dependabot[bot] opened a new pull request, #4151: URL: https://github.com/apache/servicecomb-java-chassis/pull/4151
Bumps [io.zipkin.zipkin2:zipkin](https://github.com/openzipkin/zipkin) from 2.24.4 to 2.25.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/openzipkin/zipkin/releases";>io.zipkin.zipkin2:zipkin's releases</a>.</em></p> <blockquote> <p>Zipkin 2.25.2 adds the ppc64le architecture to our production <a href="https://hub.docker.com/repository/docker/openzipkin/zipkin";>zipkin</a> and <a href="https://hub.docker.com/repository/docker/openzipkin/zipkin-slim";>zipkin-slim</a> images. It also fixes a couple docker crashes when run on Apple Silicon. Finally, we documented how to run the <a href="https://github.com/openzipkin/zipkin/blob/master/docker/examples/README.md#elasticsearch";>Elasticsearch Service Depedencies graph job ad-hoc</a>, as it has been frequently asked about.</p> <p>Special thanks to <a href="https://github.com/NishikantThorat";><code>@NishikantThorat</code></a> from <a href="https://knative.dev";>Knative</a> for the help progressing ppc64le, as well <a href="https://github.com/anuraaga";><code>@anuraaga</code></a> for lots of review support.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/openzipkin/zipkin/compare/2.25.1...2.25.2";>https://github.com/openzipkin/zipkin/compare/2.25.1...2.25.2</a></p> <p>Zipkin 2.25.1 sets a milestone where a <a href="https://github.com/aquasecurity/trivy";>trivy</a> scan of our <a href="https://hub.docker.com/layers/openzipkin/zipkin/2.25.1/images/sha256-596894437b11b77e16ae0197db9f8f6fcf0c159aba530ee0596a0feac124bcad?context=repo";>openzipkin/zipkin:2.25.1</a> docker image came clear of all vulnerabilities:</p> <pre lang="bash"><code>$ trivy image openzipkin/zipkin:2.25.1 2023-12-14T21:38:42.716+0700 INFO Vulnerability scanning is enabled 2023-12-14T21:38:42.717+0700 INFO Secret scanning is enabled 2023-12-14T21:38:42.717+0700 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2023-12-14T21:38:42.717+0700 INFO Please see also https://aquasecurity.github.io/trivy/v0.48/docs/scanner/secret/#recommendation for faster secret detection 2023-12-14T21:38:47.299+0700 INFO Detected OS: alpine 2023-12-14T21:38:47.299+0700 WARN This OS version is not on the EOL list: alpine 3.19 2023-12-14T21:38:47.299+0700 INFO Detecting Alpine vulnerabilities... 2023-12-14T21:38:47.301+0700 INFO Number of language-specific files: 1 2023-12-14T21:38:47.301+0700 INFO Detecting jar vulnerabilities... <p>openzipkin/zipkin:2.25.1 (alpine 3.19.0)</p> <p>Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) </code></pre></p> <p>There was a lot of PR review support and again we have <a href="https://github.com/anuraaga";><code>@anuraaga</code></a> to thank for being so available to keep things moving. We'd also like to thank <a href="https://github.com/tacigar";><code>@tacigar</code></a> for progress on renovating the Lens UI, resulting in a significant drop in NPM vulnerabilities as well.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/openzipkin/zipkin/compare/2.25.0...2.25.1";>https://github.com/openzipkin/zipkin/compare/2.25.0...2.25.1</a></p> <p>Zipkin 2.25.0 was an infrastructure refactoring release with no significant main code changes from <a href="https://github.com/openzipkin/zipkin/releases/tag/2.24.4";>2.24.4</a>. This is a bridge version for those who extend zipkin with a few notable changes:</p> <ul> <li>New <a href="https://github.com/openzipkin/zipkin/blob/master/docker/examples/README.md#activemq";>zipkin-activemq</a> and <a href="https://github.com/openzipkin/zipkin/blob/master/docker/examples/README.md#rabbitmq";>zipkin-rabbitmq</a> test images. Now, we have a test image for every combination of collector and storage.</li> <li>Removal of junit 4.x dependency. zipkin-junit is no longer published in favor of <a href="https://github.com/openzipkin/zipkin/tree/master/zipkin-junit5";>zipkin-junit5</a>.</li> <li>Improved practice of AssertJ, JUnit Jupiter and SLF4J thanks to automated refactoring by <a href="https://github.com/TeamModerne";><code>@TeamModerne</code></a> and great support by <a href="https://github.com/timtebeek";><code>@timtebeek</code></a>.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/openzipkin/zipkin/compare/2.24.4...2.25.0";>https://github.com/openzipkin/zipkin/compare/2.24.4...2.25.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/openzipkin/zipkin/commit/11e3b27d87013c898faa1515ef9ff9bb53d40949";><code>11e3b27</code></a> [maven-release-plugin] prepare release 2.25.2</li> <li><a href="https://github.com/openzipkin/zipkin/commit/ced6a9c5c3c199529a1caaacae17c23758a2a079";><code>ced6a9c</code></a> lens: reduces cves for top-level deps (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3657";>#3657</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/6e79b6dfcaca05b7aca749be6efa078490c30bbf";><code>6e79b6d</code></a> docker: documents how to use master version in examples (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3656";>#3656</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/8b2b331673ef5c4955fa61d0de67956c0a409b3f";><code>8b2b331</code></a> ci: test building of javadoc (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3655";>#3655</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/aed6d926ccb69db620bfd9da43d9324d4c2708d6";><code>aed6d92</code></a> docker: adds ppc64le architecture to zipkin and zipkin-slim images (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3653";>#3653</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/c40a50b98b8791bdce40dba811365a0e950fe342";><code>c40a50b</code></a> docker: uses health check in examples and documents dependencies job (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3652";>#3652</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/e21beed47bbc3a8fb55d86e400388a4d7e569b67";><code>e21beed</code></a> docker: updates Elasticsearch 7.x image to Elastic licensed 7.17.16 (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3654";>#3654</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/0092696b65353095bbf74e74a6ea1860cd3239cc";><code>0092696</code></a> cassandra: moves to Apache Driver and fixes Apple Silicon docker crash (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3651";>#3651</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/a78c1620cd8b8777fda6ae4b50695cd72fb4cbc3";><code>a78c162</code></a> deps: temporarily update boringssl ahead of netty to fix M1 docker crash (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3650";>#3650</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/9244952de33422285d6321ccc8f3b93e5e208ced";><code>9244952</code></a> [maven-release-plugin] prepare for next development iteration</li> <li>Additional commits viewable in <a href="https://github.com/openzipkin/zipkin/compare/2.24.4...2.25.2";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
