Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.2 to 4.8.6.7

[dependabot]

Bumps com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.2 to 4.8.6.7.

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.8.6.7

• back ported all of 4.9.4.1

3/28/2025 - Use 4.8.6.8 if you need java 8 support.

10/19/2025 Notice

This is a backport release of all changes from 4.9.4.1 line. It was intended to provide some support for java 8 users with a very old bug issue since this plugin first came about. Unfortunately due to sonatype changes all of 4.9.x had to come back and that came with changes to java 11 apis that groovy build does not care about binary compatibility. If not using java 11 at least, don't use this version. If you are using java 8 still and want this backwards compatibility fix, please look at the source and contribute patches for at least Path.of to Paths.get and presumably others to get the compatibility back for java 8.

Using java 11+ - ok Using java 8 - don't use this version until compatibility is restored.

There really is no true reason anyone needs to stick to java 8 at all for a build so it is rather advisable to upgrade in said case to newer java version and cross compile with release flags and use enforcer plugin for transient library byte code checks instead. While the back port issue will be addressed at some point, it may be some time.

Spotbugs Maven Plugin 4.8.6.6

• Cleanup groovy code
• Cleanup character encoding
• Update deprecated maven calls
• Groovy moved to 4.0.24

Compatibility remains with 4.8.6 of spotbugs

Spotbugs Maven Plugin 4.8.6.5

• Moved most 'read' only maven injections to read data from maven session instead to overcome many deprecated usage. This puts it on their api and thus if things are internally deprecated, its then maven's issue rather than this plugin to figure out.
• remove obsolete script source roots as no longer support in maven 4 and technically I've never seen them used. Please let me know if this negatively affects you as there are other manually coded items like kotlin / groovy that are in the code there so scripts could be manually added back.
• Remove some of the read only attributes for maven injection that were not actually used.
• More def to object type
• Various lib / plugin updates
• Enable partial formatting (mostly removing trailing whitespace)

Compatibility remains with 4.8.6 of spotbugs

Spotbugs Maven Plugin 4.8.6.4

• Groovy set to 4.0.23
• Drop maven site plugin 3.6 and before support.

Spotbugs Maven Plugin 4.8.6.3

• Ability to disable logs in quite mode (spotbugs.quiet) #842
• Fix output directory per #807
• Update plugins / dependencies
• Fix tag used to build spotbugs during GHA
• Use inject annotation from jsr330 instead of deprecated component annotation

Build

• Remove old overrides from pom as addressed
• Cleanup javadocs
• Remove snapshot from javadocs at 2.1 as non existent
• Order attribute order of annotations
• Use log commonly throughout (newer coded used getLog in one place)
• Sort imports

... (truncated)

Commits

• c4fb333 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.8.6.7
• 655e60b Backport all changes to last java 8 line
• ab12ce2 [maven-release-plugin] prepare for next development iteration
• a82261a [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.4.1
• 09a9375 Merge pull request #1194 from hazendaz/master
• 5819399 [mvn] Update maven wrapper
• a800180 Merge pull request #1193 from hazendaz/groovy5
• 58b8c33 Resolve issue #75 by adding log when no files found to run on spotbugs
• 514f6fd Merge pull request #1192 from hazendaz/groovy5
• b40d62e Correct exclude modules test as it was listing bugs file when using filter file
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[adoroszlai]

Use 4.8.6.8 if you need java 8 support (source)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.