fix(deps): update dependency com.github.spotbugs:spotbugs-annotations to v4.9.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
com.github.spotbugs:spotbugs-annotations (source)	4.8.6 -> 4.9.0

---

Release Notes

spotbugs/spotbugs (com.github.spotbugs:spotbugs-annotations)

v4.9.0

Compare Source

Added

• Updated the SuppressFBWarnings annotation to support finer grained bug suppressions (#​3102)
• SimpleDateFormat, DateTimeFormatter, FastDateFormat string check for bad combinations of flag formatting (#​637)
• New detector ResourceInMultipleThreadsDetector and introduced new bug type:
  • AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of unsafe resource access in multiple threads.

Fixed

• Do not consider Records as Singletons (#​2981)
• Keep a maximum of 10000 cached analysis entries for plugin's analysis engines (#​3025)
• Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when calling own methods (#​2957)
• Check the actual caught exceptions (instead of their common type) when analyzing multi-catch blocks (#​2968)
• System property findbugs.refcomp.reportAll is now being used. For some new conditions, it will emit an experimental warning (#​2988)
• -version flag prints the version to the standard output (#​2797)
• Revert the changes from (#​2894) to get HTML stylesheets to work again (#​2969)
• Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the synchronization is in a called method (#​3045)
• Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by Spring AOT (#​3059)
• Detect failure to close RocksDB's ReadOptions (#​3069)
• Fix FP EI_EXPOSE_REP when there are multiple immutable assignments (#​3023)
• Fixed false positive NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin, handle Kotlin's Intrinsics.checkNotNullParameter() (#​3094)
• Fixed some CWE mappings (#​3124)
• Recognize some classes as immutable, fixing EI_EXPOSE and MS_EXPOSE FPs (#​3137)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with TestNG's @​BeforeClass. (#​3152)
• Fixed detector FindReturnRef not finding references exposed from nested and inner classes (#​2042)
• Fix call graph, include non-parametric void methods (#​3160)
• Fix multiple reporting of identical bugs messing up statistics (#​3185)
• Added missing comma between line number and confidence when describing matching and mismatching bugs for tests (#​3187)
• Fixed method matchers with array types (#​3203)
• Fix SARIF report's message property in Exception to meet the standard (#​3197)
• Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called finalize() but not with the correct signature. (#​3207)
• Fixed an error in the detection of bridge methods causing analysis crashes (#​3208)
• Fixed detector ThrowingExceptions by removing false positive reports, such as synthetic methods (lambdas), methods which inherited their exception specifications and methods which call throwing methods (#​2040)
• Do not report DP_DO_INSIDE_DO_PRIVILEGED, DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in code targeting Java 17 and above, since it advises the usage of deprecated method (#​1515).
• Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive for a builder delegating to another builder (#​3235)

Cleanup

• Cleanup thread issue and regex issue in test-harness (#​3130)
• Remove extra blank lines and remove public from interface objects as inherently already public (#​3131)
• Fix order of modifiers on properties/methods and ensure correct location in file (#​3132, #​3177)
• Return objects directly instead of creating more garbage collection by defining them (#​3133, #​3175)
• Restrict the constructor of abstract classes visibility to protected (#​3178)
• Cleanup double initialization and fix comments referring to findbugs instead of spotbugs(#​3134)
• Use diamond operator in constructor calls of Collections (#​3176)
• Use Collection.isEmpty() or String.isEmpty() to test for emptiness (#​3180, #​3219)
• Use method references instead of lambdas where possible (#​3179)
• Move default clauses to the end of switches (#​3222)
• Remove unnecessary throws declarations (#​3220)
• Use Boolean.parseBoolean() for string-to-boolean conversion. (#​3217)
• Rename shadowing fields (#​3221)
• Combine catch blocks with the same body (#​3223)
• Merge conditions of nested ifs (#​3231)
• Use non deprecated 'getDottedClassName' instead of 'toDottedClassName'(#​3251)
• Use try with resources where possible (#​3253)

Changed

• Bump up Java version to 11

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

Summary by Sourcery

构建:

• 将 SpotBugs 注解依赖项更新至 4.9.0 版本。

Original summary in English

Summary by Sourcery

Build:

• Update SpotBugs annotations dependency to 4.9.0.

[sourcery-ai]

审阅者指南 by Sourcery

此 PR 将 com.github.spotbugs:spotbugs-annotations 依赖从版本 4.8.6 更新到 4.9.0。

显示 SpotBugs 注解版本更新的类图

classDiagram
    class SuppressFBWarnings {
        +String[] value
        +String[] justification
        +String[] sourceLines
    }
    note for SuppressFBWarnings "从 v4.8.6 更新到 v4.9.0
增加了对更细粒度 bug 抑制的支持"

Loading

文件级别变更

变更	详情	文件
将 spotbugs-annotations 升级到 4.9.0	在 gradle/libs.versions.toml 中将版本从 4.8.6 更新到 4.9.0	gradle/libs.versions.toml

---

提示和命令

与 Sourcery 交互

• 触发新的审阅： 在拉取请求中评论 @sourcery-ai review。
• 继续讨论： 直接回复 Sourcery 的审阅评论。
• 从审阅评论生成 GitHub 问题： 通过回复评论要求 Sourcery 创建问题。
• 生成拉取请求标题： 在拉取请求标题的任何位置写 @sourcery-ai 以随时生成标题。
• 生成拉取请求摘要： 在拉取请求正文的任何位置写 @sourcery-ai summary 以随时生成 PR 摘要。您还可以使用此命令指定摘要的插入位置。

自定义您的体验

访问您的仪表板以：

• 启用或禁用审阅功能，如 Sourcery 生成的拉取请求摘要、审阅者指南等。
• 更改审阅语言。
• 添加、删除或编辑自定义审阅说明。
• 调整其他审阅设置。

获取帮助

• 联系我们的支持团队提出问题或反馈。
• 访问我们的文档获取详细指南和信息。
• 通过关注我们的 X/Twitter、LinkedIn 或 GitHub 与 Sourcery 团队保持联系。

Original review guide in English

Reviewer's Guide by Sourcery

This PR updates the com.github.spotbugs:spotbugs-annotations dependency from version 4.8.6 to 4.9.0.

Class diagram showing SpotBugs Annotations version update

classDiagram
    class SuppressFBWarnings {
        +String[] value
        +String[] justification
        +String[] sourceLines
    }
    note for SuppressFBWarnings "Updated from v4.8.6 to v4.9.0
Added support for finer grained bug suppressions"

Loading

File-Level Changes

Change	Details	Files
Upgrade spotbugs-annotations to 4.9.0	Update version from 4.8.6 to 4.9.0 in gradle/libs.versions.toml	gradle/libs.versions.toml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

我们跳过了对这个拉取请求的审查。看起来这是由机器人创建的（嘿，renovate[bot]！）。我们假设它知道自己在做什么！

Original comment in English

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, renovate[bot]!). We assume it knows what it's doing!

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 59.26%. Comparing base (6cb280c) to head (78431f3).

✅ All tests successful. No failed tests found.

Additional details and impacted files

@@             Coverage Diff              @@
##               main     #548      +/-   ##
============================================
+ Coverage     59.03%   59.26%   +0.23%     
- Complexity     1229     1233       +4     
============================================
  Files           430      430              
  Lines          5104     5104              
  Branches        360      360              
============================================
+ Hits           3013     3025      +12     
+ Misses         1870     1857      -13     
- Partials        221      222       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.