Skip to content

build(deps): bump org.sonarsource.java:java-frontend from 8.19.0.40387 to 8.20.0.40630#614

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/maven/org.sonarsource.java-java-frontend-8.20.0.40630
Open

build(deps): bump org.sonarsource.java:java-frontend from 8.19.0.40387 to 8.20.0.40630#614
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/maven/org.sonarsource.java-java-frontend-8.20.0.40630

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 31, 2025
edited
Loading

Bumps org.sonarsource.java:java-frontend from 8.19.0.40387 to 8.20.0.40630.

Release notes

Sourced from org.sonarsource.java:java-frontend's releases.

8.20.0.40630

Release notes - SonarJava - 8.20

False Positive

SONARJAVA-4753 FP in S6813 and S3306 when using Micronaut framework AWS Lambdas

SONARJAVA-4895 S3329: FP when random IV is generated in separate function

SONARJAVA-5153 S1989 should not raise issue if exception is caught by try/catch block

SONARJAVA-5358 S6813 should not raise on fields in Activities and Fragments

SONARJAVA-5364 FP on S2187 for subclasses of test classes with Autoscan

SONARJAVA-5464 S1068: FP on variable used in @​FieldSource in @​ParameterizedTest

SONARJAVA-5548 FP on S1144 for jakarta.enterprise.event.ObservesAsync parameter annotations

SONARJAVA-5573 Type parameter annotations are wrongly used for nullability check

SONARJAVA-5620 FP on S1186 when testing that Spring Context loads

SONARJAVA-5751 S5738 should not report on the overriding of interface methods

SONARJAVA-5765 FP S2097 does not support PatternInstanceOfTree

SONARJAVA-5818 Fix FPs caused by state reset bug in CipherBlockChainingCheck

Bug

SONARJAVA-5763 S1948 should not crash when semantic is missing

SONARJAVA-5803 JSpecify @​NullUnmarked is miss-interpreted

SONARJAVA-5819 CheckVerifier should keep the context for all files when analyzing multiple files

Task

SONARJAVA-5771 Delete ws_scan_task

SONARJAVA-5798 Create PR cleanup action

SONARJAVA-5800 Add nightly build using Github action

SONARJAVA-5802 New analysis parameter: sonar.java.failOnStackOverflow (true by default)

False Negative

SONARJAVA-5797 False Negative with java:S2698 for org.testng

... (truncated)

Commits
  • 30e66d7 Update rule metadata (#5334)
  • 227f78b SONARJAVA-5797 Fix FP in S2698 on fail and assertEquals with a message (#5332)
  • 991bf5f SONARJAVA-5818: Fix FPs caused by missing state reset in CipherBlockChainingC...
  • 3f2f593 SONARJAVA-5819: Make check verifier keep the context for all files when analy...
  • 199ca4a Prepare next development iteration 8.20.0 (#5330)
  • cc118b6 SONARJAVA-5620 FP on S1186 when testing that Spring Context loads (#5329)
  • 22044bb SONARJAVA-5803 JSpecify @​NullUnmarked should be treated as unknown (#5327)
  • 1c24c62 SONARJAVA-4895: Fix S3329 FPs when random IV is generated in separate functio...
  • 8f3b201 SONARJAVA-5548: Add exception to S1144 for ObservesAsync annotations (#5328)
  • ce07d55 SONARJAVA-4967 FP in S4605 when basePackageClasses is used (#5324)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
build(deps): bump org.sonarsource.java:java-frontend
7ecf8a2 
Bumps [org.sonarsource.java:java-frontend](https://github.com/SonarSource/sonar-java) from 8.19.0.40387 to 8.20.0.40630.
- [Release notes](https://github.com/SonarSource/sonar-java/releases)
- [Commits](SonarSource/sonar-java@8.19.0.40387...8.20.0.40630)

---
updated-dependencies:
- dependency-name: org.sonarsource.java:java-frontend
  dependency-version: 8.20.0.40630
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Oct 31, 2025
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 31, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants