chore(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
actions/upload-artifact	action	patch	v4.3.0 -> v4.3.1
github/codeql-action	action	patch	v3.24.0 -> v3.24.9
gradle (source)		minor	8.6 -> 8.7
gradle/wrapper-validation-action	action	minor	v2.0.0 -> v2.1.2
lint-staged	dependencies	patch	15.2.1 -> 15.2.2
org.mockito:mockito-junit-jupiter	dependencies	minor	5.10.0 -> 5.11.0
net.sourceforge.plantuml:plantuml	dependencies	minor	1.2023.13 -> 1.2024.3
org.awaitility:awaitility (source)	dependencies	patch	4.2.0 -> 4.2.1
com.graphql-java:graphql-java	dependencies	minor	19.4 -> 19.11
com.fasterxml.jackson.datatype:jackson-datatype-jsr310	dependencies	minor	2.16.1 -> 2.17.0
com.fasterxml.jackson.core:jackson-core	dependencies	minor	2.16.1 -> 2.17.0
com.fasterxml.jackson.core:jackson-databind (source)	dependencies	minor	2.16.1 -> 2.17.0
com.fasterxml.jackson.core:jackson-annotations (source)	dependencies	minor	2.16.1 -> 2.17.0
commons-io:commons-io (source)	dependencies	minor	2.15.1 -> 2.16.0
com.netflix.graphql.dgs.codegen:graphql-dgs-codegen-shared-core	dependencies	patch	6.1.4 -> 6.1.5
org.apache.commons:commons-text (source)	dependencies	minor	1.10.0 -> 1.11.0
com.commercetools.sdk.jvm.core:commercetools-convenience	dependencies	minor	2.14.0 -> 2.16.0
com.github.javaparser:javaparser-symbol-solver-core (source)	dependencies	patch	3.25.8 -> 3.25.9
com.squareup.okio:okio	dependencies	minor	3.7.0 -> 3.9.0
com.commercetools.sdk.jvm.core:commercetools-models	dependencies	minor	2.14.0 -> 2.16.0
io.projectreactor.netty:reactor-netty-core	dependencies	patch	1.1.15 -> 1.1.17
com.newrelic.agent.java:newrelic-api	dependencies	minor	8.9.0 -> 8.10.0
io.opentelemetry:opentelemetry-api	dependencies	minor	1.34.1 -> 1.36.0
io.projectreactor.netty:reactor-netty-http	dependencies	patch	1.1.15 -> 1.1.17
com.datadoghq:datadog-api-client	dependencies	minor	2.20.0 -> 2.23.0
com.commercetools.sdk.jvm.core:commercetools-java-client-core	dependencies	minor	2.14.0 -> 2.16.0
com.netflix.dgs.codegen	plugin	patch	6.1.4 -> 6.1.5
org.jetbrains.kotlin.jvm	plugin	patch	1.9.22 -> 1.9.23

---

Release Notes

actions/upload-artifact (actions/upload-artifact)

v4.3.1

Compare Source

• Bump @​actions/artifacts to latest version to include updated GHES host check

github/codeql-action (github/codeql-action)

v3.24.9

Compare Source

v3.24.8

Compare Source

v3.24.7

Compare Source

v3.24.6

Compare Source

v3.24.5

Compare Source

v3.24.4

Compare Source

v3.24.3

Compare Source

v3.24.2

Compare Source

v3.24.1

Compare Source

gradle/gradle (gradle)

v8.7

Compare Source

gradle/wrapper-validation-action (gradle/wrapper-validation-action)

v2.1.2

Compare Source

What's Changed

• Update various NPM dependencies
• Update wrapper checksums

Full Changelog: gradle/wrapper-validation-action@v2.1.1...v2.1.2

v2.1.1

Compare Source

Changelog

• [FIX] Add hardcoded checksum for Gradle 7.6.4

Full Changelog: gradle/wrapper-validation-action@v2...v2.1.1

v2.1.0

Compare Source

This release should vastly reduce the number of network requests made by the wrapper-validation-action, by hardcoding the checksums of all known Gradle wrapper jars at time of release. With this improvement, a number of long-standing issues should be addressed (#​164, #​162, #​57).

The action should now only make network requests to validate the checksums of an unknown gradle-wrapper.jar. This can happen if:

• The Gradle version was published after this action was released
• The gradle-wrapper.jar is truly invalid

Changelog

• [NEW] Hardcode list of known checksums to avoid network requests in most cases (#​161)

Huge thanks to @​Marcono1234 for contributing this long-awaited improvement.

v2.0.1

Compare Source

This patch release fixes error reporting when failing to retrieve the checksums from services.gradle.org

• [FIX] After migration from v1 to v2 silently fails (#​174)

okonet/lint-staged (lint-staged)

v15.2.2

Compare Source

Patch Changes

• #​1391 fdcdad4 Thanks @​iiroj! - Lint-staged no longer tries to load configuration from files that are not checked out. This might happen when using sparse-checkout.

mockito/mockito (org.mockito:mockito-junit-jupiter)

v5.11.0

^{Changelog generated by Shipkit Changelog Gradle Plugin}

5.11.0

• 2024-03-01 - 17 commit(s) by Aouichaoui Youssef, Franz Wong, Pranoti Durugkar, Róbert Papp, dependabot[bot]
• Fixes #​3281 : Add native method to exception message of MissingMethodI… (#​3283)
• MissingMethodInvocationException is thrown when mocking native method in 5.x (#​3281)
• Bump com.google.googlejavaformat:google-java-format from 1.19.2 to 1.20.0 (#​3277)
• Bump versions.bytebuddy from 1.14.11 to 1.14.12 (#​3272)
• Bump gradle/wrapper-validation-action from 2.1.0 to 2.1.1 (#​3268)
• Bump org.shipkit:shipkit-auto-version from 2.0.3 to 2.0.4 (#​3267)
• Bump gradle/wrapper-validation-action from 2.0.1 to 2.1.0 (#​3266)
• Bump org.junit.platform:junit-platform-launcher from 1.10.1 to 1.10.2 (#​3265)
• Bump gradle/wrapper-validation-action from 2.0.0 to 2.0.1 (#​3264)
• Bump org.assertj:assertj-core from 3.25.2 to 3.25.3 (#​3261)
• Bump versions.junitJupiter from 5.10.1 to 5.10.2 (#​3260)
• Bump gradle/wrapper-validation-action from 1.1.0 to 2.0.0 (#​3258)
• Fixes #​3229: Resolve test generic arguments (#​3257)
• Bump org.shipkit:shipkit-auto-version from 2.0.2 to 2.0.3 (#​3256)
• Use kvm on ubuntu instead of macos to run Android tests (#​3252)
• Fixes #​3240 : Renamed mockito bom artifact (#​3251)
• Remove shipkit workaround for generateChangelog (#​3250)
• Bump com.gradle.enterprise from 3.16.1 to 3.16.2 (#​3249)
• Mockito bom missing artifact in maven central for java21 (#​3240)
• @Captor test parameters don't work with primitive type arguments (#​3229)
• Gradle 8.2: work around fix for release publishing (#​3053)

graphql-java/graphql-java (com.graphql-java:graphql-java)

v19.11: 19.11

This is a special release to add further limits to introspection queries.

This release contains a backport of PR #​3539.

What's Changed

• 19.x Backport PR 3539 by @​dondonz in https://github.com/graphql-java/graphql-java/pull/3543

Full Changelog: graphql-java/graphql-java@v19.10...v19.11

v19.10: 19.10

This is a special release to help control introspection queries.

This release adds a default check for introspection queries, to check that they are sensible. This feature is a backport of https://github.com/graphql-java/graphql-java/pull/3526 and https://github.com/graphql-java/graphql-java/pull/3527.

This release also adds an optional maximum result nodes limit, which is a backport of https://github.com/graphql-java/graphql-java/pull/3525.

What's Changed

• 19.x Backport #​3526 and PR #​3527 by @​dondonz in https://github.com/graphql-java/graphql-java/pull/3532
• 19.x Backport PR 3525 max result nodes by @​dondonz in https://github.com/graphql-java/graphql-java/pull/3537

Full Changelog: graphql-java/graphql-java@v19.9...v19.10

v19.9: 19.9

This is a small bugfix release which includes a backport of PR #​3334, which fixes a type unwrapping bug.

What's Changed

• Backport PR #​3334 to 19.x by @​dondonz in https://github.com/graphql-java/graphql-java/pull/3356

Full Changelog: graphql-java/graphql-java@v19.8...v19.9

v19.8: 19.8

This version 19.8 release includes a critical Guava fix.

The 19.7 release had a problem where Guava classes were not shaded due to a configuration error. Do not use version 19.7 and please use this version 19.8 instead.

What's Changed

• guava version fix for 19.x by @​bbakerman in https://github.com/graphql-java/graphql-java/pull/3319

Full Changelog: graphql-java/graphql-java@v19.7...v19.8

v19.7: 19.7

Do not use version 19.7. Please use version 19.8 instead.

Version 19.7 contains a problem where Guava files were not shaded due to a configuration error. This is fixed in 19.8.

---

This is a bugfix release which backports two default value fixes.

This release also updates Guava to keep security scanners happy. Some security scanners had incorrectly flagged an earlier patched version of Guava as still vulnerable to CVE-2023-2976. To avoid incorrect security alerts, we have updated Guava to a version that all scanners will accept as patched. More details in #​3280 and #​3263.

What's Changed

• 19.x Guava update again by @​dondonz in https://github.com/graphql-java/graphql-java/pull/3280
• 19.x backport of #​3286 null default value bugfix by @​dondonz in https://github.com/graphql-java/graphql-java/pull/3294
• 19.x backport of #​3278 default value bugfix by @​dondonz in https://github.com/graphql-java/graphql-java/pull/3310

Full Changelog: graphql-java/graphql-java@v19.6...v19.7

v19.6: 19.6

This is a special release with only one commit: updating the version of Guava to 32.0.0 to address CVE-2023-2976.

graphql-java shades in selected classes of Guava. Although this library does not use any of the code described in the CVE, we received reports in #​3239 that the Guava POM inside the jar was incorrectly triggering security scanners. We'd prefer to keep those security scanners happy and upgrade the Guava version.

What's Changed

• Update Guava version for v19 by @​dondonz in https://github.com/graphql-java/graphql-java/pull/3244

Full Changelog: graphql-java/graphql-java@v19.5...v19.6

v19.5: 19.5

This is a security bugfix release containing only one PR: #​3158

This adds a limit to the number of characters used in an operation.

Full details can be found here: #​3148

What's Changed

• This is the backport of the max characters in a parse to the 19.x branch by @​bbakerman in https://github.com/graphql-java/graphql-java/pull/3158

Full Changelog: graphql-java/graphql-java@v19.4...v19.5

Netflix/dgs-codegen (com.netflix.graphql.dgs.codegen:graphql-dgs-codegen-shared-core)

v6.1.5

What’s Changed

• Fix import of typemapped types in generated union classes. (#​657) @​srinivasankavitha

commercetools/commercetools-jvm-sdk (com.commercetools.sdk.jvm.core:commercetools-convenience)

v2.16.0

Javadoc: http://commercetools.github.io/commercetools-jvm-sdk/apidocs
see http://commercetools.github.io/commercetools-jvm-sdk/apidocs/io/sphere/sdk/meta/ReleaseNotes.html#v2\_16\_0

javaparser/javaparser (com.github.javaparser:javaparser-symbol-solver-core)

v3.25.9

issues resolved

Added

• Fix: issue #​3878 resolve MethodReference in ObjectCreationExpr (PR #​4296 by @​fishautumn)

Changed

• Switch order of literals to prevent NullPointerException (PR #​4322 by @​citizenjosh)
• Minor refactoring to use the existing getArgumentPosition method (PR #​4306 by @​jlerbsc)
• Optimize find ancestor (PR #​4294 by @​magicwerk)
• refac: Removes useless ExpressionHelper utility class and replaces some explicit casts by using the javaparser API (PR #​4291 by @​jlerbsc)

Fixed

• fix: Dead stores should be removed (sonar rule) (PR #​4329 by @​jlerbsc)
• fix: Replace this if-then-else statement by a single return statement (sonar rule) (PR #​4328 by @​jlerbsc)
• fix: issue 2043 getAccessSpecifier should return public for interface methods (PR #​4317 by @​jlerbsc)
• Further improve correction of whitespace during difference application (PR #​4316 by @​jlerbsc)
• Fix: issue #​3946 Symbol solver is unable to resolve inherited inner classes (PR #​4314 by @​jlerbsc)
• fix: issue 4311 IllegalStateException when removing all comments with LexicalPreservingPrinter (PR #​4313 by @​jlerbsc)
• Fix: issue 3939 SymbolResolver.calculateType(Expression) may fails on first try, then succeed on later tries (PR #​4290 by @​jlerbsc)
• Adds unit test for issue 4284 "ClassCastException when resolving MethodCallExpr inside an enhanced switch statement" (PR #​4285 by @​jlerbsc)
• Change SwitchStmt to SwitchNode in SwitchEntryContext to avoid ClassCastException (PR #​4283 by @​PalashSharma20)

Developer Changes

• chore(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.1.1 to 3.2.0 (PR #​4323 by @​dependabot[bot])
• chore(deps): update junit5 monorepo to v5.10.2 (PR #​4307 by @​renovate[bot])
• chore(deps): update codecov/codecov-action action to v4 (PR #​4304 by @​renovate[bot])
• chore(deps): update actions/cache action to v4 (PR #​4293 by @​renovate[bot])

❤️ Contributors

Thank You to all contributors who worked on this release!

• @​citizenjosh
• @​magicwerk
• @​PalashSharma20
• @​jlerbsc
• @​fishautumn

square/okio (com.squareup.okio:okio)

v3.9.0

2024-03-12

• New: FileSystem.SYSTEM can be used in source sets that target both Kotlin/Native and
  Kotlin/JVM. Previously, we had this symbol in each source set but it wasn't available to
  common source sets.
• New: COpaquePointer.readByteString(...) creates a ByteString from a memory address.
• New: Support InflaterSource, DeflaterSink, GzipSink, and GzipSource in Kotlin/Native.
• New: Support openZip() on Kotlin/Native. One known bug in this implementation is that
  FileMetadata.lastModifiedAtMillis() is interpreted as UTC and not the host machine's time zone.
• New: Prefer NTFS timestamps in ZIP file systems' metadata. This avoids the time zone problems
  of ZIP's built-in DOS timestamps, and the 2038 time bombs of ZIP's extended timestamps.
• Fix: Don't leak file handles to opened JAR files open in FileSystem.RESOURCES.
• Fix: Don't throw a NullPointerException if Closeable.use { ... } returns null.

v3.8.0

2024-02-09

• New: TypedOptions works like Options, but it returns a T rather than an index.
• Fix: Don't leave sinks open when there's a race in Pipe.fold().

reactor/reactor-netty (io.projectreactor.netty:reactor-netty-core)

v1.1.17

Reactor Netty 1.1.17 is part of 2022.0.17 Release Train and 2023.0.4 Release Train.

This is a recommended update for all Reactor Netty 1.1.x users.

What's Changed

✨ New features and improvements

• Depend on Reactor Core v3.5.15 by @​violetagg in 84dff5c, see release notes
• Depend on Netty v4.1.107.Final by @​violetagg in #​3062
• Depend on netty-incubator-transport-native-io_uring v0.0.25.Final by @​dependabot in #​3066
• Depend on Netty QUIC Codec v0.0.59.Final by @​violetagg in #​3097
• Enable DNS retryOnTimeout with TCP by @​violetagg in #​3063
• Add proxy address information to the metrics by @​violetagg in #​3081
• Provide better exception message for invalid PORT env variable by @​violetagg in #​3083

🐞 Bug fixes

• Ensure remoteAddress metrics tag is always the real remote address regardless whether there is proxy by @​violetagg in #​3074
• When metrics are enabled and responseTimeout is configured, ensure the correct order for ChannelHandlers by @​violetagg in #​3090

📖 Documentation

• Update connection close FAQ by @​violetagg in #​3082
• Fix javadoc by @​violetagg in #​3084
• Add info for reactor.netty.connection.provider.pending.connections.time metric by @​violetagg in #​3093
• Add info for HTTP/2 connection pool metrics by @​violetagg in #​3094
• Add How To dispose Event Loop Group/Connection Pool by @​violetagg in #​3095

Full Changelog: reactor/reactor-netty@v1.1.16...v1.1.17

v1.1.16

Reactor Netty 1.1.16 is part of 2022.0.16 Release Train and 2023.0.3 Release Train.

This is a recommended update for all Reactor Netty 1.1.x users.

What's Changed

⚠️ Update considerations and deprecations

• Ensure cookies can be added by BiConsumer provided with HttpClient#followRedirect by @​violetagg in #​3039

✨ New features and improvements

• Depend on Netty v4.1.106.Final by @​violetagg in #​3034
• Depend on Netty QUIC Codec v0.0.57.Final by @​violetagg in #​3055
• Obtain Http2FrameCodec context only when needed by @​violetagg in #​3032

🐞 Bug fixes

• Ensure ChannelHandlerContext.isRemoved is called only when in event loop by @​violetagg in #​3031
• Ensure websocket compression is enabled when server is configured with HttpProtocol.H2C and HttpProtocol.HTTP1.1 by @​violetagg in #​3037

📖 Documentation, Tests and Build

• Update CodeQL with the latest configurations by @​violetagg in #​3046
• Pin GitHub Actions versions by @​violetagg in #​3048

🆙 Build/Test Dependency Upgrades

• Bump tomcat-embed-core to version 9.0.85 by @​dependabot in #​3025
• Bump hoverfly-java-junit5 to version 0.16.1 by @​dependabot in #​3028
• Bump metadata repository to version 0.3.6 by @​violetagg in #​3038
• Bump build-info-extractor-gradle to version 4.33.12 by @​dependabot in #​3042
• Bump brotli4j to version 1.16.0 by @​dependabot in #​3045
• Bump assertj-core to version 3.25.3 by @​dependabot in #​3051
• Bump junitVersion to version 5.10.2 by @​dependabot in #​3052
• Bump junit-platform-launcher to version 1.10.2 by @​dependabot in #​3053
• Bump Gradle to version 7.6.4 by @​violetagg in #​3054
• Bump gradle/wrapper-validation-action to version 2.1.1 by @​dependabot in #​3058

Full Changelog: reactor/reactor-netty@v1.1.15...v1.1.16

newrelic/newrelic-java-agent (com.newrelic.agent.java:newrelic-api)

v8.10.0

Version 8.10.0

v8.9.1

Version 8.9.1

open-telemetry/opentelemetry-java (io.opentelemetry:opentelemetry-api)

v1.36.0

SDK

Traces

• Lazily initialize the container for events in the SDK Span implementation
  (#​6244)

Exporters

• Add basic proxy configuration to OtlpHttp{Signal}Exporters
  (#​6270)
• Add connectTimeout configuration option OtlpGrpc{Signal}Exporters
  (#​6079)

Extensions

• Add ComponentLoader to autoconfigure support more scenarios
  (#​6217)
• Added MetricReader customizer for AutoConfiguredOpenTelemetrySdkBuilder
  (#​6231)
• Return AutoConfiguredOpenTelemetrySdkBuilder instead of the base type
  (#​6248)

Tooling

• Add note about draft PRs to CONTRIBUTING.md
  (#​6247)

v1.35.0

NOTE: The opentelemetry-exporter-jaeger and opentelemetry-exporter-jaeger-thift artifacts
have stopped being published. Jaeger
has native support for OTLP, and users
should export to jaeger
using OTLP
instead.

API

Incubator

• Add Span#addLink, for adding a link after span start
  (#​6084)

SDK

Traces

• Bugfix: Ensure span status cannot be updated after set to StatusCode.OK
  (#​6209

Metrics

• Reusable memory Mode: Adding support for exponential histogram aggregation
  (#​6058,
  #​6136)
• Reusable memory mode: Adding support for explicit histogram aggregation
  (#​6153)
• Reusable memory mode: Adding support for sum aggregation
  (#​6182)
• Reusable memory mode: Adding support for last value aggregation
  (#​6196)

Exporters

• Recreate / fix graal issue detecting RetryPolicy class
  (#​6139,
  #​6134)
• Restore prometheus metric name mapper tests, fix regressions
  (#​6138)
• WARNING: Remove jaeger exporters
  (#​6119)
• Update dependency io.zipkin.reporter2:zipkin-reporter-bom to 3.2.1.
  Note: ZipkinSpanExporterBuilder#setEncoder(zipkin2.codec.BytesEncoder) has been deprecated in
  favor of ZipkinSpanExporterBuilder#setEncoder(zipkin2.reporter.BytesEncoder).
  ZipkinSpanExporterBuilder#setSender(zipkin2.reporter.Sender) has been deprecated in favor
  of ZipkinSpanExporterBuilder#setSender(zipkin2.reporter.BytesMessageSender).
  (#​6129,
  #​6151)
• Include trace flags in otlp marshaller
  (#​6167)
• Add Compressor SPI support to OtlpGrpc{Signal}Exporters
  (#​6103)
• Allow Prometheus exporter to add resource attributes to metric attributes
  (#​6179)

Extension

• Autoconfigure accepts encoded header values for OTLP exporters
  (#​6164)

Incubator

• Align file configuration with latest changes to spec
  ([#​6088](https://togithub.com/open-teleme

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 9.11%. Comparing base (7c29219) to head (a37b4cf).
Report is 2 commits behind head on main.

❗ Current head a37b4cf differs from pull request most recent head e03e4d6. Consider uploading reports for the commit e03e4d6 to get more accurate results

Additional details and impacted files

@@             Coverage Diff             @@
##               main    #575      +/-   ##
===========================================
- Coverage     10.60%   9.11%   -1.50%     
+ Complexity     1838    1417     -421     
===========================================
  Files          6218    6218              
  Lines         59360   59360              
  Branches        263     263              
===========================================
- Hits           6293    5408     -885     
- Misses        52902   53816     +914     
+ Partials        165     136      -29     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.