PMD 7.13.0 (25-April-2025)

25-April-2025 - 7.13.0

The PMD team is pleased to announce PMD 7.13.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
  • Docker images
  • Experimental support for language dialects
  • ✨ New Rules
• 🐛 Fixed Issues
• 🚨 API Changes
  • Deprecations
  • Experimental API
• ✨ Merged pull requests
• 📦 Dependency updates
• 📈 Stats

🚀 New and noteworthy

Docker images

PMD is now providing official docker images at https://hub.docker.com/r/pmdcode/pmd and
https://github.com/pmd/docker/pkgs/container/pmd.

You can now analyze your code with PMD by using docker like so:

docker run --rm --tty -v $PWD:/src pmdcode/pmd:latest check -d . -R rulesets/java/quickstart.xml`

More information is available at https://github.com/pmd/docker.

Experimental support for language dialects

A dialect is a particular form of another supported language. For example, an XSLT is a particular
form of an XML. Even though the dialect has its own semantics and uses, the contents are still readable
by any tool capable of understanding the base language.

In PMD, a dialect allows to set up completely custom rules, XPath functions, properties and metrics
for these files; while retaining the full support of the underlying base language including
already existing rules and XPath functions.

See [core] Support language dialects #5438 and
Adding a new dialect for more information.

✨ New Rules

• The new Apex rule TypeShadowsBuiltInNamespace finds Apex classes, enums, and interfaces
  that have the same name as a class, enum, or interface in the System or Schema namespace.
  Shadowing these namespaces in this way can lead to confusion and unexpected behavior.

🐛 Fixed Issues

• core
  • #5438: [core] Support language dialects
  • #5448: Maintain a public PMD docker image
  • #5525: [core] Add rule priority as level to Sarif report
  • #5623: [dist] Make pmd launch script compatible with /bin/sh
• apex-bestpractices
  • #5667: [apex] ApexUnitTestShouldNotUseSeeAllDataTrue false negative when seeAllData parameter is a string
• apex-errorprone
  • #3184: [apex] Prevent classes from shadowing System Namespace
• java
  • #5645: [java] Parse error on switch with yield
• java-bestpractices
  • #5687: [java] UnusedPrivateMethodRule: exclude serialization method readObjectNoData()
• plsql
  • #5675: [plsql] Parse error with TREAT function

🚨 API Changes

Deprecations

• net.sourceforge.pmd.lang.xml.pom.PomLanguageModule is deprecated. POM is now a dialect of XML.
  Use PomDialectModule instead.
• net.sourceforge.pmd.lang.xml.wsdl.WsdlLanguageModule is deprecated. WSDL is now a dialect of XML.
  Use WsdlDialectModule instead.
• net.sourceforge.pmd.lang.xml.xsl.XslLanguageModule is deprecated. XSL is now a dialect of XML.
  Use XslDialectModule instead.

Experimental API

• The core API around support for language dialects:
  • Language#getBaseLanguageId
  • Language#isDialectOf
  • LanguageModuleBase#<init>
  • LanguageModuleBase#asDialectOf
  • LanguageModuleBase.DialectLanguageMetadata
  • BasePmdDialectLanguageVersionHandler
  • SimpleDialectLanguageModuleBase

✨ Merged pull requests

• #5438: [core] Support language dialects - Juan Martín Sotuyo Dodero (@jsotuyod)
• #5450: Fix #3184: [apex] New Rule: TypeShadowsBuiltInNamespace - Mitch Spano (@mitchspano)
• #5573: Fix #5525: [core] Add Sarif Level Property - julees7 (@julees7)
• #5623: [dist] Make pmd launch script compatible with /bin/sh - Clément Fournier (@oowekyala)
• #5648: Fix #5645: [java] Parse error with yield statement - Clément Fournier (@oowekyala)
• #5652: [java] Cleanup AccessorClassGenerationRule implementation - Pankraz76 (@Pankraz76)
• #5672: [doc] Fix its/it's and doable/double typos - John Jetmore (@jetmore)
• #5674: Fix #5448: [ci] Maintain public Docker image - Andreas Dangel (@adangel)
• #5684: Fix #5667: [apex] ApexUnitTestShouldNotUseSeeAllDataTrue false negative when seeAllDate parameter is a string - Thomas Prouvot (@tprouvot)
• #5685: [doc] typo fix in PMD Designer reference - Douglas Griffith (@dwgrth)
• #5686: Fix #5675: [plsql] Support TREAT function with specified datatype - Andreas Dangel (@adangel)
• #5687: [java] UnusedPrivateMethodRule: exclude serialization method readObjectNoData() - Gili Tzabari (@cowwoc)
• #5688: [java] Fix Double Literal for Java19+ compatibility - Andreas Dangel (@adangel)

📦 Dependency updates

• #5607: Bump org.junit:junit-bom from 5.11.4 to 5.12.1
• #5641: Bump PMD from 7.11.0 to 7.12.0
• #5653: Bump org.sonarsource.scanner.maven:sonar-maven-plugin from 5.0.0.4389 to 5.1.0.4751
• #5654: Bump surefire.version from 3.5.2 to 3.5.3
• #5655: Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre
• #5656: Bump org.ow2.asm:asm from 9.7.1 to 9.8
• #5657: Bump com.google.protobuf:protobuf-java from 4.30.1 to 4.30.2
• #5658: Bump logger from 1.6.6 to 1.7.0 in /.ci/files in the all-gems group across 1 directory
• #5671: Bump checkstyle from 10.21.4 to 10.23.0
• #5676: Bump org.checkerframework:checker-qual from 3.49.1 to 3.49.2
• #5677: Bump junit5.platform.version from 1.12.1 to 1.12.2
• #5678: Bump org.apache.commons:commons-text from 1.13.0 to 1.13.1
• #5679: Bump com.google.guava:guava from 33.4.6-jre to 33.4.7-jre
• #5680: Bump org.mockito:mockito-core from 5.16.1 to 5.17.0
• #5681: Bump org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.13
• [#5682](#5...

PMD 7.12.0 (28-March-2025)

28-March-2025 - 7.12.0

The PMD team is pleased to announce PMD 7.12.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
  • ✨ New Rules
• 🐛 Fixed Issues
• 🚨 API Changes
  • Deprecations
• ✨ Merged pull requests
• 📦 Dependency updates
• 📈 Stats

🚀 New and noteworthy

✨ New Rules

• The new Java rule ImplicitFunctionalInterface reports functional interfaces that were
  not explicitly declared as such with the annotation @FunctionalInterface. If an interface is accidentally a functional
  interface, then it should bear a @SuppressWarnings("PMD.ImplicitFunctionalInterface")
  annotation to make this clear.

🐛 Fixed Issues

• core
  • #5593: [core] Make renderers output files in deterministic order even when multithreaded
• apex
  • #5567: [apex] Provide type information for CastExpression
• apex-design
  • #5616: [apex] ExcessiveParameterList reports entire method instead of signature only
• java
  • #5587: [java] Thread deadlock during PMD analysis in ParseLock.getFinalStatus
• java-bestpractices
  • #2849: [java] New Rule: ImplicitFunctionalInterface
  • #5369: [java] UnusedPrivateMethod false positives with lombok.val
  • #5590: [java] LiteralsFirstInComparisonsRule not applied on constant
  • #5592: [java] UnusedAssignment false positive in record compact constructor
• java-codestyle
  • #5079: [java] LocalVariableCouldBeFinal false-positive with lombok.val
  • #5452: [java] PackageCase: Suppression comment has no effect due to finding at wrong position in case of JavaDoc comment
• plsql
  • #4441: [plsql] Parsing exception with XMLQUERY function in SELECT
  • #5521: [plsql] Long parse time and eventually parse error with XMLAGG order by clause

🚨 API Changes

Deprecations

• java
  • The method buildConstValue is deprecated for removal. It should
    have been package-private from the start. In order to get the (compile time) const value of an expression, use
    getConstValue or getConstFoldingResult
    instead.
  • For the same reason, the following methods are also deprecated for removal:
    buildConstValue and buildConstValue.

• JTypeVar#withUpperbound is deprecated. It was previously meant to be used
  internally and not needed anymore.

✨ Merged pull requests

• #5550: Fix #5521: [plsql] Improve parser performance by reducing lookaheads - Andreas Dangel (@adangel)
• #5554: Fix #5369: [java] Consider that lombok.val and var are inferred - Clément Fournier (@oowekyala)
• #5555: Fix #2849: [java] Add rule ImplicitFunctionalInterface - Clément Fournier (@oowekyala)
• #5556: [ci] New workflow "Publish Results from Pull Requests" - Andreas Dangel (@adangel)
• #5574: Fix #5567: [apex] Provide type info for CastExpression - Andreas Dangel (@adangel)
• #5583: [java] Fix race condition in ClassStub for inner classes - Andreas Dangel (@adangel)
• #5586: [java/core] Micro optimizations - Clément Fournier (@oowekyala)
• #5588: [java] Fix crash when parsing class for anonymous class - Clément Fournier (@oowekyala)
• #5591: Fix #5587: [java] Fix deadlock while loading ClassStub - Clément Fournier (@oowekyala)
• #5593: [core] Make renderers output files in deterministic order even when multithreaded - Clément Fournier (@oowekyala)
• #5595: Fix #5590: [java] LiteralsFirstInComparisons with constant field - Clément Fournier (@oowekyala)
• #5596: Fix #4441: [plsql] XMLQuery - Support identifier as XQuery_string parameter - Andreas Dangel (@adangel)
• #5598: Fix #5592: [java] Fix UnusedAssignment FP with compact record ctor - Clément Fournier (@oowekyala)
• #5600: Fix #5079: [java] LocalVariableCouldBeFinal false-positive with lombok.val - Clément Fournier (@oowekyala)
• #5611: Fix #5452: [java] PackageCase reported on wrong line - Clément Fournier (@oowekyala)
• #5617: Fix #5616: [apex] ExcessiveParameterList: Report only method signature - Andreas Dangel (@adangel)
• #5618: [doc] Fix search index - Andreas Dangel (@adangel)

📦 Dependency updates

• #5558: Bump PMD from 7.10.0 to 7.11.0
• #5561: Bump org.apache.groovy:groovy from 4.0.25 to 4.0.26
• #5562: Bump org.junit.platform:junit-platform-suite from 1.11.4 to 1.12.0
• #5564: Bump org.apache.maven.plugins:maven-clean-plugin from 3.4.0 to 3.4.1
• #5565: Bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.3 to 3.1.4
• #5566: Bump io.github.apex-dev-tools:apex-ls_2.13 from 5.7.0 to 5.8.0
• #5571: Bump nokogiri from 1.16.7 to 1.18.3
• #5572: Bump uri from 0.13.1 to 1.0.3
• #5575: Bump org.jsoup:jsoup from 1.18.3 to 1.19.1
• #5576: Bump scalameta.version from 4.13.2 to 4.13.3
• #5577: Bump org.yaml:snakeyaml from 2.3 to 2.4
• #5578: Bump com.google.protobuf:protobuf-java from 4.29.3 to 4.30.0
• #5580: Bump net.bytebuddy:byte-buddy from 1.17.1 to 1.17.2
• #5581: Bump com.puppycrawl.tools:checkstyle from 10.21.3 to 10.21.4
• #5582: Bump the gems liquid to 5.8.1 and logger to 1.6.6
• #5602: Bump org.apache.maven.plugins:maven-install-plugin from 3.1.3 to 3.1.4
• #5603: Bump net.bytebuddy:byte-buddy-agent from 1.17.1 to 1.17.2
• #5604: Bump org.mockito:mockito-core from 5.15.2 to 5.16.1
• #5605: Bump org.junit.platform:junit-platform-suite from 1.12.0 to 1.12.1
• #5606: Bump org.checkerframework:checker-qual from 3.49.0 to 3.49.1
• #5608: Bump com.google.protobuf:protobuf-java from 4.30.0 to 4.30.1
• #5619: Bump nokogiri from 1.18.3 to 1.18.5
• #5624: Bump scalameta.version from 4.13.3 to 4.13.4
• #5627: Bump net.bytebuddy:byte-buddy-agent from 1.17.2 to 1.17.4
• #5628: Bump io.github.apex-dev-tools:apex-ls_2.13 from 5.8.0 to 5.9.0
• #5629: Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre
• #5630: Bump net.bytebuddy:byte-buddy from 1.17.2 to 1.17.4

📈 Stats

PMD 7.11.0 (28-February-2025)

28-February-2025 - 7.11.0

The PMD team is pleased to announce PMD 7.11.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
  • ✨ New Rules
  • Signed Releases
• 🐛 Fixed Issues
• 🚨 API Changes
  • Deprecations
• ✨ Merged pull requests
• 📦 Dependency updates
• 📈 Stats

🚀 New and noteworthy

✨ New Rules

• The new Apex rule AvoidStatefulDatabaseResult detects Database.Stateful implementations
  that store database results in instance variables. This can cause serialization issues between successive batch
  iterations.

Signed Releases

We now not only sign the maven artifacts, but also our binary distribution files that you can
download from GitHub Releases.
See the page Signed Releases in our documentation for how to verify the files.

🐛 Fixed Issues

• apex-errorprone
  • #5305: [apex] New Rule: Avoid Stateful Database Results
• java
  • #5442: [java] StackOverflowError with recursive generic types
  • #5493: [java] IllegalArgumentException: <?> cannot be a wildcard bound
  • #5505: [java] java.lang.StackOverflowError while executing a PmdRunnable
• java-bestpractices
  • #3359: [java] UnusedPrivateMethod does not recognize Lombok @EqualsAndHashCode.Include annotation
  • #5486: [java] UnusedPrivateMethod detected when class is referenced in another class
  • #5504: [java] UnusedAssignment false-positive in for-loop with continue
• java-codestyle
  • #4822: [java] UnnecessaryCast false-positive for raw types
  • #5073: [java] UnnecessaryCast false-positive for cast in return position of lambda
  • #5440: [java] UnnecessaryCast reported in stream chain map() call that casts to more generic interface
  • #5523: [java] UnnecessaryCast false-positive for integer operations in floating-point context
  • #5541: [java] Fix IdenticalCatchBranch reporting branches that call different overloads
• java-design
  • #5018: [java] FinalFieldCouldBeStatic false-positive for access of super class field
• plsql
  • #5522: [plsql] Parse error for operator in TRIM function call

🚨 API Changes

Deprecations

• java
  • The method TypeOps#isContextDependent(JMethodSig) is deprecated for removal.
    Use isContextDependent(JExecutableSymbol) instead which
    is more flexible.

✨ Merged pull requests

• #5425: [apex] New Rule: Avoid Stateful Database Results - Mitch Spano (@mitchspano)
• #5491: [docs] Call render_release_notes.rb within docs - Andreas Dangel (@adangel)
• #5492: [docs] Add security page with known vulnerabilities - Andreas Dangel (@adangel)
• #5503: [java] AvoidSynchronizedAtMethodLevel: Fixed error in code example - Balazs Glatz (@gbq6)
• #5507: Fix #5486: [java] Fix UnusedPrivateMethod - always search decls in current AST - Andreas Dangel (@adangel)
• #5508: Fix #3359: [java] UnusedPrivateMethod: Ignore lombok.EqualsAndHashCode.Include - Andreas Dangel (@adangel)
• #5510: [ci] Add signed releases - Andreas Dangel (@adangel)
• #5524: [ci] New optimized workflow for pull requests - Andreas Dangel (@adangel)
• #5526: Fix #5523: [java] UnnecessaryCast FP with integer division - Clément Fournier (@oowekyala)
• #5527: Fix #5522: [plsql] Allow arbitrary expressions for TRIM - Andreas Dangel (@adangel)
• #5528: Fix #5442: [java] Fix stackoverflow with recursive generic types - Clément Fournier (@oowekyala)
• #5529: Fix #5493: [java] IllegalArgumentException with wildcard bound - Clément Fournier (@oowekyala)
• #5530: Fix #5073: [java] UnnecessaryCast FP with lambdas - Clément Fournier (@oowekyala)
• #5537: Fix #5504: [java] UnusedAssignment FP with continue in foreach loop - Clément Fournier (@oowekyala)
• #5538: Add project icon for IntelliJ IDEA - Vincent Potucek (@pankratz227)
• #5539: [plsql] Add OracleDBUtils as regression testing project - Andreas Dangel (@adangel)
• #5541: [java] Fix IdenticalCatchBranch reporting branches that call different overloads - Clément Fournier (@oowekyala)
• #5542: Add GitHub issue links in IDEA git log - Andreas Dangel (@adangel)
• #5544: [javacc] Move grammar files into src/main/javacc - Andreas Dangel (@adangel)
• #5551: [doc] Update contributors for 7.11.0 - Andreas Dangel (@adangel)
• #5552: Fix #4822: [java] UnnecessaryCast FP with unchecked cast - Clément Fournier (@oowekyala)
• #5553: Fix #5018: [java] FinalFieldCouldBeStatic FP with super field access - Clément Fournier (@oowekyala)

📦 Dependency updates

• #5490: Bump PMD from 7.9.0 to 7.10.0
• #5494: Bump liquid from 5.7.1 to 5.7.2 in the all-gems group across 1 directory
• #5497: Bump net.bytebuddy:byte-buddy-agent from 1.16.1 to 1.17.0
• #5498: Bump org.assertj:assertj-core from 3.25.3 to 3.27.3
• #5499: Bump org.mockito:mockito-core from 5.14.2 to 5.15.2
• #5500: Bump org.junit:junit-bom from 5.11.2 to 5.11.4
• #5501: Bump org.scala-lang:scala-reflect from 2.13.15 to 2.13.16
• #5516: Bump org.jetbrains:annotations from 26.0.1 to 26.0.2
• #5517: Bump net.bytebuddy:byte-buddy from 1.15.11 to 1.17.0
• #5518: Bump org.junit.platform:junit-platform-suite from 1.11.3 to 1.11.4
• #5519: Bump org.checkerframework:checker-qual from 3.48.3 to 3.49.0
• #5520: Bump com.google.guava:guava from 33.0.0-jre to 33.4.0-jre
• #5532: Bump net.bytebuddy:byte-buddy-agent from 1.17.0 to 1.17.1
• #5533: Bump log4j.version from 2.24.2 to 2.24.3
• #5534: Bump com.google.code.gson:gson from 2.11.0 to 2.12.1
• #5535: Bump scalameta.version from 4.12.7 to 4.13.1.1
• #5536: Bump org.apache.groovy:groovy from 4.0.24 to 4.0.25
• #5545: Bump commons-logging:commons-logging from 1.3.4 to 1.3.5
• #5546: Bump scalameta.version from 4.13.1.1 to 4.13.2
• #5547: Bump net.bytebuddy:byte-buddy from 1.17.0 to 1.17.1
• #5548: Bump com.puppycrawl.tools:checkstyle from 10.21.2 to 10.21.3
• #5549: Bump org.apache.maven.plugins:maven-compiler-plugin from 3.13.0 to 3.14.0

📈 Stats

• 97 commits
• 35 closed tickets & PRs
  ...

PMD 7.10.0 (31-January-2025)

31-January-2025 - 7.10.0

The PMD team is pleased to announce PMD 7.10.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
  • 🚀 New: Java 24 Support
  • New GPG Release Signing Key
  • Updated PMD Designer
• 🌟 New and changed rules
  • New Rules
• 🐛 Fixed Issues
• 🚨 API Changes
  • Removed Experimental API
• ✨ Merged pull requests
• 📦 Dependency updates
• 📈 Stats

🚀 New and noteworthy

🚀 New: Java 24 Support

This release of PMD brings support for Java 24. There are no new standard language features,
but a couple of preview language features:

• JEP 488: Primitive Types in Patterns, instanceof, and switch (Second Preview)
• JEP 492: Flexible Constructor Bodies (Third Preview)
• JEP 494: Module Import Declarations (Second Preview)
• JEP 495: Simple Source Files and Instance Main Methods (Fourth Preview)

In order to analyze a project with PMD that uses these preview language features,
you'll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language
version 24-preview:

export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-24-preview ...

Note: Support for Java 22 preview language features have been removed. The version "22-preview"
is no longer available.

New GPG Release Signing Key

Since January 2025, we switched the GPG Key we use for signing releases in Maven Central to be
A0B5CA1A4E086838.
The full fingerprint is 2EFA 55D0 785C 31F9 56F2 F87E A0B5 CA1A 4E08 6838.

This step was necessary, as the passphrase of the old key has been compromised and therefore the key is not
safe to use anymore. While the key itself is not compromised as far as we know, we still decided to generate a
new key, just to be safe. As until now (January 2025) we are not aware, that the key actually has been misused.
The previous releases of PMD in Maven Central can still be considered untampered, as Maven Central is read-only.

This unexpected issue was discovered while checking Reproducible Builds by a
third party.

The security advisory about the compromised passphrase is tracked as
GHSA-88m4-h43f-wx84
and CVE-2025-23215.

Updated PMD Designer

This PMD release ships a new version of the pmd-designer.
For the changes, see PMD Designer Changelog (7.10.0).

🌟 New and changed rules

New Rules

• The new Java rule ExhaustiveSwitchHasDefault finds switch statements and
  expressions, that cover already all cases but still have a default case. This default case is unnecessary
  and prevents getting compiler errors when e.g. new enum constants are added without extending the switch.

🐛 Fixed Issues

• apex
  • #5388: [apex] Parse error with time literal in SOQL query
  • #5456: [apex] Issue with java dependency apex-parser-4.3.1 but apex-parser-4.3.0 works
• apex-security
  • #3158: [apex] ApexSuggestUsingNamedCred false positive with Named Credential merge fields
• documentation
  • #2492: [doc] Promote wiki pages to standard doc pages
• java
  • #5154: [java] Support Java 24
• java-performance
  • #5311: [java] TooFewBranchesForSwitch false positive for exhaustive switches over enums without default case

🚨 API Changes

Removed Experimental API

• pmd-java
  • net.sourceforge.pmd.lang.java.ast.ASTTemplate, net.sourceforge.pmd.lang.java.ast.ASTTemplateExpression,
    net.sourceforge.pmd.lang.java.ast.ASTTemplateFragment: These nodes were introduced with Java 21 and 22
    Preview to support String Templates. However, the String Template preview feature was not finalized
    and has been removed from Java for now. We now cleaned up the PMD implementation of it.

✨ Merged pull requests

• #5327: [apex] Update apex-parser and summit-ast - Andreas Dangel (@adangel)
• #5412: [java] Support exhaustive switches - Andreas Dangel (@adangel)
• #5449: Use new gpg key (A0B5CA1A4E086838) - Andreas Dangel (@adangel)
• #5458: [doc] Move Wiki pages into main documentation, cleanups - Andreas Dangel (@adangel)
• #5471: [java] Support Java 24 - Andreas Dangel (@adangel)
• #5488: [apex] Fix #3158: Recognize Named Credentials merge fields in ApexSuggestUsingNamedCredRule - William Brockhus (@YodaDaCoda)

📦 Dependency updates

• #5423: Bump PMD from 7.8.0 to 7.9.0
• #5433: Bump org.codehaus.mojo:exec-maven-plugin from 3.2.0 to 3.5.0
• #5434: Bump commons-logging:commons-logging from 1.3.0 to 1.3.4
• #5435: Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.5.0
• #5436: Bump the all-gems group across 2 directories with 1 update
• #5445: Bump org.junit.platform:junit-platform-commons from 1.11.2 to 1.11.4
• #5446: Bump org.sonarsource.scanner.maven:sonar-maven-plugin from 3.10.0.2594 to 5.0.0.4389
• #5459: Bump org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.7
• #5460: Bump org.apache.commons:commons-text from 1.12.0 to 1.13.0
• #5461: Bump com.google.protobuf:protobuf-java from 4.29.1 to 4.29.3
• #5472: Bump net.bytebuddy:byte-buddy-agent from 1.15.11 to 1.16.1
• #5473: Bump org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.13 to 1.7.0
• #5474: Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.23.0 to 0.23.1
• #5475: Bump liquid from 5.6.0 to 5.7.0 in the all-gems group across 1 directory
• #5479: Bump pmd-designer from 7.2.0 to 7.10.0
• #5480: Bump scalameta.version from 4.9.1 to 4.12.7
• #5481: Bump liquid from 5.7.0 to 5.7.1 in the all-gems group across 1 directory
• #5482: Bump org.codehaus.mojo:versions-maven-plugin from 2.17.1 to 2.18.0
• #5483: Bump org.jetbrains.dokka:dokka-maven-plugin from 1.9.20 to 2.0.0
• #5484: Bump com.github.hazendaz.maven:coveralls-maven-plugin from 4.5.0-M5 to 4.5.0-M6
• #5485: Bump com.puppycrawl.tools:checkstyle from 10.20.2 to 10.21.2

📈 Stats

• 70 commits
• 13 closed tickets & PRs
• Days since last release: 34

PMD 7.9.0 (27-December-2024)

27-December-2024 - 7.9.0

The PMD team is pleased to announce PMD 7.9.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
  • New: CPD support for Rust
• 🐛 Fixed Issues
• 🚨 API Changes
  • Experimental API
• ✨ Merged pull requests
• 📦 Dependency updates
• 📈 Stats

🚀 New and noteworthy

New: CPD support for Rust

CPD now supports Rust, a blazingly fast and memory-efficient programming language.
It is shipped in the new module pmd-rust.

🐛 Fixed Issues

• cli
  • #5399: [cli] Windows: PMD fails to start with special characters in path names
  • #5401: [cli] Windows: Console output doesn't use unicode
• java
  • #5096: [java] StackOverflowError with recursively bound type variable
• java-bestpractices
  • #4861: [java] UnusedPrivateMethod - false positive with static methods in core JDK classes
• java-documentation
  • #2996: [java] CommentSize rule violation is not suppressed at method level

🚨 API Changes

Experimental API

• pmd-core: RuleContext#addViolationWithPosition

✨ Merged pull requests

• #4939: [java] Fix #2996 - CommentSize/CommentContent suppression - Clément Fournier (@oowekyala)
• #5376: [java] Fix #4861 - UnusedPrivateMethod FP in JDK classes - Clément Fournier (@oowekyala)
• #5387: [java] Fix #5096 - StackOverflowError with recursively bounded tvar - Clément Fournier (@oowekyala)
• #5400: Fix #5399: [cli] pmd.bat: Quote all variables when using SET - Andreas Dangel (@adangel)
• #5402: Fix #5401: [cli] pmd.bat: set codepage to 65001 (UTF-8) - Andreas Dangel (@adangel)
• #5404: [doc] Update tools / integrations / ide plugins / news pages - Andreas Dangel (@adangel)
• #5414: Add Rust CPD - Julia Paluch (@juliapaluch)

📦 Dependency updates

• #5375: Bump pmd from 7.7.0 to 7.8.0
• #5377: Bump com.puppycrawl.tools:checkstyle from 10.20.1 to 10.20.2
• #5378: Bump net.bytebuddy:byte-buddy from 1.14.12 to 1.15.10
• #5379: Bump io.github.git-commit-id:git-commit-id-maven-plugin from 7.0.0 to 9.0.1
• #5380: Bump org.apache.maven.plugins:maven-shade-plugin from 3.5.2 to 3.6.0
• #5384: Bump org.apache.groovy:groovy from 4.0.19 to 4.0.24
• #5390: Bump com.google.protobuf:protobuf-java from 4.28.2 to 4.29.1
• #5391: Bump org.hamcrest:hamcrest from 2.2 to 3.0
• #5392: Bump org.codehaus.mojo:build-helper-maven-plugin from 3.5.0 to 3.6.0
• #5393: Bump org.jsoup:jsoup from 1.17.2 to 1.18.3
• #5394: Bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.4.2
• #5395: Bump webrick from 1.9.0 to 1.9.1 in /docs in the all-gems group across 1 directory
• #5405: Bump org.yaml:snakeyaml from 2.2 to 2.3
• #5406: Bump io.github.apex-dev-tools:apex-ls_2.13 from 5.5.0 to 5.7.0
• #5407: Bump net.bytebuddy:byte-buddy-agent from 1.14.19 to 1.15.11
• #5409: Bump net.bytebuddy:byte-buddy from 1.15.10 to 1.15.11
• #5410: Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.11.2
• #5411: Bump csv from 3.3.0 to 3.3.1 in /docs in the all-gems group across 1 directory
• #5417: Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.11 to 2.9.1
• #5418: Bump org.checkerframework:checker-qual from 3.48.1 to 3.48.3
• #5419: Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.5.0 to 3.6.0
• #5422: Bump the all-gems group across 2 directories with 2 updates

📈 Stats

• 69 commits
• 12 closed tickets & PRs
• Days since last release: 28

PMD 7.8.0 (29-November-2024)

29-November-2024 - 7.8.0

The PMD team is pleased to announce PMD 7.8.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
• 🌟 New and changed rules
  • New Rules
• 🐛 Fixed Issues
• 🚨 API Changes
  • Deprecations
• ✨ Merged pull requests
• 📦 Dependency updates
• 📈 Stats

🚀 New and noteworthy

🌟 New and changed rules

New Rules

• The new Apex rule QueueableWithoutFinalizer detects when the Queueable interface
  is used but a Finalizer is not attached. Without attaching a Finalizer, there is no way of designing error
  recovery actions should the Queueable action fail.

🐛 Fixed Issues

• ant
  • #1860: [ant] Reflective access warnings on java > 9 and java < 17
• apex
  • #5302: [apex] New Rule: Queueable Should Attach Finalizer
  • #5333: [apex] Token recognition errors for string containing unicode escape sequence
• html
  • #5322: [html] CPD throws exception on when HTML file is missing closing tag
• java
  • #5283: [java] AssertionError "this should be unreachable" with scala library
  • #5293: [java] Deadlock when executing PMD in multiple threads
  • #5324: [java] Issue with type inference of nested lambdas
  • #5329: [java] Type inference issue with unknown method ref in call chain
  • #5338: [java] Unresolved target type for lambdas make overload resolution fail
• java-bestpractices
  • #4113: [java] JUnitTestsShouldIncludeAssert - false positive with SoftAssertionsExtension
  • #5083: [java] UnusedPrivateMethod false positive when method reference has no target type
  • #5097: [java] UnusedPrivateMethod FP with raw type missing from the classpath
  • #5318: [java] PreserveStackTraceRule: false-positive on Pattern Matching with instanceof
• java-codestyle
  • #5214: [java] Wrong message for LambdaCanBeMethodReference with method of enclosing class
  • #5263: [java] UnnecessaryFullyQualifiedName: false-positive in an enum that uses its own static variables
  • #5315: [java] UnnecessaryImport false positive for on-demand imports
• java-design
  • #4763: [java] SimplifyBooleanReturns - wrong suggested solution
• java-errorprone
  • #5070: [java] ConfusingArgumentToVarargsMethod FP when types are unresolved
• java-performance
  • #5287: [java] TooFewBranchesForSwitch false-positive with switch using list of case constants
  • #5314: [java] InsufficientStringBufferDeclarationRule: Lack of handling for char type parameters
  • #5320: [java] UseStringBufferLength: false-negative on StringBuffer of sb.toString().equals("")

🚨 API Changes

Deprecations

• pmd-coco
  • CocoBaseListener is deprecated for removal. This class was never intended
    to be generated. It will be removed with no replacement.
  • CocoBaseVisitor is deprecated for removal. This class was never intended
    to be generated. It will be removed with no replacement.
  • CocoListener is deprecated for removal. This class was never intended
    to be generated. It will be removed with no replacement.
  • CocoParser is deprecated for removal. This class was never intended
    to be generated. It will be removed with no replacement.
  • CocoVisitor is deprecated for removal. This class was never intended
    to be generated. It will be removed with no replacement.
• pmd-gherkin
  • GherkinBaseListener is deprecated for removal. This class was never intended
    to be generated. It will be removed with no replacement.
  • GherkinBaseVisitor is deprecated for removal. This class was never intended
    to be generated. It will be removed with no replacement.
  • GherkinListener is deprecated for removal. This class was never intended
    to be generated. It will be removed with no replacement.
  • GherkinParser is deprecated for removal. This class was never intended
    to be generated. It will be removed with no replacement.
  • GherkinVisitor is deprecated for removal. This class was never intended
    to be generated. It will be removed with no replacement.
• pmd-julia
  • JuliaBaseListener is deprecated for removal. This class was never intended to
    be generated. It will be removed with no replacement.
  • JuliaBaseVisitor is deprecated for removal. This class was never intended to
    be generated. It will be removed with no replacement.
  • JuliaListener is deprecated for removal. This class was never intended to
    be generated. It will be removed with no replacement.
  • JuliaParser is deprecated for removal. This class was never intended to
    be generated. It will be removed with no replacement.
  • JuliaVisitor is deprecated for removal. This class was never intended to
    be generated. It will be removed with no replacement.
• pmd-kotlin
  • UnicodeClasses is deprecated for removal. This class was never intended to
    be generated. It will be removed with no replacement.
• pmd-xml
  • XMLLexer is deprecated for removal. Use net.sourceforge.pmd.lang.xml.ast.XMLLexer
    instead (note different package ast instead of antlr4).

✨ Merged pull requests

• #5240: Release notes improvements - Andreas Dangel (@adangel)
• #5284: [apex] Use case-insensitive input stream to avoid choking on Unicode escape sequences - Willem A. Hajenius (@wahajenius)
• #5286: [ant] Formatter: avoid reflective access to determine console encoding - Andreas Dangel (@adangel)
• #5289: [java] TooFewBranchesForSwitch - allow list of case constants - Andreas Dangel (@adangel)
• #5296: [xml] Have pmd-xml Lexer in line with other antlr grammars - Juan Martín Sotuyo Dodero (@jsotuyod)
• #5300: Add rule test cases for issues fixed with PMD 7.0.0 - Andreas Dangel (@adangel)
• #5303: [apex] New Rule: Queueable Should Attach Finalizer - Mitch Spano (@mitchspano)
• #5309: [java] Fix #5293: ...

PMD 7.7.0 (25-October-2024)

25-October-2024 - 7.7.0

The PMD team is pleased to announce PMD 7.7.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
  • CPD can now ignore literals and identifiers in C++ code
• 🌟 Rule Changes
  • Changed Rules
  • Renamed Rules
• 🐛 Fixed Issues
• 🚨 API Changes
• ✨ Merged pull requests
• 📦 Dependency updates
• 📈 Stats

🚀 New and noteworthy

CPD can now ignore literals and identifiers in C++ code

When searching for duplicated code in C++ differences in literals or identifiers can be
ignored now (like in Java). This can be enabled via the command line options --ignore-literal
and --ignore-identifiers.
See PR #5040 for details.

🌟 Rule Changes

Changed Rules

• SwitchStmtsShouldHaveDefault (Java Best Practices) doesn't report empty switch statements anymore.
  To detect these, use EmptyControlStatement.
• UnitTestShouldUseAfterAnnotation (Java Best Practices) now also considers JUnit 5 and TestNG tests.
• UnitTestShouldUseBeforeAnnotation (Java Best Practices) now also considers JUnit 5 and TestNG tests.
• TooFewBranchesForSwitch (Java Performance) doesn't report empty switches anymore.
  To detect these, use EmptyControlStatement.

Renamed Rules

• Several rules for unit testing have been renamed to better reflect their actual scope. Lots of them were called
  after JUnit / JUnit 4, even when they applied to JUnit 5 and / or TestNG.
  • UnitTestAssertionsShouldIncludeMessage (Java Best Practices) has been renamed from JUnitAssertionsShouldIncludeMessage.
  • UnitTestContainsTooManyAsserts (Java Best Practices) has been renamed from JUnitTestContainsTooManyAsserts.
  • UnitTestShouldIncludeAssert (Java Best Practices) has been renamed from JUnitTestsShouldIncludeAssert.
  • UnitTestShouldUseAfterAnnotation (Java Best Practices) has been renamed from JUnit4TestShouldUseAfterAnnotation.
  • UnitTestShouldUseBeforeAnnotation (Java Best Practices) has been renamed from JUnit4TestShouldUseBeforeAnnotation.
  • UnitTestShouldUseTestAnnotation (Java Best Practices) has been renamed from JUnit4TestShouldUseTestAnnotation.
• Several rules about switch statements and switch expression have been renamed, as they apply both to Switch Statements
  and to Switch Expressions:
  • DefaultLabelNotLastInSwitch (Java Best Practices) has been renamed from DefaultLabelNotLastInSwitchStmt.
  • NonCaseLabelInSwitch (Java Error Prone) has been renamed from NonCaseLabelInSwitchStatement.
  • TooFewBranchesForSwitch (Java Performance) has been renamed from TooFewBranchesForASwitchStatement.
  • NonExhaustiveSwitch (Java Best Practices) has been renamed from SwitchStmtsShouldHaveDefault.

The old rule names still work but are deprecated.

🐛 Fixed Issues

• apex-performance
  • #5270: [apex] AvoidNonRestrictiveQueries when LIMIT is followed by bind expression
• java
  • #4532: [java] Rule misnomer for JUnit* rules
  • #5261: [java] Record patterns with empty deconstructor lists lead to NPE
• java-bestpractices
  • #4286: [java] Rename rule SwitchStmtsShouldHaveDefault to NonExhaustiveSwitch
  • #4813: [java] SwitchStmtsShouldHaveDefault false positive with pattern matching
• java-codestyle
  • #5253: [java] BooleanGetMethodName: False-negatives with Boolean wrapper
• java-design
  • #5030: [java] SwitchDensity false positive with pattern matching
• java-errorprone
  • #3362: [java] ImplicitSwitchFallThrough should consider switch expressions
  • #5067: [java] CloseResource: False positive for FileSystems.getDefault()
  • #5244: [java] UselessOperationOnImmutable should detect java.time types
  • #5257: [java] NonCaseLabelInSwitch should consider switch expressions
• java-performance
  • #5249: [java] TooFewBranchesForASwitchStatement false positive for Pattern Matching
  • #5250: [java] TooFewBranchesForASwitchStatement should consider Switch Expressions

🚨 API Changes

• java-bestpractices
  • The old rule name JUnit4TestShouldUseAfterAnnotation has been deprecated. Use the new name UnitTestShouldUseAfterAnnotation instead.
  • The old rule name JUnit4TestShouldUseBeforeAnnotation has been deprecated. Use the new name UnitTestShouldUseBeforeAnnotation instead.
  • The old rule name JUnit4TestShouldUseTestAnnotation has been deprecated. Use the new name UnitTestShouldUseTestAnnotation instead.
  • The old rule name JUnitAssertionsShouldIncludeMessage has been deprecated. Use the new name UnitTestAssertionsShouldIncludeMessage instead.
  • The old rule name JUnitTestContainsTooManyAsserts has been deprecated. Use the new name UnitTestContainsTooManyAsserts instead.
  • The old rule name JUnitTestsShouldIncludeAssert has been deprecated. Use the new name UnitTestShouldIncludeAssert instead.
  • The old rule name DefaultLabelNotLastInSwitchStmt has been deprecated. Use the new name DefaultLabelNotLastInSwitch instead.
  • The old rule name SwitchStmtsShouldHaveDefault has been deprecated. USe the new name NonExhaustiveSwitch instead.
• java-errorprone
  • The old rule name NonCaseLabelInSwitchStatement has been deprecated. Use the new name NonCaseLabelInSwitch instead.
• java-performance
  • The old rule name TooFewBranchesForASwitchStatement has been deprecated. Use the new name TooFewBranchesForSwitch instead.

✨ Merged pull requests

• #4965: Fix #4532: [java] Rename JUnit rules with overly restrictive names - Juan Martín Sotuyo Dodero (@jsotuyod)
• #5040: [cpp] Ignore literals and ignore identifiers capability to C++ CPD - Jakub Dupak (@jdupak)
• #5225: Fix #5067: [java] CloseResource: False positive for FileSystems.getDefault() - Lukas Gräf (@lukasgraef)
• #5241: Ignore javacc code in coverage report - Juan Martín Sotuyo Dodero (@jsotuyod)
• #5245: [java] Improve UnitTestShouldUse{After,Before}Annotation rules to support JUnit5 and TestNG - Andreas Dangel (@adangel)
• #5247: Fix #5030: [java] Switch...

PMD 7.6.0 (27-September-2024)

27-September-2024 - 7.6.0

The PMD team is pleased to announce PMD 7.6.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
  • New Git default branch - "main"
• 🐛 Fixed Issues
• 🚨 API Changes
• ✨ Merged pull requests
• 📦 Dependency updates
• 📈 Stats

🚀 New and noteworthy

New Git default branch - "main"

We are joining the Git community and updating "master" to "main". Using the term "master" for the main
development branch can be offensive to some people. Existing versions of Git have been always capable of
working with any branch name and since 2.28.0 (July 2020) the default initial branch is configurable
(init.defaultBranch). Since October 2020, the default branch for new repositories on GitHub
is "main". Finally, PMD will also use this new name for the main branch in all our own repositories.

Why "main"? PMD uses a very simple branching model - pull requests with feature branches and one main development
branch, from which releases are created. That's why "main" is currently the best fitting name.

More information:

• https://sfconservancy.org/news/2020/jun/23/gitbranchname/
• https://github.blog/changelog/2020-10-01-the-default-branch-for-newly-created-repositories-is-now-main/

What changes?

• We change the default branch on GitHub, so that pull requests are automatically created against main from
  now on.

• If you have already a local clone of PMD's repository, you'll need to rename the old master branch locally:

  git branch --move master main
  git fetch origin
  git branch --set-upstream-to=origin/main main
  git remote set-head origin --auto
  

  More info:
  https://git-scm.com/book/en/v2/Git-Branching-Branch-Management#_changing_master and
  https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch#updating-a-local-clone-after-a-branch-name-changes

• If you created a fork on GitHub, you'll need to change the default branch in your fork to main as
  well (Settings > Default Branch).

• Some time after this release, we'll delete the old master branch on GitHub. Then only main can be used.

• This change is expanded to the other PMD repositories as well, e.g. pmd-designer and pmd-regression-tester.

🐛 Fixed Issues

• apex
  • #5138: [apex] Various false-negatives since 7.3.0 when using triggers
    (ApexCRUDViolation, CognitiveComplexity, OperationWithLimitsInLoop)
  • #5163: [apex] Parser error when using toLabel in SOSL query
  • #5182: [apex] Parser error when using GROUPING in a SOQL query
  • #5218: [apex] Parser error when using nested subqueries in SOQL
  • #5228: [apex] Parser error when using convertCurrency() in SOQL
• core
  • #5059: [core] xml output doesn't escape CDATA inside its own CDATA
  • #5201: [core] PMD sarif schema file points to nonexistent location
  • #5222: [core] RuleReference/RuleSetWriter don't handle changed default property values correctly
  • #5229: [doc] CLI flag --show-suppressed needs to mention xml, html, summaryhtml
• java
  • #5190: [java] NPE in type inference
• java-codestyle
  • #5046: [java] LocalVariableCouldBeFinal false positive with try/catch
• java-errorprone
  • #5068: [java] MissingStaticMethodInNonInstantiatableClass: false positive with builder pattern
  • #5207: [java] CheckSkipResult: false positve for a private method void skip(int) in a subclass of FilterInputStream

🚨 API Changes

No changes.

✨ Merged pull requests

• #5186: [java] Cleanup things about implicit classes - Clément Fournier (@oowekyala)
• #5188: [apex] Use new apex-parser 4.2.0 - Andreas Dangel (@adangel)
• #5191: [java] Fix #5046 - FPs in LocalVariableCouldBeFinal - Clément Fournier (@oowekyala)
• #5192: [java] Fix #5190 - NPE in type inference caused by null type - Clément Fournier (@oowekyala)
• #5195: [apex] Fix various FNs when using triggers - Andreas Dangel (@adangel)
• #5202: [core] Sarif format: refer to schemastore.org - David Schach (@dschach)
• #5208: [doc] Added Codety to "Tools / Integrations" - Tony (@random1223)
• #5210: [core] Fix PMD's XMLRenderer to escape CDATA - Andreas Dangel (@adangel)
• #5211: Change branch master to main - Andreas Dangel (@adangel)
• #5212: [java] Adjust signature matching in CheckSkipResultRule - Juan Martín Sotuyo Dodero (@jsotuyod)
• #5223: [core] Fix RuleReference / RuleSetWriter handling of properties - Andreas Dangel (@adangel)
• #5224: [java] Fix #5068: Class incorrectly identified as non-instantiatable - Lukas Gräf (@lukasgraef)
• #5230: [doc] Documentation update for --show-suppressed flag - David Schach (@dschach)
• #5237: [apex] Support convertCurrency() in SOQL/SOSL - Andreas Dangel (@adangel)

📦 Dependency updates

• #5185: Bump checkstyle from 10.14.0 to 10.18.1
• #5187: Bump org.apache.maven.plugins:maven-install-plugin from 3.1.1 to 3.1.3
• #5199: Bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.1 to 3.1.3
• #5216: Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.20.0 to 0.23.0
• #5226: Bump rouge from 4.3.0 to 4.4.0 in the all-gems group across 1 directory
• #5227: Bump com.google.code.gson:gson from 2.10.1 to 2.11.0
• #5232: Bump com.google.protobuf:protobuf-java from 3.25.3 to 3.25.5
• #5233: Bump webrick from 1.8.1 to 1.8.2 in /docs

📈 Stats

• 60 commits
• 27 closed tickets & PRs
• Days since last release: 27

PMD 7.5.0 (30-August-2024)

30-August-2024 - 7.5.0

The PMD team is pleased to announce PMD 7.5.0.

This is a minor release.

Table Of Contents

• 🚀 New: Java 23 Support
• 🌟 New Rules
• 🐛 Fixed Issues
• 🚨 API Changes
  • Deprecations
  • Experimental
• ✨ External Contributions
• 📦 Dependency updates
• 📈 Stats

🚀 New: Java 23 Support

This release of PMD brings support for Java 23. There are no new standard language features,
but a couple of preview language features:

• JEP 455: Primitive Types in Patterns, instanceof, and switch (Preview)
• JEP 476: Module Import Declarations (Preview)
• JEP 477: Implicitly Declared Classes and Instance Main Methods (Third Preview)
• JEP 482: Flexible Constructor Bodies (Second Preview)

Note that String Templates (introduced as preview in Java 21 and 22) are not supported anymore in Java 23,
see JDK-8329949 for details.

In order to analyze a project with PMD that uses these preview language features,
you'll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language
version 23-preview:

export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-23-preview ...

Note: Support for Java 21 preview language features have been removed. The version "21-preview"
are no longer available.

🌟 New Rules

• The new Java rule AvoidSynchronizedStatement finds synchronization blocks that
  could cause performance issues with virtual threads due to pinning.
• The new JavaScript rule AvoidConsoleStatements finds any function calls
  on the Console API (e.g. console.log). Using these in production code might negatively impact performance.

🐛 Fixed Issues

• apex-performance
  • #5139: [apex] OperationWithHighCostInLoop: false negative for triggers
• java
  • #5062: [java] Support Java 23
  • #5167: [java] java.lang.IllegalArgumentException: <?> cannot be a wildcard bound
• java-bestpractices
  • #3602: [java] GuardLogStatement: False positive when compile-time constant is created from external constants
  • #4731: [java] GuardLogStatement: Documentation is unclear why getters are flagged
  • #5145: [java] UnusedPrivateMethod: False positive with method calls inside lambda
  • #5151: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is a constant from another class
  • #5152: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is "this"
  • #5153: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is an array element
• java-design
  • #5048: [java] CognitiveComplexity: Exception when using Map.of()
  • #5162: [java] SingularField: False-positive when preceded by synchronized block
• java-multithreading
  • #5175: [java] Update AvoidSynchronizedAtMethodLevel message to mention ReentrantLock, new rule AvoidSynchronizedStatement
• javascript-performance
  • #5105: [javascript] Prohibit any console methods
• plsql
  • #5125: [plsql] Improve merge statement (order of merge insert/update flexible, allow prefixes in column names)
• plsql-bestpractices
  • #5132: [plsql] TomKytesDespair: XPathException for more complex exception handler

🚨 API Changes

Deprecations

• pmd-jsp
  • JspParserImpl is deprecated now. It should have been package-private
    because this is an implementation class that should not be used directly.
• pmd-plsql
  • MergeUpdateClausePrefix is deprecated. This production is
    not used anymore and will be removed. Note: The whole parser implementation class has been deprecated since 7.3.0,
    as it is supposed to be internalized.
• pmd-velocity
  • VtlParserImpl is deprecated now. It should have been package-private
    because this is an implementation class that should not be used directly.
• pmd-visualforce
  • VfParserImpl is deprecated now. It should have been package-private
    because this is an implementation class that should not be used directly.

Experimental

• pmd-java
  • Renamed isUnnamedClass() to ASTCompilationUnit#isSimpleCompilationUnit
  • ASTImplicitClassDeclaration
  • ASTImportDeclaration#isModuleImport
  • JavaVisitorBase#visit(ASTImplicitClassDeclaration, P)

✨ External Contributions

• #5125: [plsql] Improve merge statement (order of merge insert/update flexible, allow prefixes in column names) - Arjen Duursma (@duursma)
• #5175: [java] Update AvoidSynchronizedAtMethodLevel message to mention ReentrantLock, new rule AvoidSynchronizedStatement - Chas Honton (@chonton)

📦 Dependency updates

• #5100: Enable Dependabot
• #5141: Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.1 to 3.4.0
• #5142: Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0
• #5144: Bump org.codehaus.mojo:versions-maven-plugin from 2.16.2 to 2.17.1
• #5148: Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0
• #5149: Bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M13 to 4.0.0-M16
• #5160: Bump org.pcollections:pcollections from 3.2.0 to 4.0.2
• #5161: Bump danger from 9.4.3 to 9.5.0 in the all-gems group across 1 directory
• #5164: Bump org.apache.maven.plugins:maven-dependency-plugin from 3.6.1 to 3.7.1
• #5165: Bump the all-gems group across 1 directory with 2 updates
• #5171: Bump net.bytebuddy:byte-buddy-agent from 1.14.12 to 1.14.19
• #5180: Bump net.sf.saxon:Saxon-HE from 12.4 to 12.5

📈 Stats

• 87 commits
• 25 closed tickets & PRs
• Days since last release: 35

PMD 7.4.0 (26-July-2024)

26-July-2024 - 7.4.0

The PMD team is pleased to announce PMD 7.4.0.

This is a minor release.

Table Of Contents

• 🌟 New and changed rules
  • New Rules
  • Changed rules
  • Renamed rules
• 🐛 Fixed Issues
• 🚨 API Changes
• ✨ External Contributions
• 📈 Stats

🌟 New and changed rules

New Rules

• The new Apex rule AvoidNonRestrictiveQueries finds SOQL and SOSL queries without a where
  or limit statement. This can quickly cause governor limit exceptions.

Changed rules

• ClassNamingConventions (Apex Codestyle): Two new properties to configure different patterns
  for inner classes and interfaces: innerClassPattern and innerInterfacePattern.

Renamed rules

• InaccurateNumericLiteral (JavaScript Error Prone) has been renamed from InnaccurateNumericLiteral.
  The old rule name still works but is deprecated.

🐛 Fixed Issues

• apex
  • #5094: [apex] "No adapter exists for type" error message printed to stdout instead of stderr
• apex-bestpractices
  • #5095: [apex] ApexUnitTestShouldNotUseSeeAllDataTrue false negative due to casing (regression in PMD 7)
• apex-codestyle
  • #4800: [apex] ClassNamingConvention: Support naming convention for inner classes
• apex-performance
  • #635: [apex] New Rule: Avoid soql/sosl queries without a where clause or limit statement
• java-bestpractices
  • #5106: [java] AccessorClassGeneration: Node was null for default constructor
  • #5110: [java] UnusedPrivateMethod for method referenced by lombok.Builder.ObtainVia
  • #5117: [java] UnusedPrivateMethod for methods annotated with jakarta.annotation.PostConstruct or PreDestroy
• java-errorprone
  • #1488: [java] MissingStaticMethodInNonInstantiatableClass: False positive with Lombok Builder on Constructor
• javascript-errorprone
  • #2367: [javascript] InnaccurateNumericLiteral is misspelled
  • #4716: [javascript] InaccurateNumericLiteral with number 259200000
• plsql
  • #5086: [plsql] Fixed issue with missing optional table alias in MERGE usage
  • #5087: [plsql] Add support for SQL_MACRO
  • #5088: [plsql] Add support for 'DEFAULT' clause on the arguments of some oracle functions
  • #5133: [plsql] AssertionError: Root of the tree should implement RootNode for a PL/SQL type declaration
• cli
  • #5120: [cli] Can't start designer under Windows
• core
  • #5091: [core] PMD CPD v7.3.0 gives deprecation warning for skipLexicalErrors even when not used

🚨 API Changes

• javascript
  • The old rule name InnaccurateNumericLiteral has been deprecated. Use the new name
    InaccurateNumericLiteral instead.

✨ External Contributions

• #5048: [apex] Added Inner Classes to Apex Class Naming Conventions Rule - Justin Stroud (@justinstroudbah / @sgnl-labs)
• #5086: [plsql] Fixed issue with missing optional table alias in MERGE usage - Arjen Duursma (@duursma)
• #5087: [plsql] Add support for SQL_MACRO - Arjen Duursma (@duursma)
• #5088: [plsql] Add support for 'DEFAULT' clause on the arguments of some oracle functions - Arjen Duursma (@duursma)
• #5107: [doc] Update maven.md - Typo fixed for maven target - karthikaiyasamy (@karthikaiyasamy)
• #5109: [java] Exclude constructor with lombok.Builder for MissingStaticMethodInNonInstantiatableClass - Krzysztof Debski (@kdebski85)
• #5111: [java] Fix UnusedPrivateMethod for @lombok.Builder.ObtainVia - Krzysztof Debski (@kdebski85)
• #5118: [java] FP for UnusedPrivateMethod with Jakarta @PostConstruct/PreDestroy annotations - Krzysztof Debski (@kdebski85)
• #5121: [plsql] Fixed issue with missing optional table alias in MERGE usage - Arjen Duursma (@duursma)

📈 Stats

• 81 commits
• 32 closed tickets & PRs
• Days since last release: 27