Bump the dependencies group with 6 updates

[dependabot]

Bumps the dependencies group with 6 updates:

Package	From	To
com.azure:azure-cosmos	4.65.0	4.66.0
software.amazon.awssdk:bom	2.29.1	2.30.2
org.postgresql:postgresql	42.7.4	42.7.5
org.xerial:sqlite-jdbc	3.47.2.0	3.48.0.0
org.assertj:assertj-core	3.27.2	3.27.3
com.github.spotbugs:spotbugs-annotations	4.8.6	4.9.0

Updates com.azure:azure-cosmos from 4.65.0 to 4.66.0

Release notes

Sourced from com.azure:azure-cosmos's releases.

azure-cosmos_4.66.0

4.66.0 (2025-01-14)

Other Changes

• Added client vmId info to Rntbd health check logs - See 43079
• Added support to enable http2 for gateway mode with system property COSMOS.HTTP2_ENABLED and system variable COSMOS_HTTP2_ENABLED. - PR 42947
• Added support to allow changing http2 max connection pool size with system property COSMOS.HTTP2_MAX_CONNECTION_POOL_SIZE and system variable COSMOS_HTTP2_MAX_CONNECTION_POOL_SIZE. - PR 42947
• Added support to allow changing http2 max connection pool size with system property COSMOS.HTTP2_MIN_CONNECTION_POOL_SIZE and system variable COSMOS_HTTP2_MIN_CONNECTION_POOL_SIZE. - PR 42947
• Added options to fine-tune settings for bulk operations. - PR 43509
• Added the following metrics. - See PR 43716 *cosmos.client.req.gw.bulkOpCountPerEvaluation *cosmos.client.req.gw.bulkOpRetriedCountPerEvaluation *cosmos.client.req.gw.bulkGlobalOpCount *cosmos.client.req.gw.bulkTargetMaxMicroBatchSize *cosmos.client.req.rntbd.bulkOpCountPerEvaluation *cosmos.client.req.rntbd.bulkOpRetriedCountPerEvaluation *cosmos.client.req.rntbd.bulkGlobalOpCount *cosmos.client.req.rntbd.bulkTargetMaxMicroBatchSize

Commits

• 3e41aba Remove downloading of java.gdnbaseline file (#43797)
• 690c727 Azure Load testing prepare for 2025-01-20 release (#43794)
• df17db0 remove erroneous package inclusion during package-properties evaluation (#43784)
• dba2326 Release azure-cosmos, azure-cosmos-kafka-connect, azure-cosmos-spark, azure-c...
• 03599e6 Update pipeline and version tooling to support clientcore (#43757)
• 6189f4b Live Metrics Filtering Part 6: Error Tracker (#43744)
• 53399b6 Mask iKeys in logs (#43698)
• d12b697 Fixed NPE issue in KeyVaultKeysModelsUtils (#43776)
• 70e1ebe Tracing and log correlation without otel (#43718)
• d465082 Improve properties merging testcases (#43734)
• Additional commits viewable in compare view

Updates software.amazon.awssdk:bom from 2.29.1 to 2.30.2

Updates org.postgresql:postgresql from 42.7.4 to 42.7.5

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.5

Changes

• update changelogs and increment version in gradle.properties for release @​davecramer (#3478)
• regression: revert change in pgjdbc/pgjdbc@fc60537 @​davecramer (#3476)
• Fix PgDatabaseMetaData implementation of catalog as param and return value @​SophiahHo (#3390)
• Support default GSS credentials in the Java Postgres client @​nrhall (#3451)
• fix: return only the transactions accessible by the current_user in XAResource.recover @​vlsi (#3450)
• feat: don't force send extra_float_digits for PostgreSQL >= 12 (#3432) @​damienb-opt (#3446)
• fix: exclude "include columns" from the list of primary keys @​priteshranjan01 (#3434)
• Enhance the meta query performance by specifying the oid. @​dh-cloud (#3427)
• feat: support getObject(int, byte[].class) for bytea @​anesterenok (#3274)
• docs: document infinity and some minor edits @​davecramer (#3407)
• Added way to check for major server version, fixed check for RULE @​davecramer (#3402)
• fixed remaining paragraphs @​Zopsss (#3398)
• fixed paragraphs in javadoc comments @​Zopsss (#3397)
• Reuse buffers and reduce allocations in GSSInputStream addresses Issue #3251 @​davecramer (#3255)
• chore: Update Gradle to 8.10.2 @​jorsol (#3388)
• ci: Test with Java 23 @​jorsol (#3381)
• Fix getSchemas() @​SophiahHo (#3386)
• Update rpm postgresql-jdbc.spec.tpl with scram-client @​jorsol (#3324)
• Clearing thisRow and rowBuffer on close() of ResultSet @​reallyinsane (#3384)
• Package was renamed to maven-bundle-plugin @​ljavorsk (#3382)
• As of version 18 the RULE privilege has been removed @​davecramer (#3378)
• fix: use buffered inputstream to create GSSInputStream @​Sasasu (#3373)
• get rid of 8.4, 9.0 pg versions and use >= jdk version 17 @​davecramer (#3372)
• Changed docker-compose version and renamed script file in instructions to match the real file name @​MohanadKh03 (#3363)
• Do not assume "test" database in DatabaseMetaDataTransactionIsolationTest @​nvanbenschoten (#3364)
• try to categorize dependencies @​davecramer (#3362)

⬆️ Dependencies

• chore(deps): update dependency gradle to v8.12 @​renovate-bot (#3473)
• chore(deps): update codecov/codecov-action digest to adfacf2 @​renovate-bot (#3468)
• chore(deps): update dependency sbt/sbt to v1.10.7 @​renovate-bot (#3470)
• fix(deps): update dependency org.ops4j.pax.url:pax-url-aether to v2.6.15 @​renovate-bot (#3471)
• fix(deps): update junit5 monorepo to v5.11.4 @​renovate-bot (#3472)
• fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.plugin to v6.1.0 @​renovate-bot (#3469)
• chore(deps): update plugin biz.aqute.bnd.builder to v7.1.0 @​renovate-bot (#3455)
• chore(deps): update dependency gradle to v8.11.1 @​renovate-bot (#3454)
• chore(deps): update dependency com.typesafe.play:sbt-plugin to v2.9.6 @​renovate-bot (#3452)
• chore(deps): update dependency sbt/sbt to v1.10.6 @​renovate-bot (#3453)
• chore(deps): update plugin org.jetbrains.kotlin.jvm to v2.1.0 @​renovate-bot (#3456)
• chore(deps): update codecov/codecov-action digest to 015f24e @​renovate-bot (#3438)
• chore(deps): update dependency sbt/sbt to v1.10.5 @​renovate-bot (#3439)
• chore(deps): update plugin com.github.burrunan.s3-build-cache to v1.8.4 @​renovate-bot (#3440)
• fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.plugin to v6.0.26 @​renovate-bot (#3441)

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.5] (2025-01-14 08:00:00 -0400)

Added

• ci: Test with Java 23 [PR #3381](pgjdbc/pgjdbc#3381)

Fixed

• regression: revert change in fc60537 [PR #3476](pgjdbc/pgjdbc#3476)
• fix: PgDatabaseMetaData implementation of catalog as param and return value [PR #3390](pgjdbc/pgjdbc#3390)
• fix: Support default GSS credentials in the Java Postgres client [PR #3451](pgjdbc/pgjdbc#3451)
• fix: return only the transactions accessible by the current_user in XAResource.recover [PR #3450](pgjdbc/pgjdbc#3450)
• feat: don't force send extra_float_digits for PostgreSQL >= 12 fix [Issue #3432](pgjdbc/pgjdbc#3432) [PR #3446](pgjdbc/pgjdbc#3446)
• fix: exclude "include columns" from the list of primary keys [PR #3434](pgjdbc/pgjdbc#3434)
• perf: Enhance the meta query performance by specifying the oid. [PR #3427](pgjdbc/pgjdbc#3427)
• feat: support getObject(int, byte[].class) for bytea [PR #3274](pgjdbc/pgjdbc#3274)
• docs: document infinity and some minor edits [PR #3407](pgjdbc/pgjdbc#3407)
• fix: Added way to check for major server version, fixed check for RULE [PR #3402](pgjdbc/pgjdbc#3402)
• docs: fixed remaining paragraphs [PR #3398](pgjdbc/pgjdbc#3398)
• docs: fixed paragraphs in javadoc comments [PR #3397](pgjdbc/pgjdbc#3397)
• fix: Reuse buffers and reduce allocations in GSSInputStream addresses [Issue #3251](pgjdbc/pgjdbc#3251) [PR #3255](pgjdbc/pgjdbc#3255)
• chore: Update Gradle to 8.10.2 [PR #3388](pgjdbc/pgjdbc#3388)
• fix: getSchemas() [PR #3386](pgjdbc/pgjdbc#3386)
• fix: Update rpm postgresql-jdbc.spec.tpl with scram-client [PR #3324](pgjdbc/pgjdbc#3324)
• fix: Clearing thisRow and rowBuffer on close() of ResultSet [Issue #3383](pgjdbc/pgjdbc#3383) [PR #3384](pgjdbc/pgjdbc#3384)
• fix: Package was renamed to maven-bundle-plugin [PR #3382](pgjdbc/pgjdbc#3382)
• fix: As of version 18 the RULE privilege has been removed [PR #3378](pgjdbc/pgjdbc#3378)
• fix: use buffered inputstream to create GSSInputStream [PR #3373](pgjdbc/pgjdbc#3373)
• test: get rid of 8.4, 9.0 pg versions and use >= jdk version 17 [PR #3372](pgjdbc/pgjdbc#3372)
• Changed docker-compose version and renamed script file in instructions to match the real file name [PR #3363](pgjdbc/pgjdbc#3363)
• test:Do not assume "test" database in DatabaseMetaDataTransactionIsolationTest [PR #3364](pgjdbc/pgjdbc#3364)
• try to categorize dependencies [PR #3362](pgjdbc/pgjdbc#3362)

Commits

• 94a1693 update changelogs and increment version in gradle.properties for release (#3478)
• ce54dfd chore: replace deprecated kotlinOptions with a replacement API
• 398029e chore: avoid failure in osgi-test/onlyIf if -PjdkBuildVersion is missing at t...
• 7245443 test: skip :pgjdbc-osgi-test:test when runnning tests with Java 8
• 7747527 chore(deps): update dependency gradle to v8.12
• bb07a4b chore(deps): update codecov/codecov-action digest to adfacf2
• f545514 chore(deps): update dependency sbt/sbt to v1.10.7
• 45df56c fix(deps): update dependency org.ops4j.pax.url:pax-url-aether to v2.6.15
• b87e106 fix(deps): update junit5 monorepo to v5.11.4
• 5603477 fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.p...
• Additional commits viewable in compare view

Updates org.xerial:sqlite-jdbc from 3.47.2.0 to 3.48.0.0

Release notes

Sourced from org.xerial:sqlite-jdbc's releases.

Release 3.48.0.0

Changelog

🚀 Features

sqlite

• upgrade to sqlite 3.48.0 (c0f66af)

🛠 Build

deps

• bump org.jreleaser:jreleaser-maven-plugin (302a600)

deps-dev

• bump org.mockito:mockito-core from 5.14.2 to 5.15.2 (a7dd7d4)
• bump org.assertj:assertj-core from 3.27.0 to 3.27.2 (3c267ae)

Contributors

We'd like to thank the following people for their contributions: Gauthier, Gauthier Roebroeck

Commits

• 5d22aab chore(release): 3.48.0.0 [skip ci]
• b0291ea chore: update native libraries
• c0f66af feat(sqlite): upgrade to sqlite 3.48.0
• 302a600 build(deps): bump org.jreleaser:jreleaser-maven-plugin
• a7dd7d4 build(deps-dev): bump org.mockito:mockito-core from 5.14.2 to 5.15.2
• 3c267ae build(deps-dev): bump org.assertj:assertj-core from 3.27.0 to 3.27.2
• 50bb43e chore(release): prepare next snapshot [skip ci]
• See full diff in compare view

Updates org.assertj:assertj-core from 3.27.2 to 3.27.3

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.3

💥 Breaking Changes

Core

• Revert "Propagate common basetype for the extracting method" #3737

  The enhancement introduced with #3673 breaks existing code on Kotlin 1.9; therefore, it has been reverted.

  As Spring Boot 3.4 currently supports Kotlin 1.9, we want to keep the same compatibility on AssertJ 3.x, while AssertJ 4.x will require Kotlin 2.x.

  Existing code relying on the changes introduced with #3673 will no longer compile and should be refactored.

🐛 Bug Fixes

Core

• Fix StandardRepresentation regression for unquoted strings #3735

⚡ Improvements

Core

• Add Class info to class loading strategy failures #3746

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​ccrvincent

Commits

• c928dd3 [maven-release-plugin] prepare release assertj-build-3.27.3
• f308d95 Fix StandardRepresentation regression for unquoted strings (#3735)
• e5959f4 Add Java and Kotlin release references
• 3eb809d Add Kotlin EAP reference
• b39a8cf Add Kotlin 2.1.10-RC
• e20e40d Add Class info to failure exception (#3746)
• 79b87f0 Revert "Propagate common basetype for the extracting method (#3673)" (#3737)
• bf439b3 chore(deps): bump com.diffplug.spotless:spotless-maven-plugin from 2.43.0 to ...
• 30936ca Restructure Kotlin tests, add DisplayNameGenerator
• b5b86cc Add Kotlin cross-version job (#3732)
• Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-annotations from 4.8.6 to 4.9.0

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

SpotBugs 4.9.0

CHANGELOG

Added

• Updated the SuppressFBWarnings annotation to support finer grained bug suppressions (#3102)
• SimpleDateFormat, DateTimeFormatter, FastDateFormat string check for bad combinations of flag formatting (#637)
• New detector ResourceInMultipleThreadsDetector and introduced new bug type:
  • AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of unsafe resource access in multiple threads.

Fixed

• Do not consider Records as Singletons (#2981)
• Keep a maximum of 10000 cached analysis entries for plugin's analysis engines (#3025)
• Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when calling own methods (#2957)
• Check the actual caught exceptions (instead of their common type) when analyzing multi-catch blocks (#2968)
• System property findbugs.refcomp.reportAll is now being used. For some new conditions, it will emit an experimental warning (#2988)
• -version flag prints the version to the standard output (#2797)
• Revert the changes from (#2894) to get HTML stylesheets to work again (#2969)
• Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the synchronization is in a called method (#3045)
• Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by Spring AOT (#3059)
• Detect failure to close RocksDB's ReadOptions (#3069)
• Fix FP EI_EXPOSE_REP when there are multiple immutable assignments (#3023)
• Fixed false positive NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin, handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
• Fixed some CWE mappings (#3124)
• Recognize some classes as immutable, fixing EI_EXPOSE and MS_EXPOSE FPs (#3137)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with TestNG's @​BeforeClass. (#3152)
• Fixed detector FindReturnRef not finding references exposed from nested and inner classes (#2042)
• Fix call graph, include non-parametric void methods (#3160)
• Fix multiple reporting of identical bugs messing up statistics (#3185)
• Added missing comma between line number and confidence when describing matching and mismatching bugs for tests (#3187)
• Fixed method matchers with array types (#3203)
• Fix SARIF report's message property in Exception to meet the standard (#3197)
• Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called finalize() but not with the correct signature. (#3207)
• Fixed an error in the detection of bridge methods causing analysis crashes (#3208)
• Fixed detector ThrowingExceptions by removing false positive reports, such as synthetic methods (lambdas), methods which inherited their exception specifications and methods which call throwing methods (#2040)
• Do not report DP_DO_INSIDE_DO_PRIVILEGED, DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in code targeting Java 17 and above, since it advises the usage of deprecated method (#1515).
• Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive for a builder delegating to another builder (#3235)

Cleanup

• Cleanup thread issue and regex issue in test-harness (#3130)
• Remove extra blank lines and remove public from interface objects as inherently already public (#3131)
• Fix order of modifiers on properties/methods and ensure correct location in file (#3132, #3177)
• Return objects directly instead of creating more garbage collection by defining them (#3133, #3175)
• Restrict the constructor of abstract classes visibility to protected (#3178)
• Cleanup double initialization and fix comments referring to findbugs instead of spotbugs(#3134)
• Use diamond operator in constructor calls of Collections (#3176)
• Use Collection.isEmpty() or String.isEmpty() to test for emptiness (#3180, #3219)
• Use method references instead of lambdas where possible (#3179)
• Move default clauses to the end of switches (#3222)
• Remove unnecessary throws declarations (#3220)
• Use Boolean.parseBoolean() for string-to-boolean conversion. (#3217)
• Rename shadowing fields (#3221)

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.9.0 - 2025-01-15

Added

• Updated the SuppressFBWarnings annotation to support finer grained bug suppressions (#3102)
• SimpleDateFormat, DateTimeFormatter, FastDateFormat string check for bad combinations of flag formatting (#637)
• New detector ResourceInMultipleThreadsDetector and introduced new bug type:
  • AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of unsafe resource access in multiple threads.

Fixed

• Do not consider Records as Singletons (#2981)
• Keep a maximum of 10000 cached analysis entries for plugin's analysis engines (#3025)
• Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when calling own methods (#2957)
• Check the actual caught exceptions (instead of their common type) when analyzing multi-catch blocks (#2968)
• System property findbugs.refcomp.reportAll is now being used. For some new conditions, it will emit an experimental warning (#2988)
• -version flag prints the version to the standard output (#2797)
• Revert the changes from (#2894) to get HTML stylesheets to work again (#2969)
• Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the synchronization is in a called method (#3045)
• Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by Spring AOT (#3059)
• Detect failure to close RocksDB's ReadOptions (#3069)
• Fix FP EI_EXPOSE_REP when there are multiple immutable assignments (#3023)
• Fixed false positive NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin, handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
• Fixed some CWE mappings (#3124)
• Recognize some classes as immutable, fixing EI_EXPOSE and MS_EXPOSE FPs (#3137)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with TestNG's @​BeforeClass. (#3152)
• Fixed detector FindReturnRef not finding references exposed from nested and inner classes (#2042)
• Fix call graph, include non-parametric void methods (#3160)
• Fix multiple reporting of identical bugs messing up statistics (#3185)
• Added missing comma between line number and confidence when describing matching and mismatching bugs for tests (#3187)
• Fixed method matchers with array types (#3203)
• Fix SARIF report's message property in Exception to meet the standard (#3197)
• Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called finalize() but not with the correct signature. (#3207)
• Fixed an error in the detection of bridge methods causing analysis crashes (#3208)
• Fixed detector ThrowingExceptions by removing false positive reports, such as synthetic methods (lambdas), methods which inherited their exception specifications and methods which call throwing methods (#2040)
• Do not report DP_DO_INSIDE_DO_PRIVILEGED, DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in code targeting Java 17 and above, since it advises the usage of deprecated method (#1515).
• Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive for a builder delegating to another builder (#3235)

Cleanup

• Cleanup thread issue and regex issue in test-harness (#3130)
• Remove extra blank lines and remove public from interface objects as inherently already public (#3131)
• Fix order of modifiers on properties/methods and ensure correct location in file (#3132, #3177)
• Return objects directly instead of creating more garbage collection by defining them (#3133, #3175)
• Restrict the constructor of abstract classes visibility to protected (#3178)
• Cleanup double initialization and fix comments referring to findbugs instead of spotbugs(#3134)
• Use diamond operator in constructor calls of Collections (#3176)
• Use Collection.isEmpty() or String.isEmpty() to test for emptiness (#3180, #3219)
• Use method references instead of lambdas where possible (#3179)
• Move default clauses to the end of switches (#3222)
• Remove unnecessary throws declarations (#3220)
• Use Boolean.parseBoolean() for string-to-boolean conversion. (#3217)
• Rename shadowing fields (#3221)
• Combine catch blocks with the same body (#3223)

... (truncated)

Commits

• ef76e9b release v4.9.0
• d64bfd2 Remove legacy cvs / svn revision data as git doesn't use that (#3262)
• 3d80c80 Move documentation items and other build items to java 11 (#3260)
• ab2a9f7 Fix map container to use interface, few missed double initialization, and mis...
• b7f48c9 [tests] Cleanup code within tests (#3259)
• 8bc2966 Move Eclipse to java 11 to match rest of the project (#3258)
• d3f97b3 Correct object creation for object to contain array marker not the variable n...
• ce7eac9 Use try with resources where possible (#3253)
• 97ac6b6 chore(deps): update plugin com.diffplug.spotless to v7.0.2 (#3255)
• 9f652a4 chore(deps): update dependency com.diffplug.spotless:spotless-plugin-gradle t...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[jnmt]

FYI:

It seems that Spotbugs has dropped Java 8 support since 4.9.0.
https://github.com/scalar-labs/scalar/pull/1347#issuecomment-2603479315

[brfrn169]

@dependabot ignore com.github.spotbugs:spotbugs-annotations

[dependabot]

OK, I won't notify you about com.github.spotbugs:spotbugs-annotations again, unless you unignore it.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.