Bump com.github.spotbugs:spotbugs-annotations from 4.9.0 to 4.9.4 in /test/framework

[dependabot]

Bumps com.github.spotbugs:spotbugs-annotations from 4.9.0 to 4.9.4.

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

SpotBugs 4.9.4

CHANGELOG

• https://github.com/spotbugs/spotbugs/blob/4.9.4/CHANGELOG.md

CHECKSUM

file	checksum (sha256)
note: The checksums were not produced here due to change with gradle 9 when we published. This is subsequently fixed for next releases.

SpotBugs 4.9.3

CHANGELOG

Added

• Introduced UselessSuppressionDetector to report the useless annotations instead of NoteSuppressedWarnings (#3348)

Fixed

• Do not report US_USELESS_SUPPRESSION_ON_METHOD on synthetic methods (#3351)

CHECKSUM

file	checksum (sha256)
spotbugs-4.9.3-javadoc.jar	3d0d103724cbaaffc27f17d28d9b17f8972fb378397f8f04f6f05268bde110b7
spotbugs-4.9.3-sources.jar	0aa5c905469eb578a3dbe09dcf704cf892568610cdb58550b142d658e37a29d4
spotbugs-4.9.3.tgz	d464d56050cf1dbda032e9482e1188f7cd7b7646eaff79c2e6cbe4d6822f4d9f
spotbugs-4.9.3.zip	3b2dcf86f97d701700121cee4bd22305d4b54fd9ed7666fa0f53933a4ab92251
spotbugs-annotations-4.9.3-javadoc.jar	5fce79dc01a97aae84670922dd3581aa621b980535e4f6695a71db553dcb9cb4
spotbugs-annotations-4.9.3-sources.jar	990ad9f3500499a99466b7c1e01284f4f41d1499358e7dc38c8defc59dab114c
spotbugs-annotations.jar	13532bfe2f45fcd491432221df72d9cd0efb8f987c9245e12befa192c8925ce3
spotbugs-ant-4.9.3-javadoc.jar	346eb5215f9d157ab46c3216a783416e2fa2e8c9d4458143267fb518f81c7d77
spotbugs-ant-4.9.3-sources.jar	591073402e4110093a380169acd3f33b26c2f893c2eaed5a6460d9be0b26014e
spotbugs-ant.jar	3a6f453696294d5314e648d4891d35e34315e11cb63c758a1601021cc0d803d1
spotbugs.jar	710e8b98f1ae23cdb71aaaf07e8d71fb63b44f2bbbaa1df3c3ba0de62aba6ec9
test-harness-4.9.3-javadoc.jar	57f51147e289b5c6493f844beaac97cde57773a1d16ce064e9deb8963b3f99ce
test-harness-4.9.3-sources.jar	22688f14ef808cde65cc46e86d41c617fc397fc4967516006a73ce8bad658b9f
test-harness-4.9.3.jar	9bf5bba9546e4f89032006261dd2921a79fc3044e473ee1fa73af870cb43da15
test-harness-core-4.9.3-javadoc.jar	15aac012f3a8c8d6600075efe824aecab8233778e58345fecca65d7970256311
test-harness-core-4.9.3-sources.jar	13825de35190089490c7e290b52bafe6a9b08ab431177c0191dae9cf2a88a55d
test-harness-core-4.9.3.jar	3c74cc6d2d6f999d403f00f97685587e617d2bf1bfc348bbd0597e785c83feec
test-harness-jupiter-4.9.3-javadoc.jar	a8f276fb01743b8dc9f8cd6b517ae0748e38f673e31615a923c9c61f5fd9de58
test-harness-jupiter-4.9.3-sources.jar	0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.9.3.jar	0e9509de32f8fbc94cf088dbee80394fa93807a766532568e652cd622ce737c8

SpotBugs 4.9.2

CHANGELOG

Added

• Reporting useless @SuppressFBWarnings annotations (#641)

Fixed

• Fixed html bug descriptions for AT_STALE_THREAD_WRITE_OF_PRIMITIVE and AT_NONATOMIC_64BIT_PRIMITIVE (#3303)
• Fixed an HSM_HIDING_METHOD false positive when ECJ generates a synthetic method for an enum switch (#3305)
• Fix AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD false negatives, detector depending on method order.

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.9.4 - 2025-08-07

Changed

• AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
• Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
• Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

Fixed

• Widen main method recognition according to JEP 445. (#3371)
• Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields, parameters, packages or classes with an *.Generated annotation with retention >= class (#3350)(#3409)
• Rewrite some member in ResourceValueFrame.java to Enum (#2061)
• Ignore non-interpreted text when looking for FS_BAD_DATE_FORMAT_FLAG_COMBO (#3387)
• Fix IllegalArgumentException thrown from FindNoSideEffectMethods detector (#3320)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito doAnswer(), doCallRealMethod(), doNothing(), doThrow() or doReturn() call (#3334)
• Fix CT_CONSTRUCTOR_THROW false positive with public and private constructors in specific order of methods (#3417)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE FP when the relevant code is in private method, which is only called with proper synchronization (#3428)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a BDDMockito call (#3441)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE when field of a local variable is set. (#3459)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE FP when there was no compound operation (#3363)
• Fix NM_FIELD_NAMING_CONVENTION crash in the TestASM detector (#3489)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in JUnit 3/4 setUp() method. (#3169)
• Fix US_USELESS_SUPPRESSION_ON_FIELD/UUF_UNUSED_FIELD false positive (#3496)
• Make the osgi manifest of the annotations jar Java 8 compatible (#3498) (#3500)
• TextUICommandLine supports all options encoded in Eclipse preferences file (#3520)
• Unnecessary suppressions fix for records headers (#3471)
• Dead store fix when switch case contains loops (#3530) (#3449)
• Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects (#3463)
• Detect cases when equals() unconditionally returns true or false (#3528)
• Do not report that an Iterator does not throw NoSuchElementException when hasNext() returns true (#3501)
• Detect random value cast to int when stored in temporary variable (#3461)
• Look for interfaces default methods when searching uncalled private methods (#1988)
• Fixed field self assignment false positive (#2258)
• Fixed DMI_INVOKING_TOSTRING_ON_ARRAY on newer JDK (#1147)
• Fix NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive with Objects.requireNonNull (#2965) (#3573)
• Track inner classes access methods to correctly report the bugs (#2029)
• SF_SWITCH_NO_DEFAULT false positive fix (#1148) (#3572)

Added

• Added the unnecessary annotation to the US_USELESS_SUPPRESSION_ON_* messages (#3395)
• Multi-threaded code checks can be skipped with @NotThreadSafe (#3390)
• New bug type CWO_CLOSED_WITHOUT_OPENED for locks that might be released without even being acquired. (See SEI CERT rule LCK08-J) (#2055)
  • Breaking change: changed values and new items in ResourceValueFrame.
• Inline access method for method. (#3481)
• Added DMI_MISLEADING_SUBSTRING for calling subString(0) on a StringBuffer/StringBuilder (#1928)

Signing

• Signing for Eclipse plugin has been removed at the current time due to signing keys being expired. The expired key produced a warning during install, the same is true without signing.

4.9.3 - 2025-03-14

Added

• Introduced UselessSuppressionDetector to report the useless annotations instead of NoteSuppressedWarnings (#3348)

... (truncated)

Commits

• 014b0ee release v4.9.4
• 0c0f125 build: Adjustments to the tag checking
• 788524b prepare for next release
• 44656f0 release v4.9.4
• da2f64d build: Make sure check is against origin/master not master
• 0db0852 prepare for next release
• 7ecaa15 release v4.9.4
• a2845af build: Remove space in curl
• b433c57 build: Disable parallel builds for now
• a4e906f build: Cleanup release action to correctly work
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependabot. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Superseded by #333.