 / 4.0.9 are broken for this project. Groovy fixed issue which will come with 4.0.10. Therefore, if overriding groovy, do not upgrade currently beyond 4.0.7. Other versions should be otherwise fine.