RATIS-2490. Bump spotbugs-maven-plugin to 4.8.6.8

[dependabot]

Bumps com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.2 to 4.8.6.8.

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.8.6.8

• Backports all updates to java 8 line
• Prior java 8 compatibility issues with 4.8.6.7 release have been addressed

Spotbugs Maven Plugin 4.8.6.7

• back ported all of 4.9.4.1

3/28/2025 - Use 4.8.6.8 if you need java 8 support.

10/19/2025 Notice

This is a backport release of all changes from 4.9.4.1 line. It was intended to provide some support for java 8 users with a very old bug issue since this plugin first came about. Unfortunately due to sonatype changes all of 4.9.x had to come back and that came with changes to java 11 apis that groovy build does not care about binary compatibility. If not using java 11 at least, don't use this version. If you are using java 8 still and want this backwards compatibility fix, please look at the source and contribute patches for at least Path.of to Paths.get and presumably others to get the compatibility back for java 8.

Using java 11+ - ok Using java 8 - don't use this version until compatibility is restored.

There really is no true reason anyone needs to stick to java 8 at all for a build so it is rather advisable to upgrade in said case to newer java version and cross compile with release flags and use enforcer plugin for transient library byte code checks instead. While the back port issue will be addressed at some point, it may be some time.

Spotbugs Maven Plugin 4.8.6.6

• Cleanup groovy code
• Cleanup character encoding
• Update deprecated maven calls
• Groovy moved to 4.0.24

Compatibility remains with 4.8.6 of spotbugs

Spotbugs Maven Plugin 4.8.6.5

• Moved most 'read' only maven injections to read data from maven session instead to overcome many deprecated usage. This puts it on their api and thus if things are internally deprecated, its then maven's issue rather than this plugin to figure out.
• remove obsolete script source roots as no longer support in maven 4 and technically I've never seen them used. Please let me know if this negatively affects you as there are other manually coded items like kotlin / groovy that are in the code there so scripts could be manually added back.
• Remove some of the read only attributes for maven injection that were not actually used.
• More def to object type
• Various lib / plugin updates
• Enable partial formatting (mostly removing trailing whitespace)

Compatibility remains with 4.8.6 of spotbugs

Spotbugs Maven Plugin 4.8.6.4

• Groovy set to 4.0.23
• Drop maven site plugin 3.6 and before support.

Spotbugs Maven Plugin 4.8.6.3

• Ability to disable logs in quite mode (spotbugs.quiet) #842
• Fix output directory per #807
• Update plugins / dependencies
• Fix tag used to build spotbugs during GHA
• Use inject annotation from jsr330 instead of deprecated component annotation

Build

• Remove old overrides from pom as addressed
• Cleanup javadocs

... (truncated)

Commits

• 3da15a7 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.8.6.8
• 8aeb8e6 Merge pull request #1352 from hazendaz/java8
• 15f0b96 Merge remote-tracking branch 'upstream/master' into java8
• 5579b86 Merge pull request #1350 from hazendaz/master
• e8d6344 [ci] formatting
• cb28317 [pom] Update byte buddy to 1.18.7 (no jdk5)
• c5075c3 Merge pull request #1349 from hazendaz/java8
• 47a9468 Correct site goal determination
• 72c3612 Merge pull request #1348 from hazendaz/java8
• ed10bf6 Merge remote-tracking branch 'upstream/master' into java8
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)