Release 0.3.80

Bump service-framework to 0.1.94 and remove temporary workarounds (#105)

- Upgrade hypertrace-framework from 0.1.93 to 0.1.94 (now uses Jetty 12
  EE10 coordinates)
- Restore service-framework deps in test-consumer (no longer pulls old
  org.eclipse.jetty:jetty-servlet coordinates)
- Remove CVE-2026-41417 OWASP suppression (service-framework 0.1.94 was
  built against BOM with netty 4.1.133.Final)

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Release 0.3.79

chore: Update Jetty to 12.1.9 and jakarta-servlet-api to 6.1.0 (#104)

* Update Jetty to 12.1.8 and jakarta-servlet-api to 6.1.0

- Migrate Jetty module coordinates to EE10 variants for Jetty 12 compatibility:
  - jetty-servlet -> org.eclipse.jetty.ee10:jetty-ee10-servlet
  - jetty-servlets -> org.eclipse.jetty.ee10:jetty-ee10-servlets
- jetty-server remains org.eclipse.jetty:jetty-server (core module)
- Bump jakarta-servlet-api from 6.0.0 to 6.1.0 (required by Jetty 12.1 EE10)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Add jetty-ee10-bom and fix EE10 module version resolution

The EE10 servlet modules (org.eclipse.jetty.ee10:*) are not managed by
the core jetty-bom (org.eclipse.jetty:jetty-bom). Add the jetty-ee10-bom
as a platform import and explicit versions to ensure resolution works.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Update Jetty to 12.1.9

* address comments

* Temporarily comment out service-framework deps in test-consumer

These deps pull in the old Jetty 11 coordinates (org.eclipse.jetty:jetty-servlet)
which no longer resolve under Jetty 12. Will uncomment after publishing a new
service-framework version built with EE10 coordinates.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Fix CVE-2026-42198 (pgjdbc) and suppress CVE-2026-41417 (Netty)

CVE-2026-42198 (pgjdbc DoS, CVSS 7.5):
- Upgrade document-store from 0.8.6 to 0.9.45, which brings
  postgresql 42.7.11 (the fixed version).

CVE-2026-41417 (Netty CRLF injection, CVSS 5.3):
- Upgrade netty-bom from 4.1.132.Final to 4.1.133.Final (fixed version).
- Added temporary OWASP suppression because the published hypertrace-bom
  (0.3.78) still imports netty-bom:4.1.132.Final, and transitive deps
  resolve against that published version rather than the local project.

Temporary workarounds in this branch (to be removed in sequence):
1. Service-framework deps commented out in test-consumer — the published
   service-framework:0.1.93 still declares old Jetty 11 coordinates
   (org.eclipse.jetty:jetty-servlet) which don't exist in Jetty 12.
2. CVE-2026-41417 OWASP suppression — netty 4.1.132 comes transitively
   from the published hypertrace-bom:0.3.78.

Resolution steps:
1. Publish this BOM as 0.3.79 (with Jetty 12 EE10 + Netty 4.1.133.Final)
2. Update service-framework to use BOM 0.3.79 catalog, publish new version
3. Bump service-framework version in this BOM, uncomment deps in
   test-consumer, and remove the OWASP suppression

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Release 0.3.78

chore(hypertrace/java-grpc-utils): Upgrade 0.13.23 (#101)

Co-authored-by: hypertrace-ci-app[bot] <145367492+hypertrace-ci-app[bot]@users.noreply.github.com>
Co-authored-by: Aaron Steinfeld <45047841+aaron-steinfeld@users.noreply.github.com>

Release 0.3.77

chore: bump log4j (#103)

Release 0.3.76

Update service framework version (#100)

Release 0.3.75

Update Netty version to 4.1.132.Final (#99)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

AI-Session-Id: 77f546c8-d376-4bac-aa00-6b6bea736ea8
AI-Tool: claude-code
AI-Model: global.anthropic.claude-sonnet-4-6

Release 0.3.74

chore(hypertrace/java-grpc-utils): Upgrade 0.13.22 (#98)

Co-authored-by: hypertrace-ci-app[bot] <145367492+hypertrace-ci-app[bot]@users.noreply.github.com>

Release 0.3.73

Update jackson-bom version to 2.21.1 (#97)

Release 0.3.72

chore(hypertrace/java-grpc-utils): Upgrade 0.13.21 (#96)

Co-authored-by: hypertrace-ci-app[bot] <145367492+hypertrace-ci-app[bot]@users.noreply.github.com>

Release 0.3.71

chore(hypertrace/java-grpc-utils): Upgrade 0.13.20 (#94)

Co-authored-by: hypertrace-ci-app[bot] <145367492+hypertrace-ci-app[bot]@users.noreply.github.com>