Merge branch 'master' into fix-doc-issue-4438

2023-04-19 00:10:17 -03:00
parent cf213fbbe3 08d362aa66
commit 7b42f81dfd
22 changed files with 473 additions and 406 deletions
--- a/.all-contributorsrc
+++ b/.all-contributorsrc
@ -7126,6 +7126,44 @@
        "bug",
        "code"
      ]
+    },
+    {
+      "login": "nirvikpatel",
+      "name": "Nirvik Patel",
+      "avatar_url": "https://avatars.githubusercontent.com/u/76862984?v=4",
+      "profile": "https://github.com/nirvikpatel",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "mohui1999",
+      "name": "Seren",
+      "avatar_url": "https://avatars.githubusercontent.com/u/46819179?v=4",
+      "profile": "https://github.com/mohui1999",
+      "contributions": [
+        "bug",
+        "code"
+      ]
+    },
+    {
+      "login": "nwcm",
+      "name": "nwcm",
+      "avatar_url": "https://avatars.githubusercontent.com/u/111259588?v=4",
+      "profile": "https://github.com/nwcm",
+      "contributions": [
+        "doc"
+      ]
+    },
+    {
+      "login": "PimvanderLoos",
+      "name": "Pim van der Loos",
+      "avatar_url": "https://avatars.githubusercontent.com/u/3114723?v=4",
+      "profile": "https://github.com/PimvanderLoos",
+      "contributions": [
+        "code",
+        "test"
+      ]
    }
  ],
  "contributorsPerLine": 7,
--- a/.ci/build.sh
+++ b/.ci/build.sh
@ -179,6 +179,11 @@ function pmd_ci_deploy_build_artifacts() {
    # Deploy to sourceforge files https://sourceforge.net/projects/pmd/files/pmd/
    pmd_ci_sourceforge_uploadFile "pmd/${PMD_CI_MAVEN_PROJECT_VERSION}" "pmd-dist/target/pmd-bin-${PMD_CI_MAVEN_PROJECT_VERSION}.zip"
    pmd_ci_sourceforge_uploadFile "pmd/${PMD_CI_MAVEN_PROJECT_VERSION}" "pmd-dist/target/pmd-src-${PMD_CI_MAVEN_PROJECT_VERSION}.zip"
+    # Deploy SBOM
+    cp pmd-dist/target/bom.xml  "pmd-dist/target/pmd-${PMD_CI_MAVEN_PROJECT_VERSION}-cyclonedx.xml"
+    cp pmd-dist/target/bom.json "pmd-dist/target/pmd-${PMD_CI_MAVEN_PROJECT_VERSION}-cyclonedx.json"
+    pmd_ci_sourceforge_uploadFile "pmd/${PMD_CI_MAVEN_PROJECT_VERSION}" "pmd-dist/target/pmd-${PMD_CI_MAVEN_PROJECT_VERSION}-cyclonedx.xml"
+    pmd_ci_sourceforge_uploadFile "pmd/${PMD_CI_MAVEN_PROJECT_VERSION}" "pmd-dist/target/pmd-${PMD_CI_MAVEN_PROJECT_VERSION}-cyclonedx.json"

    if pmd_ci_maven_isReleaseBuild; then
        # create a draft github release
@ -188,6 +193,9 @@ function pmd_ci_deploy_build_artifacts() {
        # Deploy to github releases
        pmd_ci_gh_releases_uploadAsset "$GH_RELEASE" "pmd-dist/target/pmd-bin-${PMD_CI_MAVEN_PROJECT_VERSION}.zip"
        pmd_ci_gh_releases_uploadAsset "$GH_RELEASE" "pmd-dist/target/pmd-src-${PMD_CI_MAVEN_PROJECT_VERSION}.zip"
+        # Deploy SBOM
+        pmd_ci_gh_releases_uploadAsset "$GH_RELEASE" "pmd-dist/target/pmd-${PMD_CI_MAVEN_PROJECT_VERSION}-cyclonedx.xml"
+        pmd_ci_gh_releases_uploadAsset "$GH_RELEASE" "pmd-dist/target/pmd-${PMD_CI_MAVEN_PROJECT_VERSION}-cyclonedx.json"
    fi
 }

--- a/docs/pages/pmd/devdocs/major_contributions/adding_a_new_antlr_based_language.md
+++ b/docs/pages/pmd/devdocs/major_contributions/adding_a_new_antlr_based_language.md
@ -52,6 +52,12 @@ definitely don't come for free. It is much effort and requires perseverance to i

 ## 1.  Start with a new sub-module
 *   See pmd-swift for examples.
+*   Make sure to add your new module to the parent pom as `<module>` entry, so that it is built alongside the
+    other languages.
+*   Also add your new module to the dependencies list in "pmd-languages-deps/pom.xml", so that the new language
+    is automatically available in the binary distribution (pmd-dist) as well as for the shell-completion
+    in the pmd-cli module.
+

 ## 2.  Implement an AST parser for your language
 *   ANTLR will generate the parser for you based on the grammar file. The grammar file needs to be placed in the
--- a/docs/pages/pmd/devdocs/major_contributions/adding_a_new_javacc_based_language.md
+++ b/docs/pages/pmd/devdocs/major_contributions/adding_a_new_javacc_based_language.md
@ -35,7 +35,12 @@ definitely don't come for free. It is much effort and requires perseverance to i


 ## 1.  Start with a new sub-module
-*    See pmd-java or pmd-vm for examples.
+*   See pmd-java or pmd-vm for examples.
+*   Make sure to add your new module to the parent pom as `<module>` entry, so that it is built alongside the
+    other languages.
+*   Also add your new module to the dependencies list in "pmd-languages-deps/pom.xml", so that the new language
+    is automatically available in the binary distribution (pmd-dist) as well as for the shell-completion
+    in the pmd-cli module.

 ## 2.  Implement an AST parser for your language
 *   Ideally an AST parser should be implemented as a JJT file *(see VmParser.jjt or Java.jjt for example)*
--- a/docs/pages/pmd/devdocs/major_contributions/adding_new_cpd_language.md
+++ b/docs/pages/pmd/devdocs/major_contributions/adding_new_cpd_language.md
@ -17,6 +17,12 @@ Happily for you, to add CPD support for a new language is now easier than ever!
 All you need to do is follow this few steps:

 1. Create a new module for your language, you can take [the Golang module](https://github.com/pmd/pmd/tree/master/pmd-go) as an example
+   *   Make sure to add your new module to the parent pom as `<module>` entry, so that it is built alongside the
+       other languages.
+   *   Also add your new module to the dependencies list in "pmd-languages-deps/pom.xml", so that the new language
+       is automatically available in the binary distribution (pmd-dist) as well as for the shell-completion
+       in the pmd-cli module.
+
 2. Create a Tokenizer
    
    - For Antlr grammars you can take the grammar from [here](https://github.com/antlr/grammars-v4)  and extend [AntlrTokenizer](https://github.com/pmd/pmd/blob/master/pmd-core/src/main/java/net/sourceforge/pmd/cpd/internal/AntlrTokenizer.java)  taking Go as an example
--- a/docs/pages/pmd/projectdocs/credits.md
+++ b/docs/pages/pmd/projectdocs/credits.md
--- a/docs/pages/release_notes.md
+++ b/docs/pages/release_notes.md
@ -40,7 +40,14 @@ This section lists the most important changes from the last release candidate.
 The remaining section describe the complete release notes for 7.0.0.

 #### Fixed issues
-* [#4438](https://github.com/pmd/pmd/issues/4438): \[doc] Documentation links in VS Code are outdated
+* documentation
+  * [#4438](https://github.com/pmd/pmd/issues/4438): \[doc] Documentation links in VS Code are outdated
+* miscellaneous
+  * [#4462](https://github.com/pmd/pmd/issues/4462): Provide Software Bill of Materials (SBOM)
+* java-codestyle
+  * [#4273](https://github.com/pmd/pmd/issues/4273): \[java] CommentDefaultAccessModifier ignoredAnnotations should include "org.junit.jupiter.api.extension.RegisterExtension" by default
+* java-errorprone
+  * [#4449](https://github.com/pmd/pmd/issues/4449): \[java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression

 ### 🚀 Major Features and Enhancements

@ -205,6 +212,7 @@ See [Detailed Release Notes for PMD 7]({{ baseurl }}pmd_release_notes_pmd7.html)
    * [#2497](https://github.com/pmd/pmd/issues/2497): PMD 7 Logo page
    * [#2498](https://github.com/pmd/pmd/issues/2498): Update PMD 7 Logo in documentation
    * [#3797](https://github.com/pmd/pmd/issues/3797): \[all] Use JUnit5
+    * [#4462](https://github.com/pmd/pmd/issues/4462): Provide Software Bill of Materials (SBOM)
 * ant
    * [#4080](https://github.com/pmd/pmd/issues/4080): \[ant] Split off Ant integration into a new submodule
 * core
@ -329,6 +337,7 @@ Language specific fixes:
    * [#3221](https://github.com/pmd/pmd/issues/3221): \[java] PrematureDeclaration false positive for unused variables
    * [#3238](https://github.com/pmd/pmd/issues/3238): \[java] Improve ExprContext, fix FNs of UnnecessaryCast
    * [#3500](https://github.com/pmd/pmd/pull/3500):   \[java] UnnecessaryBoxing - check for Integer.valueOf(String) calls
+    * [#4273](https://github.com/pmd/pmd/issues/4273): \[java] CommentDefaultAccessModifier ignoredAnnotations should include "org.junit.jupiter.api.extension.RegisterExtension" by default
    * [#4357](https://github.com/pmd/pmd/pull/4357):   \[java] Fix IllegalStateException in UseDiamondOperator rule
 * java-design
    * [#1014](https://github.com/pmd/pmd/issues/1014): \[java] LawOfDemeter: False positive with lambda expression
@ -343,6 +352,7 @@ Language specific fixes:
    * [#3754](https://github.com/pmd/pmd/issues/3754): \[java] SingularField false positive with read in while condition
    * [#3786](https://github.com/pmd/pmd/issues/3786): \[java] SimplifyBooleanReturns should consider operator precedence
    * [#4238](https://github.com/pmd/pmd/pull/4238):   \[java] Make LawOfDemeter not use the rulechain
+    * [#4254](https://github.com/pmd/pmd/issues/4254): \[java] ImmutableField - false positive with Lombok @<!-- -->Setter
 * java-documentation
    * [#4369](https://github.com/pmd/pmd/pull/4369):   \[java] Improve CommentSize
    * [#4416](https://github.com/pmd/pmd/pull/4416):   \[java] Fix reported line number in CommentContentRule
@ -364,10 +374,12 @@ Language specific fixes:
    * [#3351](https://github.com/pmd/pmd/issues/3351): \[java] ConstructorCallsOverridableMethod ignores abstract methods
    * [#3400](https://github.com/pmd/pmd/issues/3400): \[java] AvoidUsingOctalValues FN with underscores
    * [#4356](https://github.com/pmd/pmd/pull/4356):   \[java] Fix NPE in CloseResourceRule
+    * [#4449](https://github.com/pmd/pmd/issues/4449): \[java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression
 * java-multithreading
    * [#2537](https://github.com/pmd/pmd/issues/2537): \[java] DontCallThreadRun can't detect the case that call run() in `this.run()`
    * [#2538](https://github.com/pmd/pmd/issues/2538): \[java] DontCallThreadRun can't detect the case that call run() in `foo.bar.run()`
    * [#2577](https://github.com/pmd/pmd/issues/2577): \[java] UseNotifyAllInsteadOfNotify falsely detect a special case with argument: `foo.notify(bar)`
+    * [#4483](https://github.com/pmd/pmd/issues/4483): \[java] NonThreadSafeSingleton false positive with double-checked locking
 * java-performance
    * [#1224](https://github.com/pmd/pmd/issues/1224): \[java] InefficientEmptyStringCheck false negative in anonymous class
    * [#2587](https://github.com/pmd/pmd/issues/2587): \[java] AvoidArrayLoops could also check for list copy through iterated List.add()
@ -394,6 +406,10 @@ Language specific fixes:
 * [#3866](https://github.com/pmd/pmd/pull/3866): \[core] Add CLI Progress Bar - [@JerritEic](https://github.com/JerritEic) (@JerritEic)
 * [#4412](https://github.com/pmd/pmd/pull/4412): \[doc] Added new error msg to ConstantsInInterface - [David Ljunggren](https://github.com/dague1) (@dague1)
 * [#4428](https://github.com/pmd/pmd/pull/4428): \[apex] ApexBadCrypto bug fix for #4427 - inline detection of hard coded values - [Steven Stearns](https://github.com/sfdcsteve) (@sfdcsteve)
+* [#4444](https://github.com/pmd/pmd/pull/4444): \[java] CommentDefaultAccessModifier - ignore org.junit.jupiter.api.extension.RegisterExtension by default - [Nirvik Patel](https://github.com/nirvikpatel) (@nirvikpatel)
+* [#4450](https://github.com/pmd/pmd/pull/4450): \[java] Fix #4449 AvoidAccessibilityAlteration: Correctly handle Lambda expressions in PrivilegedAction scenarios - [Seren](https://github.com/mohui1999) (@mohui1999)
+* [#4452](https://github.com/pmd/pmd/pull/4452): \[doc] Update PMD_APEX_ROOT_DIRECTORY documentation reference - [nwcm](https://github.com/nwcm) (@nwcm)
+* [#4474](https://github.com/pmd/pmd/pull/4474): \[java] ImmutableField: False positive with lombok (fixes #4254) - [Pim van der Loos](https://github.com/PimvanderLoos) (@PimvanderLoos)

 ### 📈 Stats
 * 4416 commits
--- a/pmd-apex/src/main/resources/category/apex/design.xml
+++ b/pmd-apex/src/main/resources/category/apex/design.xml
@ -48,13 +48,13 @@ Avoid having unused methods since they make understanding and maintaining code h
 This rule finds not only unused private methods, but public methods as well.

 [ApexLink](https://github.com/nawforce/ApexLink) is used to make this possible and this needs
-additional configuration. The environment variable `PMD_APEX_ROOTDIRECTORY` needs to be set prior to executing
+additional configuration. The environment variable `PMD_APEX_ROOT_DIRECTORY` needs to be set prior to executing
 PMD. With this variable the root directory of the Salesforce metadata, where `sfdx-project.json` resides, is
 specified. ApexLink can then load all the classes in the project and figure out, whether a method is used or not.

-For an accurate analysis it is important that the `PMD_APEX_ROOTDIRECTORY` contains a complete set of metadata that
+For an accurate analysis it is important that the `PMD_APEX_ROOT_DIRECTORY` contains a complete set of metadata that
 may be referenced from the Apex source code, such as Custom Objects, Visualforce Pages, Flows and Labels. The
-`PMD_APEX_ROOTDIRECTORY` directory must contain a `sfdx-project.json`, but metadata may be either in the
+`PMD_APEX_ROOT_DIRECTORY` directory must contain a `sfdx-project.json`, but metadata may be either in the
 [SFDX Source format](https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_source_file_format.htm)
 or the older MDAPI format. The `packageDirectories` entries in `sfdx-project.json` are used to determine which
 directories to search for metadata, if a `.forceignore` file is present it will be respected.
--- a/pmd-cli/pom.xml
+++ b/pmd-cli/pom.xml
@ -78,168 +78,15 @@
            <version>${project.version}</version>
        </dependency>

-        <!-- Language Module dependencies. Needed for autocompletion of languages. -->
-        <!-- TODO : Is there a better way to do this? I fear we may add a new one, add it to pmd-disst and miss it here… -->
+        <!--
+            Language Modules as runtime dependencies.
+            Needed for autocompletion of languages.
+        -->
        <dependency>
            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-apex</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-cpp</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-cs</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-dart</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-fortran</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-gherkin</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-go</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-groovy</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-html</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-lua</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-java</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-javascript</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-jsp</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-kotlin</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-matlab</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-modelica</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-perl</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-objectivec</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-php</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-plsql</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-python</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-ruby</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-scala_2.13</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-swift</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-visualforce</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-vm</artifactId>
-            <version>${project.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-xml</artifactId>
+            <artifactId>pmd-languages-deps</artifactId>
            <version>${project.version}</version>
+            <type>pom</type>
            <scope>runtime</scope>
        </dependency>

--- a/pmd-dist/pom.xml
+++ b/pmd-dist/pom.xml
@ -126,7 +126,7 @@
    <dependencies>
        <dependency>
            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-apex</artifactId>
+            <artifactId>pmd-core</artifactId>
            <version>${project.version}</version>
        </dependency>
        <dependency>
@ -142,136 +142,11 @@
            <type>sh</type>
            <classifier>completion</classifier>
        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-core</artifactId>
-            <version>${project.version}</version>
-        </dependency>
        <dependency>
            <groupId>net.sourceforge.pmd</groupId>
            <artifactId>pmd-ant</artifactId>
            <version>${project.version}</version>
        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-cpp</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-cs</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-dart</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-fortran</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-gherkin</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-go</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-groovy</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-html</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-lua</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-java</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-javascript</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-jsp</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-kotlin</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-matlab</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-modelica</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-perl</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-objectivec</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-php</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-plsql</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-python</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-ruby</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-scala_2.13</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-swift</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-tsql</artifactId>
-            <version>${project.version}</version>
-        </dependency>
        <dependency>
            <groupId>net.sourceforge.pmd</groupId>
            <artifactId>pmd-ui</artifactId>
@ -279,20 +154,11 @@
        </dependency>
        <dependency>
            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-visualforce</artifactId>
+            <artifactId>pmd-languages-deps</artifactId>
            <version>${project.version}</version>
+            <type>pom</type>
+            <scope>runtime</scope>
        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-vm</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.pmd</groupId>
-            <artifactId>pmd-xml</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-

        <dependency>
            <groupId>org.slf4j</groupId>
--- a/pmd-dist/src/main/resources/assemblies/pmd-bin.xml
+++ b/pmd-dist/src/main/resources/assemblies/pmd-bin.xml
@ -53,6 +53,19 @@
        </fileSet>
    </fileSets>

+    <files>
+        <file>
+            <source>target/bom.xml</source>
+            <outputDirectory>sbom</outputDirectory>
+            <destName>pmd-${project.version}-cyclonedx.xml</destName>
+        </file>
+        <file>
+            <source>target/bom.json</source>
+            <outputDirectory>sbom</outputDirectory>
+            <destName>pmd-${project.version}-cyclonedx.json</destName>
+        </file>
+    </files>
+
    <dependencySets>
        <!-- shell completion goes to shell/ -->
        <dependencySet>
@ -71,7 +84,9 @@
        <dependencySet>
            <scope>runtime</scope>
            <excludes>
+                <exclude>net.sourceforge.pmd:pmd-apex-jorje:pom</exclude>
                <exclude>net.sourceforge.pmd:pmd-cli:sh:completion:*</exclude>
+                <exclude>net.sourceforge.pmd:pmd-languages-deps:pom</exclude>
            </excludes>
            <outputDirectory>lib</outputDirectory>
            <directoryMode>0755</directoryMode>
--- a/pmd-dist/src/test/java/net/sourceforge/pmd/it/BinaryDistributionIT.java
+++ b/pmd-dist/src/test/java/net/sourceforge/pmd/it/BinaryDistributionIT.java
@ -87,6 +87,8 @@ class BinaryDistributionIT extends AbstractBinaryDistributionTest {
        result.add(basedir + "shell/pmd-completion.sh");
        result.add(basedir + "lib/pmd-core-" + PMDVersion.VERSION + ".jar");
        result.add(basedir + "lib/pmd-java-" + PMDVersion.VERSION + ".jar");
+        result.add(basedir + "sbom/pmd-" + PMDVersion.VERSION + "-cyclonedx.xml");
+        result.add(basedir + "sbom/pmd-" + PMDVersion.VERSION + "-cyclonedx.json");
        return result;
    }

--- a/pmd-java/src/main/java/net/sourceforge/pmd/lang/java/rule/codestyle/CommentDefaultAccessModifierRule.java
+++ b/pmd-java/src/main/java/net/sourceforge/pmd/lang/java/rule/codestyle/CommentDefaultAccessModifierRule.java
@ -53,6 +53,7 @@ public class CommentDefaultAccessModifierRule extends AbstractJavaRulechainRule
            "android.support.annotation.VisibleForTesting",
            "co.elastic.clients.util.VisibleForTesting",
            "org.junit.jupiter.api.Test",
+            "org.junit.jupiter.api.extension.RegisterExtension",
            "org.junit.jupiter.api.ParameterizedTest",
            "org.junit.jupiter.api.RepeatedTest",
            "org.junit.jupiter.api.TestFactory",
--- a/pmd-java/src/main/java/net/sourceforge/pmd/lang/java/rule/design/ImmutableFieldRule.java
+++ b/pmd-java/src/main/java/net/sourceforge/pmd/lang/java/rule/design/ImmutableFieldRule.java
@ -43,6 +43,12 @@ public class ImmutableFieldRule extends AbstractJavaRulechainRule {
            "lombok.Value"
        );

+    private static final Set<String> INVALIDATING_FIELD_ANNOT =
+        setOf(
+            "lombok.Getter",
+            "lombok.Setter"
+        );
+
    public ImmutableFieldRule() {
        super(ASTFieldDeclaration.class);
        definePropertyDescriptor(IGNORED_ANNOTS);
@ -55,6 +61,7 @@ public class ImmutableFieldRule extends AbstractJavaRulechainRule {
        if (field.getEffectiveVisibility().isAtMost(Visibility.V_PRIVATE)
            && !field.getModifiers().hasAny(JModifier.VOLATILE, JModifier.STATIC, JModifier.FINAL)
            && !JavaAstUtils.hasAnyAnnotation(enclosingType, INVALIDATING_CLASS_ANNOT)
+            && !JavaAstUtils.hasAnyAnnotation(field, INVALIDATING_FIELD_ANNOT)
            && !JavaAstUtils.hasAnyAnnotation(field, getProperty(IGNORED_ANNOTS))) {

            DataflowResult dataflow = DataflowPass.getDataflowResult(field.getRoot());
--- a/pmd-java/src/main/resources/category/java/design.xml
+++ b/pmd-java/src/main/resources/category/java/design.xml
@ -1349,12 +1349,12 @@ Limitations: We can only check private fields for now.
 public class Foo {
    private int x; // this will be reported

-    public void foo(int y) {
+    public int foo(int y) {
       x = y + 5; // assigned before any read
       return x;
    }

-    public void fooOk(int y) {
+    public int fooOk(int y) {
       int z = y + 5; // might as well be a local like here
       return z;
    }
--- a/pmd-java/src/main/resources/category/java/errorprone.xml
+++ b/pmd-java/src/main/resources/category/java/errorprone.xml
@ -87,6 +87,8 @@ suppression methods (e.g. by using `@SuppressWarnings` annotation).
    [not(ancestor::ConstructorCall[1][pmd-java:typeIs('java.security.PrivilegedAction')]/AnonymousClassDeclaration)]
    (: exclude inner privileged action classes :)
    [not(ancestor::ClassOrInterfaceDeclaration[1][pmd-java:typeIs('java.security.PrivilegedAction')])]
+    (: exclude privileged action lambdas :)
+    [not(ancestor::LambdaExpression[pmd-java:typeIs('java.security.PrivilegedAction')])]
 ]]>
                </value>
            </property>
--- a/pmd-java/src/test/resources/net/sourceforge/pmd/lang/java/rule/codestyle/xml/CommentDefaultAccessModifier.xml
+++ b/pmd-java/src/test/resources/net/sourceforge/pmd/lang/java/rule/codestyle/xml/CommentDefaultAccessModifier.xml
@ -454,7 +454,7 @@ public enum MyEnum {
    </test-code>

    <test-code>
-        <description>#3859 [java] CommentDefaultAccessModifier is triggered in JUnit5 method and it was conflicting with rule JUnit5TestShouldBePackagePrivate</description>
+        <description>#3859 #4273 [java] CommentDefaultAccessModifier is triggered in JUnit5 method and it was conflicting with rule JUnit5TestShouldBePackagePrivate</description>
        <expected-problems>0</expected-problems>
        <code><![CDATA[
 import org.junit.jupiter.api.AfterEach;
@ -463,6 +463,7 @@ import org.junit.jupiter.api.ParameterizedTest;
 import org.junit.jupiter.api.RepeatedTest;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.provider.ValueSource;
+import org.junit.jupiter.api.extension.RegisterExtension;

 class SomeTest {

@ -481,6 +482,9 @@ class SomeTest {

  @RepeatedTest(10)
  void repeatedTest() {}
+
+  @RegisterExtension
+  void registerExtenstionTest(){}
 }
        ]]></code>
    </test-code>
--- a/pmd-java/src/test/resources/net/sourceforge/pmd/lang/java/rule/design/xml/ImmutableField.xml
+++ b/pmd-java/src/test/resources/net/sourceforge/pmd/lang/java/rule/design/xml/ImmutableField.xml
@ -415,7 +415,7 @@ public class CombinersTest {
    </test-code>

    <test-code>
-        <description>#410 [java] ImmutableField: False positive with lombok</description>
+        <description>#410 [java] ImmutableField: False positive with lombok on class</description>
        <expected-problems>0</expected-problems>
        <code><![CDATA[
 import lombok.Getter;
@ -433,6 +433,25 @@ public class Foo {
        ]]></code>
    </test-code>

+    <test-code>
+        <description>#4254 [java] ImmutableField: False positive with lombok on field</description>
+        <expected-problems>0</expected-problems>
+        <code><![CDATA[
+import lombok.Getter;
+import lombok.Setter;
+
+public class Foo {
+    @Getter
+    @Setter
+    private String id;
+
+    public Foo(String id) {
+        this.id = id;
+    }
+}
+        ]]></code>
+    </test-code>
+
    <test-code>
        <description>#855 [java] ImmutableField: False positive within lambda</description>
        <expected-problems>0</expected-problems>
--- a/pmd-java/src/test/resources/net/sourceforge/pmd/lang/java/rule/errorprone/xml/AvoidAccessibilityAlteration.xml
+++ b/pmd-java/src/test/resources/net/sourceforge/pmd/lang/java/rule/errorprone/xml/AvoidAccessibilityAlteration.xml
@ -184,4 +184,39 @@ public class Violation {
 }
        ]]></code>
    </test-code>
-</test-data>
+
+    <test-code>
+        <description>#4449 setAccessible is ok in LambdaExpression</description>
+        <expected-problems>0</expected-problems>
+        <code><![CDATA[
+
+        import java.lang.reflect.Constructor;
+        import java.lang.reflect.Field;
+        import java.lang.reflect.Method;
+        import java.security.AccessController;
+        import java.security.PrivilegedAction;
+
+        public class Violation {
+
+            private void invalidSetAccessCalls() throws NoSuchMethodException, SecurityException {
+                Constructor<?> constructor = this.getClass().getDeclaredConstructor(String.class);
+                
+                // deliberate accessibility alteration
+                String privateField = AccessController.doPrivileged((PrivilegedAction<String>)() -> {
+                    try {
+                        Field field = Violation.class.getDeclaredField("aPrivateField");
+                        field.setAccessible(true);    //no violation
+                        return (String) field.get(null);
+                    } catch (ReflectiveOperationException | SecurityException e) {
+                        throw new RuntimeException(e);
+                    }
+                });
+            }
+        }
+
+        ]]></code>
+    </test-code>
+
+
+
+</test-data>
--- a/pmd-java/src/test/resources/net/sourceforge/pmd/lang/java/rule/multithreading/xml/NonThreadSafeSingleton.xml
+++ b/pmd-java/src/test/resources/net/sourceforge/pmd/lang/java/rule/multithreading/xml/NonThreadSafeSingleton.xml
@ -176,7 +176,7 @@ class A extends B {
    </test-code>

    <test-code>
-        <description>False positive with correct double checked pattern</description>
+        <description>False positive with correct double-checked pattern #4483</description>
        <expected-problems>0</expected-problems>
        <code><![CDATA[
 public class Foo {
--- a/pmd-languages-deps/pom.xml
+++ b/pmd-languages-deps/pom.xml
@ -0,0 +1,158 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>net.sourceforge.pmd</groupId>
+        <artifactId>pmd</artifactId>
+        <version>7.0.0-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>pmd-languages-deps</artifactId>
+    <packaging>pom</packaging>
+    <name>PMD Languages Dependencies</name>
+
+    <dependencies>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-apex</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-cpp</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-cs</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-dart</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-fortran</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-gherkin</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-go</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-groovy</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-html</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-java</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-javascript</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-jsp</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-kotlin</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-lua</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-matlab</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-modelica</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-objectivec</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-perl</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-php</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-plsql</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-python</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-ruby</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-scala_2.13</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-swift</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-tsql</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-visualforce</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-vm</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.pmd</groupId>
+            <artifactId>pmd-xml</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+</project>
--- a/pom.xml
+++ b/pom.xml
@ -436,7 +436,7 @@
                        </execution>
                    </executions>
                    <configuration>
-                        <linkXRef>true</linkXRef>
+                        <linkXRef>false</linkXRef>
                        <minimumTokens>100</minimumTokens>
                        <targetJdk>1.${java.version}</targetJdk>
                        <rulesets>
@ -503,6 +503,11 @@
                    <artifactId>jacoco-maven-plugin</artifactId>
                    <version>0.8.8</version>
                </plugin>
+                <plugin>
+                    <groupId>org.cyclonedx</groupId>
+                    <artifactId>cyclonedx-maven-plugin</artifactId>
+                    <version>2.7.6</version>
+                </plugin>
                <!--This plugin's configuration is used to store Eclipse
                    m2e settings only. It has no influence on the Maven build itself. -->
                <plugin>
@ -624,6 +629,26 @@
                    <nexusUrl>https://oss.sonatype.org/</nexusUrl>
                </configuration>
            </plugin>
+            <plugin>
+                <groupId>org.cyclonedx</groupId>
+                <artifactId>cyclonedx-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>makeAggregateBom</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <!-- https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/326 -->
+                <dependencies>
+                    <dependency>
+                        <groupId>org.ow2.asm</groupId>
+                        <artifactId>asm</artifactId>
+                        <version>9.5</version>
+                    </dependency>
+                </dependencies>
+            </plugin>
        </plugins>
    </build>

@ -1185,5 +1210,6 @@
        <module>pmd-vm</module>
        <module>pmd-xml</module>
        <module>pmd-ant</module>
+        <module>pmd-languages-deps</module>
    </modules>
 </project>