This is an automated email from the ASF dual-hosted git repository.
showuon pushed a commit to branch 3.9
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/3.9 by this push:
new 0f12ea4c087 KAFKA-17773 Upgrade spotbug to work under java 23 (3.9
backport) (#19310)
0f12ea4c087 is described below
commit 0f12ea4c087c32233c8a6af6566940c029690f15
Author: Stig Døssing <[email protected]>
AuthorDate: Mon Apr 7 04:27:36 2025 +0200
KAFKA-17773 Upgrade spotbug to work under java 23 (3.9 backport) (#19310)
Cherry picked from commit 078760a008fadcf524b31d079f8b08c9966c1139
Co-authored-by: Chia-Chuan Yu <[email protected]>
Reviewers: Luke Chen <[email protected]>
---
build.gradle | 5 +----
gradle/dependencies.gradle | 2 +-
gradle/resources/dependencycheck-suppressions.xml | 10 ----------
gradle/spotbugs-exclude.xml | 10 ++++++++++
4 files changed, 12 insertions(+), 15 deletions(-)
diff --git a/build.gradle b/build.gradle
index 5b064f42034..ae6718ab676 100644
--- a/build.gradle
+++ b/build.gradle
@@ -39,10 +39,7 @@ plugins {
id 'org.nosphere.apache.rat' version "0.8.1"
id "io.swagger.core.v3.swagger-gradle-plugin" version "${swaggerVersion}"
- // When updating the spotbugs gradle plugin, check if it already
- // includes spotbugs version 4.7.4, in which case CVE-2022-42920 can
- // be dropped from gradle/resources/dependencycheck-suppressions.xml
- id "com.github.spotbugs" version '5.1.3' apply false
+ id "com.github.spotbugs" version '6.0.25' apply false
id 'org.scoverage' version '8.0.3' apply false
// Updating the shadow plugin version to 8.1.1 causes issue with signing and
publishing the shadowed
// artifacts - see https://github.com/johnrengelman/shadow/issues/901
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 64636b6a3b7..6eab0d0506e 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -157,7 +157,7 @@ versions += [
scoverage: "2.0.11",
slf4j: "1.7.36",
snappy: "1.1.10.5",
- spotbugs: "4.8.0",
+ spotbugs: "4.8.6",
zinc: "1.9.2",
zookeeper: "3.8.4",
// When updating the zstd version, please do as well in
docker/native/native-image-configs/resource-config.json
diff --git a/gradle/resources/dependencycheck-suppressions.xml
b/gradle/resources/dependencycheck-suppressions.xml
index 2458e85ab2a..5ce34df1d2e 100644
--- a/gradle/resources/dependencycheck-suppressions.xml
+++ b/gradle/resources/dependencycheck-suppressions.xml
@@ -23,16 +23,6 @@
]]></notes>
<cve>CVE-2023-35116</cve>
</suppress>
- <suppress>
- <notes><![CDATA[
- This older version of BCEL is only included in spotbugs.
- CVE-2022-42920 is irrelevant for spotbugs
- (https://github.com/spotbugs/spotbugs/discussions/2251),
- This suppression will no longer be needed when spotbugs 4.7.4 is
- released.
- ]]></notes>
- <cve>CVE-2022-42920</cve>
- </suppress>
<suppress>
<notes><