chore(deps): bump the minor-and-patch group with 30 updates

[dependabot]

Bumps the minor-and-patch group with 30 updates:

Package	From	To
com.google.guava:guava	33.0.0-jre	33.3.1-jre
com.github.gestalt-config:gestalt-core	0.29.0	0.33.1
com.github.gestalt-config:gestalt-toml	0.29.0	0.33.1
com.fasterxml.jackson:jackson-bom	2.15.2	2.18.1
org.jctools:jctools-core	4.0.1	4.0.5
io.jsonwebtoken:jjwt-api	0.11.5	0.12.6
io.jsonwebtoken:jjwt-impl	0.11.5	0.12.6
io.jsonwebtoken:jjwt-jackson	0.11.5	0.12.6
io.vertx:vertx-auth-jwt	4.5.3	4.5.11
io.vertx:vertx-core	4.5.3	4.5.11
io.vertx:vertx-web	4.5.3	4.5.11
io.netty:netty-all	4.1.108.Final	4.1.115.Final
io.micrometer:micrometer-registry-prometheus	1.11.0	1.14.1
io.micrometer:micrometer-tracing-bom	1.1.1	1.4.0
ch.qos.logback:logback-core	1.4.12	1.5.12
ch.qos.logback:logback-classic	1.4.14	1.5.12
org.slf4j:slf4j-api	2.0.7	2.0.16
io.opentelemetry:opentelemetry-bom-alpha	1.26.0-alpha	1.44.1-alpha
io.opentelemetry:opentelemetry-bom	1.26.0	1.44.1
info.picocli:picocli	4.7.3	4.7.6
info.picocli:picocli-codegen	4.7.3	4.7.6
com.google.errorprone:error_prone_core	2.18.0	2.35.1
io.libp2p:jvm-libp2p	1.0.1-RELEASE	1.2.1-RELEASE
com.aayushatharva.brotli4j:brotli4j	1.16.0	1.17.0
org.junit.jupiter:junit-jupiter	5.9.1	5.11.3
org.junit.jupiter:junit-jupiter-engine	5.9.0	5.11.3
org.junit.platform:junit-platform-suite-api	1.9.1	1.11.3
org.junit.platform:junit-platform-suite-engine	1.9.1	1.11.3
org.junit.platform:junit-platform-reporting	1.9.1	1.11.3
com.diffplug.spotless	6.23.3	6.25.0

Updates com.google.guava:guava from 33.0.0-jre to 33.3.1-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.3.1

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.3.1-jre</version>
  <!-- or, for Android: -->
  <version>33.3.1-android</version>
</dependency>

Jar files

• 33.3.1-jre.jar
• 33.3.1-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.1.jar

Javadoc

• 33.3.1-jre
• 33.3.1-android

JDiff

• 33.3.1-jre vs. 33.3.0-jre
• 33.3.1-android vs. 33.3.0-android
• 33.3.1-android vs. 33.3.1-jre

Changelog

• Added j2objc-annotations to the Gradle runtime classpath to stop producing an Android Gradle Plugin error. (a3b51888c2)

33.3.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.3.0-jre</version>
  <!-- or, for Android: -->
  <version>33.3.0-android</version>
</dependency>

... (truncated)

Commits

• See full diff in compare view

Updates com.github.gestalt-config:gestalt-core from 0.29.0 to 0.33.1

Release notes

Sourced from com.github.gestalt-config:gestalt-core's releases.

v0.33.0 Annotations

What's Changed

• Feat/annotations by @​credmond-git in gestalt-config/gestalt#225

Certain annotations can be applied to a configuration using @{annotation}, this will covert the annotation to metadata that can be applied to the node. Then the metadata is used to apply the intended behaviour to the node.

For example, we can apply the temporary node feature on a node by using the annotation @{temp:1}

my.password=abcdef@{temp:1}

annotation	parameter	description
temp	(int) Number of times this temp node can be read	restrict the number of times a value can be read before it is released
encrypt	(boolean) if we should apply to this node	Encrypts the node in memory.
nocache	(boolean) if we should apply to this node	Will not cache the node. If a node is part of a object the whole object will not be cached.
secret	(boolean) if we should apply to this node	Treats the node as a secret, so it will not print it out in errors or the debug print.

Trim Whitespace

By default, white spaces before and after the annotation are trimmed. You can disable this feature using the gestalt builder and setting setAnnotationTrimWhiteSpace(false)

GestaltBuilder builder = new GestaltBuilder();
Gestalt gestalt = builder
  .addSource(MapConfigSourceBuilder.builder()
    .setCustomConfig(configs)
    .build())
  .setAnnotationTrimWhiteSpace(false)
  .build();

Full Changelog: gestalt-config/gestalt@v0.32.2...v0.33.0

v0.32.2

What's Changed

• Feat/207 node include source factories by @​credmond-git in gestalt-config/gestalt#214
  • Add additional node include sources:
    • URL Config Source
    • Env Vars
    • Kubernetes
    • System
    • S3 (AWS)
    • Blob (Azure)
    • git
    • Google Cloud Storage
• test: additional git tests. by @​credmond-git in gestalt-config/gestalt#217

Full Changelog: gestalt-config/gestalt@v0.32.1...v0.32.2

... (truncated)

Commits

• 1ee46f9 fix: bad quote in publish step
• fc674ee feat: publish to maven central.
• 4c66074 feat: publish with com.vanniktech.maven.publish to central.sonatype.com.
• 8b1fa11 Add an annotations to the readme, although the new website is the preferred s...
• 682874f chore: update documents to highlight the annotations before the method based ...
• 5ea2bac update documentation about annotations white spaces.
• 9e4ed8a prepare for release 0.33.0
• 80e3e25 Merge pull request #225 from gestalt-config/feat/annotations
• 5d7ab46 test: extra unit tests for new get config results.
• ecc0869 docs: add features to the first page.
• Additional commits viewable in compare view

Updates com.github.gestalt-config:gestalt-toml from 0.29.0 to 0.33.1

Release notes

Sourced from com.github.gestalt-config:gestalt-toml's releases.

v0.33.0 Annotations

What's Changed

• Feat/annotations by @​credmond-git in gestalt-config/gestalt#225

Certain annotations can be applied to a configuration using @{annotation}, this will covert the annotation to metadata that can be applied to the node. Then the metadata is used to apply the intended behaviour to the node.

For example, we can apply the temporary node feature on a node by using the annotation @{temp:1}

my.password=abcdef@{temp:1}

annotation	parameter	description
temp	(int) Number of times this temp node can be read	restrict the number of times a value can be read before it is released
encrypt	(boolean) if we should apply to this node	Encrypts the node in memory.
nocache	(boolean) if we should apply to this node	Will not cache the node. If a node is part of a object the whole object will not be cached.
secret	(boolean) if we should apply to this node	Treats the node as a secret, so it will not print it out in errors or the debug print.

Trim Whitespace

By default, white spaces before and after the annotation are trimmed. You can disable this feature using the gestalt builder and setting setAnnotationTrimWhiteSpace(false)

GestaltBuilder builder = new GestaltBuilder();
Gestalt gestalt = builder
  .addSource(MapConfigSourceBuilder.builder()
    .setCustomConfig(configs)
    .build())
  .setAnnotationTrimWhiteSpace(false)
  .build();

Full Changelog: gestalt-config/gestalt@v0.32.2...v0.33.0

v0.32.2

What's Changed

• Feat/207 node include source factories by @​credmond-git in gestalt-config/gestalt#214
  • Add additional node include sources:
    • URL Config Source
    • Env Vars
    • Kubernetes
    • System
    • S3 (AWS)
    • Blob (Azure)
    • git
    • Google Cloud Storage
• test: additional git tests. by @​credmond-git in gestalt-config/gestalt#217

Full Changelog: gestalt-config/gestalt@v0.32.1...v0.32.2

... (truncated)

Commits

• 1ee46f9 fix: bad quote in publish step
• fc674ee feat: publish to maven central.
• 4c66074 feat: publish with com.vanniktech.maven.publish to central.sonatype.com.
• 8b1fa11 Add an annotations to the readme, although the new website is the preferred s...
• 682874f chore: update documents to highlight the annotations before the method based ...
• 5ea2bac update documentation about annotations white spaces.
• 9e4ed8a prepare for release 0.33.0
• 80e3e25 Merge pull request #225 from gestalt-config/feat/annotations
• 5d7ab46 test: extra unit tests for new get config results.
• ecc0869 docs: add features to the first page.
• Additional commits viewable in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.15.2 to 2.18.1

Commits

• ef33ac7 [maven-release-plugin] prepare release jackson-bom-2.18.1
• f43bf9f Prepare for 2.18.1 release
• 6f5259d Change to snapshot version of jackson-parent
• 3f21ec5 Back to snapshot dep
• bb45933 [maven-release-plugin] prepare for next development iteration
• 7236550 [maven-release-plugin] prepare release jackson-bom-2.18.0
• 58c2791 Prepare for 2.18.0 release
• 3775318 Merge pull request #73 from FasterXML/dependabot/github_actions/github-action...
• 540b7e7 Bump actions/setup-java from 4.2.1 to 4.2.2 in the github-actions group
• 6cc8c64 Back to snapshot deps
• Additional commits viewable in compare view

Updates org.jctools:jctools-core from 4.0.1 to 4.0.5

Release notes

Sourced from org.jctools:jctools-core's releases.

Fix bytecode version and add unpadded atomic queues

No release notes provided.

Minor Release 4.0.2

Same code, new bundling post #370

Commits

• a17b56f Update development version to 4.0.5-SNAPSHOT
• 173423c Addressing Nitsan's comment
• 4b7d2ac Adding Atomic Unpadded queues
• 5c1b88b Update development version to 4.0.4-SNAPSHOT
• 0dae71c Update development version to 4.0.3-SNAPSHOT
• f36b00f Fix #384, ## in javadoc instead of #
• 463181b Add module descriptor to jctools-core
• 3e54465 Add CodeQL workflow for GitHub code scanning
• 25c1a28 Adding benchmark for thread-local object pool use case
• 9c39910 Update RELEASE-NOTES.md post 4.0.1 release
• Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-api from 0.11.5 to 0.12.6

Release notes

Sourced from io.jsonwebtoken:jjwt-api's releases.

0.12.6

This patch release:

• Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See jwtk/jjwt#947.
• Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See jwtk/jjwt#949.
• Upgrades BouncyCastle to 1.78 via jwtk/jjwt#941
• Usees Acsiidoc as README format by @​bdemers in jwtk/jjwt#777
• Allows using GenericSecret for HmacSHA* algorithms by @​mnylen in jwtk/jjwt#935
• Enables JWE arbitrary content compression by @​mnylen in jwtk/jjwt#937

New Contributors

• @​mnylen made their first contribution in jwtk/jjwt#935

Full Changelog: jwtk/jjwt@0.12.5...0.12.6

0.12.5

This release fixes issue #916 and ensures that builders' NestedCollection changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call .and() to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:

JwtBuilder builder = Jwts.builder();
builder.audience().add("an-audience"); // no .and() call
builder.compact(); // would not keep 'an-audience'

Now this code works as expected and all other NestedCollection instances like it apply changes immediately (e.g. when calling .add(value)).

However, standard fluent builder chains are still recommended for readability when feasible, e.g.

Jwts.builder()
    .audience().add("an-audience").and() // allows fluent chaining
    .subject("Joe")
    // etc...
    .compact()

These same notes are repeated in the CHANGELOG, and as always, project documentation is in the README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

0.12.4

This is patch release completes 10 issues, with two especially noteworthy changes, and a number of other smaller bug fixes and enhancements.

1. The default Jackson deserializer will now reject duplicate JSON members by default in an attempt to be a little more strict at rejecting potentially malicious or malformed JSON. This is a default and can be overridden with a custom ObjectMapper if desired.
2. Password-based JWE encryption key algorithms (PBES2_HS256_A128KW, PBES2_HS384_A192KW and PBES2_HS512_A256KW) now enforce an upper bound (maximum) number of iterations allowed during decryption to mitigate against potential DoS attacks. Many thanks to Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for their work on this!

A number of other issues fixed: thread-safe ServiceLoader usage for dynamic JSON processor lookup, Android enhancements for JSON Reader APIs, fixed Elliptic Curve field element padding, and more. Please read the 0.12.4 CHANGELOG for full details of all of these changes, and as always, project documentation is in the 0.12.4 README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

... (truncated)

Changelog

Sourced from io.jsonwebtoken:jjwt-api's changelog.

0.12.6

This patch release:

• Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See Issue 947.
• Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See Issue 949.
• Upgrades BouncyCastle to 1.78 via PR 941.

0.12.5

This patch release:

• Ensures that builders' NestedCollection changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call .and() to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:

  JwtBuilder builder = Jwts.builder();
  builder.audience().add("an-audience"); // no .and() call
  builder.compact(); // would not keep 'an-audience'

  Now this code works as expected and all other NestedCollection instances like it apply changes immediately (e.g. when calling .add(value)).

  However, standard fluent builder chains are still recommended for readability when feasible, e.g.

  Jwts.builder()
      .audience().add("an-audience").and() // allows fluent chaining
      .subject("Joe")
      // etc...
      .compact()

  See Issue 916.

0.12.4

This patch release includes various changes listed below.

Jackson Default Parsing Behavior

This release makes two behavioral changes to JJWT's default Jackson ObjectMapper parsing settings:

1. In the interest of having stronger standards to reject potentially malformed/malicious/accidental JSON that could have undesirable effects on an application, JJWT's default ObjectMapper is now configured to explicitly reject/fail parsing JSON (JWT headers and/or Claims) if/when that JSON contains duplicate JSON member names.

   For example, now the following JSON, if parsed, would fail (be rejected) by default:

... (truncated)

Commits

• 0df9756 [maven-release-plugin] prepare release 0.12.6
• aacdfdc - Updated README.adoc :project-version: to be 0.12.6.
• d14f27b Bump org.bouncycastle:bcprov-jdk18on from 1.76 to 1.78 (#941)
• 0c2d96c Fixes #949 (#950)
• a7de554 Fixes #947 (#948)
• 7543248 Bump org.bouncycastle:bcpkix-jdk18on from 1.76 to 1.78 (#943)
• 3489fdb JWE arbitrary content compression (#937)
• 23d9a33 Allow using GenericSecret for HmacSHA* (#935)
• c673b76 Update SECURITY.md
• 2694861 Use Acsiidoc as README format (#777)
• Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-impl from 0.11.5 to 0.12.6

Release notes

Sourced from io.jsonwebtoken:jjwt-impl's releases.

0.12.6

This patch release:

• Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See jwtk/jjwt#947.
• Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See jwtk/jjwt#949.
• Upgrades BouncyCastle to 1.78 via jwtk/jjwt#941
• Usees Acsiidoc as README format by @​bdemers in jwtk/jjwt#777
• Allows using GenericSecret for HmacSHA* algorithms by @​mnylen in jwtk/jjwt#935
• Enables JWE arbitrary content compression by @​mnylen in jwtk/jjwt#937

New Contributors

• @​mnylen made their first contribution in jwtk/jjwt#935

Full Changelog: jwtk/jjwt@0.12.5...0.12.6

0.12.5

This release fixes issue #916 and ensures that builders' NestedCollection changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call .and() to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:

JwtBuilder builder = Jwts.builder();
builder.audience().add("an-audience"); // no .and() call
builder.compact(); // would not keep 'an-audience'

Now this code works as expected and all other NestedCollection instances like it apply changes immediately (e.g. when calling .add(value)).

However, standard fluent builder chains are still recommended for readability when feasible, e.g.

Jwts.builder()
    .audience().add("an-audience").and() // allows fluent chaining
    .subject("Joe")
    // etc...
    .compact()

These same notes are repeated in the CHANGELOG, and as always, project documentation is in the README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

0.12.4

This is patch release completes 10 issues, with two especially noteworthy changes, and a number of other smaller bug fixes and enhancements.

1. The default Jackson deserializer will now reject duplicate JSON members by default in an attempt to be a little more strict at rejecting potentially malicious or malformed JSON. This is a default and can be overridden with a custom ObjectMapper if desired.
2. Password-based JWE encryption key algorithms (PBES2_HS256_A128KW, PBES2_HS384_A192KW and PBES2_HS512_A256KW) now enforce an upper bound (maximum) number of iterations allowed during decryption to mitigate against potential DoS attacks. Many thanks to Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for their work on this!

A number of other issues fixed: thread-safe ServiceLoader usage for dynamic JSON processor lookup, Android enhancements for JSON Reader APIs, fixed Elliptic Curve field element padding, and more. Please read the 0.12.4 CHANGELOG for full details of all of these changes, and as always, project documentation is in the 0.12.4 README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

... (truncated)

Changelog

Sourced from io.jsonwebtoken:jjwt-impl's changelog.

0.12.6

This patch release:

• Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See Issue 947.
• Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See Issue 949.
• Upgrades BouncyCastle to 1.78 via PR 941.

0.12.5

This patch release:

• Ensures that builders' NestedCollection changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call .and() to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:

  JwtBuilder builder = Jwts.builder();
  builder.audience().add("an-audience"); // no .and() call
  builder.compact(); // would not keep 'an-audience'

  Now this code works as expected and all other NestedCollection instances like it apply changes immediately (e.g. when calling .add(value)).

  However, standard fluent builder chains are still recommended for readability when feasible, e.g.

  Jwts.builder()
      .audience().add("an-audience").and() // allows fluent chaining
      .subject("Joe")
      // etc...
      .compact()

  See Issue 916.

0.12.4

This patch release includes various changes listed below.

Jackson Default Parsing Behavior

This release makes two behavioral changes to JJWT's default Jackson ObjectMapper parsing settings:

1. In the interest of having stronger standards to reject potentially malformed/malicious/accidental JSON that could have undesirable effects on an application, JJWT's default ObjectMapper is now configured to explicitly reject/fail parsing JSON (JWT headers and/or Claims) if/when that JSON contains duplicate JSON member names.

   For example, now the following JSON, if parsed, would fail (be rejected) by default:

... (truncated)

Commits

• 0df9756 [maven-release-plugin] prepare release 0.12.6
• aacdfdc - Updated README.adoc :project-version: to be 0.12.6.
• d14f27b Bump org.bouncycastle:bcprov-jdk18on from 1.76 to 1.78 (#941)
• 0c2d96c Fixes #949 (#950)
• a7de554 Fixes #947 (#948)
• 7543248 Bump org.bouncycastle:bcpkix-jdk18on from 1.76 to 1.78 (#943)
• 3489fdb JWE arbitrary content compression (#937)
• 23d9a33 Allow using GenericSecret for HmacSHA* (#935)
• c673b76 Update SECURITY.md
• 2694861 Use Acsiidoc as README format (#777)
• Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-jackson from 0.11.5 to 0.12.6

Updates io.vertx:vertx-auth-jwt from 4.5.3 to 4.5.11

Updates io.vertx:vertx-core from 4.5.3 to 4.5.11

Commits

• 27e674d Releasing 4.5.11
• e87837f Decouple the handshake part ServerWebSocket API.
• fcfc661 Redefine what a context closed means.
• a87afd2 Future.await should interrupt the current thread when the worker executor is ...
• ccca2b8 Merge pull request #5316 from franz1981/4.x_unified_allocator_fix_ssl
• a7c2ba5 Provide opportunity to create a client WebSocket with a given vertx context t...
• 032de2b Add peer host and port info for server SslHandler
• 3600204 Save recursive locks on websocket writeFrame
• 775d945 Execute blocking operations and context worker tasks should be concurrent.
• a3393ac Adding new end 2 end test
• Additional commits viewable in compare view

Updates io.vertx:vertx-web from 4.5.3 to 4.5.11

Updates io.netty:netty-all from 4.1.108.Final to 4.1.115.Final

Commits

• 04f9b4a [maven-release-plugin] prepare release netty-4.1.115.Final
• fbf7a70 Merge commit from fork
• 7b4fe3d Specialize Adaptive's allocator Recycler based on magazine's owner (#14421)
• 9f3699e Explicit specify the platform for Docker files (#14448)
• 3520fc7 Ensure netty-all generation does not override other snapshot jars (#14450)
• 925064e Preserve ordering of default named groups during conversation (#14447)
• 837b738 Make JMH executor threads look like event loop threads (#14444)
• a434eef AdaptiveByteBufAllocator: Make pooling of AdaptiveByteBuf magazine local (#14...
• 16123be Allow to set used named groups per OpenSslContext (#14433)
• dadbf58 Correctly detect if KeyManager is not supported by OpenSSL version (#14437)
• Additional commits viewable in compare view

Updates io.micrometer:micrometer-registry-prometheus from 1.11.0 to 1.14.1

Release notes

Sourced from io.micrometer:micrometer-registry-prometheus's releases.

1.14.1

📔 Documentation

• Gauges may be silently ignored when MeterFilters drop or transform tags #5616

🔨 Dependency Upgrades

• Bump com.netflix.spectator:spectator-reg-atlas from 1.8.1 to 1.8.2 #5685
• Bump software.amazon.awssdk:cloudwatch from 2.29.7 to 2.29.14 #5669
• Bump shaded netty to 4.1.115.Final in micrometer-registry-statsd to address CVE-2024-47535 #5660

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​izeye

1.14.0

Micrometer 1.14.0 is the GA version of a new feature release. See our support policy for support timelines.

Below are the combined release notes of all the pre-release milestones and release candidate preceding this GA release.

⚠️ Noteworthy

• Support ExponentialHistogram in OTLP #3861
• Virtual thread metrics #3956
• Validate expected Observation API call ordering on TestObservationRegistry #5239

⭐ New Features / Enhancements

• Expose TestObservationRegistry as an AssertJ AssertProvider #5551
• Use failure with actual and expected message to improve IDE experience for ObservationContextAssert #5550
• Replace @Nonnull(when = When.MAYBE) with @CheckForNull in @Nullable #5485
• Warn about Prometheus meter registration failure #5228
• Improve performance of merging two Tags/KeyValues instances #5140
• Allow user-provided custom scheduler for periodically binding KafkaMetrics #4976
• Allow specifying the meterNameConsumer for HighCardinalityTagsDetector #4028
• Virtual thread metrics #3956
• Allow tagsBasedOnJoinPoint to override extraTags with CountedAspect #2461
• Configurable _source.enabled Elastic mapping property #1629
• Skip registering Caffeine meters when statistics are not enabled #5409
• Log a warning when instrumenting a cache that is not recording stats in CaffeineCacheMetrics #5402
• MultiGauge.register should accept more types #5390
• Metrics not collected after ExecutorService recreation #5366
• Add "cancelled" information to the GrpcServerObservationContext #5301
• process_start_time_seconds HELP description inconsistency between Prometheus and micrometer #5290
• Add history-tracking to ObservationValidator #5370
• [dynatrace/v2] reduce log verbosity #5306
• Validate expected Observation API call ordering on TestObservationRegistry #5239
• Add JvmThreadDeadlockMetrics #5222
• Allow multiple MeterTag annotations for multiple tags from same target #4081

... (truncated)

Commits

• 2f8b914 Bump software.amazon.awssdk:cloudwatch from 2.29.7 to 2.29.14 (#5669)
• 2b125f4 Bump com.netflix.spectator:spectator-reg-atlas from 1.8.1 to 1.8.2 (#5685)
• 745be35 Bump spring6 from 6.1.14 to 6.1.15 (#5676)
• 00a6e41 Bump com.gradle.develocity from 3.18.1 to 3.18.2 (#5678)
• c3a4ff9 Merge branch '1.13.x' into 1.14.x
• 41c0b53 Merge branch '1.12.x' into 1.13.x
• a0f4911 Bump org.mongodb:mongodb-driver-sync from 4.11.4 to 4.11.5 (#5675)
• f68cc21 Bump me.champeau.gradle:japicmp-gradle-plugin from 0.4.4 to 0.4.5 (#5671)
• 0f7b04e Bump com.amazonaws:aws-java-sdk-cloudwatch from 1.12.777 to 1.12.778 (#5670)
• 1969651 Merge branch '1.13.x' into 1.14.x
• Additional commits viewable in compare view

Updates io.micrometer:micrometer-tracing-bom from 1.1.1 to 1.4.0

Release notes

Sourced from io.micrometer:micrometer-tracing-bom's releases.

1.4.0

⚠️ Noteworthy

• OTel dependency convergence issue #819

⭐ New Features

• Support list values in tags in Span and SpanCustomizer #817
• Make OtelSpan public instead of package-private #808
• Add @Nullable annotations #744
• Propagating values from Observation.Context to Trace's Baggage #455

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.14.0 #886
• Bump io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha to 2.9.0-alpha #876 (micrometer-metrics/tracing#876) (Brings in io.opentelemetry:opentelemetry-bom:1.43.0)
• Bump io.zipkin.reporter2:zipkin-reporter-bom to 3.4.2 #846

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Jasz, @​chemicL, @​ThomasVitale, @​m15o

1.4.0-RC1

This is a pre-release milestone for early testing purposes. See https://github.com/micrometer-metrics/tracing?tab=readme-ov-file#milestone-releases

⭐ New Features

• Support list values in tags in Span and SpanCustomizer #817
• Make OtelSpan public instead of package-private #808

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.14.0-RC1 #871
• Bump io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha from 2.7.0-alpha to 2.8.0-alpha #845
• Bump io.zipkin.reporter2:zipkin-reporter-bom from 3.4.0 to 3.4.1 #840
• Bump io.zipkin.reporter2:zipkin-reporter-bom from 3.4.1 to 3.4.2 #846

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Jasz and @​ThomasVitale

1.4.0-M3

⚠️ Noteworthy

• OTel dependency convergence issue #819

... (truncated)

Commits

• 9143d7a Upgrade to Micrometer 1.14.0
• 903e39d Merge branch '1.3.x'
• 918e712 Bump io.micrometer:micrometer-bom from 1.13.6 to 1.13.7 (#885)
• d2fbd87 Merge branch '1.2.x' into 1.3.x
• 3efe7a2 Bump io.micrometer:micrometer-bom from 1.12.11 to 1.12.12 (#884)
• 25dd821 Bump io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha...
• 67590bc Bump mockito from 5.14.1 to 5.14.2 (#873)
• f738071 Bump org.junit:junit-bom from 5.11.2 to 5.11.3 (#877)
• 3b586e1 Bump testcontainers from 1.20.2 to 1.20.3 (#878)
• e7c92fb Merge branch '1.3.x'
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.4.12 to 1.5.12

Commits

• 3a64b51 prepare release 1.5.12
• ecae664 fix issues/879
• 85968fa logger call ends with two exceptions - fix issues/876
• ea3cec8 Update README.md
• 887cbba update README.md
• df2a3b6 start work on 1.5.12-SNAPSHOT
• 3aa0730 prepare release of version 1.5.11
• 8bcfd9a allow for InsertFromJNDIModelHandler to be callable from logback-tyler
• 75bee86 refactorings in support of logback-tyler
• 8749edc start work on 1.5.11-SNAPSHOT
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.4.14 to 1.5.12

Commits

• 3a64b51 prepare release 1.5.12
• ecae664 fix issues/879
• 85968fa logger call ends with two exceptions - fix issues/876
• ea3cec8 Update README.md
• 887cbba update README.md
• df2a3b6 start work on 1.5.12-SNAPSHOT
• 3aa0730 prepare release of version 1.5.11
• 8bcfd9a allow for InsertFromJNDIModelHandler to be callable from logback-tyler
• 75bee86 refactorings in support of logback-tyler
• 8749edc start work on 1.5.11-SNAPSHOT
• Additional commits viewable in compare view

Updates org.slf4j:slf4j-api from 2.0.7 to 2.0.16

Updates io.opentelemetry:opentelemetry-bom-alpha from 1.26.0-alpha to 1.44.1-alpha

Release notes

Sourced from io.opentelemetry:opentelemetry-bom-alpha's releases.

Version 1.44.0

API

• Fix ConfigUtil#getString ConcurrentModificationException ...

  Description has been truncated

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.