[PF-2983]: Bump the minor-patch-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the minor-patch-dependencies group with 7 updates in the / directory:

Package	From	To
org.bouncycastle:bcprov-jdk18on	1.78	1.78.1
com.google.cloud:libraries-bom	26.42.0	26.43.0
io.opentelemetry:opentelemetry-bom-alpha	1.37.0-alpha	1.40.0-alpha
io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom	2.3.0	2.5.0
com.jfrog.artifactory	5.2.2	5.2.3
org.sonarqube	5.0.0.4638	5.1.0.4882
io.spring.dependency-management	1.1.5	1.1.6

Updates org.bouncycastle:bcprov-jdk18on from 1.78 to 1.78.1

Changelog

Sourced from org.bouncycastle:bcprov-jdk18on's changelog.

2.1.1 Version Release: 1.79 Date:      2024, TBD.

2.2.1 Version Release: 1.78.1 Date:      2024, 18th April.

2.3.1 Version Release: 1.78 Date:      2024, 7th April.

... (truncated)

Commits

• See full diff in compare view

Updates com.google.cloud:libraries-bom from 26.42.0 to 26.43.0

Release notes

Sourced from com.google.cloud:libraries-bom's releases.

v26.43.0

GCP Libraries BOM 26.43.0

Here are the differences from the previous version (26.42.0)

New Addition

• com.google.cloud:google-cloud-gdchardwaremanagement:0.1.0

The group ID of the following artifacts is com.google.cloud.

Notable Changes

google-cloud-bigquery 2.41.0 (prev: 2.40.3)

• Add columnNameCharacterMap to LoadJobConfiguration (#3356) (2f3cbe3)

• Add MetadataCacheMode to ExternalTableDefinition (#3351) (2814dc4)

• Add clustering value to ListTables result (#3359) (5d52bc9)

google-cloud-bigtable 2.40.0 (prev: 2.39.5)

• Add String type with Utf8Raw encoding to Bigtable API (#2191) (e7f03fc)

• Add getServiceName() to EnhancedBigTableStubSettings (#2256) (da703db)

• Remove grpclb (#2033) (7355375)

google-cloud-firestore 3.22.0 (prev: 3.21.4)

• Add bulk delete api (#1704) (5ef6254)

google-cloud-logging 3.19.0 (prev: 3.18.0)

• logging: OpenTelemetry trace/span ID integration for Java logging library (#1596) (67db829)

google-cloud-pubsub 1.131.0 (prev: 1.130.0)

• Add use_topic_schema for Cloud Storage Subscriptions (#2082) (11d67d4)

google-cloud-spanner 6.71.0 (prev: 6.69.0)

• Add field order_by in spanner.proto (#3064) (52ee196)

• Do not end transaction span when rolling back to savepoint (#3167) (8ec0cf2)

• Remove unused DmlBatch span (#3147) (f7891c1)

google-cloud-spanner-jdbc 2.20.1 (prev: 2.19.3)

• Add OpenTelemetry tracing (#1568) (1485a04)

Other libraries

• [aiplatform] add enum value MALFORMED_FUNCTION_CALL to .google.cloud.aiplatform.v1beta1.content.Candidate.FinishReason (666a3ac)
• [aiplatform] add MALFORMED_FUNCTION_CALL to FinishReason (666a3ac)
• [batch] add a install_ops_agent field to InstancePolicyOrTemplate for Ops Agent support (564c369)
• [container] A new message HugepagesConfig is added (4be1db5)
• [container] A new method_signature parent is added to method ListOperations in service ClusterManager (4be1db5)

... (truncated)

Commits

• 8ee9baa chore: release main (#6658)
• aa953a1 Revert "build(deps): update dependency org.apache.maven.resolver:maven-resolv...
• a6ea250 deps: update dependency com.google.cloud:google-cloud-bigtable-bom to v2.40.0...
• 301282c deps: update dependency com.google.cloud:google-cloud-spanner-jdbc to v2.20.1...
• 3c9ca8d deps: update dependency com.google.cloud:google-cloud-spanner-bom to v6.71.0 ...
• 0b823c9 build(deps): update dependency org.apache.maven.resolver:maven-resolver-api t...
• ca673e6 deps: update dependency com.google.cloud:google-cloud-datastore-bom to v2.20....
• ac889cf test(deps): update dependency com.google.truth:truth to v1.4.3 (#6662)
• 04e1eee deps: update dependency com.google.cloud:gapic-libraries-bom to v1.40.0 (#6663)
• c9b7d11 deps: update dependency com.google.cloud:google-cloud-logging-bom to v3.19.0 ...
• Additional commits viewable in compare view

Updates io.opentelemetry:opentelemetry-bom-alpha from 1.37.0-alpha to 1.40.0-alpha

Release notes

Sourced from io.opentelemetry:opentelemetry-bom-alpha's releases.

Version 1.39.0

API

Incubator

• BREAKING: Refactor ExtendedTracer, ExtendedSpanBuilder to reflect incubating API conventions (#6497)

SDK

Exporter

• BREAKING: Serve prometheus metrics only on /metrics by default. To restore the previous behavior and serve metrics on all paths, override the default handler as demonstrated here. (#6476)
• Make OTLP exporter memory mode API public (#6469)
• Speed up OTLP string marshaling using sun.misc.Unsafe (#6433)
• Add exporter data classes for experimental profiling signal type. (#6374)
• Start prometheus http server with daemon thread (#6472)
• Update the Prometheus metrics library and improve how units are included in metric names. (#6473)
• Remove android animalsniffer check from prometheus exporter (#6478)

Extensions

• Load file config YAML using core schema, ensure that env var substitution retains string types. (#6436)
• Define dedicated file configuration SPI ComponentProvider (#6457)

Tooling

• Normalize timestamps and file ordering in jars, making the outputs reproducible (#6471)
• GHA for generating the post-release pull request (#6449)

🙇 Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

@​breedx-splk @​crossoverJie @​DPUkyle @​fstab @​hboutemy @​jack-berg @​jhalliday @​jkwatson @​laurit @​lizongwu @​nluk @​trask @​zeitlinger

Version 1.38.0

API

... (truncated)

Changelog

Sourced from io.opentelemetry:opentelemetry-bom-alpha's changelog.

Changelog

Unreleased

Version 1.40.0 (2024-07-05)

API

Incubator

• Narrow ExtendedSpanBuilder return types for chaining (#6514)
• Add APIs to determine if tracer, logger, instruments are enabled (#6502)

SDK

Extensions

• Move autoconfigure docs to opentelemetry.io (#6491)

Version 1.39.0 (2024-06-07)

API

Incubator

• BREAKING: Refactor ExtendedTracer, ExtendedSpanBuilder to reflect incubating API conventions (#6497)

SDK

Exporter

• BREAKING: Serve prometheus metrics only on /metrics by default. To restore the previous behavior and serve metrics on all paths, override the default handler as demonstrated here. (#6476)
• Make OTLP exporter memory mode API public (#6469)
• Speed up OTLP string marshaling using sun.misc.Unsafe (#6433)
• Add exporter data classes for experimental profiling signal type. (#6374)
• Start prometheus http server with daemon thread (#6472)
• Update the Prometheus metrics library and improve how units are included in metric names. (#6473)
• Remove android animalsniffer check from prometheus exporter

... (truncated)

Commits

• See full diff in compare view

Updates io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom from 2.3.0 to 2.5.0

Release notes

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom's releases.

Version 2.5.0

This release targets the OpenTelemetry SDK 1.39.0.

Note that many artifacts have the -alpha suffix attached to their version number, reflecting that they are still alpha quality and will continue to have breaking changes. Please see the VERSIONING.md for more details.

📈 Enhancements

• Add support for Informix connection string parsing in JDBC instrumentation (#11542)
• Generate an SBOM for the javaagent artifact (#11075)
• Extract sql operation even when the sanitizer is disabled (#11472)
• Improve security manager support (#11466)
• Generate Log4j2Plugin.dat for OpenTelemetryAppender (#11503)
• Stop kotlin coroutine dispatcher from propagating context (#11500)
• Handle Vert.x sub routes (#11535)
• Undertow: run response customizer on all ServerConnection implementations (#11539)
• Allow configuring MDC key names for trace_id, span_id, trace_flags (#11329)
• Apply async end strategy to all kotlin coroutine flows (#11583)

🛠️ Bug fixes

• Fix container.id issue in some crio scenarios (#11382)
• Fix Finagle http client context propagation (#11400)
• Fix sporadically failing finagle test (#11441)
• Fix request header capture corrupting tomcat request (#11469)
• Fix Ktor server instrumentation when Ktor client library is not present (#11454)
• Fix gRPC instrumentation adding duplicates to metadata instead of overwriting (#11308)
• Avoid NullPointerException when JMS destination is not available (#11570)
• Fix Spring Kafka instrumentation closing the trace too early (#11471)

🙇 Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

@​AlchemyDing @​breedx-splk @​cleverchuk @​heyams @​himamulch @​jack-berg @​jaydeluca @​jeanbisutti @​JonasKunz @​KarinaGanieva-sl @​kintan-singh-backend @​kjschnei001 @​laurit @​liurui-1 @​ofelbaum @​pavelvodrazka @​pepeshore

... (truncated)

Changelog

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom's changelog.

Version 2.5.0 (2024-06-17)

📈 Enhancements

• Add support for Informix connection string parsing in JDBC instrumentation (#11542)
• Generate an SBOM for the javaagent artifact (#11075)
• Extract sql operation even when the sanitizer is disabled (#11472)
• Improve security manager support (#11466)
• Generate Log4j2Plugin.dat for OpenTelemetryAppender (#11503)
• Stop kotlin coroutine dispatcher from propagating context (#11500)
• Handle Vert.x sub routes (#11535)
• Undertow: run response customizer on all ServerConnection implementations (#11539)
• Allow configuring MDC key names for trace_id, span_id, trace_flags (#11329)
• Apply async end strategy to all kotlin coroutine flows (#11583)

🛠️ Bug fixes

• Fix container.id issue in some crio scenarios (#11382)
• Fix Finagle http client context propagation (#11400)
• Fix sporadically failing finagle test (#11441)
• Fix request header capture corrupting tomcat request (#11469)
• Fix Ktor server instrumentation when Ktor client library is not present (#11454)
• Fix gRPC instrumentation adding duplicates to metadata instead of overwriting (#11308)
• Avoid NullPointerException when JMS destination is not available (#11570)
• Fix Spring Kafka instrumentation closing the trace too early (#11471)

Version 1.33.3 (2024-05-21)

📈 Enhancements

• Backport: Fix the logic to get container.id resource attribute (#11333)

... (truncated)

Commits

• f0e9fdb [release/v2.5.x] Prepare release 2.5.0 (#11597)
• 8e10717 Update change log for upcoming release (#11588)
• a1d1c41 make elasticsearch-* indy compatible (#11554)
• 4d3802a jetty9 http client: don't implement Response.CompleteListener (#11579)
• 89b59cf Work around publishing failure (#11593)
• 6b0c62a chore(deps): update gradle/actions action to v3.4.0 (main) (#11589)
• 26a5cfe chore(deps): update github/codeql-action action to v3.25.10 (main) (#11585)
• f602e19 Fix InstrumentedRecordInterceptor closing the trace too early (#11471)
• ed351da Add new triagers (#11584)
• c6afaed Apply async end strategy to all kotlin coroutine flows (#11583)
• Additional commits viewable in compare view

Updates io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha from 2.3.0-alpha to 2.5.0-alpha

Release notes

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha's releases.

Version 2.4.0

This release targets the OpenTelemetry SDK 1.38.0.

Note that many artifacts have the -alpha suffix attached to their version number, reflecting that they are still alpha quality and will continue to have breaking changes. Please see the VERSIONING.md for more details.

🌟 New javaagent instrumentation

• InfluxDB (#10850)
• Armeria gRPC (#11351)
• Apache ShenYu (#11260)

📈 Enhancements

• Instrument ConnectionSource in Akka/Pekko HTTP Servers (#11103)
• Use constant span name when using Spring AMQP AnonymousQueues (#11141)
• Add support for RestClient in Spring starter (#11038)
• Add support for WebFlux server in Spring starter (#11185)
• Add async operation end strategy for Kotlin coroutines flow (#11168)
• Add automatic JDBC instrumentation to the Spring starter (#11258)
• Add StructuredTaskScope instrumentation (#11202)
• Allow reading OTel context from reactor ContextView (#11235)
• Add spring starter r2dbc support (#11221)
• Enable instrumentation of Spring EJB clients (#11104)
• Support otel.instrumentation.kafka.experimental-span-attributes in Spring starter (#11263)
• Remove incubating semconv dependency from library instrumentation (#11324)
• Add extension functions for Ktor plugins (#10963)
• Add dedicated flag for R2DBC statement sanitizer (#11384)
• Allow library instrumentations to override span name (#11355)
• Don't sanitize PostgreSQL parameter markers (#11388)
• Make statement sanitizer configurable for Spring Boot (#11350)

🛠️ Bug fixes

• Fix GraphQL instrumentation to work with latest version (#11142)
• Fix jmx-metrics on WildFly (#11151)
• End gRPC server span in onComplete instead of close (#11170)
• Fix a bug in undertow instrumentation related to HTTP/2 (#11361)
• Armeria http client reports wrong protocol version (#11334)
• Use daemon thread for scheduling in jmx-metrics BeanFinder (#11337)

🙇 Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

@​123liuziming @​aaron-ai @​AlchemyDing @​ArtyomGabeev @​aschugunov @​breedx-splk

... (truncated)

Changelog

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha's changelog.

Changelog

Unreleased

Version 1.33.4 (2024-06-19)

📈 Enhancements

• Backport: Undertow, run response customizer on all ServerConnection implementations (#11548)
• Backport: Improve security manager support (#11606)
• Backport: Update the OpenTelemetry SDK version to 1.39.0 (#11603)

🛠️ Bug fixes

• Backport: Avoid NullPointerException when JMS destination is not available (#11577)
• Backport: Fix Spring Kafka instrumentation closing the trace too early (#11592)
• Backport: Fix gRPC instrumentation adding duplicates to metadata instead of overwriting (#11604)
• Backport: Fix request header capture corrupting tomcat request (#11607)

Version 2.5.0 (2024-06-17)

📈 Enhancements

• Add support for Informix connection string parsing in JDBC instrumentation (#11542)
• Generate an SBOM for the javaagent artifact (#11075)
• Extract sql operation even when the sanitizer is disabled (#11472)
• Improve security manager support (#11466)
• Generate Log4j2Plugin.dat for OpenTelemetryAppender (#11503)
• Stop kotlin coroutine dispatcher from propagating context (#11500)
• Handle Vert.x sub routes (#11535)
• Undertow: run response customizer on all ServerConnection implementations (#11539)
• Allow configuring MDC key names for trace_id, span_id, trace_flags (#11329)
• Apply async end strategy to all kotlin coroutine flows (#11583)

... (truncated)

Commits

• See full diff in compare view

Updates com.jfrog.artifactory from 5.2.2 to 5.2.3

Updates org.sonarqube from 5.0.0.4638 to 5.1.0.4882

Updates io.spring.dependency-management from 1.1.5 to 1.1.6

Release notes

Sourced from io.spring.dependency-management's releases.

v1.1.6

🐞 Bug Fixes

• Applying Maven-style exclusions may cause a deprecation warning with Gradle 8.8 #384

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​quaff

Commits

• 57d4a77 Release v1.1.6
• caad92a Apply exclusions earlier to avoid deprecation warning
• 68f86ea Merge pull request #387 from quaff
• 4d44a45 Remove stray backtick
• 90d9e1a Rename property to address naming clash
• 3c2f6e7 Next development version (v1.1.6-SNAPSHOT)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.