<div class="container">
<h1>Recommended update for google-errorprone, guava</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-RU-2024:1956-2</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2024-11-11T08:48:42Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Manager Server 4.3</li>
<li class="list-group-item">SUSE Manager Server 4.3 Module 4.3</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that can now be installed.</p>
<h2>Description:</h2>
<p>This update for google-errorprone, guava fixes the following issues:</p>
<p>guava: </p>
<ul>
<li>
<p>guava was updated to version 33.1.0:</p>
</li>
<li>
<p>Changes of version 33.1.0:</p>
<ul>
<li>Updated our Error Prone dependency to 2.26.1, which includes
a JPMS-ready jar of annotations. If you use the Error Prone
annotations in a modular build of your own code, you may need
to add a requires line for them.</li>
<li>base: Added a Duration overload for
Suppliers.memoizeWithExpiration.</li>
<li>base: Deprecated the remaining two overloads of
Throwables.propagateIfPossible. They won't be deleted, but we
recommend migrating off them.</li>
<li>cache: Fixed a bug that could cause false "recursive load"
reports during refresh.</li>
<li>graph: Changed the return types of transitiveClosure() and
reachableNodes() to Immutable* types. reachableNodes() already
returned an immutable object (even though that was not
reflected in the declared return type); transitiveClosure()
used to return a mutable object. The old signatures remain
available, so this change does not break binary compatibility.</li>
<li>graph: Changed the behavior of views returned by graph
accessor methods that take a graph element as input: They now
throw IllegalStateException when that element is removed from
the graph.</li>
<li>hash: Optimized Checksum-based hash functions for Java 9+.</li>
<li>testing: Exposed FakeTicker Duration methods to Android users.</li>
<li>util.concurrent: Deprecated the constructors of
UncheckedExecutionException and ExecutionError that don't
accept a cause. We won't remove these constructors, but we
recommend migrating off them, as users of those classes often
assume that instances will contain a cause.</li>
<li>util.concurrent: Improved the correctness of racy accesses for
J2ObjC users.</li>
</ul>
</li>
<li>
<p>Changes of version 33.0.0:</p>
<ul>
<li>This version of guava-android contains some package-private
methods whose signature includes the Java 8 Collector API.
This is a test to identify any problems before we expose those
methods publicly to users. Please report any problems that you
encounter.</li>
<li>Changed various classes to catch Exception instead of
RuntimeException even when only RuntimeException is
theoretically possible. This can help code that throws
undeclared exceptions, as some bytecode rewriters (e.g.,
Robolectric) and languages (e.g., Kotlin) do.</li>
<li>Added an Automatic-Module-Name to failureaccess, Guava's one
strong runtime dependency.</li>
<li>reflect: In guava-android only, removed
Invokable.getAnnotatedReturnType() and
Parameter.getAnnotatedType(). These methods never worked in an
Android VM, and to reflect that, they were born @Deprecated,
@Beta, and @DoNotCall. They're now preventing us from rolling
out some new Android compatibility testing. This is the only
binary-incompatible change in this release, and it should have
no effect in practice. Still, we bump the major version number
to follow Semantic Versioning.</li>
<li>util.concurrent: Changed our implementations to avoid eagerly
initializing loggers during class loading. This can help
performance, especially under Android.</li>
</ul>
</li>
<li>
<p>Changes of version 32.1.3:</p>
<ul>
<li>Changed Gradle Metadata to include dependency versions
directly. This may address "Could not find some-dependency"
errors that some users have reported (which might be a result
of users' excluding guava-parent).</li>
<li>collect: Changed Multisets.unmodifiableMultiset(set)
.removeIf(predicate) to throw an exception always, even if
nothing matches predicate.</li>
<li>graph: Fixed the behavior of Graph/ValueGraph views for a node
when that node is removed from the graph.</li>
<li>io: Fixed Files.createTempDir and FileBackedOutputStream under
Windows services, a rare use case. (The fix actually covers
only Java 9+ because Java 8 would require an additional
approach. Let us know if you need support under Java 8.)</li>
<li>net: Made MediaType.parse allow and skip over whitespace
around the / and = separator tokens in addition to the ;
separator, for which it was already being allowed.</li>
<li>util.concurrent: Tweaked Futures.getChecked
constructor-selection behavior: The method continues to prefer
to call constructors with a String parameter, but now it
breaks ties based on whether the constructor has a Throwable
parameter. Beyond that, the choice of constructor remains
undefined. (For this and other reasons, we discourage the use
of getChecked.)</li>
</ul>
</li>
<li>
<p>Changes of version 32.1.2:</p>
<ul>
<li>Removed the section of our Gradle metadata that caused Gradle
to report conflicts with listenablefuture.</li>
<li>Changed our Maven project to avoid affecting which version of
Mockito our Gradle users see.</li>
<li>collect: Under J2CL, exposed ImmutableList and ImmutableSet
methods copyOf and of for JavaScript usage.</li>
<li>net: Optimized InternetDomainName construction.</li>
</ul>
</li>
<li>
<p>Changes of version 32.1.1:</p>
<ul>
<li>Fixed our broken Gradle metadata from 32.1.0. Sorry again for
the trouble. If you use Gradle, please still read the release
notes from that version: You may still see errors from the new
checking that the metadata enables, and the release notes
discuss how to fix those errors.</li>
</ul>
</li>
<li>
<p>Changes of version 32.1.0:</p>
<ul>
<li>collect: Tweaked more nullness annotations.</li>
<li>hash: Enhanced crc32c() to use Java's hardware-accelerated
implementation where available.</li>
<li>util.concurrent: Added Duration-based default methods to
ListeningExecutorService.</li>
<li>Began updating Javadoc to focus less on APIs that have been
superseded by additions to the JDK. We're also looking to add
more documentation that directs users to JDK equivalents for
our APIs. Further PRs welcome!</li>
<li>Fixed some problems with using Guava from a Java Agent.
(But we don't test that configuration, and we don't know how
well we'll be able to keep it working.)</li>
<li>Fixed BootstrapMethodError when using CacheBuilder from a
custom system class loader. (As with the previous item,
we're not sure how well we'll be able to keep this use case
working.)</li>
<li>Suppressed a harmless unusable-by-js warning seen by users of
guava-gwt.</li>
</ul>
</li>
<li>
<p>Fix version mismatch in the ant build files.</p>
</li>
<li>The binaries are compatible with java 1.8</li>
</ul>
<p>google-errorprone, google-errorprone-annotations:</p>
<ul>
<li>
<p>google-errorprone and google-errorprone-annotations were updated to version 2.26.1:</p>
</li>
<li>
<p>Changes of version 2.26.1:</p>
<ul>
<li>Fixes the module name: from 'com.google.errorprone.annotation'
to 'com.google.errorprone.annotations'. Amends the OSGi build
not to include 'Automatic-Module-Name' in the MANIFEST.MF for the
'annotations' project.</li>
</ul>
</li>
<li>
<p>Changes of version 2.26.0:</p>
<ul>
<li>The 'annotations' artifact now includes a module-info.java for
Java Platform Module System support.</li>
<li>Disabled checks passed to -XepPatchChecks are now ignored,
instead of causing a crash.</li>
<li>
<p>New checks:</p>
</li>
<li>
<p>SystemConsoleNull: Null-checking System.console() is not a
reliable way to detect if the console is connected to a
terminal.</p>
</li>
<li>
<p>EnumOrdinal: Discourage uses of Enum.ordinal()</p>
</li>
<li>
<p>Closed issues:</p>
</li>
<li>
<p>Add module-info.java</p>
</li>
<li>2.19.x: Exception thrown when a disabled check is passed to
-XepPatchChecks</li>
<li>Ignore disabled checks passed to -XepPatchChecks</li>
<li>feat: add jpms definition for annotations</li>
<li>Add the 'compile' goal for 'compile-java9'</li>
</ul>
</li>
<li>
<p>Changes of version 2.25.0:</p>
<ul>
<li>
<p>New checks:</p>
</li>
<li>
<p>JUnitIncompatibleType: Detects incompatible types passed to
an assertion, similar to TruthIncompatibleType</p>
</li>
<li>
<p>RedundantSetterCall: Detects fields set twice in the same
chained expression. Generalization of previous
ProtoRedundantSet check to also handle AutoValue.</p>
</li>
<li>
<p>Closed issues:</p>
</li>
<li>
<p>Crash in UnnecessaryStringBuilder</p>
</li>
<li>Fix typos</li>
<li>Add support for specifying badEnclosingTypes for BadImport
via flags</li>
<li>Some BugPattern docs are missing code examples</li>
<li>Remove incorrect statement from BugPattern index doc</li>
<li>Do not report NonFinalStaticField findings for fields
modified in @BeforeAll methods</li>
</ul>
</li>
<li>
<p>Changes of version 2.24.1:</p>
<ul>
<li>Add an assertion to try to help debug</li>
</ul>
</li>
<li>
<p>Changes of version 2.24.0:</p>
<ul>
<li>
<p>New checks:</p>
</li>
<li>
<p>MultipleNullnessAnnotations: Discourage multiple nullness
annotations</p>
</li>
<li>NullableTypeParameter: Discourage nullness annotations on
type parameters</li>
<li>NullableWildcard: Discourage nullness annotations on
wildcards</li>
<li>SuperCallToObjectMethod: Generalization of
SuperEqualsIsObjectEquals, now covers hashCode</li>
</ul>
</li>
<li>
<p>Changes of version 2.23.0:</p>
<ul>
<li>New checks: DuplicateDateFormatField, NonFinalStaticField,
StringCharset, StringFormatWithLiteral,
SuperEqualsIsObjectEquals</li>
<li>Bug fixes and improvements</li>
</ul>
</li>
<li>
<p>Changes of version 2.22.0:</p>
<ul>
<li>
<p>New checks:</p>
</li>
<li>
<p>ClosingStandardOutputStreams: Prevents accidentally closing
System.{out,err} with try-with-resources</p>
</li>
<li>TruthContainsExactlyElementsInUsage: containsExactly is
preferred over containsExactlyElementsIn when creating new
iterables</li>
<li>UnnecessaryAsync: detects unnecessary use of async
primitives in local (and hence single-threaded) scopes</li>
<li>ReturnAtTheEndOfVoidFunction: detects unnecessary return
statements at the end of void functions</li>
<li>
<p>MultimapKeys: Suggests using keySet() instead of iterating
over Multimap.keys(), which does not collapse duplicates</p>
</li>
<li>
<p>Bug fixes and improvements:</p>
</li>
<li>
<p>Don't complain about literal IP addresses in
AddressSelection</p>
</li>
<li>Prevent SuggestedFixes#renameMethod from modifying return
type declaration</li>
<li>Fix UnusedVariable false positives for private record
parameters</li>
<li>When running in conservative mode, no longer assume that
implementations of Map.get, etc. return null</li>
<li>CanIgnoreReturnValueSuggester: Support additional exempting
method annotations</li>
<li>UnusedVariable: exclude junit5's @RegisterExtension</li>
<li>Support running all available patch checks</li>
<li>Upgrade java-diff-utils 4.0 -> 4.12</li>
<li>Flag unused Refaster template parameters</li>
<li>Support @SuppressWarnings("all")</li>
<li>Prevent Refaster UMemberSelect from matching method
parameters</li>
<li>MissingDefault : Don't require // fall out comments on
expression switches</li>
<li>Skip UnnecessaryLambda findings for usages in enhanced for
loops</li>
<li>Fix bug where nested MissingBraces violations' suggested
fixes result in broken code</li>
<li>Add support for specifying exemptPrefixes/exemptNames for
UnusedVariable via flags</li>
<li>UnusedMethod: Added exempting variable annotations</li>
</ul>
</li>
<li>
<p>Changes of version 2.21.1:</p>
<ul>
<li>Handle overlapping ranges in suppressedRegions</li>
<li>Add AddressSelection to discourage APIs that convert a
hostname to a single address</li>
</ul>
</li>
<li>
<p>Changes of version 2.21.0:</p>
<ul>
<li>
<p>New Checkers:</p>
</li>
<li>
<p>AttemptedNegativeZero: Prevents accidental use of -0, which
is the same as 0. The floating-point negative zero is -0.0.</p>
</li>
<li>ICCProfileGetInstance: Warns on uses of
ICC_Profile.getInstance(String), due to JDK-8191622.</li>
<li>MutableGuiceModule: Fields in Guice modules should be final.</li>
<li>NullableOptional: Discourages @Nullable-annotated Optionals.</li>
<li>
<p>OverridingMethodInconsistentArgumentNamesChecker: Arguments
of overriding method are inconsistent with overridden
method.</p>
</li>
<li>
<p>Fixed issues:</p>
</li>
<li>
<p>Avoid MemberName IOOBE on lambda parameters inside
overriding methods</p>
</li>
<li>Improve LockOnNonEnclosingClassLiteral documentation</li>
<li>Security scan reported high CVE for
com.google.guava:guava:31.1-jre</li>
<li>Upgrade guava to 32.0.1</li>
<li>Proposal: checker to prevent other checkers from calling
javac methods that changed across JDKs</li>
<li>Add support in ASTHelpersSuggestions for getEnclosedElements</li>
</ul>
</li>
<li>
<p>Changes of version 2.20.0:</p>
<ul>
<li>This release is compatible with early-access builds of JDK 21.</li>
<li>New Checkers: InlineTrivialConstant, UnnecessaryStringBuilder,
BanClassLoader, DereferenceWithNullBranch, DoNotUseRuleChain,
LockOnNonEnclosingClassLiteral, MissingRefasterAnnotation,
NamedLikeContextualKeyword, NonApiType</li>
<li>
<p>Fixes issues:</p>
</li>
<li>
<p>Introduce MissingRefasterAnnotation checker</p>
</li>
<li>Fix minor typo in URepeated</li>
<li>Drop unused constant Template#AUTOBOXING_DEFAULT</li>
<li>
<p>Introduce command-line flag -XepAllSuggestionsAsWarnings</p>
</li>
<li>
<p>JDK21 compatibility</p>
</li>
<li>
<p>Add OSGi runtime metadata to error-prone's MANIFEST.MF files</p>
</li>
<li>
<p>Use EISOP Checker Framework version 3.34.0-eisop1</p>
</li>
<li>NotJavadoc pattern does not allow Javadoc on module
declarations</li>
<li>ErrorProneInjector incorrectly picks up the no-args
constructor</li>
<li>Several high CVEs related to dependency
com.google.protobuf:protobuf-java:3.19.2</li>
<li>Upgrade protobuf-java to 3.19.6</li>
</ul>
</li>
<li>
<p>Changes of version 2.19.1:</p>
<ul>
<li>This release fixes a binary compatibility issue when running
on JDK 11</li>
</ul>
</li>
<li>
<p>Changes of version 2.19.0:</p>
<ul>
<li>New Checkers: NotJavadoc, StringCaseLocaleUsage,
UnnecessaryTestMethodPrefix</li>
<li>
<p>Fixes issues:</p>
</li>
<li>
<p>Exclude inner classes annotated with @Nested from
ClassCanBeStatic rule</p>
</li>
<li>Optimize VisitorState#getSymbolFromName</li>
<li>ClassCanBeStatic: Exclude JUnit @Nested classes</li>
<li>BadImport: flag static import of newInstance methods</li>
<li>Support given for enforcing DirectInvocationOnMock: issue
3396</li>
<li>Handle yield statement case in ASTHelpers#targetType</li>
<li>Should ASTHelpers.getSymbol(Tree) be annotated with
@Nullable?</li>
<li>Fix '@' character in javadoc code snippets</li>
<li>Replace guava cache with caffeine</li>
<li>Discourage APIs locale-dependent APIs like
String.to{Lower,Upper}Case</li>
<li>Introduce StringCaseLocaleUsage check</li>
</ul>
</li>
<li>
<p>Changes of version 2.18.0:</p>
<ul>
<li>New Checkers: InjectOnBugCheckers, LabelledBreakTarget,
UnusedLabel, YodaCondition</li>
<li>
<p>Fixes issues:</p>
</li>
<li>
<p>@SuppressWarnings("InlineFormatString") doesn't work</p>
</li>
<li>Refaster: support method invocation type argument inlining</li>
<li>java.lang.IllegalArgumentException: Cannot edit synthetic
AST nodes with specific record constructor</li>
<li>Rename class to match filename</li>
<li>Optimize VisitorState#getSymbolFromName</li>
<li>refactor: refactor bad smell UnusedLabel</li>
<li>LambdaFunctionalInterface crash with
IllegalArgumentException when processing an enum constructor
taking a lambda</li>
<li>Fix JDK 20-ea build compatibility</li>
<li>UngroupedOverloads: ignore generated constructors</li>
<li>[errorprone 2.17.0] NPE in
StatementSwitchToExpressionSwitch.analyzeSwitchTree</li>
<li>StatementSwitchToExpressionSwitch: handle empty statement
blocks</li>
<li>StatementSwitchToExpressionSwitch: only trigger on
compatible target versions</li>
<li>Fix Finalize bugpattern to match protected finalize()</li>
<li>Make MemoizeConstantVisitorStateLookups check suppressible</li>
</ul>
</li>
<li>
<p>Changes of version 2.17.0:</p>
<ul>
<li>New Checkers: AvoidObjectArrays, Finalize, IgnoredPureGetter,
ImpossibleNullComparison, MathAbsoluteNegative, NewFileSystem,
StatementSwitchToExpressionSwitch, UnqualifiedYield</li>
<li>
<p>Fixed issues:</p>
</li>
<li>
<p>InvalidParam warning on Javadoc for Java record components</p>
</li>
<li>UnusedMethod flags @JsonValue methods as unused</li>
<li>UnusedMethod: Add more JPA lifecycle annotations or make
annotations configurable</li>
<li>UnusedMethod: Support additional exempting method
annotations</li>
<li>Have InvalidParam support records</li>
<li>Fix -XepDisableAllWarnings flag when passed on its own</li>
<li>ASTHelpersSuggestions does not flag call to packge() on
com.sun.tools.javac.code.Symbol.ClassSymbol</li>
<li>@SupressWarnings on record compact constructor causes crash</li>
</ul>
</li>
<li>
<p>Changes of version 2.16.0:</p>
<ul>
<li>New Checkers: ASTHelpersSuggestions,
CanIgnoreReturnValueSuggester, LenientFormatStringValidation,
UnnecessarilyUsedValue</li>
<li>Fixed issues:</li>
<li>Avoid using non-ASCII Unicode characters outside of comments
and literals</li>
<li>NullPointerException thrown during analysis</li>
<li>NPE analysing new style switch statement (2.14.0)</li>
<li>ImmutableChecker handles null types</li>
<li>Drop pre-JDK 11 logic from Refaster's Inliner class</li>
</ul>
</li>
<li>
<p>Changes of version 2.15.0:</p>
<ul>
<li>New Checkers: BuilderReturnThis,
CanIgnoreReturnValueSuggester, CannotMockFinalClass,
CannotMockFinalMethod, DirectInvocationOnMock, ExtendsObject,
MockNotUsedInProduction, NoCanIgnoreReturnValueOnClasses,
NullArgumentForNonNullParameter, SelfAlwaysReturnsThis,
UnsafeWildcard, UnusedTypeParameter</li>
</ul>
</li>
<li>
<p>Changes of version 2.14.0:</p>
<ul>
<li>New checkers: BanJNDI, EmptyTopLevelDeclaration,
ErroneousBitwiseExpression,
FuzzyEqualsShouldNotBeUsedInEqualsMethod, Interruption,
NullableOnContainingClass</li>
</ul>
</li>
<li>
<p>Changes of version 2.13.1:</p>
<ul>
<li>Fix a crash in UnnecessaryBoxedVariable</li>
<li>Include the unicode character in the diagnostic message</li>
</ul>
</li>
<li>
<p>Changes of version 2.13.0:</p>
<ul>
<li>Handle all annotations with the simple name Generated in
-XepDisableWarningsInGeneratedCode</li>
<li>Reconcile BugChecker#isSuppressed with suppression handling in
ErrorProneScanner</li>
<li>Fix a bug in enclosingPackage</li>
<li>Improve performance of fix application</li>
<li>Implicitly treat @AutoBuilder setter methods as
@CanIgnoreReturnValue.</li>
<li>Remove some obsolete checks
(PublicConstructorForAbstractClass, HashCodeToString)</li>
</ul>
</li>
<li>
<p>Changes of version 2.12.1:</p>
<ul>
<li>This release adds an infrastructure optimization to AppliedFix
source code processing.</li>
</ul>
</li>
<li>
<p>Changes of version 2.12.0:</p>
<ul>
<li>New checks: BoxedPrimitiveEquality, DoubleBraceInitialization,
IgnoredPureGetter, LockOnBoxedPrimitive, IncorrectMainMethod,
LongDoubleConversion, RobolectricShadowDirectlyOn,
StaticAssignmentOfThrowable, UnnecessaryLongToIntConversion,
Varifier</li>
</ul>
</li>
<li>
<p>Do not require maven-javadoc-plugin as it's not being used</p>
</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Manager Server 4.3 Module 4.3
<br/>
<code>zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-1956=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Manager Server 4.3 Module 4.3 (noarch)
<ul>
<li>google-errorprone-annotations-2.26.1-150200.5.6.1</li>
</ul>
</li>
</ul>
</div>