chore(deps): bump the minor-and-patch group with 30 updates

[dependabot]

Bumps the minor-and-patch group with 30 updates:

Package	From	To
com.google.guava:guava	33.0.0-jre	33.3.1-jre
com.github.gestalt-config:gestalt-core	0.29.0	0.33.0
com.github.gestalt-config:gestalt-toml	0.29.0	0.33.0
com.fasterxml.jackson:jackson-bom	2.15.2	2.18.1
org.jctools:jctools-core	4.0.1	4.0.5
io.jsonwebtoken:jjwt-api	0.11.5	0.12.6
io.jsonwebtoken:jjwt-impl	0.11.5	0.12.6
io.jsonwebtoken:jjwt-jackson	0.11.5	0.12.6
io.vertx:vertx-auth-jwt	4.5.3	4.5.10
io.vertx:vertx-core	4.5.3	4.5.10
io.vertx:vertx-web	4.5.3	4.5.10
io.netty:netty-all	4.1.108.Final	4.1.114.Final
io.micrometer:micrometer-registry-prometheus	1.11.0	1.13.6
io.micrometer:micrometer-tracing-bom	1.1.1	1.3.5
ch.qos.logback:logback-core	1.4.12	1.5.12
ch.qos.logback:logback-classic	1.4.14	1.5.12
org.slf4j:slf4j-api	2.0.7	2.0.16
io.opentelemetry:opentelemetry-bom-alpha	1.26.0-alpha	1.43.0-alpha
io.opentelemetry:opentelemetry-bom	1.26.0	1.43.0
info.picocli:picocli	4.7.3	4.7.6
info.picocli:picocli-codegen	4.7.3	4.7.6
com.google.errorprone:error_prone_core	2.18.0	2.35.1
io.libp2p:jvm-libp2p	1.0.1-RELEASE	1.2.1-RELEASE
com.aayushatharva.brotli4j:brotli4j	1.16.0	1.17.0
org.junit.jupiter:junit-jupiter	5.9.1	5.11.3
org.junit.jupiter:junit-jupiter-engine	5.9.0	5.11.3
org.junit.platform:junit-platform-suite-api	1.9.1	1.11.3
org.junit.platform:junit-platform-suite-engine	1.9.1	1.11.3
org.junit.platform:junit-platform-reporting	1.9.1	1.11.3
com.diffplug.spotless	6.23.3	6.25.0

Updates com.google.guava:guava from 33.0.0-jre to 33.3.1-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.3.1

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.3.1-jre</version>
  <!-- or, for Android: -->
  <version>33.3.1-android</version>
</dependency>

Jar files

• 33.3.1-jre.jar
• 33.3.1-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.1.jar

Javadoc

• 33.3.1-jre
• 33.3.1-android

JDiff

• 33.3.1-jre vs. 33.3.0-jre
• 33.3.1-android vs. 33.3.0-android
• 33.3.1-android vs. 33.3.1-jre

Changelog

• Added j2objc-annotations to the Gradle runtime classpath to stop producing an Android Gradle Plugin error. (a3b51888c2)

33.3.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.3.0-jre</version>
  <!-- or, for Android: -->
  <version>33.3.0-android</version>
</dependency>

... (truncated)

Commits

• See full diff in compare view

Updates com.github.gestalt-config:gestalt-core from 0.29.0 to 0.33.0

Release notes

Sourced from com.github.gestalt-config:gestalt-core's releases.

v0.33.0 Annotations

What's Changed

• Feat/annotations by @​credmond-git in gestalt-config/gestalt#225

Certain annotations can be applied to a configuration using @{annotation}, this will covert the annotation to metadata that can be applied to the node. Then the metadata is used to apply the intended behaviour to the node.

For example, we can apply the temporary node feature on a node by using the annotation @{temp:1}

my.password=abcdef@{temp:1}

annotation	parameter	description
temp	(int) Number of times this temp node can be read	restrict the number of times a value can be read before it is released
encrypt	(boolean) if we should apply to this node	Encrypts the node in memory.
nocache	(boolean) if we should apply to this node	Will not cache the node. If a node is part of a object the whole object will not be cached.
secret	(boolean) if we should apply to this node	Treats the node as a secret, so it will not print it out in errors or the debug print.

Trim Whitespace

By default, white spaces before and after the annotation are trimmed. You can disable this feature using the gestalt builder and setting setAnnotationTrimWhiteSpace(false)

GestaltBuilder builder = new GestaltBuilder();
Gestalt gestalt = builder
  .addSource(MapConfigSourceBuilder.builder()
    .setCustomConfig(configs)
    .build())
  .setAnnotationTrimWhiteSpace(false)
  .build();

Full Changelog: gestalt-config/gestalt@v0.32.2...v0.33.0

v0.32.2

What's Changed

• Feat/207 node include source factories by @​credmond-git in gestalt-config/gestalt#214
  • Add additional node include sources:
    • URL Config Source
    • Env Vars
    • Kubernetes
    • System
    • S3 (AWS)
    • Blob (Azure)
    • git
    • Google Cloud Storage
• test: additional git tests. by @​credmond-git in gestalt-config/gestalt#217

Full Changelog: gestalt-config/gestalt@v0.32.1...v0.32.2

... (truncated)

Commits

• 9e4ed8a prepare for release 0.33.0
• 80e3e25 Merge pull request #225 from gestalt-config/feat/annotations
• 5d7ab46 test: extra unit tests for new get config results.
• ecc0869 docs: add features to the first page.
• 74c7e25 doc: Add documentation on config annotations.
• 0efdfa7 feat: enable trimming of white spaces before and after an annotation.
• 28de4b6 feat: Encrypted and temporary node annotations.
• 3df8dd0 feat: add new API to Gestalt to get a config as a GResultOf, so we can get th...
• cedbd4b Implement secret, no cache, Temporary and Encrypted annotations. WIP
• 74e248e feat: Add metadata and the ability to rollup metadata from nodes.
• Additional commits viewable in compare view

Updates com.github.gestalt-config:gestalt-toml from 0.29.0 to 0.33.0

Release notes

Sourced from com.github.gestalt-config:gestalt-toml's releases.

v0.33.0 Annotations

What's Changed

• Feat/annotations by @​credmond-git in gestalt-config/gestalt#225

Certain annotations can be applied to a configuration using @{annotation}, this will covert the annotation to metadata that can be applied to the node. Then the metadata is used to apply the intended behaviour to the node.

For example, we can apply the temporary node feature on a node by using the annotation @{temp:1}

my.password=abcdef@{temp:1}

annotation	parameter	description
temp	(int) Number of times this temp node can be read	restrict the number of times a value can be read before it is released
encrypt	(boolean) if we should apply to this node	Encrypts the node in memory.
nocache	(boolean) if we should apply to this node	Will not cache the node. If a node is part of a object the whole object will not be cached.
secret	(boolean) if we should apply to this node	Treats the node as a secret, so it will not print it out in errors or the debug print.

Trim Whitespace

By default, white spaces before and after the annotation are trimmed. You can disable this feature using the gestalt builder and setting setAnnotationTrimWhiteSpace(false)

GestaltBuilder builder = new GestaltBuilder();
Gestalt gestalt = builder
  .addSource(MapConfigSourceBuilder.builder()
    .setCustomConfig(configs)
    .build())
  .setAnnotationTrimWhiteSpace(false)
  .build();

Full Changelog: gestalt-config/gestalt@v0.32.2...v0.33.0

v0.32.2

What's Changed

• Feat/207 node include source factories by @​credmond-git in gestalt-config/gestalt#214
  • Add additional node include sources:
    • URL Config Source
    • Env Vars
    • Kubernetes
    • System
    • S3 (AWS)
    • Blob (Azure)
    • git
    • Google Cloud Storage
• test: additional git tests. by @​credmond-git in gestalt-config/gestalt#217

Full Changelog: gestalt-config/gestalt@v0.32.1...v0.32.2

... (truncated)

Commits

• 9e4ed8a prepare for release 0.33.0
• 80e3e25 Merge pull request #225 from gestalt-config/feat/annotations
• 5d7ab46 test: extra unit tests for new get config results.
• ecc0869 docs: add features to the first page.
• 74c7e25 doc: Add documentation on config annotations.
• 0efdfa7 feat: enable trimming of white spaces before and after an annotation.
• 28de4b6 feat: Encrypted and temporary node annotations.
• 3df8dd0 feat: add new API to Gestalt to get a config as a GResultOf, so we can get th...
• cedbd4b Implement secret, no cache, Temporary and Encrypted annotations. WIP
• 74e248e feat: Add metadata and the ability to rollup metadata from nodes.
• Additional commits viewable in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.15.2 to 2.18.1

Commits

• ef33ac7 [maven-release-plugin] prepare release jackson-bom-2.18.1
• f43bf9f Prepare for 2.18.1 release
• 6f5259d Change to snapshot version of jackson-parent
• 3f21ec5 Back to snapshot dep
• bb45933 [maven-release-plugin] prepare for next development iteration
• 7236550 [maven-release-plugin] prepare release jackson-bom-2.18.0
• 58c2791 Prepare for 2.18.0 release
• 3775318 Merge pull request #73 from FasterXML/dependabot/github_actions/github-action...
• 540b7e7 Bump actions/setup-java from 4.2.1 to 4.2.2 in the github-actions group
• 6cc8c64 Back to snapshot deps
• Additional commits viewable in compare view

Updates org.jctools:jctools-core from 4.0.1 to 4.0.5

Release notes

Sourced from org.jctools:jctools-core's releases.

Fix bytecode version and add unpadded atomic queues

No release notes provided.

Minor Release 4.0.2

Same code, new bundling post #370

Commits

• a17b56f Update development version to 4.0.5-SNAPSHOT
• 173423c Addressing Nitsan's comment
• 4b7d2ac Adding Atomic Unpadded queues
• 5c1b88b Update development version to 4.0.4-SNAPSHOT
• 0dae71c Update development version to 4.0.3-SNAPSHOT
• f36b00f Fix #384, ## in javadoc instead of #
• 463181b Add module descriptor to jctools-core
• 3e54465 Add CodeQL workflow for GitHub code scanning
• 25c1a28 Adding benchmark for thread-local object pool use case
• 9c39910 Update RELEASE-NOTES.md post 4.0.1 release
• Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-api from 0.11.5 to 0.12.6

Release notes

Sourced from io.jsonwebtoken:jjwt-api's releases.

0.12.6

This patch release:

• Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See jwtk/jjwt#947.
• Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See jwtk/jjwt#949.
• Upgrades BouncyCastle to 1.78 via jwtk/jjwt#941
• Usees Acsiidoc as README format by @​bdemers in jwtk/jjwt#777
• Allows using GenericSecret for HmacSHA* algorithms by @​mnylen in jwtk/jjwt#935
• Enables JWE arbitrary content compression by @​mnylen in jwtk/jjwt#937

New Contributors

• @​mnylen made their first contribution in jwtk/jjwt#935

Full Changelog: jwtk/jjwt@0.12.5...0.12.6

0.12.5

This release fixes issue #916 and ensures that builders' NestedCollection changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call .and() to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:

JwtBuilder builder = Jwts.builder();
builder.audience().add("an-audience"); // no .and() call
builder.compact(); // would not keep 'an-audience'

Now this code works as expected and all other NestedCollection instances like it apply changes immediately (e.g. when calling .add(value)).

However, standard fluent builder chains are still recommended for readability when feasible, e.g.

Jwts.builder()
    .audience().add("an-audience").and() // allows fluent chaining
    .subject("Joe")
    // etc...
    .compact()

These same notes are repeated in the CHANGELOG, and as always, project documentation is in the README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

0.12.4

This is patch release completes 10 issues, with two especially noteworthy changes, and a number of other smaller bug fixes and enhancements.

1. The default Jackson deserializer will now reject duplicate JSON members by default in an attempt to be a little more strict at rejecting potentially malicious or malformed JSON. This is a default and can be overridden with a custom ObjectMapper if desired.
2. Password-based JWE encryption key algorithms (PBES2_HS256_A128KW, PBES2_HS384_A192KW and PBES2_HS512_A256KW) now enforce an upper bound (maximum) number of iterations allowed during decryption to mitigate against potential DoS attacks. Many thanks to Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for their work on this!

A number of other issues fixed: thread-safe ServiceLoader usage for dynamic JSON processor lookup, Android enhancements for JSON Reader APIs, fixed Elliptic Curve field element padding, and more. Please read the 0.12.4 CHANGELOG for full details of all of these changes, and as always, project documentation is in the 0.12.4 README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

... (truncated)

Changelog

Sourced from io.jsonwebtoken:jjwt-api's changelog.

0.12.6

This patch release:

• Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See Issue 947.
• Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See Issue 949.
• Upgrades BouncyCastle to 1.78 via PR 941.

0.12.5

This patch release:

• Ensures that builders' NestedCollection changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call .and() to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:

  JwtBuilder builder = Jwts.builder();
  builder.audience().add("an-audience"); // no .and() call
  builder.compact(); // would not keep 'an-audience'

  Now this code works as expected and all other NestedCollection instances like it apply changes immediately (e.g. when calling .add(value)).

  However, standard fluent builder chains are still recommended for readability when feasible, e.g.

  Jwts.builder()
      .audience().add("an-audience").and() // allows fluent chaining
      .subject("Joe")
      // etc...
      .compact()

  See Issue 916.

0.12.4

This patch release includes various changes listed below.

Jackson Default Parsing Behavior

This release makes two behavioral changes to JJWT's default Jackson ObjectMapper parsing settings:

1. In the interest of having stronger standards to reject potentially malformed/malicious/accidental JSON that could have undesirable effects on an application, JJWT's default ObjectMapper is now configured to explicitly reject/fail parsing JSON (JWT headers and/or Claims) if/when that JSON contains duplicate JSON member names.

   For example, now the following JSON, if parsed, would fail (be rejected) by default:

... (truncated)

Commits

• 0df9756 [maven-release-plugin] prepare release 0.12.6
• aacdfdc - Updated README.adoc :project-version: to be 0.12.6.
• d14f27b Bump org.bouncycastle:bcprov-jdk18on from 1.76 to 1.78 (#941)
• 0c2d96c Fixes #949 (#950)
• a7de554 Fixes #947 (#948)
• 7543248 Bump org.bouncycastle:bcpkix-jdk18on from 1.76 to 1.78 (#943)
• 3489fdb JWE arbitrary content compression (#937)
• 23d9a33 Allow using GenericSecret for HmacSHA* (#935)
• c673b76 Update SECURITY.md
• 2694861 Use Acsiidoc as README format (#777)
• Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-impl from 0.11.5 to 0.12.6

Release notes

Sourced from io.jsonwebtoken:jjwt-impl's releases.

0.12.6

This patch release:

• Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See jwtk/jjwt#947.
• Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See jwtk/jjwt#949.
• Upgrades BouncyCastle to 1.78 via jwtk/jjwt#941
• Usees Acsiidoc as README format by @​bdemers in jwtk/jjwt#777
• Allows using GenericSecret for HmacSHA* algorithms by @​mnylen in jwtk/jjwt#935
• Enables JWE arbitrary content compression by @​mnylen in jwtk/jjwt#937

New Contributors

• @​mnylen made their first contribution in jwtk/jjwt#935

Full Changelog: jwtk/jjwt@0.12.5...0.12.6

0.12.5

This release fixes issue #916 and ensures that builders' NestedCollection changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call .and() to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:

JwtBuilder builder = Jwts.builder();
builder.audience().add("an-audience"); // no .and() call
builder.compact(); // would not keep 'an-audience'

Now this code works as expected and all other NestedCollection instances like it apply changes immediately (e.g. when calling .add(value)).

However, standard fluent builder chains are still recommended for readability when feasible, e.g.

Jwts.builder()
    .audience().add("an-audience").and() // allows fluent chaining
    .subject("Joe")
    // etc...
    .compact()

These same notes are repeated in the CHANGELOG, and as always, project documentation is in the README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

0.12.4

This is patch release completes 10 issues, with two especially noteworthy changes, and a number of other smaller bug fixes and enhancements.

1. The default Jackson deserializer will now reject duplicate JSON members by default in an attempt to be a little more strict at rejecting potentially malicious or malformed JSON. This is a default and can be overridden with a custom ObjectMapper if desired.
2. Password-based JWE encryption key algorithms (PBES2_HS256_A128KW, PBES2_HS384_A192KW and PBES2_HS512_A256KW) now enforce an upper bound (maximum) number of iterations allowed during decryption to mitigate against potential DoS attacks. Many thanks to Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for their work on this!

A number of other issues fixed: thread-safe ServiceLoader usage for dynamic JSON processor lookup, Android enhancements for JSON Reader APIs, fixed Elliptic Curve field element padding, and more. Please read the 0.12.4 CHANGELOG for full details of all of these changes, and as always, project documentation is in the 0.12.4 README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

... (truncated)

Changelog

Sourced from io.jsonwebtoken:jjwt-impl's changelog.

0.12.6

This patch release:

• Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See Issue 947.
• Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See Issue 949.
• Upgrades BouncyCastle to 1.78 via PR 941.

0.12.5

This patch release:

• Ensures that builders' NestedCollection changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call .and() to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:

  JwtBuilder builder = Jwts.builder();
  builder.audience().add("an-audience"); // no .and() call
  builder.compact(); // would not keep 'an-audience'

  Now this code works as expected and all other NestedCollection instances like it apply changes immediately (e.g. when calling .add(value)).

  However, standard fluent builder chains are still recommended for readability when feasible, e.g.

  Jwts.builder()
      .audience().add("an-audience").and() // allows fluent chaining
      .subject("Joe")
      // etc...
      .compact()

  See Issue 916.

0.12.4

This patch release includes various changes listed below.

Jackson Default Parsing Behavior

This release makes two behavioral changes to JJWT's default Jackson ObjectMapper parsing settings:

1. In the interest of having stronger standards to reject potentially malformed/malicious/accidental JSON that could have undesirable effects on an application, JJWT's default ObjectMapper is now configured to explicitly reject/fail parsing JSON (JWT headers and/or Claims) if/when that JSON contains duplicate JSON member names.

   For example, now the following JSON, if parsed, would fail (be rejected) by default:

... (truncated)

Commits

• 0df9756 [maven-release-plugin] prepare release 0.12.6
• aacdfdc - Updated README.adoc :project-version: to be 0.12.6.
• d14f27b Bump org.bouncycastle:bcprov-jdk18on from 1.76 to 1.78 (#941)
• 0c2d96c Fixes #949 (#950)
• a7de554 Fixes #947 (#948)
• 7543248 Bump org.bouncycastle:bcpkix-jdk18on from 1.76 to 1.78 (#943)
• 3489fdb JWE arbitrary content compression (#937)
• 23d9a33 Allow using GenericSecret for HmacSHA* (#935)
• c673b76 Update SECURITY.md
• 2694861 Use Acsiidoc as README format (#777)
• Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-jackson from 0.11.5 to 0.12.6

Updates io.vertx:vertx-auth-jwt from 4.5.3 to 4.5.10

Updates io.vertx:vertx-core from 4.5.3 to 4.5.10

Commits

• d5a16c6 Releasing 4.5.10
• 83c72a4 Revert "Hook for VertxBuilder customization"
• 3f930dc Hook for VertxBuilder customization
• 6ddbde4 Rollback breaking change of internal API
• 334e2cd Context created from a vertx thread should not be recorded as a sticky context.
• bab52b7 Set version to 4.5.10-SNAPSHOT
• e7dbf03 Releasing 4.5.9
• fa52bf4 The JacksonCodec implementation of toString/toBuffer lacks of efficiency comp...
• 5d0d5d9 The code to compare two numbers in json object/array does not correctly compa...
• aec1041 Fix a few bugs related to non event-loop thread writes.
• Additional commits viewable in compare view

Updates io.vertx:vertx-web from 4.5.3 to 4.5.10

Updates io.netty:netty-all from 4.1.108.Final to 4.1.114.Final

Commits

• 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
• d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
• 041eaed Re-add previous removed method to make revapi plugin happy again.
• 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
• e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
• 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
• c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
• 56a9101 Update small documentation typo (#14370)
• 8362d9d Fix flaky BootstrapTest (#14369)
• bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
• Additional commits viewable in compare view

Updates io.micrometer:micrometer-registry-prometheus from 1.11.0 to 1.13.6

Release notes

Sourced from io.micrometer:micrometer-registry-prometheus's releases.

1.13.6

⭐ New Features / Enhancements

• Improve memory usage of StepBucketHistogram #4954

🐞 Bug Fixes

• Instrumented Java 11 HttpClient does not re-throw exceptions in sendAsync call #5136
• Map time units to UCUM format for Dynatrace #5588
• Aspects' tagsBasedOnJoinPoint may throw uncaught exception #5584
• Set user agent header in OTLP registry #5577
• MicrometerHttpRequestExecutor fails to instrument with Apache HC 5.4 #5575

📔 Documentation

• Remove duplicated context-propagation documentation in Micrometer docs #5549
• [OTLP Registry] Document batch size configuration #5578

🔨 Dependency Upgrades

• Bump dropwizard-metrics from 4.2.27 to 4.2.28 #5566
• Bump context-propagation to 1.1.2 #5592

📝 Tasks

• Bump org.junit:junit-bom from 5.10.4 to 5.10.5 #5571
• Bump me.champeau.gradle:japicmp-gradle-plugin from 0.4.3 to 0.4.4 #5567
• Bump jersey3 from 3.0.12 to 3.0.16 #5560
• Do not include formerly removed micrometer-samples-jetty12 subproject #5554
• Bump spring from 5.3.37 to 5.3.39 #5419
• Bump org.junit.platform:junit-platform-launcher from 1.10.4 to 1.10.5 #5557
• Bump org.mongodb:mongodb-driver-sync from 4.11.3 to 4.11.4 #5538
• Bump uk.org.webcompere:system-stubs-jupiter from 2.1.6 to 2.1.7 #5536
• Bump io.netty:netty-bom from 4.1.112.Final to 4.1.114.Final #5534
• Bump io.spring.develocity.conventions from 0.0.20 to 0.0.22 #5533
• Bump org.junit.platform:junit-platform-launcher from 1.10.3 to 1.10.4 #5532
• Bump jetty9 from 9.4.55.v20240627 to 9.4.56.v20240826 #5531
• Bump junit from 5.10.3 to 5.10.4 #5530
• Bump spring from 5.3.37 to 5.3.39 #5455

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​lenin-jaganathan, @​pirgeo, @​kinddevil, and @​joaopgrassi

1.13.5

🐞 Bug Fixes

• ConcurrentModificationException when late meter filters are added #5489

... (truncated)

Commits

• 0b4d07f Merge branch '1.12.x' into 1.13.x
• f3ef95a Bump context-propagation to 1.1.2
• 0944ad3 Merge branch '1.12.x' into 1.13.x
• 9c3b760 Map time units to UCUM format for Dynatrace (#5589)
• 77d72d2 Merge branch '1.12.x' into 1.13.x
• d7daaef Set user agent header in OTLP registry
• 12db19f Merge branch '1.12.x' into 1.13.x
• adfdd3e Catch runtime exception thrown from pjp function in aspects (#5585)
• e3ac3ad Merge branch '1.12.x' into 1.13.x
• 5435fc4 Document batchSize config for OTLP registry
• Additional commits viewable in compare view

Updates io.micrometer:micrometer-tracing-bom from 1.1.1 to 1.3.5

Release notes

Sourced from io.micrometer:micrometer-tracing-bom's releases.

1.3.5

🔨 Dependency Upgrades

• Bump io.micrometer:micrometer-bom from 1.13.4 to 1.13.6 #870
• Bump io.micrometer:context-propagation from 1.1.1 to 1.1.2 #869
• Bump ch.qos.logback:logback-classic from 1.5.8 to 1.5.10 #865
• Bump org.junit:junit-bom from 5.10.3 to 5.10.5 #859
• Bump io.zipkin.reporter2:zipkin-reporter-bom from 3.4.1 to 3.4.2 #847
• Bump io.zipkin.reporter2:zipkin-reporter-bom from 3.4.0 to 3.4.1 #838
• Bump ch.qos.logback:logback-classic from 1.5.7 to 1.5.8 #834

📝 Tasks

• Bump io.spring.develocity.conventions from 0.0.20 to 0.0.22 #856

1.3.4

Because of issues with OTel dependencies, this release effectively downgrades

• io.opentelemetry.instrumentation:opentelemetry-instrumentation-api-semconv from 1.33.5-alpha to 1.33.3-alpha
• io.opentelemetry:opentelemetry-api from 1.40.0 to 1.38.0

This is because we usually don't upgrade minor versions in patch releases but since OTel does, we unintentionally upgraded io.opentelemetry:opentelemetry-api from 1.38.0 to 1.40.0 (minor version bump) in earlier patch releases since we upgraded io.opentelemetry.instrumentation:opentelemetry-instrumentation-api-semconv from 1.33.3-alpha to 1.33.5-alpha (patch version bump). A minor version bump in a patch release can be unexpected so this release restores the same minor versions of OTel that 1.3.0 used, see: #819.

⚠️ Noteworthy

• OTel dependency convergence issue #819

🐞 Bug Fixes

• OTel dependency convergence issue #819

🔨 Dependency Upgrades

• Bump io.micrometer:micrometer-bom from 1.13.3 to 1.13.4 #835

📝 Tasks

• Bump io.spring.develocity.conventions from 0.0.19 to 0.0.20 #822
• Bump ch.qos.logback:logback-classic from 1.5.6 to 1.5.7 #815
• Bump spring from 5.3.37 to 5.3.39 #814
• Bump io.projectreactor:reactor-bom from 2022.0.21 to 2022.0.22 #800
• Bump io.spring.javaformat:spring-javaformat-gradle-plugin from 0.0.42 to 0.0.43 #799
• Bump io.spring.javaformat:spring-javaformat-checkstyle from 0.0.42 to 0.0.43 #798
• Use TestObservationRegistry in context propagation tests #810

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​chemicL

... (truncated)

Commits

• 57bde37 Bump io.zipkin.reporter2:zipkin-reporter-bom from 3.4.1 to 3.4.2 (#847)
• 425b552 Bump org.junit:junit-bom from 5.10.3 to 5.10.5 (#859)
• 416c094 Bump ch.qos.logback:logback-classic from 1.5.8 to 1.5.10 (#865)
• 5a7c20a Bump io.micrometer:micrometer-bom from 1.13.4 to 1.13.6 (#870)
• 7766c94 Merge branch '1.2.x' into 1.3.x
• 373923f Bump io.micrometer:micrometer-bom from 1.12.10 to 1.12.11 (#867)
• 3c3e7bf Bump io.micrometer:context-propagation from 1.1.1 to 1.1.2 (#868)
• 0a97118 Bump org.junit:junit-bom from 5.10.3 to 5.10.5 (#860)
• 6c32018 Bump io.spring.develocity.conventions from 0.0.20 to 0.0.22 (#853)
• 8435e8c Bump io.zipkin.reporter2:zipkin-reporter-bom from 3.4.0 to 3.4.1 (#838)
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.4.12 to 1.5.12

Commits

• 3a64b51 prepare release 1.5.12
• ecae664 fix issues/879
• 85968fa logger call ends with two exceptions - fix issues/876
• ea3cec8 Update README.md
• 887cbba update README.md
• df2a3b6 start work on 1.5.12-SNAPSHOT
• 3aa0730 prepare release of version 1.5.11
• 8bcfd9a allow for InsertFromJNDIModelHandler to be callable from logback-tyler
• 75bee86 refactorings in support of logback-tyler
• 8749edc start work on 1.5.11-SNAPSHOT
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.4.14 to 1.5.12

Commits

• 3a64b51 prepare release 1.5.12
• ecae664 fix issues/879
• 85968fa logger call ends with two exceptions - fix issues/876
• ea3cec8 Update README.md
• 887cbba update README.md
• df2a3b6 start work on 1.5.12-SNAPSHOT
• 3aa0730 prepare release of version 1.5.11
• 8bcfd9a allow for InsertFromJNDIModelHandler to be callable from logback-tyler
• 75bee86 refactorings in support of logback-tyler
• 8749edc start work on 1.5.11-SNAPSHOT
• Additional commits viewable in compare view

Updates org.slf4j:slf4j-api from 2.0.7 to 2.0.16

Updates io.opentelemetry:opentelemetry-bom-alpha from 1.26.0-alpha to 1.43.0-alpha

Release notes

Sourced from io.opentelemetry:opentelemetry-bom-alpha's releases.

Version 1.42.1

This is a patch release on the previous 1.42.0 release, fixing the issue(s) below.

API

• Revert java-test-fixtures plugin to remove test dependencies from pom.xml. (#6695)

Description has been truncated

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.