dependabot[bot] opened a new pull request, #4283: URL: https://github.com/apache/servicecomb-java-chassis/pull/4283
Bumps [io.zipkin.zipkin2:zipkin](https://github.com/openzipkin/zipkin) from 2.26.0 to 3.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/openzipkin/zipkin/releases";>io.zipkin.zipkin2:zipkin's releases</a>.</em></p> <blockquote> <p>Zipkin 3.1.1 is a hardening release, notably polishing out some UI glitches and experience problems for Cassandra users. Thanks a lot for all the feedback and patience, as we delayed this patch until we felt confident glitches were handled in a way that would be easy to diagnose in the future!</p> <h2>UI Fixes</h2> <p>Users and maintainers have noticed a few glitches since our UI moved from the abandoned react-scripts to vite for packaging. We think we've corrected everything at this point, but please reach out if you believe we didn't.</p> <ul> <li>Fixed our test image ghcr.io/openzipkin/zipkin-ui resulting in 404s</li> <li>Fixed handling of the env variable ZIPKIN_UI_BASEDIR, used when zipkin is deployed in a proxying <ul> <li>added a new ghcr.io/openzipkin/zipkin-uiproxy image that <a href="https://github.com/openzipkin/zipkin/blob/master/docker/examples/README.md#ui-proxy";>proves this works</a>.</li> <li>A lot of folks pitched in here, special thanks to <a href="https://github.com/ujo-trackunit";><code>@ujo-trackunit</code></a> who uses this and provided a lot of insight leading to the fix, as well <a href="https://github.com/SamTV12345";><code>@SamTV12345</code></a> <a href="https://github.com/reta";><code>@reta</code></a> and <a href="https://github.com/anuraaga";><code>@anuraaga</code></a> who all took time away to contribute towards resolution.</li> </ul> </li> </ul> <h2>Cassandra and SASI default change</h2> <p>When <code>STORAGE_TYPE=cassandra3</code>, zipkin uses a feature called SASI for search features. This was enabled by default in Cassandra 3.11+, but in 4.x it became <em>disabled by default</em>.</p> <p>Unlike schema settings, <code>sasi_indexes_enabled: true</code> is not something zipkin can change. Before, we weren't logging this critical setup problem, so users upgrading from cassandra 3 to 4 had a very hard time figuring it out. We now properly log what's going on, with more context. Ideally, this will help folks correct their configuration.</p> <p>Here's an example, if you use the default cassandra docker image which has SASI disabled</p> <pre><code>2024-03-07T08:02:47.184+08:00 ERROR [/] 83635 --- [cking-tasks-2-1] z.s.c.Schema : Failed to execute [CREATE CUSTOM INDEX IF NOT EXISTS ON zipkin2.span (l_service) USING 'org.apache.cassandra.index.sasi.SASIIndex' WITH OPTIONS = {'mode': 'PREFIX'}]: SASI indexes are disabled. Enable in cassandra.yaml to use. </code></pre> <h2>Build updates</h2> <p>While these changes won't impact end users, they do affect forks and are important.</p> <ul> <li>we moved from long form license headers to <a href="https://redirect.github.com/openzipkin/zipkin/pull/3749";>SPDX ID</a></li> <li><a href="https://github.com/anuraaga";><code>@anuraaga</code></a> fixed our ServerIntegratedBenchmark</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/openzipkin/zipkin/compare/3.1.0..3.1.1";>https://github.com/openzipkin/zipkin/compare/3.1.0..3.1.1</a></p> <p>Zipkin 3.1 includes our first additional features since the 3.0 platform update. Notably gRPC span collection is enabled by default, Eureka registration includes more properties, and you can now disable the UI independent of the REST API. Those using kubernetes should have a second look at our <a href="https://github.com/openzipkin/zipkin-helm";>helm chart</a> which is recently renovated as well!</p> <p>While most won't see this, we'd like to give a special shout out to <a href="https://github.com/SamTV12345";><code>@SamTV12345</code></a> for helping renovate our javascript build. It was Sam's first change in the project and quite a big one. We'd like to thank all the users for your feedback and the continued support from our all volunteer team, notably <a href="https://github.com/reta";><code>@reta</code></a> and <a href="https://github.com/anuraaga";><code>@anuraaga</code></a> who've stuck here with you so long.</p> <p>Here are the changes end users might notice</p> <ul> <li><code>COLLECTOR_GRPC_ENABLED</code> is now true by default, accepting spans from the <a href="https://github.com/openzipkin/zipkin-api/blob/master/zipkin.proto";>zipkin.proto3.SpanService/Report</a> service hosted on the same HTTP port as the normal API (default 9411)</li> <li>Eureka registration now populates the <code>homePageUrl</code> and <code>statusPageUrl</code> fields, the latter used in the spring-cloud-netflix UI. This was thanks to upstream changes in Armeria driven by <a href="https://github.com/minwoox";><code>@minwoox</code></a></li> <li>New <code>UI_ENABLED</code> for users who wish to expose the query API, but not host the javascript UI.</li> </ul> <p>Here are the build related changes:</p> <ul> <li>UI build now uses vite. <a href="https://github.com/SamTV12345";><code>@SamTV12345</code></a> was the MVP of this change, which eliminated a build-time CVE. This was a quite a lot of work, and we're grateful for Sam's help. We also appreciate others work on this, too, notably <a href="https://github.com/anuraaga";><code>@anuraaga</code></a> who advised and pitched in a test migration PR.</li> <li><a href="https://github.com/reta";><code>@reta</code></a> switched us to SLF4J 2.0, with heaps of thanks to <a href="https://github.com/wilkinsona";><code>@wilkinsona</code></a> who helped us come to the same page on what versions do what.</li> <li>our zipkin-slim image now includes netty tcnative libraries.</li> </ul> <p>Thank folks who helped with changes you want and don't forget to <a href="https://github.com/openzipkin/zipkin/stargazers";>star the project</a> if you're happy with our continued efforts! If you'd like to get in touch, please chat on <a href="https://app.gitter.im/#/room/#openzipkin_zipkin:gitter.im";>gitter</a>. See you next release!</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/openzipkin/zipkin/compare/3.0.6..3.1.0";>https://github.com/openzipkin/zipkin/compare/3.0.6..3.1.0</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/openzipkin/zipkin/commit/fefb4580f03d43274f9eb7dd9045709e58ae2fc6";><code>fefb458</code></a> [maven-release-plugin] prepare release 3.1.1</li> <li><a href="https://github.com/openzipkin/zipkin/commit/b6f5f7f7078539c99be513f66c4afc1e7e6d9a1f";><code>b6f5f7f</code></a> cassandra: fail at startup if search enabled, but SASI disabled (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3741";>#3741</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/e535720d753d7958a018d9a67b2d2d9f4f79e548";><code>e535720</code></a> docker: fixes CVE in eureka image (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3752";>#3752</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/2bbc4bb42e50be75cd95f6156b7224bc5d423bae";><code>2bbc4bb</code></a> lens: adds zipkin-uiproxy image and fixes ZIPKIN_UI_BASEPATH (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3751";>#3751</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/e16d38e21172419e5f6c2e01aea6510de07478dd";><code>e16d38e</code></a> fixes build status badge in README which should only report on master (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3750";>#3750</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/dad41826e8ca5a144d45a2ff5a62ca86fddd793d";><code>dad4182</code></a> license: removes copyright year and uses SPDX ID (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3749";>#3749</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/53a735d2d405824d00bcb1dad6cc0993d11230d4";><code>53a735d</code></a> Fix ServerIntegratedBenchmark (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3748";>#3748</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/922f5c73af974bfcc99ea65131ffd103a4ff698a";><code>922f5c7</code></a> deps: bumps java deps to latest, notably Kafka (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3747";>#3747</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/7352fb1f8bf2e6bb9892c7a4c2820aff0244b87a";><code>7352fb1</code></a> ui: ensures resources loaded by relative URL when baseUrl property set (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3746";>#3746</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/85145c21457e36346576453bd1aaab4807ca8f77";><code>85145c2</code></a> Fixed base path variable (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3745";>#3745</a>)</li> <li>Additional commits viewable in <a href="https://github.com/openzipkin/zipkin/compare/2.26.0...3.1.1";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
