Skip to content

Alexeyk/bump spotbugs#11879

Open
AlexeyKuznetsov-DD wants to merge 12 commits into
masterfrom
alexeyk/bump-spotbugs
Open

Alexeyk/bump spotbugs#11879
AlexeyKuznetsov-DD wants to merge 12 commits into
masterfrom
alexeyk/bump-spotbugs

Conversation

@AlexeyKuznetsov-DD

Copy link
Copy Markdown
Contributor

What Does This Do

Bumps version:

  • SpotBugs Gradle plugin (6.5.56.5.6)
  • spotbugs-annotations (4.9.84.10.2)

Motivation

Keep SpotBugs current so spotbugsMain stays green on the latest detectors and we pick up upstream fixes.

Additional Notes

No production behavior changes — annotation and comment additions only.
I will mention in PR comments for codeowners to review findings.

@AlexeyKuznetsov-DD AlexeyKuznetsov-DD self-assigned this Jul 7, 2026
@AlexeyKuznetsov-DD AlexeyKuznetsov-DD added tag: no release notes Changes to exclude from release notes comp: tooling Build & Tooling dependencies Pull requests that update a dependency file labels Jul 7, 2026

@AlexeyKuznetsov-DD AlexeyKuznetsov-DD left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review requested for every new suppression.


@SuppressFBWarnings(
value = "USO_UNSAFE_STATIC_METHOD_SYNCHRONIZATION",
justification = "Agent-internal holder; Class lock does not escape to application code")

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@typotter Please confirm that this suppression is correct.

Comment on lines +22 to +24
@SuppressFBWarnings(
value = "USO_UNSAFE_STATIC_METHOD_SYNCHRONIZATION",
justification = "Agent-internal holder; Class lock does not escape to application code")

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@typotter Please confirm that this suppression is correct.

Comment on lines +79 to +81
@SuppressFBWarnings(
value = "USO_UNSAFE_STATIC_METHOD_SYNCHRONIZATION",
justification = "Agent-internal class; Class object does not escape to application code")

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jpbempel Please confirm that this suppression is correct.

Comment on lines +40 to +42
@SuppressFBWarnings(
value = "UNS_UNSAFE_CALL",
justification = "Intentional sun.misc.Unsafe wrapper for shallow cloning")

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@daniel-mohedano Please confirm that this suppression is correct.

Comment on lines +24 to +27
@SuppressFBWarnings(
value = "USO_UNSAFE_STATIC_METHOD_SYNCHRONIZATION",
justification =
"Agent-internal holder; AgentMeter.class is not exposed to instrumented app code")

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@PerfectSlayer Please confirm that this suppression is correct.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, same logic as AgentTracer

Comment on lines +133 to +137
@SuppressFBWarnings(
value = {"USO_UNSAFE_METHOD_SYNCHRONIZATION", "USO_UNSAFE_STATIC_METHOD_SYNCHRONIZATION"},
justification =
"Static synchronized method guards the shared static MessageDigest and byte[] buffer; the"
+ " Dependency.class lock is internal and not exposed to application code.")

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ValentinZakharov Please confirm that this suppression is correct.

@AlexeyKuznetsov-DD AlexeyKuznetsov-DD marked this pull request as ready for review July 7, 2026 19:54
@AlexeyKuznetsov-DD AlexeyKuznetsov-DD requested review from a team as code owners July 7, 2026 19:54
@AlexeyKuznetsov-DD AlexeyKuznetsov-DD requested review from PerfectSlayer and ojung and removed request for a team July 7, 2026 19:54
@AlexeyKuznetsov-DD AlexeyKuznetsov-DD requested review from mtoffl01 and removed request for a team July 7, 2026 19:54

@datadog-datadog-prod-us1-2 datadog-datadog-prod-us1-2 Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Datadog Autotest: PASS

More details

This PR safely bumps SpotBugs versions (plugin 6.5.5→6.5.6, annotations 4.9.8→4.10.2) and adds @SuppressFBWarnings annotations for pre-existing synchronization patterns in agent-internal code. No production behavior changes—annotations are compile-time markers only. All imports, syntax, and version compatibility verified.

Was this helpful? React 👍 or 👎

📊 Validated against 5 scenarios · Open Bits AI session

🤖 Datadog Autotest · Commit b72f8de · What is Autotest? · Any feedback? Reach out in #autotest

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b72f8dea84

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread gradle/libs.versions.toml
@AlexeyKuznetsov-DD AlexeyKuznetsov-DD added tag: dependencies Dependencies related changes and removed dependencies Pull requests that update a dependency file labels Jul 7, 2026
@DataDog DataDog deleted a comment from dd-octo-sts Bot Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

comp: tooling Build & Tooling tag: dependencies Dependencies related changes tag: no release notes Changes to exclude from release notes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants