deps(deps): bump com.uber.nullaway:nullaway from 0.12.7 to 0.13.6

[dependabot]

Bumps com.uber.nullaway:nullaway from 0.12.7 to 0.13.6.

Release notes

Sourced from com.uber.nullaway:nullaway's releases.

NullAway 0.13.6

(NOTE: originally these notes appeared with the 0.13.5 release, but that release was pushed incorrectly due to an error in our release process.)

Includes various bug fixes, particularly in JSpecify mode. Also, the nullaway-annotations artifact now includes a @Contract annotation. NullAway also now has a built-in handler to reason about field initialization in classes managed by Jakarta Persistence.

Work has begun on support for wildcards in JSpecify mode. Currently, this support is off by default, guarded by the configuration flag HandleWildcardGenerics. The support still has multiple known bugs, and we do not yet recommend enabling it.

• Initial subtype checking for wildcards (#1520)
• Handle subtype checking for wildcard super bounds (#1547)
• Handle most remaining wildcard subtyping / containment cases (#1548)
• Test case for #1528 (#1556)
• Initial inference for wildcards (#1549)
• Fix wildcard inference bug with method references (#1553)
• Fix nullability for return and parameter wildcards (#1558)
• Test case for trick to assert chain of accesses is non-null (#1566)
• Improve inference failure error message (#1567)
• Adjust more TreePaths to have correct leaf before calling getTreeType (#1570)
• Add Contract annotation to nullaway-annotations by @​codingkiddo (#1569)
• Run inference for generic method calls nested inside receivers (#1571)
• Refactor hasAnyAnnotationMatching method (#1583)
• Improve handling of var-declared local variables (#1573)
• Compensate for more annotations inserted by javac (#1574)
• Enable test for issue 1500 and add comment (#1560)
• Use ground target types when handling lambdas and method refs passed to generic methods (#1575)
• Fix for unbounded wildcard passed to @NullUnmarked type variable (#1577)
• Detect and warn on annotations directly on wildcard types (#1579)
• Enable HandleWildcardGenerics flag when building NullAway (#1586)
• Report error when @​Initializer is used on a constructor by @​Vinu2111 (#1546)
• Add a handler for Jakarta Persistence to reason about field initialization (#1584)
• Revert "Report error when @​Initializer is used on a constructor (#1546)" (#1588)
• Maintenance
  • Use Jacoco 0.8.15 snapshot (#1550)
  • Update to Gradle 9.5.0 (#1554)
  • Test with latest Error Prone snapshot on CI (#1555)
  • Add Spring Boot as an integration test (#1557)
  • Enable generic bytecode tests on JDK 17 (#1561)
  • Update spotless and guava-latest deps, removed unused semver4j (#1562)
  • Use text blocks in more tests (#1563)
  • Use text blocks for addInputLines and addOutputLines calls (#1564)
  • Use Temurin JDK 17 always in CI (#1565)
  • Tell agents not to run multiple Gradle builds in parallel (#1582)
  • Update Codecov action to v6 (#1587)

NullAway 0.13.5

DO NOT USE THIS RELEASE. It was pushed incorrectly due to an error in our release process.

... (truncated)

Changelog

Sourced from com.uber.nullaway:nullaway's changelog.

Version 0.13.6

(NOTE: originally these notes appeared with the 0.13.5 release, but that release was pushed incorrectly due to an error in our release process.)

Includes various bug fixes, particularly in JSpecify mode. Also, the nullaway-annotations artifact now includes a @Contract annotation. NullAway also now has a built-in handler to reason about field initialization in classes managed by Jakarta Persistence.

Work has begun on support for wildcards in JSpecify mode. Currently, this support is off by default, guarded by the configuration flag HandleWildcardGenerics. The support still has multiple known bugs, and we do not yet recommend enabling it.

• Initial subtype checking for wildcards (#1520)
• Handle subtype checking for wildcard super bounds (#1547)
• Handle most remaining wildcard subtyping / containment cases (#1548)
• Test case for #1528 (#1556)
• Initial inference for wildcards (#1549)
• Fix wildcard inference bug with method references (#1553)
• Fix nullability for return and parameter wildcards (#1558)
• Test case for trick to assert chain of accesses is non-null (#1566)
• Improve inference failure error message (#1567)
• Adjust more TreePaths to have correct leaf before calling getTreeType (#1570)
• Add Contract annotation to nullaway-annotations by @​codingkiddo (#1569)
• Run inference for generic method calls nested inside receivers (#1571)
• Refactor hasAnyAnnotationMatching method (#1583)
• Improve handling of var-declared local variables (#1573)
• Compensate for more annotations inserted by javac (#1574)
• Enable test for issue 1500 and add comment (#1560)
• Use ground target types when handling lambdas and method refs passed to generic methods (#1575)
• Fix for unbounded wildcard passed to @NullUnmarked type variable (#1577)
• Detect and warn on annotations directly on wildcard types (#1579)
• Enable HandleWildcardGenerics flag when building NullAway (#1586)
• Report error when @​Initializer is used on a constructor by @​Vinu2111 (#1546)
• Add a handler for Jakarta Persistence to reason about field initialization (#1584)
• Revert "Report error when @​Initializer is used on a constructor (#1546)" (#1588)
• Maintenance
  • Use Jacoco 0.8.15 snapshot (#1550)
  • Update to Gradle 9.5.0 (#1554)
  • Test with latest Error Prone snapshot on CI (#1555)
  • Add Spring Boot as an integration test (#1557)
  • Enable generic bytecode tests on JDK 17 (#1561)
  • Update spotless and guava-latest deps, removed unused semver4j (#1562)
  • Use text blocks in more tests (#1563)
  • Use text blocks for addInputLines and addOutputLines calls (#1564)
  • Use Temurin JDK 17 always in CI (#1565)
  • Tell agents not to run multiple Gradle builds in parallel (#1582)
  • Update Codecov action to v6 (#1587)

... (truncated)

Commits

• fa850b5 Prepare for release 0.13.6.
• e188182 Notes for 0.13.6 release (#1592)
• c09d202 Add 0.13.5 release notes to changelog (#1589)
• d9d0392 Revert "Report error when @​Initializer is used on a constructor (#1546)" (#1588)
• ec978b9 Update Codecov action to v6 (#1587)
• 69ba115 Add a handler for Jakarta Persistence to reason about field initialization (#...
• 661f374 Report error when @​Initializer is used on a constructor (#1546)
• f790ac9 Enable HandleWildcardGenerics flag when building NullAway (#1586)
• 31b14ce Detect and warn on annotations directly on wildcard types (#1579)
• c183d49 Fix for unbounded wildcard passed to @NullUnmarked type variable (#1577)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, java. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None