Bump sonar.java.version from 8.3.0.36747 to 8.4.0.37032

[dependabot]

Bumps sonar.java.version from 8.3.0.36747 to 8.4.0.37032.
Updates org.sonarsource.java:sonar-java-plugin from 8.3.0.36747 to 8.4.0.37032

Release notes

Sourced from org.sonarsource.java:sonar-java-plugin's releases.

8.4.0.37032

Release notes - SonarJava - 8.4

Bug

SONARJAVA-4262 S1226 should fail its analysis because the CFG builder cannot recover the yield argument

SONARJAVA-4480 Bug in rule S1066 quickfix: preserve conditional logic when collapsing if by using parentheses

SONARJAVA-4950 S6204: IndexOutOfBoundsException when lombok.val is used

SONARJAVA-4961 S6916: Quickfix suggesting to merge single if into existing pattern guard does not take operators precedence into account

SONARJAVA-4963 Line and column positions are wrong after text blocks using '\' line continuations

SONARJAVA-5059 S6901: ClassCastException when certain thread-related methods are called on `this`

SONARJAVA-5080 S1659: Quickfix breaks syntax when multiple arrays are declared

Documentation

SONARJAVA-5020 Clarify documentation about sonar.java.skipUnchanged (need to notify doc team)

False-Positive

SONARJAVA-3829 S2629 should not report when log level is enabled

SONARJAVA-3882 Don't complain about ImmutableSet.of and ImmutableMap.of in S4738

SONARJAVA-3970 Rule S1989 should consider tokens as case sensitive

SONARJAVA-4022 FP S5960 when analyzing package containing ".it."

SONARJAVA-4061 S2226 should ignore fields assigned in `init` method

SONARJAVA-4238 S2924 should not report on non-private rules declared inside of abstract classes

SONARJAVA-4287 S3012 has a false positive when using either auto boxing or auto unboxing

SONARJAVA-5058 S1144: FP when encountering nested class's private method without semantics

SONARJAVA-5079 S6857 FP when SpEL don't have "#{...}"

SONARJAVA-5089 FP in S1312 for interfaces

SONARJAVA-5091 FP in S6813 when Quarkus is used

SONARJAVA-5096 S1764: FP on expressions with side-effects

SONARJAVA-5098 FP in S3457 when using strings involving \\n

... (truncated)

Commits

• a4e418b Remove vulnerable dependency tomcat-embed-jasper (#4891)
• f485329 SONARJAVA-5135 Update rules metadata (#4889)
• 7c74350 [NO JIRA] Remove unused azure and spring dependencies from SE test sources (#...
• 9d76c0f SONARJAVA-3882 Don't complain about ImmutableSet.of and ImmutableMap.of in S4...
• 0d7703c SONARJAVA-4238 S2924 should not report on non-private rules declared inside o...
• b3741f0 Bump com.azure:azure-identity (#4887)
• 1a24d2d SONARJAVA-4287 S3012 has a false positive when using either auto boxing or au...
• 68d1c8c Prepare for next development iteration 8.4.0 (#4855)
• b541188 SONARJAVA-4061 S2226 should ignore fields assigned in init method (#4881)
• a4433c7 Bump org.springframework:spring-web (#4884)
• Additional commits viewable in compare view

Updates org.sonarsource.java:java-checks-testkit from 8.3.0.36747 to 8.4.0.37032

Release notes

Sourced from org.sonarsource.java:java-checks-testkit's releases.

8.4.0.37032

Release notes - SonarJava - 8.4

Bug

SONARJAVA-4262 S1226 should fail its analysis because the CFG builder cannot recover the yield argument

SONARJAVA-4480 Bug in rule S1066 quickfix: preserve conditional logic when collapsing if by using parentheses

SONARJAVA-4950 S6204: IndexOutOfBoundsException when lombok.val is used

SONARJAVA-4961 S6916: Quickfix suggesting to merge single if into existing pattern guard does not take operators precedence into account

SONARJAVA-4963 Line and column positions are wrong after text blocks using '\' line continuations

SONARJAVA-5059 S6901: ClassCastException when certain thread-related methods are called on `this`

SONARJAVA-5080 S1659: Quickfix breaks syntax when multiple arrays are declared

Documentation

SONARJAVA-5020 Clarify documentation about sonar.java.skipUnchanged (need to notify doc team)

False-Positive

SONARJAVA-3829 S2629 should not report when log level is enabled

SONARJAVA-3882 Don't complain about ImmutableSet.of and ImmutableMap.of in S4738

SONARJAVA-3970 Rule S1989 should consider tokens as case sensitive

SONARJAVA-4022 FP S5960 when analyzing package containing ".it."

SONARJAVA-4061 S2226 should ignore fields assigned in `init` method

SONARJAVA-4238 S2924 should not report on non-private rules declared inside of abstract classes

SONARJAVA-4287 S3012 has a false positive when using either auto boxing or auto unboxing

SONARJAVA-5058 S1144: FP when encountering nested class's private method without semantics

SONARJAVA-5079 S6857 FP when SpEL don't have "#{...}"

SONARJAVA-5089 FP in S1312 for interfaces

SONARJAVA-5091 FP in S6813 when Quarkus is used

SONARJAVA-5096 S1764: FP on expressions with side-effects

SONARJAVA-5098 FP in S3457 when using strings involving \\n

... (truncated)

Commits

• a4e418b Remove vulnerable dependency tomcat-embed-jasper (#4891)
• f485329 SONARJAVA-5135 Update rules metadata (#4889)
• 7c74350 [NO JIRA] Remove unused azure and spring dependencies from SE test sources (#...
• 9d76c0f SONARJAVA-3882 Don't complain about ImmutableSet.of and ImmutableMap.of in S4...
• 0d7703c SONARJAVA-4238 S2924 should not report on non-private rules declared inside o...
• b3741f0 Bump com.azure:azure-identity (#4887)
• 1a24d2d SONARJAVA-4287 S3012 has a false positive when using either auto boxing or au...
• 68d1c8c Prepare for next development iteration 8.4.0 (#4855)
• b541188 SONARJAVA-4061 S2226 should ignore fields assigned in init method (#4881)
• a4433c7 Bump org.springframework:spring-web (#4884)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)