Merge pull request #527 from xdev-software/develop

Release

Author: AB-xdev

.config/checkstyle/checkstyle.xml

@@ -52,6 +52,7 @@
 	<module name="TreeWalker">
 		<!-- Checks - sorted alphabetically -->
 		<module name="ArrayTypeStyle"/>
+		<module name="AvoidDoubleBraceInitialization"/>
 		<module name="AvoidStarImport"/>
 		<module name="ConstantName"/>
 		<module name="DefaultComesLast"/>
@@ -68,6 +69,11 @@
 		<module name="FinalParameters"/>
 		<module name="GenericWhitespace"/>
 		<module name="HideUtilityClassConstructor"/>
+		<module name="IllegalCatch">
+			<!-- https://docs.pmd-code.org/pmd-doc-7.11.0/pmd_rules_java_errorprone.html#avoidcatchingnpe -->
+			<!-- https://docs.pmd-code.org/pmd-doc-7.11.0/pmd_rules_java_errorprone.html#avoidcatchingthrowable -->
+			<property name="illegalClassNames" value="Error,Throwable,NullPointerException,java.lang.Error,java.lang.Throwable,java.lang.NullPointerException"/>
+		</module>
 		<module name="IllegalImport"/>
 		<module name="InterfaceIsType"/>
 		<module name="JavadocStyle">
@@ -93,7 +99,6 @@
 		<module name="MethodParamPad"/>
 		<module name="MissingDeprecated"/>
 		<module name="MissingOverride"/>
-		<module name="MissingSwitchDefault"/>
 		<module name="ModifierOrder"/>
 		<module name="NeedBraces"/>
 		<module name="NoClone"/>
@@ -122,7 +127,13 @@
 		</module>
 		<module name="TypecastParenPad"/>
 		<module name="TypeName"/>
+		<module name="UnnecessaryParentheses"/>
+		<module name="UnnecessarySemicolonAfterOuterTypeDeclaration"/>
+		<module name="UnnecessarySemicolonAfterTypeMemberDeclaration"/>
+		<module name="UnnecessarySemicolonInEnumeration"/>
+		<module name="UnnecessarySemicolonInTryWithResources"/>
 		<module name="UnusedImports"/>
+		<module name="UnusedLocalVariable"/>
 		<module name="UpperEll"/>
 		<module name="VisibilityModifier">
 			<property name="packageAllowed" value="true"/>

.config/pmd/ruleset.xml

@@ -10,16 +10,38 @@
 
 	<!-- Only rules that don't overlap with CheckStyle! -->
 
+	<rule ref="category/java/bestpractices.xml/AvoidPrintStackTrace"/>
+	<rule ref="category/java/bestpractices.xml/AvoidStringBufferField"/>
 	<rule ref="category/java/bestpractices.xml/AvoidUsingHardCodedIP"/>
+	<rule ref="category/java/bestpractices.xml/ConstantsInInterface"/>
+	<rule ref="category/java/bestpractices.xml/ExhaustiveSwitchHasDefault"/>
+	<rule ref="category/java/bestpractices.xml/LiteralsFirstInComparisons"/>
+	<!-- CheckStyle can't handle this switch behavior -> delegated to PMD -->
+	<rule ref="category/java/bestpractices.xml/NonExhaustiveSwitch"/>
+	<rule ref="category/java/bestpractices.xml/OneDeclarationPerLine">
+		<properties>
+			<property name="strictMode" value="true"/>
+		</properties>
+	</rule>
 	<rule ref="category/java/bestpractices.xml/PreserveStackTrace"/>
+	<rule ref="category/java/bestpractices.xml/SimplifiableTestAssertion"/>
+	<rule ref="category/java/bestpractices.xml/SystemPrintln"/>
+	<rule ref="category/java/bestpractices.xml/UnusedAssignment"/>
+	<rule ref="category/java/bestpractices.xml/UnusedFormalParameter"/>
+	<rule ref="category/java/bestpractices.xml/UnusedPrivateField"/>
+	<rule ref="category/java/bestpractices.xml/UnusedPrivateMethod"/>
 	<rule ref="category/java/bestpractices.xml/UseCollectionIsEmpty"/>
+	<rule ref="category/java/bestpractices.xml/UseEnumCollections"/>
 	<rule ref="category/java/bestpractices.xml/UseStandardCharsets"/>
+	<rule ref="category/java/bestpractices.xml/UseTryWithResources"/>
 
 	<!-- Native code is platform dependent; Loading external native libs might pose a security threat -->
 	<rule ref="category/java/codestyle.xml/AvoidUsingNativeCode"/>
 	<rule ref="category/java/codestyle.xml/IdenticalCatchBranches"/>
+	<rule ref="category/java/codestyle.xml/LambdaCanBeMethodReference"/>
 	<rule ref="category/java/codestyle.xml/NoPackage"/>
 	<rule ref="category/java/codestyle.xml/PrematureDeclaration"/>
+	<rule ref="category/java/codestyle.xml/UnnecessarySemicolon"/>
 
 	<rule ref="category/java/design.xml">
 		<!-- Sometimes abstract classes have just fields -->
@@ -76,9 +98,6 @@
 
 		<!-- Limit too low -->
 		<exclude name="UseObjectForClearerAPI"/>
-
-		<!-- Handled by checkstyle -->
-		<exclude name="UseUtilityClass"/>
 	</rule>
 
 	<rule ref="category/java/design.xml/AvoidDeeplyNestedIfStmts">
@@ -114,17 +133,33 @@
 		</properties>
 	</rule>
 
+	<rule ref="category/java/errorprone.xml/AssignmentToNonFinalStatic"/>
+	<rule ref="category/java/errorprone.xml/AvoidDecimalLiteralsInBigDecimalConstructor"/>
+	<rule ref="category/java/errorprone.xml/AvoidMultipleUnaryOperators"/>
 	<rule ref="category/java/errorprone.xml/AvoidUsingOctalValues"/>
 	<rule ref="category/java/errorprone.xml/BrokenNullCheck"/>
 	<rule ref="category/java/errorprone.xml/ComparisonWithNaN"/>
 	<rule ref="category/java/errorprone.xml/DoNotCallGarbageCollectionExplicitly"/>
 	<rule ref="category/java/errorprone.xml/DontImportSun"/>
+	<rule ref="category/java/errorprone.xml/DontUseFloatTypeForLoopIndices"/>
+	<rule ref="category/java/errorprone.xml/EqualsNull"/>
+	<rule ref="category/java/errorprone.xml/IdempotentOperations"/>
+	<rule ref="category/java/errorprone.xml/ImplicitSwitchFallThrough"/>
+	<rule ref="category/java/errorprone.xml/InstantiationToGetClass"/>
+	<rule ref="category/java/errorprone.xml/InvalidLogMessageFormat"/>
+	<rule ref="category/java/errorprone.xml/JumbledIncrementer"/>
 	<rule ref="category/java/errorprone.xml/MisplacedNullCheck"/>
+	<rule ref="category/java/errorprone.xml/MoreThanOneLogger"/>
+	<rule ref="category/java/errorprone.xml/NonStaticInitializer"/>
+	<rule ref="category/java/errorprone.xml/ReturnFromFinallyBlock"/>
+	<rule ref="category/java/errorprone.xml/SingletonClassReturningNewInstance"/>
+	<rule ref="category/java/errorprone.xml/UnconditionalIfStatement"/>
 	<rule ref="category/java/errorprone.xml/UnnecessaryCaseChange"/>
+	<rule ref="category/java/errorprone.xml/UselessOperationOnImmutable"/>
 
 
 	<rule ref="category/java/multithreading.xml">
-		<!-- Just bloats code -->
+		<!-- Just bloats code; improved in JEP-491/Java 24+ -->
 		<exclude name="AvoidSynchronizedAtMethodLevel"/>
 
 		<!-- NOPE -->
@@ -159,4 +194,25 @@
 	</rule>
 
 	<rule ref="category/java/security.xml"/>
+
+	<rule name="VaadinNativeHTMLUnsafe"
+		language="java"
+		message="Unescaped native HTML is unsafe and will result in XSS vulnerabilities"
+		class="net.sourceforge.pmd.lang.rule.xpath.XPathRule" >
+		<description>
+			Do not used native HTML! Use Vaadin layouts and components to create required structure.
+			If you are 100% sure that you escaped the value properly and you have no better options you can suppress this.
+		</description>
+		<priority>2</priority>
+		<properties>
+			<property name="xpath">
+				<value>
+<![CDATA[
+//ConstructorCall[pmd-java:typeIs('com.vaadin.flow.component.Html')] |
+//MethodCall[@MethodName='setAttribute' and //ImportDeclaration[starts-with(@PackageName,'com.vaadin')]]/ArgumentList/StringLiteral[1][contains(lower-case(@Image),'html')]
+]]>
+				</value>
+			</property>
+		</properties>
+	</rule>
 </ruleset>

.github/workflows/broken-links.yml

@@ -19,7 +19,7 @@ jobs:
 
       - name: Link Checker
         id: lychee
-        uses: lycheeverse/lychee-action@v2
+        uses: lycheeverse/lychee-action@1d97d84f0bc547f7b25f4c2170d87d810dc2fb2c # v2
         with:
           fail: false # Don't fail on broken links, create an issue instead
 
@@ -38,7 +38,7 @@ jobs:
 
       - name: Create Issue From File
         if: env.lychee_exit_code != 0
-        uses: peter-evans/create-issue-from-file@v5
+        uses: peter-evans/create-issue-from-file@e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd # v5
         with:
           issue-number: ${{ steps.find-issue.outputs.number }}
           title: Link Checker Report

.github/workflows/check-build.yml

@@ -127,7 +127,4 @@ jobs:
         name: pmd-report
         if-no-files-found: ignore
         path: |
-          target/site/*.html
-          target/site/css/**
-          target/site/images/logos/maven-feather.png
-          target/site/images/external.png
+          target/reports/**

.github/workflows/release.yml

@@ -26,7 +26,7 @@ jobs:
         cache: 'maven'
 
     - name: Build with Maven
-      run: ./mvnw -B clean package -Pproduction
+      run: ./mvnw -B clean package -Pproduction -T2C
 
     - name: Check for uncommited changes
       run: |
@@ -64,7 +64,7 @@ jobs:
       run: |
         mvnwPath=$(readlink -f ./mvnw)
         modules=("") # root
-        modules+=($(grep -ozP '(?<=module>)[^<]+' 'pom.xml' | tr -d '\0'))
+        modules+=($(grep -oP '(?<=<module>)[^<]+' 'pom.xml'))
         for i in "${modules[@]}"
         do
             echo "Processing $i/pom.xml"
@@ -89,7 +89,7 @@ jobs:
     
     - name: Create Release
       id: create_release
-      uses: shogo82148/actions-create-release@v1
+      uses: shogo82148/actions-create-release@e5f206451d4ace2da9916d01f1aef279997f8659 # v1
       with:
         tag_name: v${{ steps.version.outputs.release }}
         release_name: v${{ steps.version.outputs.release }}
@@ -124,7 +124,7 @@ jobs:
         git config --global user.name "GitHub Actions"
         git pull
     
-    - name: Set up JDK Apache Maven Central
+    - name: Set up JDK OSSRH
       uses: actions/setup-java@v4
       with: # running setup-java again overwrites the settings.xml
         java-version: '17'
@@ -135,7 +135,7 @@ jobs:
         gpg-passphrase: MAVEN_GPG_PASSPHRASE
         gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
 
-    - name: Publish to Apache Maven Central
+    - name: Publish to OSSRH
       run: ../mvnw -B deploy -Possrh -DskipTests
       env:
         MAVEN_CENTRAL_USERNAME: ${{ secrets.S01_OSS_SONATYPE_MAVEN_USERNAME }}
@@ -168,7 +168,7 @@ jobs:
       working-directory: ${{ env.PRIMARY_MAVEN_MODULE }}
 
     - name: Deploy to Github pages
-      uses: peaceiris/actions-gh-pages@v4
+      uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
         publish_dir: ./${{ env.PRIMARY_MAVEN_MODULE }}/target/site
@@ -191,7 +191,7 @@ jobs:
       run: |
         mvnwPath=$(readlink -f ./mvnw)
         modules=("") # root
-        modules+=($(grep -ozP '(?<=module>)[^<]+' 'pom.xml' | tr -d '\0'))
+        modules+=($(grep -oP '(?<=<module>)[^<]+' 'pom.xml'))
         for i in "${modules[@]}"
         do
             echo "Processing $i/pom.xml"

.github/workflows/sync-labels.yml

@@ -20,6 +20,6 @@ jobs:
         with:
           sparse-checkout: .github/labels.yml
 
-      - uses: EndBug/label-sync@v2
+      - uses: EndBug/label-sync@52074158190acb45f3077f9099fea818aa43f97a # v2
         with:
           config-file: .github/labels.yml

.github/workflows/update-from-template.yml

@@ -202,7 +202,7 @@ jobs:
           GH_TOKEN: ${{ secrets.UPDATE_FROM_TEMPLATE_PAT }}
         run: |
           not_failed_conclusion="skipped|neutral|success"
-          not_relevant_app_slug="dependabot|github-pages|sonarcloud"
+          not_relevant_app_slug="dependabot|github-pages|sonarqubecloud"
 
           echo "Waiting for checks to start..."
           sleep 40s
@@ -212,7 +212,7 @@ jobs:
 
             echo "Checking if update-branch-merged exists"
             git fetch
-            if [[ $(git rev-parse origin/${{ env.UPDATE_BRANCH_MERGED }}) ]]; then
+            if [[ $(git ls-remote --heads origin refs/heads/${{ env.UPDATE_BRANCH_MERGED }}) ]]; then
               echo "Branch still exists; Continuing..."
             else
               echo "Branch origin/${{ env.UPDATE_BRANCH_MERGED }} is missing"

CHANGELOG.md

@@ -1,3 +1,6 @@
+## 4.6.1
+* Updated dependencies
+
 ## 4.6.0
 * Changed all occurrences of ``Integer`` and ``Double`` to ``Number`` for improved compatibility with Leaflet's API
 * Updated OpenStreetMap's Tile-Server address to ``tile.openstreetmap.org`` [openstreetmap/operations#737](https://github.com/openstreetmap/operations/issues/737)

pom.xml

@@ -26,7 +26,7 @@
 
 	<licenses>
 		<license>
-			<name>Apache License, Version 2.0</name>
+			<name>Apache-2.0</name>
 			<url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
 			<distribution>repo</distribution>
 		</license>
@@ -45,7 +45,7 @@
 							<dependency>
 								<groupId>com.puppycrawl.tools</groupId>
 								<artifactId>checkstyle</artifactId>
-								<version>10.21.2</version>
+								<version>10.23.0</version>
 							</dependency>
 						</dependencies>
 						<configuration>
@@ -82,12 +82,12 @@
 							<dependency>
 								<groupId>net.sourceforge.pmd</groupId>
 								<artifactId>pmd-core</artifactId>
-								<version>7.10.0</version>
+								<version>7.12.0</version>
 							</dependency>
 							<dependency>
 								<groupId>net.sourceforge.pmd</groupId>
 								<artifactId>pmd-java</artifactId>
-								<version>7.10.0</version>
+								<version>7.12.0</version>
 							</dependency>
 						</dependencies>
 					</plugin>

vaadin-maps-leaflet-flow-demo/pom.xml

@@ -29,9 +29,9 @@
 		<mainClass>software.xdev.vaadin.Application</mainClass>
 
 		<!-- Dependency-Versions -->
-		<vaadin.version>24.6.5</vaadin.version>
+		<vaadin.version>24.7.2</vaadin.version>
 
-		<org.springframework.boot.version>3.4.2</org.springframework.boot.version>
+		<org.springframework.boot.version>3.4.4</org.springframework.boot.version>
 	</properties>
 
 	<dependencyManagement>
@@ -126,7 +126,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.13.0</version>
+				<version>3.14.0</version>
 				<configuration>
 					<release>${maven.compiler.release}</release>
 					<compilerArgs>

vaadin-maps-leaflet-flow-demo/src/main/java/software/xdev/vaadin/Application.java

@@ -9,6 +9,7 @@
 import com.vaadin.flow.spring.annotation.EnableVaadin;
 
 
+@SuppressWarnings({"checkstyle:HideUtilityClassConstructor", "PMD.UseUtilityClass"})
 @SpringBootApplication
 @EnableVaadin
 @Push

vaadin-maps-leaflet-flow-demo/src/main/java/software/xdev/vaadin/maps/leaflet/flow/demo/MultiLayerWithPyramidDemo.java

@@ -84,6 +84,7 @@ public class MultiLayerWithPyramidDemo extends HorizontalLayout
 
 	private LLayerGroup activeLayerGroup;
 
+	@SuppressWarnings("PMD.UnusedAssignment") // FP activeLayerGroup is used
 	public MultiLayerWithPyramidDemo()
 	{
 		// Let the view use 100% of the site

vaadin-maps-leaflet-flow-demo/src/main/resources/application.yml

@@ -1,5 +1,8 @@
 vaadin:
   allowed-packages: software/xdev,com/vaadin/flow
+  devmode:
+    usageStatistics:
+      enabled: false
 
 spring:
   devtools: