Bump org.checkerframework:checker-qual from 3.47.0 to 3.48.1

[dependabot]

Bumps org.checkerframework:checker-qual from 3.47.0 to 3.48.1.

Release notes

Sourced from org.checkerframework:checker-qual's releases.

Checker Framework 3.48.1

Version 3.48.1 (October 11, 2024)

User-visible changes:

The Returns Receiver sub-checker is now disabled by default when running the Resource Leak Checker, as usually it is not needed and it adds overhead. To enable it, use the new -AenableReturnsReceiverForRlc command-line argument.

Closed issues:

#6434, #6810, #6839, #6842, #6856.

Checker Framework 3.48.0

Version 3.48.0 (October 2, 2024)

User-visible changes:

The new SqlQuotesChecker prevents errors in quoting in SQL queries. It prevents injection attacks that exploit quoting errors.

Aggregate Checkers now interleave error messages so that all errors about a line of code appear together.

Closed issues:

#3568, #6725, #6753, #6769, #6770, #6780, #6785, #6795, #6804, #6811, #6825.

Changelog

Sourced from org.checkerframework:checker-qual's changelog.

Version 3.48.1 (October 11, 2024)

User-visible changes:

The Returns Receiver sub-checker is now disabled by default when running the Resource Leak Checker, as usually it is not needed and it adds overhead. To enable it, use the new -AenableReturnsReceiverForRlc command-line argument.

Closed issues:

#6434, #6810, #6839, #6842, #6856.

Version 3.48.0 (October 2, 2024)

User-visible changes:

The new SqlQuotesChecker prevents errors in quoting in SQL queries. It prevents injection attacks that exploit quoting errors.

Aggregate Checkers now interleave error messages so that all errors about a line of code appear together.

Closed issues:

#3568, #6725, #6753, #6769, #6770, #6780, #6785, #6795, #6804, #6811, #6825.

Commits

• d051fac new release 3.48.1
• cb38512 Prep for release.
• 69d703d More precise analysis of Signature string manipulation
• 6e8ed8e Skip parens
• b4e97b9 Update dependency org.plumelib:reflection-util to v1.1.4
• f503ebc Change smart to dumb quotes
• 15cb814 Fix problem with GLB
• b9dd1af Improved documentation and naming for annotation comparisons
• 09f423a Only capture fields that are not on the LHS of assignments
• 238e276 Augment arrayaccess node
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[reta]

@dependabot rebase please

[opensearch-trigger-bot]

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/security/backport-2.x
# Create a new branch
git switch --create backport/backport-4808-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 1b24f8ef43d9af030ebba7a4a9c8e1f52d4f1220
# Push it to GitHub
git push --set-upstream origin backport/backport-4808-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-4808-to-2.x.