Bump com.guardsquare:proguard-core from 9.1.6 to 9.1.8

[dependabot]

Bumps com.guardsquare:proguard-core from 9.1.6 to 9.1.8.

Release notes

Sourced from com.guardsquare:proguard-core's releases.

9.1.8

Improved

• Improve runtime of BamTransferRelation.
• Add a method signature and descriptor parser in the new package proguard.classfile.attribute.signature.

Kotlin support

• Add support for processing Kotlin 2.1 metadata.

API changes for the dataflow analysis code

This is a continuation of the API changes started in release 9.1.7.

• Remove JvmValueBamCpaRun in order to simplify the utility code to run the analysis. ValueAnalyzer is the direct replacement, this class has the same behavior as JvmValueBamCpaRun, as long as analyze is called only once.
• Remove JvmTaintMemoryLocationBamCpaRun in order to simplify the utility code to run the analysis. TaintAnalyzer is the direct replacement, this class has the same behavior as JvmTaintMemoryLocationBamCpaRun, as long as analyze is called only once.
• Remove the CpaRun infrastructure.
• Remove MapAbstractStateFactory, WrapperTransferRelation, and other classes that were only used with the tree heap model.
• Remove StateNames and getStateByName.
• Refactor several classes taking generic parameters for CfaEdge, CfaNode, and Signature, to not use the generic parameters anymore. They now default to JvmCfaEdge, JvmCfaNode, and MethodSignature.
• Refactor CPA reached set, waitlist, operators, and all their dependant classes to be parametrized by the type of abstract states of the dataflow analysis. This allows to make the code safe at compile time and avoid unnecessary casts.
• Move AbortOperator from being a parameter of CpaAlgorithm#run to the ConfigurableProgramAnalysis interface.
• Move functionalities of LatticeAbstractState to AbstractState. Remove AbstractDomain since the abstract states can now perform directly the isLessOrEqual and join operations without the need of delegation.

Bugfixes

• Fix semi-lattice properties of MultiTypedReferenceValue's generalize() method
• Fix integers potentially being used as reference identifier during interprocedural value analysis. This could result in the analysis not reaching a fixed point.
• Fix JvmTaintTransferRelation#propagateExtraTaints propagating taint incorrectly if the stack contains more than one element.

9.1.7

Bugfixes

• Make sure injected initialization methods in interfaces have the correct access flags.

Improved

• InstructionSequenceMatcher now supports matching of primitive array constants.
• Support propagation of extra specified taints in JvmTaintTransferRelation.
• Introduce ReflectiveModel and ReflectiveModelExecutor to simplify the creation and analysis of Models.

API improvements

• Rename CallVisitor to CallHandler and add extra parameters to handle calls accounting for more data.
• Add ClassUtil.isClassInitializer(String) and ClassUtil.isInstanceInitializer(String).
• Extend MemberCollectionFilter to accept a Set of any subtype of Member.

API changes

• Move classes related to Model to the proguard.evaluation.value.object.model package.
• StringSharer now uses a string pool to share strings, instead of traversing references.

... (truncated)

Commits

• f7a90c7 Update github workflow
• b0bbdd0 Add option to ExecutingInvocationUnit for reading non-final constant values
• f613383 Add null checks for KotlinPropertyMetadata class
• 61f3489 Fix array initialization matcher crashing when processing unreachable code
• e9e67ab Avoid using integer reference identifiers during value analysis also for arrays
• 550d0cd Fix bug in constructor taint propagation if the stack contains more than one ...
• fed4d93 Move release note to correct PGC version
• 28856c2 Fix integers potentially being used as reference identifier during interproce...
• e3097d7 Improve release notes
• 70401e0 Clean up InvalidSignatureCleaner using the new signature parser
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)