Picked up the latest version (6.1.1) and now SpotBugs won't run #1312
Comments
|
There was a ticket on this earlier today but not seeing it now. It may be directly with spotbugs. My understanding is that log4j bom has a defect by including other jars including spotbugs. Is it possible you have log4j bom somewhere in your stack? As a side note, I did not intend to release the plugin last night. This repo automatically releases and it's been a constant complaint. So, additionally, a patch release forced java 11, so I'll need to respin a release 6.1.2 to fix that. Won't happen for a day or two. That will fix your immediate issue. The spotbugs update will otherwise land with 6.2.0. |
|
Scratch that I'll spin 6.1.3 to fix. Separate PR to my point auto released 😞
Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android<https://aka.ms/AAb9ysg>
…________________________________
From: mccants-heb ***@***.***>
Sent: Thursday, January 16, 2025 6:15:31 PM
To: spotbugs/spotbugs-gradle-plugin ***@***.***>
Cc: Subscribed ***@***.***>
Subject: [spotbugs/spotbugs-gradle-plugin] Picked up the latest version (6.1.1) and now SpotBugs won't run (Issue #1312)
We automatically picked up the latest version of SpotBugs Gradle plug-in (6.1.1) and now we get this error:
Task :spotbugsMain
edu.umd.cs.findbugs.ba.AnalysisException: Exception was thrown during analysis
at edu.umd.cs.findbugs.FindBugs2.lambda$analyzeApplication$3(FindBugs2.java:1117)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
at edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1110)
at edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:309)
at edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:399)
at edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1223)
Caused by: java.util.concurrent.ExecutionException: java.lang.NoClassDefFoundError: edu/umd/cs/findbugs/annotations/SuppressMatchType
at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191)
at edu.umd.cs.findbugs.FindBugs2.lambda$analyzeApplication$3(FindBugs2.java:1112)
... 5 more
Caused by: java.lang.NoClassDefFoundError: edu/umd/cs/findbugs/annotations/SuppressMatchType
at edu.umd.cs.findbugs.detect.NoteSuppressedWarnings.visitAnnotation(NoteSuppressedWarnings.java:91)
at edu.umd.cs.findbugs.visitclass.AnnotationVisitor.visitAnnotation(AnnotationVisitor.java:315)
at org.apache.bcel.classfile.Annotations.accept(Annotations.java:84)
at edu.umd.cs.findbugs.visitclass.PreorderVisitor.doVisitMethod(PreorderVisitor.java:323)
at edu.umd.cs.findbugs.visitclass.PreorderVisitor.visitJavaClass(PreorderVisitor.java:405)
at org.apache.bcel.classfile.JavaClass.accept(JavaClass.java:249)
at edu.umd.cs.findbugs.detect.NoteSuppressedWarnings.visitClassContext(NoteSuppressedWarnings.java:81)
at edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
at edu.umd.cs.findbugs.FindBugs2.lambda$analyzeApplication$1(FindBugs2.java:1100)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at edu.umd.cs.findbugs.CurrentThreadExecutorService.execute(CurrentThreadExecutorService.java:86)
at java.base/java.util.concurrent.AbstractExecutorService.invokeAll(AbstractExecutorService.java:247)
... 4 more
Caused by: java.lang.ClassNotFoundException: edu.umd.cs.findbugs.annotations.SuppressMatchType
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188<https://gitlab.com/heb-engineering/teams/enterprise/store-orders/som-core/-/jobs/8873657256#L88>)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:525)
... 16 more
I'm not sure what is going on. Intellij's Gradle Dependency Analyzer shows we are using SpotBugs 4.8.6 and SpotBugs Annotations 4.8.6.
My workaround is to go back to the latest SpotBugs Gradle Plug-in in the 6.0.x series.
—
Reply to this email directly, view it on GitHub<#1312>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAHODI6EVTWC5O3GSKPRMK32LA4RHAVCNFSM6AAAAABVKWRUNSVHI2DSMVQWIX3LMV43ASLTON2WKOZSG44TGOJYGAYDKNY>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
|
I get this error with v6.1.2. No problem with v6.1.0. |
|
In my project, SpotBugs is pulling in log4j-core 2.24.3 (latest 6.0.x). I also have SpringBoot pulling in log4j-to-slf4j 2.23.1 and log4j-api 2.23.1. I don't have any other log4j components. |
|
I got the same stacktrace as OP. Is this an issue with the plugin or the Spotbugs tool itself? |
|
@hazendaz I'm having trouble understanding the comments here. Are you saying we should expect a fix to be published as part of the 6.1.3 release, or is it something we need to fix on our own regarding log4j2 configuration. Thank you |
|
There is no issue with spotbugs and that error you see. It's a defect with log4j bom that is forcing usage of unrelated libraries causing old version of spotbugs to show up. Log4j has to fix that. Anyone else needs to override their usage when affected.
All I'm going to do here is release java 8 again on 6.1.x because it was not intended to suddenly require java 11 on a patch release. That only occurred because this project has some hidden feature causing auto releases that will be deleted once it's figured out. 6.2.0 which will require java 11 is not going to do anything about a defect from another OSS project. It's not possible here. It's consumer usage that has leaking classpath elements from log4j.
Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android<https://aka.ms/AAb9ysg>
…________________________________
From: Ryan Colombo ***@***.***>
Sent: Sunday, January 26, 2025 1:33:26 PM
To: spotbugs/spotbugs-gradle-plugin ***@***.***>
Cc: Jeremy Landis ***@***.***>; Mention ***@***.***>
Subject: Re: [spotbugs/spotbugs-gradle-plugin] Picked up the latest version (6.1.1) and now SpotBugs won't run (Issue #1312)
@hazendaz<https://github.com/hazendaz> I'm having trouble understanding the comments here. Are you saying we should expect a fix to be published as part of the 6.1.3 release, or is it something we need to fix on our own regarding log4j2 configuration.
Thank you
—
Reply to this email directly, view it on GitHub<#1312 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAHODIZ7WG5MB54UCYUOJYL2MUS7NAVCNFSM6AAAAABVKWRUNSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMMJUGU2DAOBRHA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
Understood @hazendaz , thanks. If anyone has a workaround, please share :). Similar to @mccants-heb , I have My current attempt: configurations.all {
resolutionStrategy {
force "com.github.spotbugs:spotbugs-annotations:${spotbugs.toolVersion.get()}"
force "com.google.code.findbugs:annotations:3.0.1"
force "com.google.code.findbugs:jsr305:3.0.2"
}
}When I run |
|
Sorry been sick the last few days. I did re-public 6.1.3 so its back to 4.8.6 spotbugs for now. My understanding is that when we put 4.9.0 place that the annotations module is stuck to 4.8.6 which causes a problem. I am not going to release 4.9.0 directly here again until we get 4.9.1 out because there were some regressions in spotbugs and a few issues that came into day. So when 6.2.0 of this plugin comes out, it presumably will simply be based on 4.9.1. |
We automatically picked up the latest version of SpotBugs Gradle plug-in (6.1.1) and now we get this error:
I'm not sure what is going on. Intellij's Gradle Dependency Analyzer shows we are using SpotBugs 4.8.6 and SpotBugs Annotations 4.8.6.
My workaround is to go back to the latest SpotBugs Gradle Plug-in in the 6.0.x series.
The text was updated successfully, but these errors were encountered: