chore(deps): bump the minor-and-patch group with 30 updates

[dependabot]

Bumps the minor-and-patch group with 30 updates:

Package	From	To
com.google.guava:guava	33.0.0-jre	33.3.1-jre
com.github.gestalt-config:gestalt-core	0.29.0	0.32.2
com.github.gestalt-config:gestalt-toml	0.29.0	0.32.2
com.fasterxml.jackson:jackson-bom	2.15.2	2.18.0
org.jctools:jctools-core	4.0.1	4.0.5
io.jsonwebtoken:jjwt-api	0.11.5	0.12.6
io.jsonwebtoken:jjwt-impl	0.11.5	0.12.6
io.jsonwebtoken:jjwt-jackson	0.11.5	0.12.6
io.vertx:vertx-auth-jwt	4.5.3	4.5.10
io.vertx:vertx-core	4.5.3	4.5.10
io.vertx:vertx-web	4.5.3	4.5.10
io.netty:netty-all	4.1.108.Final	4.1.114.Final
io.micrometer:micrometer-registry-prometheus	1.11.0	1.13.6
io.micrometer:micrometer-tracing-bom	1.1.1	1.3.5
ch.qos.logback:logback-core	1.4.12	1.5.11
ch.qos.logback:logback-classic	1.4.14	1.5.11
org.slf4j:slf4j-api	2.0.7	2.0.16
io.opentelemetry:opentelemetry-bom-alpha	1.26.0-alpha	1.43.0-alpha
io.opentelemetry:opentelemetry-bom	1.26.0	1.43.0
info.picocli:picocli	4.7.3	4.7.6
info.picocli:picocli-codegen	4.7.3	4.7.6
com.google.errorprone:error_prone_core	2.18.0	2.34.0
io.libp2p:jvm-libp2p	1.0.1-RELEASE	1.2.0-RELEASE
com.aayushatharva.brotli4j:brotli4j	1.16.0	1.17.0
org.junit.jupiter:junit-jupiter	5.9.1	5.11.2
org.junit.jupiter:junit-jupiter-engine	5.9.0	5.11.2
org.junit.platform:junit-platform-suite-api	1.9.1	1.11.2
org.junit.platform:junit-platform-suite-engine	1.9.1	1.11.2
org.junit.platform:junit-platform-reporting	1.9.1	1.11.2
com.diffplug.spotless	6.23.3	6.25.0

Updates com.google.guava:guava from 33.0.0-jre to 33.3.1-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.3.1

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.3.1-jre</version>
  <!-- or, for Android: -->
  <version>33.3.1-android</version>
</dependency>

Jar files

• 33.3.1-jre.jar
• 33.3.1-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.1.jar

Javadoc

• 33.3.1-jre
• 33.3.1-android

JDiff

• 33.3.1-jre vs. 33.3.0-jre
• 33.3.1-android vs. 33.3.0-android
• 33.3.1-android vs. 33.3.1-jre

Changelog

• Added j2objc-annotations to the Gradle runtime classpath to stop producing an Android Gradle Plugin error. (a3b51888c2)

33.3.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.3.0-jre</version>
  <!-- or, for Android: -->
  <version>33.3.0-android</version>
</dependency>

... (truncated)

Commits

• See full diff in compare view

Updates com.github.gestalt-config:gestalt-core from 0.29.0 to 0.32.2

Release notes

Sourced from com.github.gestalt-config:gestalt-core's releases.

v0.32.2

What's Changed

• Feat/207 node include source factories by @​credmond-git in gestalt-config/gestalt#214
  • Add additional node include sources:
    • URL Config Source
    • Env Vars
    • Kubernetes
    • System
    • S3 (AWS)
    • Blob (Azure)
    • git
    • Google Cloud Storage
• test: additional git tests. by @​credmond-git in gestalt-config/gestalt#217

Full Changelog: gestalt-config/gestalt@v0.32.1...v0.32.2

v0.32.1 CDI Default Support

What's Changed

• docs: Update key features with string and node substitution. by @​credmond-git in gestalt-config/gestalt#206
• test: Add additional CDI tests. by @​credmond-git in gestalt-config/gestalt#210
• feat: Better support for defaults with CDI. by @​credmond-git in gestalt-config/gestalt#211
• feat: Additional tests for gestalt-git by @​credmond-git in gestalt-config/gestalt#212
• chore: Update dependencies.

Full Changelog: gestalt-config/gestalt@v0.32.0...v0.32.1

v0.32.0 Node Substitution (include nodes)

Using the $include keyword as part of a config path, you can include the referenced config node tree into the path provided. By default, the node is merged into the provided node under the current node. You can control the order of the nodes, by including a number where 0 is included above the current node. The root node is always 0. Having two nodes share the same order is undefined. For example: $include:-1 for included under the current node, and $include:1 for included over the current node. If you are included multiple nodes each node must have an order, or the results are undefined, and some includes may be lost.

You can include into the root or any sub node. It also supports nested include.

The include node must provide a source that is used to determine how to include the source. Each source accepts different parameters.

v0.31.3

What's Changed

• fix: change encryption algorithm to "AES/GCM/NoPadding"

Full Changelog: gestalt-config/gestalt@v0.31.2...v0.31.3

v0.31.2 In Memory Encryption of Nodes

feat: in memory encryption of nodes. gestalt-config/gestalt#190

Full Changelog: gestalt-config/gestalt@v0.31.1...v0.31.2

v0.31.0 Temporary Secret node

What's Changed

Checks if the node is a leaf and a temporary secret. if it is, replaces the leaf node with a TemporaryLeafNode that can only be accessed a limited number of times. After the limited number of times, the value is released to be GC'ed. gestalt-config/gestalt#197 Move ConfigNode processing to a new ConfigNodeProcessorService. Order Config Node Processors.

... (truncated)

Commits

• e036d31 prepare for release v0.32.2
• f0d9660 Merge pull request #217 from gestalt-config/feat/207-node-include-source-fact...
• 006688b docs: update test count.
• 475363b Merge branch 'main' into feat/207-node-include-source-factories
• 0b484a6 docs: Update documentation with the new include node config sources.
• 8cba072 chore: update dependencies.
• 8174157 test: additional git tests.
• ab0399e Merge pull request #216 from gestalt-config/feat/207-node-include-source-fact...
• b000fc2 fix: PMD issue
• 5f23a23 Merge pull request #215 from gestalt-config/feat/207-node-include-source-fact...
• Additional commits viewable in compare view

Updates com.github.gestalt-config:gestalt-toml from 0.29.0 to 0.32.2

Release notes

Sourced from com.github.gestalt-config:gestalt-toml's releases.

v0.32.2

What's Changed

• Feat/207 node include source factories by @​credmond-git in gestalt-config/gestalt#214
  • Add additional node include sources:
    • URL Config Source
    • Env Vars
    • Kubernetes
    • System
    • S3 (AWS)
    • Blob (Azure)
    • git
    • Google Cloud Storage
• test: additional git tests. by @​credmond-git in gestalt-config/gestalt#217

Full Changelog: gestalt-config/gestalt@v0.32.1...v0.32.2

v0.32.1 CDI Default Support

What's Changed

• docs: Update key features with string and node substitution. by @​credmond-git in gestalt-config/gestalt#206
• test: Add additional CDI tests. by @​credmond-git in gestalt-config/gestalt#210
• feat: Better support for defaults with CDI. by @​credmond-git in gestalt-config/gestalt#211
• feat: Additional tests for gestalt-git by @​credmond-git in gestalt-config/gestalt#212
• chore: Update dependencies.

Full Changelog: gestalt-config/gestalt@v0.32.0...v0.32.1

v0.32.0 Node Substitution (include nodes)

Using the $include keyword as part of a config path, you can include the referenced config node tree into the path provided. By default, the node is merged into the provided node under the current node. You can control the order of the nodes, by including a number where 0 is included above the current node. The root node is always 0. Having two nodes share the same order is undefined. For example: $include:-1 for included under the current node, and $include:1 for included over the current node. If you are included multiple nodes each node must have an order, or the results are undefined, and some includes may be lost.

You can include into the root or any sub node. It also supports nested include.

The include node must provide a source that is used to determine how to include the source. Each source accepts different parameters.

v0.31.3

What's Changed

• fix: change encryption algorithm to "AES/GCM/NoPadding"

Full Changelog: gestalt-config/gestalt@v0.31.2...v0.31.3

v0.31.2 In Memory Encryption of Nodes

feat: in memory encryption of nodes. gestalt-config/gestalt#190

Full Changelog: gestalt-config/gestalt@v0.31.1...v0.31.2

v0.31.0 Temporary Secret node

What's Changed

Checks if the node is a leaf and a temporary secret. if it is, replaces the leaf node with a TemporaryLeafNode that can only be accessed a limited number of times. After the limited number of times, the value is released to be GC'ed. gestalt-config/gestalt#197 Move ConfigNode processing to a new ConfigNodeProcessorService. Order Config Node Processors.

... (truncated)

Commits

• e036d31 prepare for release v0.32.2
• f0d9660 Merge pull request #217 from gestalt-config/feat/207-node-include-source-fact...
• 006688b docs: update test count.
• 475363b Merge branch 'main' into feat/207-node-include-source-factories
• 0b484a6 docs: Update documentation with the new include node config sources.
• 8cba072 chore: update dependencies.
• 8174157 test: additional git tests.
• ab0399e Merge pull request #216 from gestalt-config/feat/207-node-include-source-fact...
• b000fc2 fix: PMD issue
• 5f23a23 Merge pull request #215 from gestalt-config/feat/207-node-include-source-fact...
• Additional commits viewable in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.15.2 to 2.18.0

Commits

• 7236550 [maven-release-plugin] prepare release jackson-bom-2.18.0
• 58c2791 Prepare for 2.18.0 release
• 3775318 Merge pull request #73 from FasterXML/dependabot/github_actions/github-action...
• 540b7e7 Bump actions/setup-java from 4.2.1 to 4.2.2 in the github-actions group
• 6cc8c64 Back to snapshot deps
• 3c90e0e [maven-release-plugin] prepare for next development iteration
• 7b9cf20 [maven-release-plugin] prepare release jackson-bom-2.18.0-rc1
• f2d90ac Prepare for 2.18.0-rc1 release
• e910a1e Update deps to 2.18.0-rc1-SNAPSHOT
• b35d27c Merge branch '2.17' into 2.18
• Additional commits viewable in compare view

Updates org.jctools:jctools-core from 4.0.1 to 4.0.5

Release notes

Sourced from org.jctools:jctools-core's releases.

Fix bytecode version and add unpadded atomic queues

No release notes provided.

Minor Release 4.0.2

Same code, new bundling post #370

Commits

• a17b56f Update development version to 4.0.5-SNAPSHOT
• 173423c Addressing Nitsan's comment
• 4b7d2ac Adding Atomic Unpadded queues
• 5c1b88b Update development version to 4.0.4-SNAPSHOT
• 0dae71c Update development version to 4.0.3-SNAPSHOT
• f36b00f Fix #384, ## in javadoc instead of #
• 463181b Add module descriptor to jctools-core
• 3e54465 Add CodeQL workflow for GitHub code scanning
• 25c1a28 Adding benchmark for thread-local object pool use case
• 9c39910 Update RELEASE-NOTES.md post 4.0.1 release
• Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-api from 0.11.5 to 0.12.6

Release notes

Sourced from io.jsonwebtoken:jjwt-api's releases.

0.12.6

This patch release:

• Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See jwtk/jjwt#947.
• Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See jwtk/jjwt#949.
• Upgrades BouncyCastle to 1.78 via jwtk/jjwt#941
• Usees Acsiidoc as README format by @​bdemers in jwtk/jjwt#777
• Allows using GenericSecret for HmacSHA* algorithms by @​mnylen in jwtk/jjwt#935
• Enables JWE arbitrary content compression by @​mnylen in jwtk/jjwt#937

New Contributors

• @​mnylen made their first contribution in jwtk/jjwt#935

Full Changelog: jwtk/jjwt@0.12.5...0.12.6

0.12.5

This release fixes issue #916 and ensures that builders' NestedCollection changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call .and() to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:

JwtBuilder builder = Jwts.builder();
builder.audience().add("an-audience"); // no .and() call
builder.compact(); // would not keep 'an-audience'

Now this code works as expected and all other NestedCollection instances like it apply changes immediately (e.g. when calling .add(value)).

However, standard fluent builder chains are still recommended for readability when feasible, e.g.

Jwts.builder()
    .audience().add("an-audience").and() // allows fluent chaining
    .subject("Joe")
    // etc...
    .compact()

These same notes are repeated in the CHANGELOG, and as always, project documentation is in the README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

0.12.4

This is patch release completes 10 issues, with two especially noteworthy changes, and a number of other smaller bug fixes and enhancements.

1. The default Jackson deserializer will now reject duplicate JSON members by default in an attempt to be a little more strict at rejecting potentially malicious or malformed JSON. This is a default and can be overridden with a custom ObjectMapper if desired.
2. Password-based JWE encryption key algorithms (PBES2_HS256_A128KW, PBES2_HS384_A192KW and PBES2_HS512_A256KW) now enforce an upper bound (maximum) number of iterations allowed during decryption to mitigate against potential DoS attacks. Many thanks to Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for their work on this!

A number of other issues fixed: thread-safe ServiceLoader usage for dynamic JSON processor lookup, Android enhancements for JSON Reader APIs, fixed Elliptic Curve field element padding, and more. Please read the 0.12.4 CHANGELOG for full details of all of these changes, and as always, project documentation is in the 0.12.4 README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

... (truncated)

Changelog

Sourced from io.jsonwebtoken:jjwt-api's changelog.

0.12.6

This patch release:

• Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See Issue 947.
• Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See Issue 949.
• Upgrades BouncyCastle to 1.78 via PR 941.

0.12.5

This patch release:

• Ensures that builders' NestedCollection changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call .and() to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:

  JwtBuilder builder = Jwts.builder();
  builder.audience().add("an-audience"); // no .and() call
  builder.compact(); // would not keep 'an-audience'

  Now this code works as expected and all other NestedCollection instances like it apply changes immediately (e.g. when calling .add(value)).

  However, standard fluent builder chains are still recommended for readability when feasible, e.g.

  Jwts.builder()
      .audience().add("an-audience").and() // allows fluent chaining
      .subject("Joe")
      // etc...
      .compact()

  See Issue 916.

0.12.4

This patch release includes various changes listed below.

Jackson Default Parsing Behavior

This release makes two behavioral changes to JJWT's default Jackson ObjectMapper parsing settings:

1. In the interest of having stronger standards to reject potentially malformed/malicious/accidental JSON that could have undesirable effects on an application, JJWT's default ObjectMapper is now configured to explicitly reject/fail parsing JSON (JWT headers and/or Claims) if/when that JSON contains duplicate JSON member names.

   For example, now the following JSON, if parsed, would fail (be rejected) by default:

... (truncated)

Commits

• 0df9756 [maven-release-plugin] prepare release 0.12.6
• aacdfdc - Updated README.adoc :project-version: to be 0.12.6.
• d14f27b Bump org.bouncycastle:bcprov-jdk18on from 1.76 to 1.78 (#941)
• 0c2d96c Fixes #949 (#950)
• a7de554 Fixes #947 (#948)
• 7543248 Bump org.bouncycastle:bcpkix-jdk18on from 1.76 to 1.78 (#943)
• 3489fdb JWE arbitrary content compression (#937)
• 23d9a33 Allow using GenericSecret for HmacSHA* (#935)
• c673b76 Update SECURITY.md
• 2694861 Use Acsiidoc as README format (#777)
• Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-impl from 0.11.5 to 0.12.6

Release notes

Sourced from io.jsonwebtoken:jjwt-impl's releases.

0.12.6

This patch release:

• Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See jwtk/jjwt#947.
• Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See jwtk/jjwt#949.
• Upgrades BouncyCastle to 1.78 via jwtk/jjwt#941
• Usees Acsiidoc as README format by @​bdemers in jwtk/jjwt#777
• Allows using GenericSecret for HmacSHA* algorithms by @​mnylen in jwtk/jjwt#935
• Enables JWE arbitrary content compression by @​mnylen in jwtk/jjwt#937

New Contributors

• @​mnylen made their first contribution in jwtk/jjwt#935

Full Changelog: jwtk/jjwt@0.12.5...0.12.6

0.12.5

This release fixes issue #916 and ensures that builders' NestedCollection changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call .and() to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:

JwtBuilder builder = Jwts.builder();
builder.audience().add("an-audience"); // no .and() call
builder.compact(); // would not keep 'an-audience'

Now this code works as expected and all other NestedCollection instances like it apply changes immediately (e.g. when calling .add(value)).

However, standard fluent builder chains are still recommended for readability when feasible, e.g.

Jwts.builder()
    .audience().add("an-audience").and() // allows fluent chaining
    .subject("Joe")
    // etc...
    .compact()

These same notes are repeated in the CHANGELOG, and as always, project documentation is in the README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

0.12.4

This is patch release completes 10 issues, with two especially noteworthy changes, and a number of other smaller bug fixes and enhancements.

1. The default Jackson deserializer will now reject duplicate JSON members by default in an attempt to be a little more strict at rejecting potentially malicious or malformed JSON. This is a default and can be overridden with a custom ObjectMapper if desired.
2. Password-based JWE encryption key algorithms (PBES2_HS256_A128KW, PBES2_HS384_A192KW and PBES2_HS512_A256KW) now enforce an upper bound (maximum) number of iterations allowed during decryption to mitigate against potential DoS attacks. Many thanks to Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for their work on this!

A number of other issues fixed: thread-safe ServiceLoader usage for dynamic JSON processor lookup, Android enhancements for JSON Reader APIs, fixed Elliptic Curve field element padding, and more. Please read the 0.12.4 CHANGELOG for full details of all of these changes, and as always, project documentation is in the 0.12.4 README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

... (truncated)

Changelog

Sourced from io.jsonwebtoken:jjwt-impl's changelog.

0.12.6

This patch release:

• Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See Issue 947.
• Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See Issue 949.
• Upgrades BouncyCastle to 1.78 via PR 941.

0.12.5

This patch release:

• Ensures that builders' NestedCollection changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call .and() to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:

  JwtBuilder builder = Jwts.builder();
  builder.audience().add("an-audience"); // no .and() call
  builder.compact(); // would not keep 'an-audience'

  Now this code works as expected and all other NestedCollection instances like it apply changes immediately (e.g. when calling .add(value)).

  However, standard fluent builder chains are still recommended for readability when feasible, e.g.

  Jwts.builder()
      .audience().add("an-audience").and() // allows fluent chaining
      .subject("Joe")
      // etc...
      .compact()

  See Issue 916.

0.12.4

This patch release includes various changes listed below.

Jackson Default Parsing Behavior

This release makes two behavioral changes to JJWT's default Jackson ObjectMapper parsing settings:

1. In the interest of having stronger standards to reject potentially malformed/malicious/accidental JSON that could have undesirable effects on an application, JJWT's default ObjectMapper is now configured to explicitly reject/fail parsing JSON (JWT headers and/or Claims) if/when that JSON contains duplicate JSON member names.

   For example, now the following JSON, if parsed, would fail (be rejected) by default:

... (truncated)

Commits

• 0df9756 [maven-release-plugin] prepare release 0.12.6
• aacdfdc - Updated README.adoc :project-version: to be 0.12.6.
• d14f27b Bump org.bouncycastle:bcprov-jdk18on from 1.76 to 1.78 (#941)
• 0c2d96c Fixes #949 (#950)
• a7de554 Fixes #947 (#948)
• 7543248 Bump org.bouncycastle:bcpkix-jdk18on from 1.76 to 1.78 (#943)
• 3489fdb JWE arbitrary content compression (#937)
• 23d9a33 Allow using GenericSecret for HmacSHA* (#935)
• c673b76 Update SECURITY.md
• 2694861 Use Acsiidoc as README format (#777)
• Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-jackson from 0.11.5 to 0.12.6

Updates io.vertx:vertx-auth-jwt from 4.5.3 to 4.5.10

Updates io.vertx:vertx-core from 4.5.3 to 4.5.10

Commits

• d5a16c6 Releasing 4.5.10
• 83c72a4 Revert "Hook for VertxBuilder customization"
• 3f930dc Hook for VertxBuilder customization
• 6ddbde4 Rollback breaking change of internal API
• 334e2cd Context created from a vertx thread should not be recorded as a sticky context.
• bab52b7 Set version to 4.5.10-SNAPSHOT
• e7dbf03 Releasing 4.5.9
• fa52bf4 The JacksonCodec implementation of toString/toBuffer lacks of efficiency comp...
• 5d0d5d9 The code to compare two numbers in json object/array does not correctly compa...
• aec1041 Fix a few bugs related to non event-loop thread writes.
• Additional commits viewable in compare view

Updates io.vertx:vertx-web from 4.5.3 to 4.5.10

Updates io.netty:netty-all from 4.1.108.Final to 4.1.114.Final

Commits

• 7679b9e [maven-release-plugin] prepare release netty-4.1.114.Final
• d5f4bfb Refactor DnsNameResolver to be able to use different strategies when … (#14374)
• 041eaed Re-add previous removed method to make revapi plugin happy again.
• 232a5ab DnsResolverBuilder methods should make it clear that these are for Da… (#14379)
• e87ce47 Initialize DnsNameResolverBuilder at runtime for native images (#14376)
• 3f66dd2 Make it possible to notify the TrustManager of resumed sessions (#14358)
• c036b99 DnsNameResolver: allow users to skip bind() during bootstrap (#14375)
• 56a9101 Update small documentation typo (#14370)
• 8362d9d Fix flaky BootstrapTest (#14369)
• bbd3a4a Fix OpenSslClientSessionCache remove (#14366)
• Additional commits viewable in compare view

Updates io.micrometer:micrometer-registry-prometheus from 1.11.0 to 1.13.6

Release notes

Sourced from io.micrometer:micrometer-registry-prometheus's releases.

1.13.6

⭐ New Features / Enhancements

• Improve memory usage of StepBucketHistogram #4954

🐞 Bug Fixes

• Instrumented Java 11 HttpClient does not re-throw exceptions in sendAsync call #5136
• Map time units to UCUM format for Dynatrace #5588
• Aspects' tagsBasedOnJoinPoint may throw uncaught exception #5584
• Set user agent header in OTLP registry #5577
• MicrometerHttpRequestExecutor fails to instrument with Apache HC 5.4 #5575

📔 Documentation

• Remove duplicated context-propagation documentation in Micrometer docs #5549
• [OTLP Registry] Document batch size configuration #5578

🔨 Dependency Upgrades

• Bump dropwizard-metrics from 4.2.27 to 4.2.28 #5566
• Bump context-propagation to 1.1.2 #5592

📝 Tasks

• Bump org.junit:junit-bom from 5.10.4 to 5.10.5 #5571
• Bump me.champeau.gradle:japicmp-gradle-plugin from 0.4.3 to 0.4.4 #5567
• Bump jersey3 from 3.0.12 to 3.0.16 #5560
• Do not include formerly removed micrometer-samples-jetty12 subproject #5554
• Bump spring from 5.3.37 to 5.3.39 #5419
• Bump org.junit.platform:junit-platform-launcher from 1.10.4 to 1.10.5 #5557
• Bump org.mongodb:mongodb-driver-sync from 4.11.3 to 4.11.4 #5538
• Bump uk.org.webcompere:system-stubs-jupiter from 2.1.6 to 2.1.7 #5536
• Bump io.netty:netty-bom from 4.1.112.Final to 4.1.114.Final #5534
• Bump io.spring.develocity.conventions from 0.0.20 to 0.0.22 #5533
• Bump org.junit.platform:junit-platform-launcher from 1.10.3 to 1.10.4 #5532
• Bump jetty9 from 9.4.55.v20240627 to 9.4.56.v20240826 #5531
• Bump junit from 5.10.3 to 5.10.4 #5530
• Bump spring from 5.3.37 to 5.3.39 #5455

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​lenin-jaganathan, @​pirgeo, @​kinddevil, and @​joaopgrassi

1.13.5

🐞 Bug Fixes

• ConcurrentModificationException when late meter filters are added #5489

... (truncated)

Commits

• 0b4d07f Merge branch '1.12.x' into 1.13.x
• f3ef95a Bump context-propagation to 1.1.2
• 0944ad3 Merge branch '1.12.x' into 1.13.x
• 9c3b760 Map time units to UCUM format for Dynatrace (#5589)
• 77d72d2 Merge branch '1.12.x' into 1.13.x
• d7daaef Set user agent header in OTLP registry
• 12db19f Merge branch '1.12.x' into 1.13.x
• adfdd3e Catch runtime exception thrown from pjp function in aspects (#5585)
• e3ac3ad Merge branch '1.12.x' into 1.13.x
• 5435fc4 Document batchSize config for OTLP registry
• Additional commits viewable in compare view

Updates io.micrometer:micrometer-tracing-bom from 1.1.1 to 1.3.5

Release notes

Sourced from io.micrometer:micrometer-tracing-bom's releases.

1.3.5

🔨 Dependency Upgrades

• Bump io.micrometer:micrometer-bom from 1.13.4 to 1.13.6 #870
• Bump io.micrometer:context-propagation from 1.1.1 to 1.1.2 #869
• Bump ch.qos.logback:logback-classic from 1.5.8 to 1.5.10 #865
• Bump org.junit:junit-bom from 5.10.3 to 5.10.5 #859
• Bump io.zipkin.reporter2:zipkin-reporter-bom from 3.4.1 to 3.4.2 #847
• Bump io.zipkin.reporter2:zipkin-reporter-bom from 3.4.0 to 3.4.1 #838
• Bump ch.qos.logback:logback-classic from 1.5.7 to 1.5.8 #834

📝 Tasks

• Bump io.spring.develocity.conventions from 0.0.20 to 0.0.22 #856

1.3.4

Because of issues with OTel dependencies, this release effectively downgrades

• io.opentelemetry.instrumentation:opentelemetry-instrumentation-api-semconv from 1.33.5-alpha to 1.33.3-alpha
• io.opentelemetry:opentelemetry-api from 1.40.0 to 1.38.0

This is because we usually don't upgrade minor versions in patch releases but since OTel does, we unintentionally upgraded io.opentelemetry:opentelemetry-api from 1.38.0 to 1.40.0 (minor version bump) in earlier patch releases since we upgraded io.opentelemetry.instrumentation:opentelemetry-instrumentation-api-semconv from 1.33.3-alpha to 1.33.5-alpha (patch version bump). A minor version bump in a patch release can be unexpected so this release restores the same minor versions of OTel that 1.3.0 used, see: #819.

⚠️ Noteworthy

• OTel dependency convergence issue #819

🐞 Bug Fixes

• OTel dependency convergence issue #819

🔨 Dependency Upgrades

• Bump io.micrometer:micrometer-bom from 1.13.3 to 1.13.4 #835

📝 Tasks

• Bump io.spring.develocity.conventions from 0.0.19 to 0.0.20 #822
• Bump ch.qos.logback:logback-classic from 1.5.6 to 1.5.7 #815
• Bump spring from 5.3.37 to 5.3.39 #814
• Bump io.projectreactor:reactor-bom from 2022.0.21 to 2022.0.22 #800
• Bump io.spring.javaformat:spring-javaformat-gradle-plugin from 0.0.42 to 0.0.43 #799
• Bump io.spring.javaformat:spring-javaformat-checkstyle from 0.0.42 to 0.0.43 #798
• Use TestObservationRegistry in context propagation tests #810

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​chemicL

... (truncated)

Commits

• 57bde37 Bump io.zipkin.reporter2:zipkin-reporter-bom from 3.4.1 to 3.4.2 (#847)
• 425b552 Bump org.junit:junit-bom from 5.10.3 to 5.10.5 (#859)
• 416c094 Bump ch.qos.logback:logback-classic from 1.5.8 to 1.5.10 (#865)
• 5a7c20a Bump io.micrometer:micrometer-bom from 1.13.4 to 1.13.6 (#870)
• 7766c94 Merge branch '1.2.x' into 1.3.x
• 373923f Bump io.micrometer:micrometer-bom from 1.12.10 to 1.12.11 (#867)
• 3c3e7bf Bump io.micrometer:context-propagation from 1.1.1 to 1.1.2 (#868)
• 0a97118 Bump org.junit:junit-bom from 5.10.3 to 5.10.5 (#860)
• 6c32018 Bump io.spring.develocity.conventions from 0.0.20 to 0.0.22 (#853)
• 8435e8c Bump io.zipkin.reporter2:zipkin-reporter-bom from 3.4.0 to 3.4.1 (#838)
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.4.12 to 1.5.11

Commits

• 3aa0730 prepare release of version 1.5.11
• 8bcfd9a allow for InsertFromJNDIModelHandler to be callable from logback-tyler
• 75bee86 refactorings in support of logback-tyler
• 8749edc start work on 1.5.11-SNAPSHOT
• 56ec7b2 prepare release 1.5.10
• a95bbc2 minor refactorings to allow ConfigurationModelHandlerFull and PropertiesConfi...
• cbbd820 ...

  Description has been truncated

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.