Skip to content

build:(deps): Bump com.google.errorprone:error_prone_core from 2.23.0 to 2.36.0 #190

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nbaars merged 9 commits into from
Jan 3, 2025
Merged

build:(deps): Bump com.google.errorprone:error_prone_core from 2.23.0 to 2.36.0 #190

nbaars merged 9 commits into from
Jan 3, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 25, 2024
edited
Loading

Bumps com.google.errorprone:error_prone_core from 2.23.0 to 2.36.0.

Release notes

Sourced from com.google.errorprone:error_prone_core's releases.

Error Prone 2.36.0

Changes:

  • Add new matcher interfaces to ErrorProneScanner for AST nodes introduced after Java 11 (e5fd194fa21ef9a01e8d4c72489906247aad81c8)
  • Fix compatibility with latest JDK 24 EA builds (google/error-prone@d67bc15)
  • Check that --should-stop=ifError=FLOW is set when using the -Xplugin integration (e71db1f369a9367f6f2db34c4fbd006b6d6238fd)

New checks:

Closed issues: #4633, #4646

Error Prone 2.35.1

Error Prone's dependency on protobuf has been downgraded to 3.25.5 for this release.

Version 3.25.5 of protobuf still fixes CVE-2024-7254. This release is provided for users who aren't ready to update to 4.x, see also #4584 and #4634. Future versions of Error Prone will upgrade back to protobuf 4.x.

Full changelog: google/error-prone@v2.35.0...v2.35.1

Error Prone 2.35.0

Changes:

  • Fix handling of \s before the trailing delimiter in MisleadingEscapedSpace
  • TimeUnitMismatch improvements: handle binary trees, consider trees like fooSeconds * 1000 to have units of millis

New checks:

Full changelog: google/error-prone@v2.34.0...v2.35.0

Error Prone 2.34.0

Changes:

  • Passing the javac flag --should-stop=ifError=FLOW is now required when running Error Prone (#4595)
  • The MemberName check was renamed to IdentifierName

New checks:

Closed issues: #4595, #4598, #4620

Full changelog: google/error-prone@v2.33.0...v2.34.0

... (truncated)

Commits
  • ab522c7 Release Error Prone 2.36.0
  • fc5aade Remove swathes of assume()s on the current runtime version.
  • b222ea8 Handle qualified enum elements in MissingCasesInEnumSwitch.
  • 332cbfa Support record destructuring in ArgumentSelectionDefectChecker.
  • 0db3360 UsafeLocaleUsage: update the proposed fix to use replace(char, char)
  • c816c8b StatementSwitchToExpressionSwitch - remove // fall out comments in switches
  • b5fa441 Consolidate javadoc plugin version
  • 2afd0cf Run StatementSwitchToExpressionSwitch_refactoring over EP.
  • 37895d3 Fix snapshot doc publishing after https://github.com/google/error-prone/commi...
  • c438756 StatementSwitchToExpressionSwitch: for "assignment switch" and "direct conver...
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
build:(deps): Bump com.google.errorprone:error_prone_core
3ba94f3 
Bumps [com.google.errorprone:error_prone_core](https://github.com/google/error-prone) from 2.23.0 to 2.36.0.
- [Release notes](https://github.com/google/error-prone/releases)
- [Commits](google/error-prone@v2.23.0...v2.36.0)

---
updated-dependencies:
- dependency-name: com.google.errorprone:error_prone_core
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Nov 25, 2024
@dependabot dependabot bot mentioned this pull request Nov 25, 2024
Closed
@nbaars
Copy link
Owner

nbaars commented Jan 3, 2025

@dependabot rebase

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 3, 2025

Dependabot attempted to update this pull request, but because the branch dependabot/maven/com.google.errorprone-error_prone_core-2.36.0 is protected it was unable to do so.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 3, 2025

Oh no! Something went wrong on our end. Please try again later.

If the problem persists, please contact GitHub support for assistance 🙇

dependabot bot and others added 8 commits January 3, 2025 16:30
@dependabot
build:(deps): Bump org.bouncycastle:bcprov-jdk18on from 1.78.1 to 1.79 (
83ed44e 
#191)
@dependabot
build:(deps): Bump org.codehaus.mojo:license-maven-plugin from 2.4.0 …
4cb4101 
…to 2.5.0 (#192)
@dependabot
build:(deps): Bump org.apache.maven.plugins:maven-surefire-plugin fro…
293679e 
…m 3.5.1 to 3.5.2 (#189)
@dependabot
build:(deps-dev): Bump org.junit.jupiter:junit-jupiter-api from 5.11.…
2fc3562 
…0 to 5.11.3 (#194)
@dependabot
build:(deps): Bump org.apache.maven.plugins:maven-deploy-plugin from …
bb1b12d 
…3.1.1 to 3.1.3 (#193)
@dependabot
build:(deps): Bump org.apache.maven.plugins:maven-javadoc-plugin from…
a912e1d 
… 3.10.0 to 3.11.2 (#196)

* build:(deps): Bump org.apache.maven.plugins:maven-javadoc-plugin

Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.10.0 to 3.11.2.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](apache/maven-javadoc-plugin@maven-javadoc-plugin-3.10.0...maven-javadoc-plugin-3.11.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* chore: update license header

* fix: use Java 11 during CodeQL analysis

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nanne Baars <[email protected]>
@dependabot
build:(deps): Bump de.thetaphi:forbiddenapis from 3.7 to 3.8 (#195)
5b5dbda 
* build:(deps): Bump de.thetaphi:forbiddenapis from 3.7 to 3.8

Bumps [de.thetaphi:forbiddenapis](https://github.com/policeman-tools/forbidden-apis) from 3.7 to 3.8.
- [Commits](policeman-tools/forbidden-apis@3.7...3.8)

---
updated-dependencies:
- dependency-name: de.thetaphi:forbiddenapis
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* build:(deps): Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.10.0 to 3.11.2 (#196)

* build:(deps): Bump org.apache.maven.plugins:maven-javadoc-plugin

Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.10.0 to 3.11.2.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](apache/maven-javadoc-plugin@maven-javadoc-plugin-3.10.0...maven-javadoc-plugin-3.11.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* chore: update license header

* fix: use Java 11 during CodeQL analysis

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nanne Baars <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nanne Baars <[email protected]>
fix: move to error-prone version 2.31.0
cbccbf4
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 3, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@nbaars nbaars merged commit 96d5421 into main Jan 3, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nbaars