dependabot[bot] opened a new pull request, #1817: URL: https://github.com/apache/cxf/pull/1817
Bumps `cxf.brave.version` from 5.17.1 to 6.0.3. Updates `io.zipkin.brave:brave` from 5.17.1 to 6.0.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/openzipkin/brave/releases">io.zipkin.brave:brave's releases</a>.</em></p> <blockquote> <p>Brave 6.0.3 including the following minor changes. Thanks very much to <a href="https://github.com/reta"><code>@reta</code></a> and <a href="https://github.com/anuraaga"><code>@anuraaga</code></a> for review support!</p> <ul> <li>fixes bug that allowed setting local or remote service names to the empty string ("")</li> <li>fixed thread safety issue when using <code>Tag.tag</code></li> <li>ports brave-instrumentation-mongodb to work on the new org.mongodb:mongodb-driver-core v5 <ul> <li>Note: the floor JRE of this instrumentation is now 1.7, where it formerly was 1.6</li> </ul> </li> <li>changes license headers to SPDX style, as used in zipkin and zipkin-reporter</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/openzipkin/brave/compare/6.0.2..6.0.3">https://github.com/openzipkin/brave/compare/6.0.2..6.0.3</a></p> <p>Brave 6.0.2 fixes a propagation glitch on kafka streams processors using <code>context.forward()</code>. Tons of thanks to <a href="https://github.com/frosiere"><code>@frosiere</code></a> for the help on this! We also changed how dependencies are managed so that less false-positives show up due to our backwards compatability testing. We appreciate your continued use and feedback!</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/openzipkin/brave/compare/6.0.1..6.0.2">https://github.com/openzipkin/brave/compare/6.0.1..6.0.2</a></p> <p>Brave 6.0.1 simplifies internals of the json encoder and kafka-streams instrumentation. It also fixes a bug where a <code>Tag<Throwable></code> passed to <code>MutableSpanBytesEncoder.zipkinJsonV2</code> always used the key "error" even when set to something else. Finally <a href="https://github.com/reta"><code>@reta</code></a> fixed a flakey JMS integration test which was plaguing our CI builds!</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/openzipkin/brave/compare/6.0.0..6.0.1">https://github.com/openzipkin/brave/compare/6.0.0..6.0.1</a></p> <p>Brave 6 removes all modules and functions deprecated in Brave 5.x. It no longer has any dependency on io.zipkin.zipkin2:zipkin. Special thanks to <a href="https://github.com/reta"><code>@reta</code></a> and <a href="https://github.com/anuraaga"><code>@anuraaga</code></a> for a lot of review support leading to this release!</p> <h2>No more deprecated functions</h2> <p>The final release of Brave 5 with deprecated functions was 5.18.1. Removing these functions was the only way to decouple Brave from zipkin's core library (io.zipkin.zipkin2:zipkin). However, this does not change Brave's floor Java 6 support. We still integration test this via the <a href="https://github.com/openzipkin/brave-example">brave-example</a> repository.</p> <p>Here's an example of a working Java 6 and Spring 2.5 application, which is 280KB smaller due to use of the lean combination of Brave 6 and Zipkin Reporter 3.x:</p> <pre><code># brave 5.18.1 3860 target/brave-example-webmvc25-1.0-SNAPSHOT.war # brave 6.0.0 3580 target/brave-example-webmvc25-1.0-SNAPSHOT.war </code></pre> <h2>No more io.zipkin.reporter2:zipkin-reporter or io.zipkin.zipkin2:zipkin dependencies</h2> <p><a href="https://central.sonatype.com/artifact/io.zipkin.brave/brave-bom">io.zipkin.brave:brave-bom</a> used to manage zipkin-reporter dependencies. Since Brave no longer has dependencies on zipkin, it no longer manages them.</p> <p>This impact is that users will need to manage their own versions for zipkin-reporter, likely via <a href="https://central.sonatype.com/artifact/io.zipkin.reporter2/zipkin-reporter-bom">io.zipkin.reporter2:zipkin-reporter-bom</a> described in the <a href="https://github.com/openzipkin/zipkin-reporter-java#library-releases">zipkin-reporter README</a>.</p> <p>To fully remove a zipkin core library dependency from your traced applications, use <a href="https://central.sonatype.com/artifact/io.zipkin.reporter2/zipkin-reporter-brave">io.zipkin.reporter2:zipkin-reporter-brave</a> <a href="https://github.com/openzipkin/zipkin-reporter-java/releases/tag/3.1.1">3.x</a> <code>AsyncZipkinSpanHandler</code>. This is described in the <a href="https://github.com/openzipkin/zipkin-reporter-java#library-releases">zipkin-reporter README</a>. You can expect currently maintained frameworks to do this on your behalf.</p> <p>Thanks for your patience with the major upgrade. Things like this allow easier maintenance and a longer life for Brave, particularly as zipkin-server moves ahead with later Java versions.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/openzipkin/brave/compare/5.17.1..5.18.1">https://github.com/openzipkin/brave/compare/5.17.1..5.18.1</a></p> <p>Brave 5.18 prepares for Brave 6 by deprecating instrumentation for libraries not released in 1.5-3.5 years including:</p> <ul> <li>context/rxjava2 - last released Feb 2021 <ul> <li>replaced by RxJava3, but unlikely this module will be ported as it wasn't used widely.</li> </ul> </li> <li>instrumentation/dubbo-rpc - (alibaba) last released Dec 2021</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/openzipkin/brave/commit/95ae4c2ce3fe3b99357d64e0ee250f837c2af68e"><code>95ae4c2</code></a> [maven-release-plugin] prepare release 6.0.3</li> <li><a href="https://github.com/openzipkin/brave/commit/08e8e39509bfb927229c51db77a3daa7f2abeea1"><code>08e8e39</code></a> Fixes thread safety issue in Tag.tag (<a href="https://redirect.github.com/openzipkin/brave/issues/1434">#1434</a>)</li> <li><a href="https://github.com/openzipkin/brave/commit/57f27e23f6edcce9f7507272e4dc8facc2277afa"><code>57f27e2</code></a> license: removes copyright year and uses SPDX ID (<a href="https://redirect.github.com/openzipkin/brave/issues/1433">#1433</a>)</li> <li><a href="https://github.com/openzipkin/brave/commit/170c79ff296a8b8c69b5948910d2f66b67466fed"><code>170c79f</code></a> Speeds up dubbo tests, aligns conventions and bumps deps (<a href="https://redirect.github.com/openzipkin/brave/issues/1432">#1432</a>)</li> <li><a href="https://github.com/openzipkin/brave/commit/ef6fbbdab4846b621a8be8b9c72feba7270a819c"><code>ef6fbbd</code></a> Adds support for org.mongodb:mongodb-driver-core v5 (<a href="https://redirect.github.com/openzipkin/brave/issues/1431">#1431</a>)</li> <li><a href="https://github.com/openzipkin/brave/commit/fe3c8b46823db2dcbe065451f8049ed8a6503217"><code>fe3c8b4</code></a> fixes bug setting service names to empty (<a href="https://redirect.github.com/openzipkin/brave/issues/1428">#1428</a>)</li> <li><a href="https://github.com/openzipkin/brave/commit/69e30f320d88fabd5b24772f24e7416e5daa0f27"><code>69e30f3</code></a> Adds BaggagePropagation benchmarks for decorate (<a href="https://redirect.github.com/openzipkin/brave/issues/1425">#1425</a>)</li> <li><a href="https://github.com/openzipkin/brave/commit/b7ece7b8bf191e5e865caf04b1feaa6f4db4705e"><code>b7ece7b</code></a> Consolidates notes on "extra" data (<a href="https://redirect.github.com/openzipkin/brave/issues/1424">#1424</a>)</li> <li><a href="https://github.com/openzipkin/brave/commit/d8dc495c6ab8cfb311dc6f984ec8db136c170fc4"><code>d8dc495</code></a> benchmarks: moves dependency scope to test (<a href="https://redirect.github.com/openzipkin/brave/issues/1422">#1422</a>)</li> <li><a href="https://github.com/openzipkin/brave/commit/55525075d98adfa05b85e9366404a7fc0d9efac3"><code>5552507</code></a> [maven-release-plugin] prepare for next development iteration</li> <li>Additional commits viewable in <a href="https://github.com/openzipkin/brave/compare/5.17.1...6.0.3">compare view</a></li> </ul> </details> <br /> Updates `io.zipkin.brave:brave-instrumentation-http` from 5.17.1 to 6.0.3 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org