Bump com.github.spotbugs:spotbugs-annotations from 4.9.3 to 4.9.6

[dependabot]

Bumps com.github.spotbugs:spotbugs-annotations from 4.9.3 to 4.9.6.

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

4.9.6

SpotBugs 4.9.6

CHANGELOG

Fixed

• Fix exception throw when analyzing jakarta.servlet.http.HttpServletRequest method calls (#3711)

CHECKSUM

file	checksum (sha256)
spotbugs-4.9.6-javadoc.jar	b4b9373ad6f22ad2547a8274501f87b01e2428c30aabaea3aeec3f9095636e24
spotbugs-4.9.6-sources.jar	89687b6e685c9a07f7faf49f29b832fb861884f2160947eb4396498cdbb33cc4
spotbugs-4.9.6.tgz	55aa9b9e3deef0391be285335dcf134d1ce54aae222bba1da757eaa616108957
spotbugs-4.9.6.zip	86fb3f93c4147383f76fe21ab2807956b34cf17108a42a76311efa4977f952cc
spotbugs-annotations-4.9.6-javadoc.jar	4c9f8027f6a2313ef22347f4832e5dccc9c58d350d1bd5bff4d5a53f37e1c220
spotbugs-annotations-4.9.6-sources.jar	075b2eed660c2fe2fb1ad1de028f8fdff5f358e25c1318706b95ab17bb28be44
spotbugs-annotations.jar	523d394a6b36174ad0a22f0c1c75b105ccff42869a8b7ce86e7fd339ca6f86ce
spotbugs-ant-4.9.6-javadoc.jar	9b510af8cd3a5c62560fe544b730ebf44cbb109e085fe526add155258612273c
spotbugs-ant-4.9.6-sources.jar	91477d93b1fd1bebae35d318427b5238fb458e726478dc1a8ac41ce74838a1e6
spotbugs-ant.jar	22f2fa397e86663adcd4828cc1c91e63aa6cc2bfc56832885b749a86fac5c784
spotbugs.jar	62a0def31899338200fc9013b4db8a8aedfc3536ca7d70d59038b092dfaa6819
test-harness-4.9.6-javadoc.jar	bdcef7587312fb9a85d0d292623ea1a779bfe8b9a5e321d73bb8ad92ce79ed0a
test-harness-4.9.6-sources.jar	805d2d124b0d4ea513ee9262d4ad6027c3471d45defd80fd7d20e23425d17df7
test-harness-4.9.6.jar	0076a3bc9602c78d73edb048e625a96ee6a182fa3dd39300aa739af67b954189
test-harness-core-4.9.6-javadoc.jar	7d7a7d6944e7199e06384104b163c11145ed60dd567fefd9b788f3ac03770e18
test-harness-core-4.9.6-sources.jar	656579431db1b2714faeeca3c3d59426e2ffdfdb0725546b4090f993d2413eeb
test-harness-core-4.9.6.jar	66db286ae1dd056458c1e0303a8e2f81fe95a2c5d2888172a3ed17e993434bf1
test-harness-jupiter-4.9.6-javadoc.jar	8925836d7d1198ec223c4ff5118fd596278df4157d910eb767f7f312a7df8904
test-harness-jupiter-4.9.6-sources.jar	59bbb8581ed4bdd212a669d94ec363b6c1d6df9276a608359c66d7f0c1688279
test-harness-jupiter-4.9.6.jar	0582a99bdc66e24c7e36753014729149189fd27129ec5a2f38a8d67457bc9696

SpotBugs 4.9.5

CHANGELOG

Fixed

• Fix for an error when a record method has the @SuppressFBWarnings annotation (#3622)
• Fix SF_SWITCH_FALLTHROUGH false positive when continuing a loop (#3617)
• CWO_CLOSED_WITHOUT_OPENED false positive (#3616)
• SF_SWITCH_NO_DEFAULT false positive fix for switch-arrow (#3645)
• Fix the issue with BCEL logging Duplicating value: ... (#3621)
• Add missing jakarta support for servlets / pre/post destroy (#3694)

Added

• Add 'java.nio.file.Path.of' to known types for path traversal checks (#3699)

Cleanup

• S1481: Unused local variables should be removed (#3654)
• Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotatoin (#3695)

CHECKSUM

| file | checksum (sha256) |

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.9.6 - 2025-09-16

Fixed

• Fix exception throw when analyzing jakarta.servlet.http.HttpServletRequest method calls (#3711)

4.9.5 - 2025-09-14

Fixed

• Fix for an error when a record method has the @SuppressFBWarnings annotation (#3622)
• Fix SF_SWITCH_FALLTHROUGH false positive when continuing a loop (#3617)
• CWO_CLOSED_WITHOUT_OPENED false positive (#3616)
• SF_SWITCH_NO_DEFAULT false positive fix for switch-arrow (#3645)
• Fix the issue with BCEL logging Duplicating value: ... (#3621)
• Add missing jakarta support for servlets / pre/post destroy (#3694)

Added

• Add 'java.nio.file.Path.of' to known types for path traversal checks (#3699)

Cleanup

• S1481: Unused local variables should be removed (#3654)
• Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotatoin (#3695)

4.9.4 - 2025-08-07

Changed

• AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
• Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
• Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

Fixed

• Widen main method recognition according to JEP 445. (#3371)
• Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields, parameters, packages or classes with an *.Generated annotation with retention >= class (#3350)(#3409)
• Rewrite some member in ResourceValueFrame.java to Enum (#2061)
• Ignore non-interpreted text when looking for FS_BAD_DATE_FORMAT_FLAG_COMBO (#3387)
• Fix IllegalArgumentException thrown from FindNoSideEffectMethods detector (#3320)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito doAnswer(), doCallRealMethod(), doNothing(), doThrow() or doReturn() call (#3334)
• Fix CT_CONSTRUCTOR_THROW false positive with public and private constructors in specific order of methods (#3417)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE FP when the relevant code is in private method, which is only called with proper synchronization (#3428)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a BDDMockito call (#3441)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE when field of a local variable is set. (#3459)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE FP when there was no compound operation (#3363)
• Fix NM_FIELD_NAMING_CONVENTION crash in the TestASM detector (#3489)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in JUnit 3/4 setUp() method. (#3169)
• Fix US_USELESS_SUPPRESSION_ON_FIELD/UUF_UNUSED_FIELD false positive (#3496)
• Make the osgi manifest of the annotations jar Java 8 compatible (#3498) (#3500)
• TextUICommandLine supports all options encoded in Eclipse preferences file (#3520)
• Unnecessary suppressions fix for records headers (#3471)
• Dead store fix when switch case contains loops (#3530) (#3449)
• Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects (#3463)
• Detect cases when equals() unconditionally returns true or false (#3528)
• Do not report that an Iterator does not throw NoSuchElementException when hasNext() returns true (#3501)
• Detect random value cast to int when stored in temporary variable (#3461)
• Look for interfaces default methods when searching uncalled private methods (#1988)

... (truncated)

Commits

• aa3a737 release v4.9.6
• 7d37faa chore(build): Temporarily remove the publish part
• 923f053 chore(docs): Minor syntax
• d662709 chore(build): Rework the bin/hub to gh replacement
• 95470b8 prepare for next release
• 71e3706 release v4.9.6
• 68013c0 chore(Build): Rename as yaml extensions, use gh, and update conf versions (#3...
• 9f0ec12 chore: Use proper import (#3716)
• 6f81754 chore(deps): update plugin com.gradle.develocity to v4.2 (#3714)
• 1f1fd68 Fix exception throw when analyzing jakarta.servlet.http.HttpServletRequest ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)