build(deps): bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.4.0 to 4.9.6.0

[dependabot]

Bumps com.github.spotbugs:spotbugs-maven-plugin from 4.9.4.0 to 4.9.6.0.

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.9.6.0

• Supports spotbugs 4.9.6
• note: 4.9.5 had a defect with detection of jakarta in servlets that was unexpected and quickly patched for this release.

Spotbugs Maven Plugin 4.9.5.0

• Support spotbugs 4.9.5

Spotbugs Maven Plugin 4.9.4.2

Consumer

• Add support for 'chooseVisitors'
• Minor code cleanup
• Still supports spotbugs 4.9.4

Producer

• Remove add opens from jvm.config as no longer needed

Spotbugs Maven Plugin 4.9.4.1

Consumer

• Cleanup readme to better support plugin
• Dropped direct usage of plexus utils and commons io
• Groovy 5 now run engine
• Correct issue since 4.9.2.0 resulting in most runs getting spotbugs.html file incorrectly. This has been refactored to restore doxia 1 overrides to produce xml report only when not running in site lifecycle
• Correct defects with handling of various files on disk such as exclusion filters that were introduced into 4.9.4.0. Integration tests have been applied to prevent future regression.
• Commons io fileutils replaced by files.walk with detailed output moved to debug collection only rather than all runs
• Normalization of path to linux style
• Any regex usage is now precompiled
• Use re-entrant lock for source indexer
• Correct locale usage to use default if not given
• Block doctype and XXE when processing xml files
• Cleanup some fields from resources and in code never used

Producer

• Pin versions of github actions tools
• Run maven 3.6.3 integration test on windows to get more broad support
• Run maven integration test on mac to get more broad support
• Maven 4 integration tests will continue on linux
• Fix maven wrapper perceived path traversal issue
• Corrections to invoker to re-establish integration test verification's
• Fix bugs in integration tests
• Better secure xml usage in integration tests
• Cleanup integration test warnings
• Make sure transfer of artifacts is correctly disabled on integration tests

Commits

• 9e8ce9d [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.6.0
• 96d5347 [pom] Bump spotbugs to 4.9.6
• 3408913 Merge pull request #1210 from spotbugs/renovate/spotbugs.version
• 13c11ab Update dependency com.github.spotbugs:spotbugs to v4.9.6
• 560c469 Merge pull request #1208 from spotbugs/release/4.9.5.0
• 7cf0beb [maven-release-plugin] prepare for next development iteration
• 9cd9b6f [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.5.0
• 3171de8 Set version for next release to 4.9.5.0 snapshot
• 7770420 Merge pull request #1207 from spotbugs/renovate/spotbugs.version
• 03f9784 Update dependency com.github.spotbugs:spotbugs to v4.9.5
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[o-kopysov]

LGTM

[t-naumenko]

LGTM

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.58%. Comparing base (9223169) to head (ac5e0d7).

Additional details and impacted files

@@            Coverage Diff            @@
##               main     #787   +/-   ##
=========================================
  Coverage     93.58%   93.58%           
  Complexity      414      414           
=========================================
  Files            30       30           
  Lines          1761     1761           
  Branches        225      225           
=========================================
  Hits           1648     1648           
  Misses           49       49           
  Partials         64       64           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.