Fix CodeQL warnings in UnsynchronizedBufferedInputStream: Implicit

garydgregory · garydgregory · commit 92cf5613f9ad · 2023-10-11T09:21:58.000-04:00
narrowing conversion in compound assignment. - (int count - int pos) here is always an int so amount is also in the int range if the above test is true. - We can safely cast and avoid static analysis warnings: "Implicit narrowing conversion in compound assignment" - https://github.com/apache/commons-io/security/code-scanning/135 - https://github.com/apache/commons-io/security/code-scanning/88
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
@@ -94,6 +94,9 @@ The <action> type attribute can be add,update,fix,remove.
       <action dev="ggregory" type="fix" due-to="sebbASF">
         [Javadoc] IOUtils#contentEquals does not throw NullPointerException #496.
       </action>
+      <action dev="ggregory" type="fix" due-to="Gary Gregory">
+        Fix CodeQL warnings in UnsynchronizedBufferedInputStream: Implicit narrowing conversion in compound assignment.
+      </action>
       <!-- ADD -->
       <action dev="ggregory" type="add" due-to="Gary Gregory">
         Add org.apache.commons.io.channels.FileChannels.
