Skip to content

Bump pmd.version from 7.23.0 to 7.24.0#1713

Merged
mprins merged 4 commits into
mainfrom
dependabot/maven/main/pmd.version-7.24.0
Apr 28, 2026
Merged

Bump pmd.version from 7.23.0 to 7.24.0#1713
mprins merged 4 commits into
mainfrom
dependabot/maven/main/pmd.version-7.24.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 28, 2026

Copy link
Copy Markdown
Contributor

Bumps pmd.version from 7.23.0 to 7.24.0.
Updates net.sourceforge.pmd:pmd-core from 7.23.0 to 7.24.0

Release notes

Sourced from net.sourceforge.pmd:pmd-core's releases.

PMD 7.24.0 (24-April-2026)

24-April-2026 - 7.24.0

The PMD team is pleased to announce PMD 7.24.0.

This is a minor release.

Table Of Contents

🌟️ New Rules

  • The new Apex rule AvoidInterfaceAsMapKey reports Map declarations (fields, variables, parameters) whose key type is an interface that has at least one abstract implementing class defining equals or hashCode. Using such maps results in potentially duplicated map entries or not being able to get entries by key.
  • The new Java rule OverridingThreadRun finds overridden Thread::run methods. This is not recommended. Instead, implement Runnable and pass an instance to the thread constructor.

🐛️ Fixed Issues

  • apex
    • #5386: [apex] Apex files ending in "Test" are skipped with a number of rules
  • apex-errorprone
    • #6492: [apex] New rule: Prevent use of interface -> abstract class with equals/hashCode as key in Map
  • apex-security
    • #5385: [apex] ApexCRUDViolation not reported even if SOQL doesn't have permissions check on it
  • java-bestpractices
    • #4272: [java] JUnitTestsShouldIncludeAssert: False positive with assert in lambda
  • java-multithreading
    • #595: [java] New rule: Implement Runnable instead of extending Thread
  • kotlin
    • #6003: [kotlin] Support multidollar interpolation (Kotlin 2.2)

✨️ Merged pull requests

... (truncated)

Commits

Updates net.sourceforge.pmd:pmd-java from 7.23.0 to 7.24.0

Release notes

Sourced from net.sourceforge.pmd:pmd-java's releases.

PMD 7.24.0 (24-April-2026)

24-April-2026 - 7.24.0

The PMD team is pleased to announce PMD 7.24.0.

This is a minor release.

Table Of Contents

🌟️ New Rules

  • The new Apex rule AvoidInterfaceAsMapKey reports Map declarations (fields, variables, parameters) whose key type is an interface that has at least one abstract implementing class defining equals or hashCode. Using such maps results in potentially duplicated map entries or not being able to get entries by key.
  • The new Java rule OverridingThreadRun finds overridden Thread::run methods. This is not recommended. Instead, implement Runnable and pass an instance to the thread constructor.

🐛️ Fixed Issues

  • apex
    • #5386: [apex] Apex files ending in "Test" are skipped with a number of rules
  • apex-errorprone
    • #6492: [apex] New rule: Prevent use of interface -> abstract class with equals/hashCode as key in Map
  • apex-security
    • #5385: [apex] ApexCRUDViolation not reported even if SOQL doesn't have permissions check on it
  • java-bestpractices
    • #4272: [java] JUnitTestsShouldIncludeAssert: False positive with assert in lambda
  • java-multithreading
    • #595: [java] New rule: Implement Runnable instead of extending Thread
  • kotlin
    • #6003: [kotlin] Support multidollar interpolation (Kotlin 2.2)

✨️ Merged pull requests

... (truncated)

Commits

Bumps `pmd.version` from 7.23.0 to 7.24.0.

Updates `net.sourceforge.pmd:pmd-core` from 7.23.0 to 7.24.0
- [Release notes](https://github.com/pmd/pmd/releases)
- [Commits](pmd/pmd@pmd_releases/7.23.0...pmd_releases/7.24.0)

Updates `net.sourceforge.pmd:pmd-java` from 7.23.0 to 7.24.0
- [Release notes](https://github.com/pmd/pmd/releases)
- [Commits](pmd/pmd@pmd_releases/7.23.0...pmd_releases/7.24.0)

---
updated-dependencies:
- dependency-name: net.sourceforge.pmd:pmd-core
  dependency-version: 7.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: net.sourceforge.pmd:pmd-java
  dependency-version: 7.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependency (automated) dependency update infrastructure build infrastructure (Maven plugins, CI related, ...) labels Apr 28, 2026
@github-actions

github-actions Bot commented Apr 28, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA a4a2691.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

pom.xml

PackageVersionLicenseIssue Type
net.sourceforge.pmd:pmd-core7.24.0NullUnknown License
net.sourceforge.pmd:pmd-java7.24.0NullUnknown License
Allowed Licenses: MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, MPL-2.0, LGPL-2.1-only, EPL-2.0, EPL-1.0
Excluded from license check: pkg:maven/org.eclipse.angus/jakarta.mail@2.0.5?type=jar, pkg:maven/jakarta.ws.rs:jakarta.ws.rs-api@4.0.0?type=jar

OpenSSF Scorecard

PackageVersionScoreDetails
maven/net.sourceforge.pmd:pmd-core 7.24.0 🟢 5.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 0/3 approved changesets -- score normalized to 0
Dangerous-Workflow⚠️ 0dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 9license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool detected
maven/net.sourceforge.pmd:pmd-java 7.24.0 🟢 5.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 0/3 approved changesets -- score normalized to 0
Dangerous-Workflow⚠️ 0dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 9license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool detected

Scanned Files

  • pom.xml

@mprins mprins removed the dependency (automated) dependency update label Apr 28, 2026
Bumps `pmd.version` from 7.23.0 to 7.24.0.

Updates `net.sourceforge.pmd:pmd-core` from 7.23.0 to 7.24.0
- [Release notes](https://github.com/pmd/pmd/releases)
- [Commits](pmd/pmd@pmd_releases/7.23.0...pmd_releases/7.24.0)

Updates `net.sourceforge.pmd:pmd-java` from 7.23.0 to 7.24.0
- [Release notes](https://github.com/pmd/pmd/releases)
- [Commits](pmd/pmd@pmd_releases/7.23.0...pmd_releases/7.24.0)

---
updated-dependencies:
- dependency-name: net.sourceforge.pmd:pmd-core
  dependency-version: 7.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: net.sourceforge.pmd:pmd-java
  dependency-version: 7.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/maven/main/pmd.version-7.24.0 branch from 6984749 to 6e92419 Compare April 28, 2026 11:51
@mprins mprins enabled auto-merge (squash) April 28, 2026 11:59
@mprins mprins merged commit c935809 into main Apr 28, 2026
23 checks passed
@mprins mprins deleted the dependabot/maven/main/pmd.version-7.24.0 branch April 28, 2026 12:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

infrastructure build infrastructure (Maven plugins, CI related, ...)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant