Bump the dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the dependencies group with 6 updates in the / directory:

Package	From	To
software.amazon.awssdk:secretsmanager	2.29.6	2.30.36
com.github.spotbugs:spotbugs-annotations	4.8.6	4.9.2
org.apache.maven.plugins:maven-compiler-plugin	3.13.0	3.14.0
org.apache.maven.plugins:maven-javadoc-plugin	3.11.1	3.11.2
com.github.spotbugs:spotbugs-maven-plugin	4.8.6.5	4.9.2.0
org.sonatype.plugins:nexus-staging-maven-plugin	1.6.13	1.7.0

Updates software.amazon.awssdk:secretsmanager from 2.29.6 to 2.30.36

Updates com.github.spotbugs:spotbugs-annotations from 4.8.6 to 4.9.2

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

SpotBugs 4.9.2

CHANGELOG

Added

• Reporting useless @SuppressFBWarnings annotations (#641)

Fixed

• Fixed html bug descriptions for AT_STALE_THREAD_WRITE_OF_PRIMITIVE and AT_NONATOMIC_64BIT_PRIMITIVE (#3303)
• Fixed an HSM_HIDING_METHOD false positive when ECJ generates a synthetic method for an enum switch (#3305)
• Fix AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD false negatives, detector depending on method order.
• Fix THROWS_METHOD_THROWS_CLAUSE_THROWABLE reported in a method calling MethodHandle.invokeExact due to its polymorphic signature (#3309)
• Fix AT_STALE_THREAD_WRITE_OF_PRIMITIVE false positive in inner class (#3310).
• Fix AT_STALE_THREAD_WRITE_OF_PRIMITIVE false positive for ECJ compiled enum switches (#3316)
• Fix RC_REF_COMPARISON false positive with Lombok With annotation (#3319)
• Avoid calling File.getCanonicalPath twice to improve performance (#3325)
• Fix MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR and MC_OVERRIDABLE_METHOD_CALL_IN_CLONE false positive when the overridable method is outside the class (#3328).
• Fix NullPointerException thrown from ThrowingExceptions detector (#3337).

Removed

• Removed the TLW_TWO_LOCK_NOTIFY, LI_LAZY_INIT_INSTANCE, BRSA_BAD_RESULTSET_ACCESS, BC_NULL_INSTANCEOF, NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR and RCN_REDUNDANT_CHECKED_NULL_COMPARISON deprecated bug patterns.

CHECKSUM

file	checksum (sha256)
spotbugs-4.9.2-javadoc.jar	d34b4e08d87474b5970b9d1d9185a9944c2738a3b974332595dfc06355e5b2de
spotbugs-4.9.2-sources.jar	e70ddb0feee2aa0a67ee64d1ed5ff9fb57eb25cd9a78bbdef2742b02f2cd2799
spotbugs-4.9.2.tgz	ecee09196ce66ab686b6a874047107b01f51a6ee2fb9b8604ce64d88688a1400
spotbugs-4.9.2.zip	2ac6f163c266d2f7c11cc89d80d07ccad6755ac468cee20ca0b1e4217e567548
spotbugs-annotations-4.9.2-javadoc.jar	fbc8d5ad201ecae48bc3debca7f22fc791173b58d774e59a9e344f963e9e42e0
spotbugs-annotations-4.9.2-sources.jar	990ad9f3500499a99466b7c1e01284f4f41d1499358e7dc38c8defc59dab114c
spotbugs-annotations.jar	d5bef4678385fa052040bc7a5deeb8f2e06902189dea1a8dd818a5680ac0f015
spotbugs-ant-4.9.2-javadoc.jar	5451c7d63238ecfb3aacf540f348486a965574a6a8ae9486b0aa8c3240f1e413
spotbugs-ant-4.9.2-sources.jar	591073402e4110093a380169acd3f33b26c2f893c2eaed5a6460d9be0b26014e
spotbugs-ant.jar	3a6f453696294d5314e648d4891d35e34315e11cb63c758a1601021cc0d803d1
spotbugs.jar	7a75726e9da4c99d767813f5e9e65cf2a367a17e58f68befe009d05568ec8932
test-harness-4.9.2-javadoc.jar	a98da04ba818e358845dd96162f3e7301d9f8fd6fb82b3c105f33fa2a2de65db
test-harness-4.9.2-sources.jar	22688f14ef808cde65cc46e86d41c617fc397fc4967516006a73ce8bad658b9f
test-harness-4.9.2.jar	9bf5bba9546e4f89032006261dd2921a79fc3044e473ee1fa73af870cb43da15
test-harness-core-4.9.2-javadoc.jar	2a40c65270651ac8783bdf63939616b366482949d56746dcca0acf53f30a0da3
test-harness-core-4.9.2-sources.jar	13825de35190089490c7e290b52bafe6a9b08ab431177c0191dae9cf2a88a55d
test-harness-core-4.9.2.jar	3c74cc6d2d6f999d403f00f97685587e617d2bf1bfc348bbd0597e785c83feec
test-harness-jupiter-4.9.2-javadoc.jar	c50778636a54122dbf9f3c676ec2089d2938cbb6468364d0ee3a64022cae1881
test-harness-jupiter-4.9.2-sources.jar	0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.9.2.jar	0e9509de32f8fbc94cf088dbee80394fa93807a766532568e652cd622ce737c8

SpotBugs 4.9.1

CHANGELOG

Added

• New detector SharedVariableAtomicityDetector for new bug types AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE (See SEI CERT rules VNA00-J, VNA02-J and VNA05-J).
• New detector FindHiddenMethod for bug type HSM_HIDING_METHOD. This bug is reported whenever a subclass method hides the static method of super class. (See SEI CERT MET07-J).

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.9.2 - 2025-03-01

Added

• Reporting useless @SuppressFBWarnings annotations (#641)

Fixed

• Fixed html bug descriptions for AT_STALE_THREAD_WRITE_OF_PRIMITIVE and AT_NONATOMIC_64BIT_PRIMITIVE (#3303)
• Fixed an HSM_HIDING_METHOD false positive when ECJ generates a synthetic method for an enum switch (#3305)
• Fix AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD false negatives, detector depending on method order.
• Fix THROWS_METHOD_THROWS_CLAUSE_THROWABLE reported in a method calling MethodHandle.invokeExact due to its polymorphic signature (#3309)
• Fix AT_STALE_THREAD_WRITE_OF_PRIMITIVE false positive in inner class (#3310).
• Fix AT_STALE_THREAD_WRITE_OF_PRIMITIVE false positive for ECJ compiled enum switches (#3316)
• Fix RC_REF_COMPARISON false positive with Lombok With annotation (#3319)
• Avoid calling File.getCanonicalPath twice to improve performance (#3325)
• Fix MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR and MC_OVERRIDABLE_METHOD_CALL_IN_CLONE false positive when the overridable method is outside the class (#3328).
• Fix NullPointerException thrown from ThrowingExceptions detector (#3337).

Removed

• Removed the TLW_TWO_LOCK_NOTIFY, LI_LAZY_INIT_INSTANCE, BRSA_BAD_RESULTSET_ACCESS, BC_NULL_INSTANCEOF, NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR and RCN_REDUNDANT_CHECKED_NULL_COMPARISON deprecated bug patterns.

4.9.1 - 2025-02-02

Added

• New detector SharedVariableAtomicityDetector for new bug types AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE (See SEI CERT rules VNA00-J, VNA02-J and VNA05-J).
• New detector FindHiddenMethod for bug type HSM_HIDING_METHOD. This bug is reported whenever a subclass method hides the static method of super class. (See SEI CERT MET07-J).

Fixed

• Fixed the parsing of generics methods in ThrowingExceptions (#3267)
• Accept the 1st parameter of java.util.concurrent.CompletableFuture's completeOnTimeout(), getNow() and obtrudeValue() functions as nullable (#1001).
• Fixed the analysis error when FindReturnRef was checking instructions corresponding to a CFG branch that was optimized away (#3266)
• Added execute file permission to files in the distribution archive (#3274)
• Fixed a stack overflow in MultipleInstantiationsOfSingletons when a singleton initializer makes recursive calls (#3280)
• Fixed NPE in FindReturnRef on inner class fields (#3283)
• Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive when add edu.umd.cs.findbugs.annotations.Nullable (#3243)

4.9.0 - 2025-01-15

Added

• Updated the SuppressFBWarnings annotation to support finer grained bug suppressions (#3102)
• SimpleDateFormat, DateTimeFormatter, FastDateFormat string check for bad combinations of flag formatting (#637)
• New detector ResourceInMultipleThreadsDetector and introduced new bug type:
  • AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of unsafe resource access in multiple threads.

Fixed

• Do not consider Records as Singletons (#2981)
• Keep a maximum of 10000 cached analysis entries for plugin's analysis engines (#3025)
• Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when calling own methods (#2957)
• Check the actual caught exceptions (instead of their common type) when analyzing multi-catch blocks (#2968)
• System property findbugs.refcomp.reportAll is now being used. For some new conditions, it will emit an experimental warning (#2988)
• -version flag prints the version to the standard output (#2797)
• Revert the changes from (#2894) to get HTML stylesheets to work again (#2969)
• Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the synchronization is in a called method (#3045)

... (truncated)

Commits

• dcce8fb release v4.9.2
• e568f8e Report useless @SuppressFBWarnings annotations (#3307)
• 3e4997d [cleanup] use collection.of() functions for initialization where possible (#3...
• 1d2f530 fix(deps): update dependency org.apache.groovy:groovy-all to v4.0.26 (#3343)
• f50575e fix NPE in ThrowingExceptions detector (#3337)
• d7931b8 chore(deps): update dependency gradle to v8.13 (#3339)
• 777ebcc fix(deps): update dependency org.slf4j:slf4j-api to v2.0.17 (#3341)
• 3411be1 Fix #3328 and cleanup in FindOverridableMethodCall (#3330)
• d3f0540 fix(deps): update dependency checkstyle to v10.21.3 (#3333)
• 82e08e8 chore(deps): update sphinxdoc/sphinx docker tag to v8.2.1 (#3332)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.13.0 to 3.14.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.14.0

🚀 New features and improvements

• Enable GitHub Issues (#305) @​slawekjaranowski
• [MCOMPILER-579] - allow module-version configuration (#273) @​mguillem
• Bump org.codehaus.plexus:plexus-java from 1.2.0 to 1.4.0 - JDK 24 support (#293) @dependabot[bot]
• Update release-drafter configuration, PR automation (#281) @​slawekjaranowski
• [MCOMPILER-588] - JUnit4 test framework to JUnit5 migration (#236) @​MidNight-er

🐛 Bug Fixes

• Fix release-drafter config (#292) @​slawekjaranowski
• [MCOMPILER-591] - testCompile - fix detections of target less than 1.9 (#240) @​slawekjaranowski

📦 Dependency updates

• Bump org.codehaus.plexus:plexus-java from 1.2.0 to 1.4.0 - JDK 24 support (#293) @dependabot[bot]
• Bump mavenVersion from 3.6.3 to 3.9.9 (#283) @dependabot[bot]
• Bump org.mockito:mockito-core from 4.8.0 to 4.11.0 (#288) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 42 to 43 (#285) @dependabot[bot]
• [MCOMPILER-590] - Bump org.apache.maven.plugins:maven-plugins from 41 to 42 (#235) @dependabot[bot]

👻 Maintenance

• Update scm tag according to branch (#303) @​slawekjaranowski
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#300) @​Bukama
• Use JUnit version from parent (#299) @​slawekjaranowski
• [MCOMPILER-529] - Update docs about version schema (Maven 3) (#295) @​Bukama
• Use default Maven versions for build on GitHub (#289) @​slawekjaranowski
• Remove Maven 3 note (#241) @​elharo
• Remove info about old versions (#237) @​elharo

🔧 Build

• Exclude JDK 8 - temurin, adopt-openj9 on macos, use defaults values (#238) @​slawekjaranowski

Commits

• b5e7d9b [maven-release-plugin] prepare release maven-compiler-plugin-3.14.0
• 9134f12 Enable GitHub Issues
• 19b8b12 Update scm tag according to branch
• 09dce4e [MCOMPILER-579] allow module-version configuration (#273)
• f7c3c5f Bump org.codehaus.plexus:plexus-java from 1.2.0 to 1.4.0
• 764a54b [MNGSITE-529] Rename "Goals" to "Plugin Documentation"
• cfacbc1 PR Automation only on close event
• 5c26bba Use JUnit version from parent
• 5449407 [MCOMPILER-529] Update docs about version schema (Maven 3)
• 01d5b88 Bump mavenVersion from 3.6.3 to 3.9.9 (#283)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.11.1 to 3.11.2

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.11.2

🚀 New features and improvements

• [MJAVADOC-823] - legacyMode keeps using module-info.java (-sourcedirectory still use as well as java files input) (#343) @​olamy
• [MJAVADOC-814] - handle parameters such packages with multi lines (#337) @​olamy
• [MJAVADOC-822] - skippedModules should be more scalable and support regex (#336) @​olamy

📦 Dependency updates

• Bump com.thoughtworks.qdox:qdox from 2.1.0 to 2.2.0 (#344) @​dependabot
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#342) @​dependabot
• Bump org.codehaus.mojo:l10n-maven-plugin from 1.0.0 to 1.1.0 (#335) @​dependabot

👻 Maintenance

• refactor: Replace Plexus AbstractLogEnabled with SLF4J (#338) @​timtebeek

Commits

• 44cbab7 [maven-release-plugin] prepare release maven-javadoc-plugin-3.11.2
• 3de45d8 use github for scm
• 45ccf06 Bump com.thoughtworks.qdox:qdox from 2.1.0 to 2.2.0
• 530fa01 [MJAVADOC-823] legacyMode keeps using module-info.java (-sourcedirectory stil...
• 3a16d92 Bump commons-io:commons-io from 2.17.0 to 2.18.0
• 69c1ba7 Migrate from Plexus to Sisu Guice (#341)
• 39857ea Remove usages of deprecated ReaderFactory class (#339)
• 314203a [MJAVADOC-814] handle parameters such packages with multi lines (#337)
• 3bb982d refactor: Replace Plexus AbstractLogEnabled with SLF4J (#338)
• 76826c8 [MJAVADOC-822] skippedModules should be more scalable and support regex (#336)
• Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.5 to 4.9.2.0

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.9.2.0

User Changes

• Supports spotbugs 4.9.2
• Keep jsr 330 compatibility at javax namespace so maven 4 works well since it would cause issues
• Fix ability to use spotbugs plugin with an classifier as it would have previously failed
• Fix possible issue when no output directory supplied and path was used, make it a file
• Move project to use doxia 2 now
• Add some additional debug logging throughout

Build Changes

• Sonar now works
• Fix report plugin name
• Remove coverity and sonar gha actions (sonar was already project level covered)
• Remove coveralls action as it was not used
• Correct sonar issues
• Use more NIO where possible
• Remove all unused items from the base of check/verify mojos as those work against scanned code and play no direct part in the scanning
• Replaced maven artifact transfer with resolver
• Run dependency analyze to fix up build as much as possible
• Stop using 'def' throughout in favor of actual objects
• Move the build to use doxia 2

Spotbugs Maven Plugin 4.9.1.0

• Supports spotbugs 4.9.1

build

• Move plugin configuration from reporting section to plugin management

Spotbugs Maven Plugin 4.9.0.0

Project

• Requires java 11 now
• Support spotbugs 4.9.0
• Update plugins / dependencies
• cleanup some output logging that occurs during usage
• Use more concrete object definitions instead of 'def'
• Use Path.of instead of Paths.get
• Update javadoc that default character encoding is utf-8 not the system default. This has not been true in a very long time.

Build 33

• Add information on how to override with newer spotbugs as its rare that the maven plugin has any specific changes related to the spotbugs core updates.
• github action updates
• restructure entire pom to make use of dependency management to make it more clear we ware overriding libraries rather than using then and check dependency analyzer to see its decreasing invalid setup. This is intended to help when moving to doxia 2 which is still in progress.
• Use more dependency management setup
• reduce spotbugs variables so that renovate updates in fact update fully
• override any plugins from parent that now require doxia 2 back to their doxia 1 counterparts
• avoid transfer progress output throughout
• cleanup many warnings inside integration tests

note: Before this release, we had been forked off the original findbugs-maven-plugin. As that plugin points back here and give so many commits ahead, github was used to break the fork and retain all information otherwise which also updated all forks.

... (truncated)

Commits

• 0af6475 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.2.0
• e91a539 Merge pull request #1032 from hazendaz/master
• bc1df47 Remove unnecessary semi colons
• 8d7de81 Merge pull request #1031 from hazendaz/master
• 634c4e3 Small code cleanup
• 1a6d381 Merge pull request #1030 from hazendaz/master
• 0090e9f Move object closure to usage and add additional logging
• 4e541ff Merge pull request #1029 from hazendaz/fixdoxia2
• a8c4128 Remove renderer as in the upstream and we provide no value overriding it
• 46e9524 [site] Move all IT tests to site 2.0
• Additional commits viewable in compare view

Updates org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.13 to 1.7.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[simonmarty]

@dependabot rebase

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.