Recommended update for google-errorprone, guava

Announcement ID:	SUSE-RU-2024:1956-1
Rating:	moderate
References:
Affected Products:	Development Tools Module 15-SP5 Development Tools Module 15-SP6 openSUSE Leap 15.5 openSUSE Leap 15.6 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 SUSE Linux Enterprise Real Time 15 SP5 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that can now be installed.

Description:

This update for google-errorprone, guava fixes the following issues:

guava:

• guava was updated to version 33.1.0:

• Changes of version 33.1.0:

  • Updated our Error Prone dependency to 2.26.1, which includes a JPMS-ready jar of annotations. If you use the Error Prone annotations in a modular build of your own code, you may need to add a requires line for them.
  • base: Added a Duration overload for Suppliers.memoizeWithExpiration.
  • base: Deprecated the remaining two overloads of Throwables.propagateIfPossible. They won't be deleted, but we recommend migrating off them.
  • cache: Fixed a bug that could cause false "recursive load" reports during refresh.
  • graph: Changed the return types of transitiveClosure() and reachableNodes() to Immutable* types. reachableNodes() already returned an immutable object (even though that was not reflected in the declared return type); transitiveClosure() used to return a mutable object. The old signatures remain available, so this change does not break binary compatibility.
  • graph: Changed the behavior of views returned by graph accessor methods that take a graph element as input: They now throw IllegalStateException when that element is removed from the graph.
  • hash: Optimized Checksum-based hash functions for Java 9+.
  • testing: Exposed FakeTicker Duration methods to Android users.
  • util.concurrent: Deprecated the constructors of UncheckedExecutionException and ExecutionError that don't accept a cause. We won't remove these constructors, but we recommend migrating off them, as users of those classes often assume that instances will contain a cause.
  • util.concurrent: Improved the correctness of racy accesses for J2ObjC users.

• Changes of version 33.0.0:

  • This version of guava-android contains some package-private methods whose signature includes the Java 8 Collector API. This is a test to identify any problems before we expose those methods publicly to users. Please report any problems that you encounter.
  • Changed various classes to catch Exception instead of RuntimeException even when only RuntimeException is theoretically possible. This can help code that throws undeclared exceptions, as some bytecode rewriters (e.g., Robolectric) and languages (e.g., Kotlin) do.
  • Added an Automatic-Module-Name to failureaccess, Guava's one strong runtime dependency.
  • reflect: In guava-android only, removed Invokable.getAnnotatedReturnType() and Parameter.getAnnotatedType(). These methods never worked in an Android VM, and to reflect that, they were born @Deprecated, @Beta, and @DoNotCall. They're now preventing us from rolling out some new Android compatibility testing. This is the only binary-incompatible change in this release, and it should have no effect in practice. Still, we bump the major version number to follow Semantic Versioning.
  • util.concurrent: Changed our implementations to avoid eagerly initializing loggers during class loading. This can help performance, especially under Android.

• Changes of version 32.1.3:

  • Changed Gradle Metadata to include dependency versions directly. This may address "Could not find some-dependency" errors that some users have reported (which might be a result of users' excluding guava-parent).
  • collect: Changed Multisets.unmodifiableMultiset(set) .removeIf(predicate) to throw an exception always, even if nothing matches predicate.
  • graph: Fixed the behavior of Graph/ValueGraph views for a node when that node is removed from the graph.
  • io: Fixed Files.createTempDir and FileBackedOutputStream under Windows services, a rare use case. (The fix actually covers only Java 9+ because Java 8 would require an additional approach. Let us know if you need support under Java 8.)
  • net: Made MediaType.parse allow and skip over whitespace around the / and = separator tokens in addition to the ; separator, for which it was already being allowed.
  • util.concurrent: Tweaked Futures.getChecked constructor-selection behavior: The method continues to prefer to call constructors with a String parameter, but now it breaks ties based on whether the constructor has a Throwable parameter. Beyond that, the choice of constructor remains undefined. (For this and other reasons, we discourage the use of getChecked.)

• Changes of version 32.1.2:

  • Removed the section of our Gradle metadata that caused Gradle to report conflicts with listenablefuture.
  • Changed our Maven project to avoid affecting which version of Mockito our Gradle users see.
  • collect: Under J2CL, exposed ImmutableList and ImmutableSet methods copyOf and of for JavaScript usage.
  • net: Optimized InternetDomainName construction.

• Changes of version 32.1.1:

  • Fixed our broken Gradle metadata from 32.1.0. Sorry again for the trouble. If you use Gradle, please still read the release notes from that version: You may still see errors from the new checking that the metadata enables, and the release notes discuss how to fix those errors.

• Changes of version 32.1.0:

  • collect: Tweaked more nullness annotations.
  • hash: Enhanced crc32c() to use Java's hardware-accelerated implementation where available.
  • util.concurrent: Added Duration-based default methods to ListeningExecutorService.
  • Began updating Javadoc to focus less on APIs that have been superseded by additions to the JDK. We're also looking to add more documentation that directs users to JDK equivalents for our APIs. Further PRs welcome!
  • Fixed some problems with using Guava from a Java Agent. (But we don't test that configuration, and we don't know how well we'll be able to keep it working.)
  • Fixed BootstrapMethodError when using CacheBuilder from a custom system class loader. (As with the previous item, we're not sure how well we'll be able to keep this use case working.)
  • Suppressed a harmless unusable-by-js warning seen by users of guava-gwt.

• Fix version mismatch in the ant build files.

• The binaries are compatible with java 1.8

google-errorprone, google-errorprone-annotations:

• google-errorprone and google-errorprone-annotations were updated to version 2.26.1:

• Changes of version 2.26.1:

  • Fixes the module name: from 'com.google.errorprone.annotation' to 'com.google.errorprone.annotations'. Amends the OSGi build not to include 'Automatic-Module-Name' in the MANIFEST.MF for the 'annotations' project.

• Changes of version 2.26.0:

  • The 'annotations' artifact now includes a module-info.java for Java Platform Module System support.
  • Disabled checks passed to -XepPatchChecks are now ignored, instead of causing a crash.

  • New checks:

  • SystemConsoleNull: Null-checking System.console() is not a reliable way to detect if the console is connected to a terminal.

  • EnumOrdinal: Discourage uses of Enum.ordinal()

  • Closed issues:

  • Add module-info.java

  • 2.19.x: Exception thrown when a disabled check is passed to -XepPatchChecks
  • Ignore disabled checks passed to -XepPatchChecks
  • feat: add jpms definition for annotations
  • Add the 'compile' goal for 'compile-java9'

• Changes of version 2.25.0:

  • New checks:

  • JUnitIncompatibleType: Detects incompatible types passed to an assertion, similar to TruthIncompatibleType

  • RedundantSetterCall: Detects fields set twice in the same chained expression. Generalization of previous ProtoRedundantSet check to also handle AutoValue.

  • Closed issues:

  • Crash in UnnecessaryStringBuilder

  • Fix typos
  • Add support for specifying badEnclosingTypes for BadImport via flags
  • Some BugPattern docs are missing code examples
  • Remove incorrect statement from BugPattern index doc
  • Do not report NonFinalStaticField findings for fields modified in @BeforeAll methods

• Changes of version 2.24.1:

  • Add an assertion to try to help debug

• Changes of version 2.24.0:

  • New checks:

  • MultipleNullnessAnnotations: Discourage multiple nullness annotations

  • NullableTypeParameter: Discourage nullness annotations on type parameters
  • NullableWildcard: Discourage nullness annotations on wildcards
  • SuperCallToObjectMethod: Generalization of SuperEqualsIsObjectEquals, now covers hashCode

• Changes of version 2.23.0:

  • New checks: DuplicateDateFormatField, NonFinalStaticField, StringCharset, StringFormatWithLiteral, SuperEqualsIsObjectEquals
  • Bug fixes and improvements

• Changes of version 2.22.0:

  • New checks:

  • ClosingStandardOutputStreams: Prevents accidentally closing System.{out,err} with try-with-resources

  • TruthContainsExactlyElementsInUsage: containsExactly is preferred over containsExactlyElementsIn when creating new iterables
  • UnnecessaryAsync: detects unnecessary use of async primitives in local (and hence single-threaded) scopes
  • ReturnAtTheEndOfVoidFunction: detects unnecessary return statements at the end of void functions

  • MultimapKeys: Suggests using keySet() instead of iterating over Multimap.keys(), which does not collapse duplicates

  • Bug fixes and improvements:

  • Don't complain about literal IP addresses in AddressSelection

  • Prevent SuggestedFixes#renameMethod from modifying return type declaration
  • Fix UnusedVariable false positives for private record parameters
  • When running in conservative mode, no longer assume that implementations of Map.get, etc. return null
  • CanIgnoreReturnValueSuggester: Support additional exempting method annotations
  • UnusedVariable: exclude junit5's @RegisterExtension
  • Support running all available patch checks
  • Upgrade java-diff-utils 4.0 -> 4.12
  • Flag unused Refaster template parameters
  • Support @SuppressWarnings("all")
  • Prevent Refaster UMemberSelect from matching method parameters
  • MissingDefault : Don't require // fall out comments on expression switches
  • Skip UnnecessaryLambda findings for usages in enhanced for loops
  • Fix bug where nested MissingBraces violations' suggested fixes result in broken code
  • Add support for specifying exemptPrefixes/exemptNames for UnusedVariable via flags
  • UnusedMethod: Added exempting variable annotations

• Changes of version 2.21.1:

  • Handle overlapping ranges in suppressedRegions
  • Add AddressSelection to discourage APIs that convert a hostname to a single address

• Changes of version 2.21.0:

  • New Checkers:

  • AttemptedNegativeZero: Prevents accidental use of -0, which is the same as 0. The floating-point negative zero is -0.0.

  • ICCProfileGetInstance: Warns on uses of ICC_Profile.getInstance(String), due to JDK-8191622.
  • MutableGuiceModule: Fields in Guice modules should be final.
  • NullableOptional: Discourages @Nullable-annotated Optionals.

  • OverridingMethodInconsistentArgumentNamesChecker: Arguments of overriding method are inconsistent with overridden method.

  • Fixed issues:

  • Avoid MemberName IOOBE on lambda parameters inside overriding methods

  • Improve LockOnNonEnclosingClassLiteral documentation
  • Security scan reported high CVE for com.google.guava:guava:31.1-jre
  • Upgrade guava to 32.0.1
  • Proposal: checker to prevent other checkers from calling javac methods that changed across JDKs
  • Add support in ASTHelpersSuggestions for getEnclosedElements

• Changes of version 2.20.0:

  • This release is compatible with early-access builds of JDK 21.
  • New Checkers: InlineTrivialConstant, UnnecessaryStringBuilder, BanClassLoader, DereferenceWithNullBranch, DoNotUseRuleChain, LockOnNonEnclosingClassLiteral, MissingRefasterAnnotation, NamedLikeContextualKeyword, NonApiType

  • Fixes issues:

  • Introduce MissingRefasterAnnotation checker

  • Fix minor typo in URepeated
  • Drop unused constant Template#AUTOBOXING_DEFAULT

  • Introduce command-line flag -XepAllSuggestionsAsWarnings

  • JDK21 compatibility

  • Add OSGi runtime metadata to error-prone's MANIFEST.MF files

  • Use EISOP Checker Framework version 3.34.0-eisop1

  • NotJavadoc pattern does not allow Javadoc on module declarations
  • ErrorProneInjector incorrectly picks up the no-args constructor
  • Several high CVEs related to dependency com.google.protobuf:protobuf-java:3.19.2
  • Upgrade protobuf-java to 3.19.6

• Changes of version 2.19.1:

  • This release fixes a binary compatibility issue when running on JDK 11

• Changes of version 2.19.0:

  • New Checkers: NotJavadoc, StringCaseLocaleUsage, UnnecessaryTestMethodPrefix

  • Fixes issues:

  • Exclude inner classes annotated with @Nested from ClassCanBeStatic rule

  • Optimize VisitorState#getSymbolFromName
  • ClassCanBeStatic: Exclude JUnit @Nested classes
  • BadImport: flag static import of newInstance methods
  • Support given for enforcing DirectInvocationOnMock: issue 3396
  • Handle yield statement case in ASTHelpers#targetType
  • Should ASTHelpers.getSymbol(Tree) be annotated with @Nullable?
  • Fix '@' character in javadoc code snippets
  • Replace guava cache with caffeine
  • Discourage APIs locale-dependent APIs like String.to{Lower,Upper}Case
  • Introduce StringCaseLocaleUsage check

• Changes of version 2.18.0:

  • New Checkers: InjectOnBugCheckers, LabelledBreakTarget, UnusedLabel, YodaCondition

  • Fixes issues:

  • @SuppressWarnings("InlineFormatString") doesn't work

  • Refaster: support method invocation type argument inlining
  • java.lang.IllegalArgumentException: Cannot edit synthetic AST nodes with specific record constructor
  • Rename class to match filename
  • Optimize VisitorState#getSymbolFromName
  • refactor: refactor bad smell UnusedLabel
  • LambdaFunctionalInterface crash with IllegalArgumentException when processing an enum constructor taking a lambda
  • Fix JDK 20-ea build compatibility
  • UngroupedOverloads: ignore generated constructors
  • [errorprone 2.17.0] NPE in StatementSwitchToExpressionSwitch.analyzeSwitchTree
  • StatementSwitchToExpressionSwitch: handle empty statement blocks
  • StatementSwitchToExpressionSwitch: only trigger on compatible target versions
  • Fix Finalize bugpattern to match protected finalize()
  • Make MemoizeConstantVisitorStateLookups check suppressible

• Changes of version 2.17.0:

  • New Checkers: AvoidObjectArrays, Finalize, IgnoredPureGetter, ImpossibleNullComparison, MathAbsoluteNegative, NewFileSystem, StatementSwitchToExpressionSwitch, UnqualifiedYield

  • Fixed issues:

  • InvalidParam warning on Javadoc for Java record components

  • UnusedMethod flags @JsonValue methods as unused
  • UnusedMethod: Add more JPA lifecycle annotations or make annotations configurable
  • UnusedMethod: Support additional exempting method annotations
  • Have InvalidParam support records
  • Fix -XepDisableAllWarnings flag when passed on its own
  • ASTHelpersSuggestions does not flag call to packge() on com.sun.tools.javac.code.Symbol.ClassSymbol
  • @SupressWarnings on record compact constructor causes crash

• Changes of version 2.16.0:

  • New Checkers: ASTHelpersSuggestions, CanIgnoreReturnValueSuggester, LenientFormatStringValidation, UnnecessarilyUsedValue
  • Fixed issues:
  • Avoid using non-ASCII Unicode characters outside of comments and literals
  • NullPointerException thrown during analysis
  • NPE analysing new style switch statement (2.14.0)
  • ImmutableChecker handles null types
  • Drop pre-JDK 11 logic from Refaster's Inliner class

• Changes of version 2.15.0:

  • New Checkers: BuilderReturnThis, CanIgnoreReturnValueSuggester, CannotMockFinalClass, CannotMockFinalMethod, DirectInvocationOnMock, ExtendsObject, MockNotUsedInProduction, NoCanIgnoreReturnValueOnClasses, NullArgumentForNonNullParameter, SelfAlwaysReturnsThis, UnsafeWildcard, UnusedTypeParameter

• Changes of version 2.14.0:

  • New checkers: BanJNDI, EmptyTopLevelDeclaration, ErroneousBitwiseExpression, FuzzyEqualsShouldNotBeUsedInEqualsMethod, Interruption, NullableOnContainingClass

• Changes of version 2.13.1:

  • Fix a crash in UnnecessaryBoxedVariable
  • Include the unicode character in the diagnostic message

• Changes of version 2.13.0:

  • Handle all annotations with the simple name Generated in -XepDisableWarningsInGeneratedCode
  • Reconcile BugChecker#isSuppressed with suppression handling in ErrorProneScanner
  • Fix a bug in enclosingPackage
  • Improve performance of fix application
  • Implicitly treat @AutoBuilder setter methods as @CanIgnoreReturnValue.
  • Remove some obsolete checks (PublicConstructorForAbstractClass, HashCodeToString)

• Changes of version 2.12.1:

  • This release adds an infrastructure optimization to AppliedFix source code processing.

• Changes of version 2.12.0:

  • New checks: BoxedPrimitiveEquality, DoubleBraceInitialization, IgnoredPureGetter, LockOnBoxedPrimitive, IncorrectMainMethod, LongDoubleConversion, RobolectricShadowDirectlyOn, StaticAssignmentOfThrowable, UnnecessaryLongToIntConversion, Varifier

• Do not require maven-javadoc-plugin as it's not being used

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
  zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1956=1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1956=1
• SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1956=1
• SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1956=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1956=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP3
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1956=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP4
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1956=1
• SUSE Enterprise Storage 7.1
  zypper in -t patch SUSE-Storage-7.1-2024-1956=1
• openSUSE Leap 15.5
  zypper in -t patch openSUSE-SLE-15.5-2024-1956=1
• openSUSE Leap 15.6
  zypper in -t patch openSUSE-SLE-15.6-2024-1956=1
• Development Tools Module 15-SP5
  zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-1956=1
• Development Tools Module 15-SP6
  zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-1956=1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1956=1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1956=1
• SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1956=1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1956=1

Package List:

• SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
  • guava-33.1.0-150200.3.10.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
  • guava-33.1.0-150200.3.10.1
• SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
  • guava-33.1.0-150200.3.10.1
• SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
  • guava-33.1.0-150200.3.10.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
  • guava-33.1.0-150200.3.10.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
  • guava-33.1.0-150200.3.10.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
  • guava-33.1.0-150200.3.10.1
• SUSE Enterprise Storage 7.1 (noarch)
  • guava-33.1.0-150200.3.10.1
• openSUSE Leap 15.5 (noarch)
  • guava-javadoc-33.1.0-150200.3.10.1
  • google-errorprone-annotation-2.26.1-150200.5.6.1
  • google-errorprone-parent-2.26.1-150200.5.6.1
  • google-errorprone-docgen_processor-2.26.1-150200.5.6.1
  • google-errorprone-javadoc-2.26.1-150200.5.6.1
  • guava-33.1.0-150200.3.10.1
  • google-errorprone-type_annotations-2.26.1-150200.5.6.1
  • guava-testlib-33.1.0-150200.3.10.1
• openSUSE Leap 15.6 (noarch)
  • guava-javadoc-33.1.0-150200.3.10.1
  • google-errorprone-annotation-2.26.1-150200.5.6.1
  • google-errorprone-parent-2.26.1-150200.5.6.1
  • google-errorprone-docgen_processor-2.26.1-150200.5.6.1
  • google-errorprone-javadoc-2.26.1-150200.5.6.1
  • guava-33.1.0-150200.3.10.1
  • google-errorprone-type_annotations-2.26.1-150200.5.6.1
  • guava-testlib-33.1.0-150200.3.10.1
• Development Tools Module 15-SP5 (noarch)
  • guava-33.1.0-150200.3.10.1
• Development Tools Module 15-SP6 (noarch)
  • guava-33.1.0-150200.3.10.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
  • guava-33.1.0-150200.3.10.1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
  • guava-33.1.0-150200.3.10.1
• SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
  • guava-33.1.0-150200.3.10.1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
  • guava-33.1.0-150200.3.10.1