Bump spotbugs to 4.5.3

Adopt newer versions to improve JDK compatiblity, the migration guide is
available at https://spotbugs.readthedocs.io/en/latest/migration.html#for-spotbugs-users

EI_EXPOSE_REP and EI_EXPOSE_REP2 are disabled as they produce a ton of
false positives.

Change-Id: Iac2bb34ae6fdaec9183e04b0bbd3224f0fbaf307
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>

diff --git a/odlparent/pom.xml b/odlparent/pom.xml
index 7680a7e4ec6774ed8115e9350b7bd3686bbdbc9a..2876c491afca25da1d80b1464f274a32d3759c8f 100644 (file)
--- a/odlparent/pom.xml
+++ b/odlparent/pom.xml
@@ -1494,12 +1494,12 @@
         <plugin>
           <groupId>com.github.spotbugs</groupId>
           <artifactId>spotbugs-maven-plugin</artifactId>
-          <version>3.1.12.2</version>
+          <version>4.5.3.0</version>
           <dependencies>
             <dependency>
               <groupId>com.github.spotbugs</groupId>
               <artifactId>spotbugs</artifactId>
-              <version>3.1.12</version>
+              <version>4.5.3</version>
             </dependency>
             <dependency>
               <groupId>org.opendaylight.odlparent</groupId>
@@ -1507,10 +1507,10 @@
               <version>10.0.0-SNAPSHOT</version>
             </dependency>
             <dependency>
-              <!-- The SpotBugs Maven plugin uses SLF4J 1.8 beta 2 -->
+              <!-- The SpotBugs Maven plugin uses SLF4J 1.8 beta 4 -->
               <groupId>org.slf4j</groupId>
               <artifactId>slf4j-simple</artifactId>
-              <version>1.8.0-beta2</version>
+              <version>1.8.0-beta4</version>
             </dependency>
           </dependencies>
           <configuration>
@@ -1844,41 +1844,6 @@
     </plugins>
   </build>
 
-  <profiles>
-    <profile>
-      <id>disable-spotbugs</id>
-      <activation>
-        <!-- Current spotbugs does not support JDK15+ -->
-        <jdk>[15,)</jdk>
-      </activation>
-
-      <properties>
-        <odlparent.spotbugs.skip>true</odlparent.spotbugs.skip>
-      </properties>
-
-      <build>
-        <plugins>
-          <plugin>
-            <groupId>com.github.ekryd.echo-maven-plugin</groupId>
-            <artifactId>echo-maven-plugin</artifactId>
-            <executions>
-              <execution>
-                <id>UNTESTED-JDK</id>
-                <goals>
-                  <goal>echo</goal>
-                </goals>
-                <phase>test</phase>
-                <configuration>
-                  <message>Running on JDK newer than 11, which is not supported. Skipping SpotBugs execution.</message>
-                </configuration>
-              </execution>
-            </executions>
-          </plugin>
-        </plugins>
-      </build>
-    </profile>
-  </profiles>
-
   <reporting>
     <plugins>
       <plugin>

diff --git a/spotbugs/src/main/resources/spotbugs-exclude.xml b/spotbugs/src/main/resources/spotbugs-exclude.xml
index ac43de45237fc8a924aa041179148f2f6b2a75f0..d9d1ef36dcff6eb36fd992a1a77cdde25e82ea35 100644 (file)
--- a/spotbugs/src/main/resources/spotbugs-exclude.xml
+++ b/spotbugs/src/main/resources/spotbugs-exclude.xml
@@ -29,6 +29,13 @@
 
       <!-- https://github.com/spotbugs/spotbugs/issues/756. spotbugs does not grok Java 11's try-with-resources -->
       <Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE"/>
+
+      <!-- https://github.com/spotbugs/spotbugs/issues/1601. The new heuristics for determining mutability are
+           borderline insane. As an example: it flags org.osgi.framework.BundleContext as a mutable object (presumably
+           because of addListener()) and you just cannot store a reference in the field without a corresponding
+           @SuppressFBWarnings. -->
+      <Bug pattern="EI_EXPOSE_REP"/>
+      <Bug pattern="EI_EXPOSE_REP2"/>
     </Or>
   </Match>
 </FindBugsFilter>