• Supports spotbugs 4.9.1

build

• Move plugin configuration from reporting section to plugin management

Project

• Requires java 11 now
• Support spotbugs 4.9.0
• Update plugins / dependencies
• cleanup some output logging that occurs during usage
• Use more concrete object definitions instead of 'def'
• Use Path.of instead of Paths.get
• Update javadoc that default character encoding is utf-8 not the system default. This has not been true in a very long time.

Build 33

• Add information on how to override with newer spotbugs as its rare that the maven plugin has any specific changes related to the spotbugs core updates.
• github action updates
• restructure entire pom to make use of dependency management to make it more clear we ware overriding libraries rather than using then and check dependency analyzer to see its decreasing invalid setup. This is intended to help when moving to doxia 2 which is still in progress.
• Use more dependency management setup
• reduce spotbugs variables so that renovate updates in fact update fully
• override any plugins from parent that now require doxia 2 back to their doxia 1 counterparts
• avoid transfer progress output throughout
• cleanup many warnings inside integration tests

note: Before this release, we had been forked off the original findbugs-maven-plugin. As that plugin points back here and give so many commits ahead, github was used to break the fork and retain all information otherwise which also updated all forks.

• Cleanup groovy code
• Cleanup character encoding
• Update deprecated maven calls
• Groovy moved to 4.0.24

Compatibility remains with 4.8.6 of spotbugs

• Moved most 'read' only maven injections to read data from maven session instead to overcome many deprecated usage. This puts it on their api and thus if things are internally deprecated, its then maven's issue rather than this plugin to figure out.
• remove obsolete script source roots as no longer support in maven 4 and technically I've never seen them used. Please let me know if this negatively affects you as there are other manually coded items like kotlin / groovy that are in the code there so scripts could be manually added back.
• Remove some of the read only attributes for maven injection that were not actually used.
• More def to object type
• Various lib / plugin updates
• Enable partial formatting (mostly removing trailing whitespace)

Compatibility remains with 4.8.6 of spotbugs

• Groovy set to 4.0.23
• Drop maven site plugin 3.6 and before support.

• Ability to disable logs in quite mode (spotbugs.quiet) #842
• Fix output directory per #807
• Update plugins / dependencies
• Fix tag used to build spotbugs during GHA
• Use inject annotation from jsr330 instead of deprecated component annotation

Build

• Remove old overrides from pom as addressed
• Cleanup javadocs
• Remove snapshot from javadocs at 2.1 as non existent
• Order attribute order of annotations
• Use log commonly throughout (newer coded used getLog in one place)
• Sort imports
• Add opens for java.lang and java.util for site build as needed on newer jdks
• Correct GHA for site distribution
• Delete duplicate codeql github action
• Speed up github actions

• Supports spotbugs 4.8.6
• Uses groovy 4.0.22

• Supports spotbugs 4.8.6
• Restore java 8 support

Support spotbugs 4.8.6

WARNING: This version accidentally required java 11. A patch is incoming that will move back to java 8. Do note though spotbugs will be moving up in near future.

• Support spotbugs 4.8.5.0
• Dependency and plugin general updates
• Maven wrapper update to 3.3.1