Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.2 to 4.9.4.0

[dependabot]

Bumps com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.2 to 4.9.4.0.

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.9.4.0

Release is large but mainly rewriting of underlying code. This supports spotbugs 4.9.4, additional details below.

Consumer

• Supporting spotbugs 4.9.4
• Updated all underlying dependencies
• Groovy now at 4.0.28
• Groovydocs now published with release
• Modernize groovy code usage including typing everything, avoiding any usage of groovy 'it' idiom
• Due to how groovy resolves logging, wrap any logging that needs groovy to resolve gstring with check on logger being enabled
• No longer use plexus file resource loader as it was mostly duplicated, its deprecated, and cleaner to directly implement enhancement
• Use objects require non null where appropriate
• Make sure files closed appropriately to prevent leaks
• Fix invalid look at debug flag to determine debug logging by additionally checking info logging instead and log at info
• Fix invalid usage of logging at debug where debug flag should have been used
• Plugin artifact is now a list rather than array
• Various nio updates
• Fix javadoc issues
• Cleanup regex usage for hyperlink to code off reporting
• Do not use 'assert' in code, use correct checks with illegal argument exceptions

Producer

• gha now implements concurrency restrictions to prevent unwanted builds now that github is showing costs associated with runners
• gha now implements timeout at 30 minutes to prevent long running jobs now that github is showing costs associated with runners
• github actions are now pinned to digests to prevent potential supply chain hacks
• renamed codeql.yml to codeql.yaml (all are yaml now)
• maven wrapper is updated to support defects with maven 4 usage since beta-5 was released. Now runner on maven 4.0.0-rc-4 now fully works
• maven wrapper is protected from path transversal issues
• .gitignore updated to ignore .pmd and .groovy directories
• maven wrapper now defaulted to maven 3.9.11
• central badge updated for new central hosting
• Corrected test source directory for groovy in build pom
• Add additional code coverage
• Correct spotbugs version on documentation
• Site now generating again as gmavenplus fixed defect introduced by groovy changes
• renovate set to pin github action digests
• All integration tests updated to more modern groovy usage

Commits

• 34c4962 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.4.0
• 5ac441b Merge pull request #1145 from hazendaz/cleanup
• 37a8737 [GHA] Move to maven 4.0.0-rc-4 in maven 4 integration test
• bdcaa2c Merge pull request #1144 from hazendaz/cleanup
• a7591e5 Add support for maven 4 mainClass to maven wrapper
• f7ea524 Merge pull request #1143 from spotbugs/renovate/pin-dependencies
• 28706a7 Pin dependencies
• f4cd7d0 Merge pull request #1142 from hazendaz/master
• 0990344 [gha] Run max parallel to 6
• 2da6164 [renovate] Ping github action digests security!
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[javadev]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[javadev]

@dependabot rebase

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (9530041) to head (8b41172).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##                main      #115   +/-   ##
===========================================
  Coverage     100.00%   100.00%           
  Complexity      1596      1596           
===========================================
  Files              6         6           
  Lines           4555      4555           
  Branches         834       834           
===========================================
  Hits            4555      4555           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.