Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
uglify-js	3.17.4 -> 3.19.0
org.projectlombok:lombok (source)	1.18.30 -> 1.18.34
com.github.spotbugs:spotbugs-annotations (source)	4.8.3 -> 4.8.6
org.apache.maven.plugins:maven-javadoc-plugin	3.6.3 -> 3.8.0
org.apache.maven.plugins:maven-checkstyle-plugin	3.3.1 -> 3.4.0
com.github.spotbugs:spotbugs-maven-plugin (source)	4.8.3.0 -> 4.8.6.2
org.apache.maven.plugins:maven-failsafe-plugin	3.2.5 -> 3.3.1
org.apache.maven.plugins:maven-surefire-plugin	3.2.5 -> 3.3.1
com.fasterxml.jackson:jackson-bom	2.16.1 -> 2.17.2
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml	2.16.1 -> 2.17.2
com.fasterxml.jackson.core:jackson-databind (source)	2.16.1 -> 2.17.2
org.apache.maven.plugins:maven-jar-plugin	3.3.0 -> 3.4.2
org.apache.maven.plugins:maven-source-plugin	3.3.0 -> 3.3.1
org.apache.maven.plugins:maven-compiler-plugin	3.12.1 -> 3.13.0
org.apache.maven:maven-plugin-api	3.9.6 -> 3.9.8
org.apache.maven:maven-core	3.9.6 -> 3.9.8
org.apache.maven:maven-model	3.9.6 -> 3.9.8
org.apache.maven.plugins:maven-plugin-plugin	3.11.0 -> 3.13.1
org.apache.maven.plugin-tools:maven-plugin-annotations	3.11.0 -> 3.13.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

mishoo/UglifyJS (uglify-js)

v3.19.0

Compare Source

Features

• eliminate side-effect-free property access (9c80456, 95d3ede, 205a1d1, 124c4d3)
• improve hoist_vars efficiency (ce8ef52)
• improve compression around built-in function (8c5a899)
• improve deconstruction of singular destructuring assignment (8c5a899)

Bug Fixes

• __proto__ accessor (87c9edb)
• automatic semicolon insertion (008edfb, 8cfa37e)
• class field (2c73103, 0a33da4)
• default parameter (6669ea1)
• delete operator (b6b0658)
• destructuring syntax (f31311e, 8195a66, ed36c1e)
• function call (dc7aa32, 722465b)
• immediately invoked function expression (dc51a23)
• property access (6b23899)
• spread syntax (23d74be)
• try statement (8dc99fa, 787dfbe)
• unary arithmetic operator (fada1a1)

v3.18.0

Compare Source

Features

• convert const to let when possible (21aff99)
• process input as ES module by default (68d62a8, 17c3ae6)
• concatenate let and var declarations (e5cbd3e)
• avoid mangling of enableHighAccuracy & maximumAge DOM properties (aa7c338)
• compress array element assignments into declaration (ffe0fe7, 3dfb379)
• handle lexical function declaration in ES6+ (e7b9b4a)
• improve ESTree interoperability with third-party tools (ca4185a)

Bug Fixes

• assignment operator (f0ca9cf)
• async generator function (404794f)
• await operator (0991077)
• BigInt literal (2b1c321)
• class field (f40dbd6, 1d400f1)
• class literal (548f093)
• default parameter (57dd3f6)
• function call (e37a148, a437a61)
• generator function (574ca47)
• if statement (358faaa)
• immediately invoked function expression (1d400f1, aef7065, dd88f38, c911704)
• instanceof operator (8d28052)
• let statement (0cbd5ea)
• logical operator (7270671)
• nullish coalescing operator (2cb6454)
• switch statement (34b6143)
• ternary expression (f07dc5c)
• unary arithmetic operator (30bf068)
• var statement (2352909)

projectlombok/lombok (org.projectlombok:lombok)

v1.18.34

v1.18.32

Compare Source

spotbugs/spotbugs (com.github.spotbugs:spotbugs-annotations)

v4.8.6

Compare Source

Fixed

• Do not report BC_UNCONFIRMED_CAST for Java 21's type switches when the switch instruction is TABLESWITCH (#​2782)
• Do not throw exception when inspecting empty switch statements (#​2995)
• Adjust priority since relaxed mode reports even IGNORED_PRIORITY (#​2994)
• Fix duplicated log4j2 jar in distribution (#​3001)

v4.8.5

Compare Source

Fixed

• Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED with eager instances (#​2932)
• Fix FPs when looking for multiple initialization of Singletons (#​2934)
• Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches when switch instruction is TABLESWITCH(#​2736)
• Fix FP SE_BAD_FIELD for record fields (#​2935)

v4.8.4

Compare Source

Fixed

• Fix FP in SE_PREVENT_EXT_OBJ_OVERWRITE when the if statement checking for null value, checking multiple variables or the method exiting in the if branch with an exception. (#​2750)
• Fix possible null value in taxonomies of SARIF output (#​2744)
• Fix executionSuccessful flag in SARIF report being set to false when bugs were found (#​2116)
• Move information contained in the SARIF property exitSignalName to exitCodeDescription (#​2739)
• Do not report SE_NO_SERIALVERSIONID or other serialization issues for records (#​2793)
• Added support for CONSTANT_Dynamic (#​2759)
• Ignore generic variable types when looking for BC_UNCONFIRMED_CAST_OF_RETURN_VALUE (#​1219)
• Do not report BC_UNCONFIRMED_CAST for Java 21's type switches (#​2813)
• Remove AppleExtension library (note: menus slightly changed) (#​2823)
• Fix false positive NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE even if Objects.requireNonNull is used. (#​651, #​456)
• Fixed error preventing SpotBugs from reporting FE_FLOATING_POINT_EQUALITY (#​2843)
• Fixed NP_LOAD_OF_KNOWN_NULL_VALUE and RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE false positives in try-with-resources generated finally blocks (#​2844)
• Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches (#​2828)
• Update UnreadFields detector to ignore warnings for fields with certain annotations (#​574)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with @​PostConstruct, @​BeforeEach, etc. (#​2872 #​2870 #​453)
• Do not report DLS_DEAD_LOCAL_STORE for Hibernate bytecode enhancements (#​2865)
• Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positives due to source code formatting (#​2874)
• Added more nullability annotations in TypeQualifierResolver (#​2558 #​2694)
• Improved the bug description for VA_FORMAT_STRING_USES_NEWLINE when using text blocks, check the usage of String.formatted() (#​2881)
• Fixed crash in ValueRangeAnalysisFactory when looking for redundant conditions used in assertions #​2887)
• Revert again commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#​2686)
• Fixed false positive MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR when referencing but not calling an overridable method #​2837)
• Update the filter XSD namespace and location for the upcoming 4.8.4 release #​2909)

Added

• New detector MultipleInstantiationsOfSingletons and introduced new bug types:
  • SING_SINGLETON_HAS_NONPRIVATE_CONSTRUCTOR is reported in case of a non-private constructor,
  • SING_SINGLETON_IMPLEMENTS_CLONEABLE is reported in case of a class directly implementing the Cloneable interface,
  • SING_SINGLETON_INDIRECTLY_IMPLEMENTS_CLONEABLE is reported when a class indirectly implements the Cloneable interface,
  • SING_SINGLETON_IMPLEMENTS_CLONE_METHOD is reported when a class does not implement the Cloneable interface, but has a clone() method,
  • SING_SINGLETON_IMPLEMENTS_SERIALIZABLE is reported when a class directly or indirectly implements the Serializable interface and
  • SING_SINGLETON_GETTER_NOT_SYNCHRONIZED is reported when the instance-getter method of the singleton class is not synchronized.
    (See SEI CERT MSC07-J)
• Extend FindOverridableMethodCall detector with new bug type: MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT. It's reported when an overridable method is called from readObject(), according to SEI CERT rule SER09-J. Do not invoke overridable methods from the readObject() method.

Changed

• Minor cleanup in connection with slashed and dotted names (#​2805)

Build

• Fix sonar coverage for project (#​2796)
• Upgraded the build to compile bug samples using Java 21 language features (#​2813)
• Add 'configurations.checkstyle resolution starategy' to control bug in gradle on exclusions not being excluded properly as seen in checkstyle usage. See https://github.com/checkstyle/checkstyle/issues/14211 for more information. (#​2798)
• Allow our builds to work with jdk 11 with drop back on Eclipse to 4.24 and spring to 5.3.31. (#​2604)

---

Configuration

📅 Schedule: Branch creation - "before 9pm on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.