audit codebase for potential memory leaks

[derTobsch]

Conducted a comprehensive analysis of the project's caching mechanisms, configuration management, and resource handling.

Key findings:

• Verified that all primary caches (e.g., HolidayManager) are bounded.
• Confirmed that cache keys are stable and do not grow indefinitely.
• Verified that static collections are keyed by finite sets (e.g., Locale).
• Confirmed proper resource management (try-with-resources) for all I/O operations.

No memory leaks were identified.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 3ee9d59.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

jollyday-core/pom.xml

Package	Version	License	Issue Type
com.github.ben-manes.caffeine:caffeine		Null	Unknown License

pom.xml

Package	Version	License	Issue Type
com.github.ben-manes.caffeine:caffeine	3.2.4	Null	Unknown License

Allowed Licenses:

Apache-2.0, MIT, BSD-3-Clause, LGPL-3.0

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.github.ben-manes.caffeine:caffeine		Unknown	Unknown
maven/com.github.ben-manes.caffeine:caffeine	3.2.4	🟢 9	Details Check Score Reason CI-Tests ⚠️ -1 no pull request found Dependency-Update-Tool 🟢 10 update tool detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool detected Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 10 badge detected: Gold Signed-Releases ⚠️ -1 no releases found Fuzzing 🟢 10 project is fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Contributors 🟢 10 project has 8 contributing companies or organizations

Scanned Files

• jollyday-core/pom.xml
• pom.xml

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud