[GitHub] [servicecomb-java-chassis] dependabot[bot] opened a new pull request, #3748: Bump nacos-client from 2.2.0 to 2.2.2

[via GitHub]

dependabot[bot] opened a new pull request, #3748:
URL: https://github.com/apache/servicecomb-java-chassis/pull/3748

   Bumps [nacos-client](https://github.com/alibaba/nacos) from 2.2.0 to 2.2.2.
   <details>
   <summary>Release notes</summary>
   <p><em>Sourced from <a 
href="https://github.com/alibaba/nacos/releases";>nacos-client's 
releases</a>.</em></p>
   <blockquote>
   <h2>2.2.2 (Apr 11, 2023)</h2>
   <p>Nacos recently released versions 2.2.0.1 and 2.2.1, which have made major 
changes to the default authentication plugin to remove the some default values 
of authentication plugin. For details, see <a 
href="https://nacos.io/zh-cn/blog/announcement-token-secret-key.html";>Risk 
Description</a> and <a 
href="https://nacos.io/zh-cn/blog/2.2.1-release.html";>2.2.1 release</a>.</p>
   <p>But Nacos default console ui relies on <code>token.secret.key</code> by 
default, after removing the default value of <code>token.secret.key</code>, 
many new  users who use the latest version image by default have a large number 
of startup failures. The situation has a great impact on the usability of 
users.</p>
   <p>Therefore, version 2.2.2 is mainly optimized for this problem.</p>
   <h2>Enhancement&amp;Refactor</h2>
   <p><a 
href="https://redirect.github.com/alibaba/nacos/issues/10153";>#10153</a> Close 
console login page when auth.enabled is false.
   <a href="https://redirect.github.com/alibaba/nacos/issues/10276";>#10276</a> 
Default close openssl for client.</p>
   <h2>BugFix</h2>
   <p><a 
href="https://redirect.github.com/alibaba/nacos/issues/10208";>#10208</a> Remove 
DefaultSettingPropertySource.java.</p>
   <h2>2.2.1 (Mar 17th, 2023)</h2>
   <p>This version is mainly <strong>Specially, Remove default value of 
<code>token.secret.key</code> and <code>server.identity</code>.</strong> Detail 
see: <a 
href="https://nacos.io/zh-cn/blog/announcement-token-secret-key.html";>announcement</a>.</p>
   <p>And this version upgrade many dependencies such as spring-boot, Grpc, 
jraft and so on.</p>
   <p>What's more, This version add a beta feature, make the grpc request 
support TLS, and fix some bugs and enhance some usage problems.</p>
   <p>Detail see:</p>
   <h2>feature</h2>
   <p><a href="https://redirect.github.com/alibaba/nacos/issues/9276";>#9276</a> 
Add search config by content.
   <a href="https://redirect.github.com/alibaba/nacos/issues/9703";>#9703</a> 
add catalog v2 API to support list instances which is un-enabled.
   <a href="https://redirect.github.com/alibaba/nacos/issues/9710";>#9710</a> 
Support prometheus-sd basic auth.
   <a href="https://redirect.github.com/alibaba/nacos/issues/9888";>#9888</a> 
Beta support Grpc TLS feature.
   <a href="https://redirect.github.com/alibaba/nacos/issues/10062";>#10062</a> 
Naming support aliyun STS auth.</p>
   <h2>Enhancement&amp;Refactor</h2>
   <p><a href="https://redirect.github.com/alibaba/nacos/issues/9510";>#9510</a> 
Add sql log print function.
   <a href="https://redirect.github.com/alibaba/nacos/issues/9646";>#9646</a> 
Replace concatenated strings with placeholders.
   <a href="https://redirect.github.com/alibaba/nacos/issues/9708";>#9708</a> 
Clean expired and invalid connections for HTTP client.
   <a href="https://redirect.github.com/alibaba/nacos/issues/9783";>#9783</a> 
Handle public namespaceId as default namespaceId for publish and query config 
for V2 http api.
   <a href="https://redirect.github.com/alibaba/nacos/issues/9837";>#9837</a> 
Enhance Grpc connected time when cluster started to load snapshot quickly.
   <a href="https://redirect.github.com/alibaba/nacos/issues/9859";>#9859</a> 
Refactor default auth plugin, use custom JWT instead of jjwt.
   <a href="https://redirect.github.com/alibaba/nacos/issues/9860";>#9860</a> 
Adapt logback 1.4.5 by SPI.
   <a href="https://redirect.github.com/alibaba/nacos/issues/9885";>#9885</a> 
Add prometheus api exception handling.
   <a href="https://redirect.github.com/alibaba/nacos/issues/9949";>#9949</a> 
Use Grpc replace all Http request between servers.
   <a href="https://redirect.github.com/alibaba/nacos/issues/9951";>#9951</a> 
Judge the message whether <code>null</code> for metadata processor.
   <a href="https://redirect.github.com/alibaba/nacos/issues/10084";>#10084</a> 
Client use Async appender to print log.
   <a href="https://redirect.github.com/alibaba/nacos/issues/10108";>#10108</a> 
Remove identity default value.</p>
   <h2>BugFix</h2>
   <p><a href="https://redirect.github.com/alibaba/nacos/issues/9621";>#9621</a> 
Fix Config Client server check always up problem.
   <a href="https://redirect.github.com/alibaba/nacos/issues/9728";>#9728</a> 
Fix prometheus http sd only return public namespace problem.
   <a href="https://redirect.github.com/alibaba/nacos/issues/9732";>#9732</a> 
Fix namespace v2 api auth not work problem.
   <a href="https://redirect.github.com/alibaba/nacos/issues/9734";>#9734</a> 
Fix http login url without default port problem.
   <a href="https://redirect.github.com/alibaba/nacos/issues/9795";>#9795</a> 
Fix export config failure problem for non admin user after opening auth.</p>
   <!-- raw HTML omitted -->
   </blockquote>
   <p>... (truncated)</p>
   </details>
   <details>
   <summary>Commits</summary>
   <ul>
   <li><a 
href="https://github.com/alibaba/nacos/commit/d2e16a3e420a23dce1801de95ef9a4b3f91b3e89";><code>d2e16a3</code></a>
 Fix dynamic change token to illegal value will use old token.</li>
   <li><a 
href="https://github.com/alibaba/nacos/commit/50d313ba25bf2966b82f6c8eaeb07f8c4e9ef683";><code>50d313b</code></a>
 取消默认openssl (<a 
href="https://redirect.github.com/alibaba/nacos/issues/10276";>#10276</a>)</li>
   <li><a 
href="https://github.com/alibaba/nacos/commit/6c4c41c8f358f177dfbdbeb099bed72435b1c578";><code>6c4c41c</code></a>
 Upgrade to 2.2.2</li>
   <li><a 
href="https://github.com/alibaba/nacos/commit/953908754f5f0a4184712ec4c9a9d972625fcee2";><code>9539087</code></a>
 Don't stopping startup for illegal token.secret.key when auth.enabled is 
fals...</li>
   <li><a 
href="https://github.com/alibaba/nacos/commit/e31f830217a333807880d80f171bde2ab585dea9";><code>e31f830</code></a>
 Don't stopping startup for illegal token.secret.key when auth.enabled is 
fals...</li>
   <li><a 
href="https://github.com/alibaba/nacos/commit/0f43ea9f10558fe47b6a7e00576231a359f4bcda";><code>0f43ea9</code></a>
 Build console main.js. (<a 
href="https://redirect.github.com/alibaba/nacos/issues/10264";>#10264</a>)</li>
   <li><a 
href="https://github.com/alibaba/nacos/commit/9162c5121d075762c3f90987fec5d41c7a760fee";><code>9162c51</code></a>
 [fix]🐛nacos login page &amp;&amp; notice config (<a 
href="https://redirect.github.com/alibaba/nacos/issues/10262";>#10262</a>)</li>
   <li><a 
href="https://github.com/alibaba/nacos/commit/3b0fda2f25b977e254fb7c4dc1b0b53852b22b26";><code>3b0fda2</code></a>
 [ISSUE#10153] Add auth state into /state api and add announcement api. (<a 
href="https://redirect.github.com/alibaba/nacos/issues/10203";>#10203</a>)</li>
   <li><a 
href="https://github.com/alibaba/nacos/commit/285d39a154e12d6d39e991639b16039f8d980fa5";><code>285d39a</code></a>
 [ISSUE#10208] Remove DefaultSettingPropertySource.java and add some unit 
test...</li>
   <li><a 
href="https://github.com/alibaba/nacos/commit/cb0422ed743e77f11a555ef579f0009049a2db59";><code>cb0422e</code></a>
 Merge pull request <a 
href="https://redirect.github.com/alibaba/nacos/issues/10126";>#10126</a> from 
alibaba/develop</li>
   <li>Additional commits viewable in <a 
href="https://github.com/alibaba/nacos/compare/2.2.0...2.2.2";>compare 
view</a></li>
   </ul>
   </details>
   <br />
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.alibaba.nacos:nacos-client&package-manager=maven&previous-version=2.2.0&new-version=2.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   <details>
   <summary>Dependabot commands and options</summary>
   <br />
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   </details>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org