Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency pmd/pmd to v7.5.0 #3947

Merged
merged 1 commit into from
Aug 30, 2024
Merged

chore(deps): update dependency pmd/pmd to v7.5.0 #3947

merged 1 commit into from
Aug 30, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 30, 2024

This PR contains the following updates:

Package Update Change
pmd/pmd minor 7.4.0 -> 7.5.0

Release Notes

pmd/pmd (pmd/pmd)

v7.5.0: PMD 7.5.0 (30-August-2024)

Compare Source

30-August-2024 - 7.5.0

The PMD team is pleased to announce PMD 7.5.0.

This is a minor release.

Table Of Contents
🚀 New: Java 23 Support

This release of PMD brings support for Java 23. There are no new standard language features,
but a couple of preview language features:

Note that String Templates (introduced as preview in Java 21 and 22) are not supported anymore in Java 23,
see JDK-8329949 for details.

In order to analyze a project with PMD that uses these preview language features,
you'll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language
version 23-preview:

export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-23-preview ...

Note: Support for Java 21 preview language features have been removed. The version "21-preview"
are no longer available.

🌟 New Rules
  • The new Java rule AvoidSynchronizedStatement finds synchronization blocks that
    could cause performance issues with virtual threads due to pinning.
  • The new JavaScript rule AvoidConsoleStatements finds any function calls
    on the Console API (e.g. console.log). Using these in production code might negatively impact performance.
🐛 Fixed Issues
  • apex-performance
    • #​5139: [apex] OperationWithHighCostInLoop: false negative for triggers
  • java
    • #​5062: [java] Support Java 23
    • #​5167: [java] java.lang.IllegalArgumentException: <?> cannot be a wildcard bound
  • java-bestpractices
    • #​3602: [java] GuardLogStatement: False positive when compile-time constant is created from external constants
    • #​4731: [java] GuardLogStatement: Documentation is unclear why getters are flagged
    • #​5145: [java] UnusedPrivateMethod: False positive with method calls inside lambda
    • #​5151: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is a constant from another class
    • #​5152: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is "this"
    • #​5153: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is an array element
  • java-design
    • #​5048: [java] CognitiveComplexity: Exception when using Map.of()
    • #​5162: [java] SingularField: False-positive when preceded by synchronized block
  • java-multithreading
    • #​5175: [java] Update AvoidSynchronizedAtMethodLevel message to mention ReentrantLock, new rule AvoidSynchronizedStatement
  • javascript-performance
    • #​5105: [javascript] Prohibit any console methods
  • plsql
    • #​5125: [plsql] Improve merge statement (order of merge insert/update flexible, allow prefixes in column names)
  • plsql-bestpractices
    • #​5132: [plsql] TomKytesDespair: XPathException for more complex exception handler
🚨 API Changes
Deprecations
  • pmd-jsp
    • JspParserImpl is deprecated now. It should have been package-private
      because this is an implementation class that should not be used directly.
  • pmd-plsql
    • MergeUpdateClausePrefix is deprecated. This production is
      not used anymore and will be removed. Note: The whole parser implementation class has been deprecated since 7.3.0,
      as it is supposed to be internalized.
  • pmd-velocity
    • VtlParserImpl is deprecated now. It should have been package-private
      because this is an implementation class that should not be used directly.
  • pmd-visualforce
    • VfParserImpl is deprecated now. It should have been package-private
      because this is an implementation class that should not be used directly.
Experimental
✨ External Contributions
📦 Dependency updates
  • #​5100: Enable Dependabot
  • #​5141: Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.1 to 3.4.0
  • #​5142: Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0
  • #​5144: Bump org.codehaus.mojo:versions-maven-plugin from 2.16.2 to 2.17.1
  • #​5148: Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0
  • #​5149: Bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M13 to 4.0.0-M16
  • #​5160: Bump org.pcollections:pcollections from 3.2.0 to 4.0.2
  • #​5161: Bump danger from 9.4.3 to 9.5.0 in the all-gems group across 1 directory
  • #​5164: Bump org.apache.maven.plugins:maven-dependency-plugin from 3.6.1 to 3.7.1
  • #​5165: Bump the all-gems group across 1 directory with 2 updates
  • #​5171: Bump net.bytebuddy:byte-buddy-agent from 1.14.12 to 1.14.19
  • #​5180: Bump net.sf.saxon:Saxon-HE from 12.4 to 12.5
📈 Stats
  • 87 commits
  • 25 closed tickets & PRs
  • Days since last release: 35

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from nvuillam as a code owner August 30, 2024 09:35
@renovate renovate bot added the dependencies Pull requests that update a dependency file label Aug 30, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 30, 2024
edited
Loading

🦙 MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
✅ API spectral 1 0 1.2s
✅ BASH bash-exec 5 0 0.02s
✅ BASH shellcheck 5 0 0.13s
✅ BASH shfmt 5 0 0 0.79s
✅ COPYPASTE jscpd yes no 4.06s
✅ DOCKERFILE hadolint 126 0 15.42s
✅ JSON jsonlint 20 0 0.21s
✅ JSON v8r 22 0 31.41s
⚠️ MARKDOWN markdownlint 264 0 292 37.61s
✅ MARKDOWN markdown-table-formatter 264 0 0 140.69s
⚠️ PYTHON bandit 209 66 2.61s
✅ PYTHON black 209 0 0 5.78s
✅ PYTHON flake8 209 0 2.54s
✅ PYTHON isort 209 0 0 2.51s
✅ PYTHON mypy 209 0 18.6s
✅ PYTHON pylint 209 0 17.8s
✅ PYTHON ruff 209 0 0 0.83s
✅ REPOSITORY checkov yes no 46.35s
✅ REPOSITORY git_diff yes no 0.76s
⚠️ REPOSITORY grype yes 1 24.18s
✅ REPOSITORY secretlint yes no 14.19s
✅ REPOSITORY trivy yes no 22.67s
✅ REPOSITORY trivy-sbom yes no 1.49s
⚠️ REPOSITORY trufflehog yes 1 11.88s
✅ SPELL cspell 687 0 11.52s
⚠️ SPELL lychee 346 9 22.4s
✅ XML xmllint 3 0 0 0.81s
✅ YAML prettier 160 0 0 5.82s
✅ YAML v8r 102 0 182.19s
✅ YAML yamllint 161 0 2.36s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by OX Security

@nvuillam nvuillam merged commit a3e32e2 into main Aug 30, 2024
126 checks passed
@nvuillam nvuillam deleted the renovate/pmd-pmd-7.x branch August 30, 2024 17:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nvuillam nvuillam nvuillam approved these changes

@echoix echoix echoix approved these changes

@bdovaz bdovaz Awaiting requested review from bdovaz bdovaz is a code owner

@Kurt-von-Laven Kurt-von-Laven Awaiting requested review from Kurt-von-Laven Kurt-von-Laven is a code owner

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nvuillam @echoix