PMD 7.5.0 released

30 August 2024


30-August-2024 - 7.5.0

The PMD team is pleased to announce PMD 7.5.0.

This is a minor release.

Table Of Contents

πŸš€ New: Java 23 Support

This release of PMD brings support for Java 23. There are no new standard language features, but a couple of preview language features:

Note that String Templates (introduced as preview in Java 21 and 22) are not supported anymore in Java 23, see JDK-8329949 for details.

In order to analyze a project with PMD that uses these preview language features, you’ll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language version 23-preview:

export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-23-preview ...

Note: Support for Java 21 preview language features have been removed. The version β€œ21-preview” are no longer available.

🌟 New Rules

  • The new Java rule AvoidSynchronizedStatement finds synchronization blocks that could cause performance issues with virtual threads due to pinning.
  • The new JavaScript rule AvoidConsoleStatements finds any function calls on the Console API (e.g. console.log). Using these in production code might negatively impact performance.

πŸ› Fixed Issues

  • apex-performance
    • #5139: [apex] OperationWithHighCostInLoop: false negative for triggers
  • java
    • #5062: [java] Support Java 23
    • #5167: [java] java.lang.IllegalArgumentException: <?> cannot be a wildcard bound
  • java-bestpractices
    • #3602: [java] GuardLogStatement: False positive when compile-time constant is created from external constants
    • #4731: [java] GuardLogStatement: Documentation is unclear why getters are flagged
    • #5145: [java] UnusedPrivateMethod: False positive with method calls inside lambda
    • #5151: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is a constant from another class
    • #5152: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is β€œthis”
    • #5153: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is an array element
  • java-design
    • #5048: [java] CognitiveComplexity: Exception when using Map.of()
    • #5162: [java] SingularField: False-positive when preceded by synchronized block
  • java-multithreading
    • #5175: [java] Update AvoidSynchronizedAtMethodLevel message to mention ReentrantLock, new rule AvoidSynchronizedStatement
  • javascript-performance
    • #5105: [javascript] Prohibit any console methods
  • plsql
    • #5125: [plsql] Improve merge statement (order of merge insert/update flexible, allow prefixes in column names)
  • plsql-bestpractices
    • #5132: [plsql] TomKytesDespair: XPathException for more complex exception handler

🚨 API Changes

Deprecations

  • pmd-jsp
    • JspParserImpl is deprecated now. It should have been package-private because this is an implementation class that should not be used directly.
  • pmd-plsql
    • MergeUpdateClausePrefix is deprecated. This production is not used anymore and will be removed. Note: The whole parser implementation class has been deprecated since 7.3.0, as it is supposed to be internalized.
  • pmd-velocity
    • VtlParserImpl is deprecated now. It should have been package-private because this is an implementation class that should not be used directly.
  • pmd-visualforce
    • VfParserImpl is deprecated now. It should have been package-private because this is an implementation class that should not be used directly.

Experimental

✨ External Contributions

  • #5125: [plsql] Improve merge statement (order of merge insert/update flexible, allow prefixes in column names) - Arjen Duursma (@duursma)
  • #5175: [java] Update AvoidSynchronizedAtMethodLevel message to mention ReentrantLock, new rule AvoidSynchronizedStatement - Chas Honton (@chonton)

πŸ“¦ Dependency updates

  • #5100: Enable Dependabot
  • #5141: Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.1 to 3.4.0
  • #5142: Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0
  • #5144: Bump org.codehaus.mojo:versions-maven-plugin from 2.16.2 to 2.17.1
  • #5148: Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0
  • #5149: Bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M13 to 4.0.0-M16
  • #5160: Bump org.pcollections:pcollections from 3.2.0 to 4.0.2
  • #5161: Bump danger from 9.4.3 to 9.5.0 in the all-gems group across 1 directory
  • #5164: Bump org.apache.maven.plugins:maven-dependency-plugin from 3.6.1 to 3.7.1
  • #5165: Bump the all-gems group across 1 directory with 2 updates
  • #5171: Bump net.bytebuddy:byte-buddy-agent from 1.14.12 to 1.14.19
  • #5180: Bump net.sf.saxon:Saxon-HE from 12.4 to 12.5

πŸ“ˆ Stats

  • 87 commits
  • 25 closed tickets & PRs
  • Days since last release: 35