diff --git a/lib-extra/build.gradle b/lib-extra/build.gradle
index 0b727ef8e2..a4749cc859 100644
--- a/lib-extra/build.gradle
+++ b/lib-extra/build.gradle
@@ -102,4 +102,5 @@ p2deps {
spotbugs {
// LOW|MEDIUM|DEFAULT|HIGH (low = sensitive to even minor mistakes).
reportLevel = com.github.spotbugs.snom.Confidence.valueOf('LOW')
+ excludeFilter = file("spotbugs-exclude.xml")
}
diff --git a/lib-extra/spotbugs-exclude.xml b/lib-extra/spotbugs-exclude.xml
new file mode 100644
index 0000000000..fd9367044a
--- /dev/null
+++ b/lib-extra/spotbugs-exclude.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
diff --git a/lib-extra/src/main/java/com/diffplug/spotless/extra/GitAttributesLineEndings.java b/lib-extra/src/main/java/com/diffplug/spotless/extra/GitAttributesLineEndings.java
index 0e058566f2..85d8416c0b 100644
--- a/lib-extra/src/main/java/com/diffplug/spotless/extra/GitAttributesLineEndings.java
+++ b/lib-extra/src/main/java/com/diffplug/spotless/extra/GitAttributesLineEndings.java
@@ -188,7 +188,6 @@ static class RuntimeInit {
/** git worktree root, might not exist if we're not in a git repo. */
final @Nullable File workTree;
- @SuppressFBWarnings("SIC_INNER_SHOULD_BE_STATIC_ANON")
RuntimeInit(File projectDir) {
/////////////////////////////////
// USER AND SYSTEM-WIDE VALUES //
diff --git a/lib/build.gradle b/lib/build.gradle
index f44d92e645..11b959b6c6 100644
--- a/lib/build.gradle
+++ b/lib/build.gradle
@@ -139,6 +139,7 @@ dependencies {
spotbugs {
// LOW|MEDIUM|DEFAULT|HIGH (low = sensitive to even minor mistakes).
reportLevel = com.github.spotbugs.snom.Confidence.valueOf('LOW')
+ excludeFilter = file("spotbugs-exclude.xml")
}
apply from: rootProject.file('gradle/special-tests.gradle')
diff --git a/lib/spotbugs-exclude.xml b/lib/spotbugs-exclude.xml
new file mode 100644
index 0000000000..fd9367044a
--- /dev/null
+++ b/lib/spotbugs-exclude.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
diff --git a/lib/src/main/java/com/diffplug/spotless/ConfigurationCacheHackList.java b/lib/src/main/java/com/diffplug/spotless/ConfigurationCacheHackList.java
index 39be0d9559..58794fd588 100644
--- a/lib/src/main/java/com/diffplug/spotless/ConfigurationCacheHackList.java
+++ b/lib/src/main/java/com/diffplug/spotless/ConfigurationCacheHackList.java
@@ -24,8 +24,6 @@
import com.diffplug.spotless.yaml.SerializeToByteArrayHack;
-import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
-
/**
* Gradle requires three things:
* - Gradle defines cache equality based on your serialized representation
@@ -78,7 +76,6 @@ private void writeObject(java.io.ObjectOutputStream out) throws IOException {
}
}
- @SuppressFBWarnings("MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT")
private void readObject(java.io.ObjectInputStream in) throws IOException, ClassNotFoundException {
boolean serializeToByteArrayFirst = in.readBoolean();
optimizeForEquality = in.readBoolean();
diff --git a/lib/src/main/java/com/diffplug/spotless/ProcessRunner.java b/lib/src/main/java/com/diffplug/spotless/ProcessRunner.java
index e7755f75bd..c6dd44ca7b 100644
--- a/lib/src/main/java/com/diffplug/spotless/ProcessRunner.java
+++ b/lib/src/main/java/com/diffplug/spotless/ProcessRunner.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2024 DiffPlug
+ * Copyright 2020-2025 DiffPlug
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -37,8 +37,6 @@
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
-import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
-
/**
* Shelling out to a process is harder than it ought to be in Java.
* If you don't read stdout and stderr on their own threads, you risk
@@ -195,7 +193,6 @@ private void checkState() {
}
}
- @SuppressFBWarnings({"EI_EXPOSE_REP", "EI_EXPOSE_REP2"})
public static class Result {
private final List args;
private final int exitCode;
diff --git a/lib/src/main/java/com/diffplug/spotless/SpotlessCache.java b/lib/src/main/java/com/diffplug/spotless/SpotlessCache.java
index 237e326482..9828b7d748 100644
--- a/lib/src/main/java/com/diffplug/spotless/SpotlessCache.java
+++ b/lib/src/main/java/com/diffplug/spotless/SpotlessCache.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2023 DiffPlug
+ * Copyright 2016-2025 DiffPlug
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -30,8 +30,6 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
-
/**
* Spotless' global cache. {@link SpotlessCache#clear()} should be called
* when Spotless is no longer in use to release any resources it has grabbed.
@@ -64,12 +62,10 @@ public final int hashCode() {
final Map cache = new HashMap<>();
- @SuppressFBWarnings("DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED")
synchronized ClassLoader classloader(JarState state) {
return classloader(state, state);
}
- @SuppressFBWarnings("DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED")
synchronized ClassLoader classloader(Serializable key, JarState state) {
SerializedKey serializedKey = new SerializedKey(key);
return cache
diff --git a/lib/src/main/java/com/diffplug/spotless/generic/FenceStep.java b/lib/src/main/java/com/diffplug/spotless/generic/FenceStep.java
index 7d98219231..7cda2e4905 100644
--- a/lib/src/main/java/com/diffplug/spotless/generic/FenceStep.java
+++ b/lib/src/main/java/com/diffplug/spotless/generic/FenceStep.java
@@ -31,8 +31,6 @@
import com.diffplug.spotless.LineEnding;
import com.diffplug.spotless.Lint;
-import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
-
public class FenceStep {
/** Declares the name of the step. */
public static FenceStep named(String name) {
@@ -135,7 +133,6 @@ public BaseFormatter toFormatterFunc() {
}
}
- @SuppressFBWarnings("SE_TRANSIENT_FIELD_NOT_RESTORED")
private static class BaseFormatter implements FormatterFunc.NeedsFile, FormatterFunc.Closeable {
final Kind kind;
final Pattern regex;
diff --git a/lib/src/main/java/com/diffplug/spotless/java/ImportOrderStep.java b/lib/src/main/java/com/diffplug/spotless/java/ImportOrderStep.java
index 1e2c8a81c8..7f2aa7ec4d 100644
--- a/lib/src/main/java/com/diffplug/spotless/java/ImportOrderStep.java
+++ b/lib/src/main/java/com/diffplug/spotless/java/ImportOrderStep.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2024 DiffPlug
+ * Copyright 2016-2025 DiffPlug
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -40,8 +40,6 @@
import com.diffplug.spotless.FormatterStep;
import com.diffplug.spotless.SerializedFunction;
-import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
-
public final class ImportOrderStep implements Serializable {
private static final long serialVersionUID = 1L;
private static final boolean WILDCARDS_LAST_DEFAULT = false;
@@ -94,7 +92,6 @@ private FormatterStep createFrom(boolean wildcardsLast, boolean semanticSort, Se
State::toFormatter);
}
- @SuppressFBWarnings("RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE") // workaround https://github.com/spotbugs/spotbugs/issues/756
private static List getImportOrder(File importsFile) {
try (Stream lines = Files.lines(importsFile.toPath())) {
return lines.filter(line -> !line.startsWith("#"))
diff --git a/settings.gradle b/settings.gradle
index 8c67f9681e..c0b1b241b0 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -12,7 +12,7 @@ plugins {
// https://github.com/gradle-nexus/publish-plugin/releases
id 'io.github.gradle-nexus.publish-plugin' version '2.0.0' apply false
// https://github.com/spotbugs/spotbugs-gradle-plugin/releases
- id 'com.github.spotbugs' version '6.1.13' apply false
+ id 'com.github.spotbugs' version '6.2.2' apply false
// https://github.com/diffplug/spotless-changelog/blob/main/CHANGELOG.md
id 'com.diffplug.spotless-changelog' version '3.1.2' apply false
// https://github.com/radarsh/gradle-test-logger-plugin/blob/develop/CHANGELOG.md