dependabot[bot] opened a new pull request, #3677: URL: https://github.com/apache/eventmesh/pull/3677
Bumps [io.prometheus:simpleclient_httpserver](https://github.com/prometheus/client_java) from 0.8.1 to 0.16.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/prometheus/client_java/releases";>io.prometheus:simpleclient_httpserver's releases</a>.</em></p> <blockquote> <h2>0.16.0 / 2022-06-15</h2> <p>[ENHANCEMENT] Environment variable <code>PROMETHEUS_DISABLE_CREATED_SERIES=true</code> for disabling <code>_created</code> metrics (<a href="https://redirect.github.com/prometheus/client_java/issues/791";>#791</a>). Thanks <a href="https://github.com/mindw";><code>@mindw</code></a> [ENHANCEMENT] Support for OpenTelemetry trace sampling: Only traces that are sampled will be used as exemplars (<a href="https://redirect.github.com/prometheus/client_java/issues/766";>#766</a>). Thanks <a href="https://github.com/fscellos";><code>@fscellos</code></a> [ENHANCEMENT] Handle thread IDs <= 0. Apparently Apache Zookeeper generates negative thread IDs, which causes issues in <code>jmx_exporter</code> (<a href="https://redirect.github.com/prometheus/client_java/issues/784";>#784</a>). Thanks <a href="https://github.com/dhoard";><code>@dhoard</code></a> [ENHANCEMENT] Mark opentelemtry-api as optional to make it an optional dependency in OSGi (<a href="https://redirect.github.com/prometheus/client_java/issues/790";>#790</a>). Thanks <a href="https://github.com/adessaigne";><code>@adessaigne</code></a>. [ENHANCEMENT] Move servlet adapters to an internal package to avoid duplicating classes when building OSGi bundles (<a href="https://redirect.github.com/prometheus/client_java/issues/789";>#789</a>). Thanks <a href="https://github.com/adessaigne";><code>@adessaigne</code></a> [ENHANCEMENT] Extend the API of the <code>HTTPServer.Builder</code> to allow custom <code>ExecutorService</code> instances (<a href="https://redirect.github.com/prometheus/client_java/issues/756";>#756</a>). Thanks <a href="https://github.com/dhoard";><code>@dhoard</code></a> [ENHANCEMENT] Reduce the number of core threads in <code>HTTPServer</code> from 5 to 1. The <code>HTTPServer</code> will still start up to 5 threads on demand if there are parallel requests, but it will use only 1 thread as long as requests are sequential (<a href="https://redirect.github.com/prometheus/client_java/issues/786";>#786</a>). [ENHANCEMENT] Optimize metric name sanitization: Replace the regular expression with a hard-coded optimized algorithm to improve performance (<a href="https://redirect.github.com/prometheus/client_java/issues/777";>#777</a>). Thanks <a href="https://github.com/fwbrasil";><code>@fwbrasil</code></a> [BUGFIX] Fix missing Dropwizard metrics in Vertx (<a href="https://redirect.github.com/prometheus/client_java/issues/780";>#780</a>). Thanks <a href="https://github.com/yaronel";><code>@yaronel</code></a>. [BUGFIX] Fix incorrect buffer size in the Servlet exporter (<a href="https://redirect.github.com/prometheus/client_java/issues/794";>#794</a>). Thanks <a href="https://github.com/GreenRover";><code>@GreenRover</code></a> for finding the issue and <a href="https://github.com/dhoard";><code>@dhoard</code></a> for the fix. [BUGFIX] Fix sample name filter for the JMX metric <code>jvm_memory_bytes_committed</code> (<a href="https://redirect.github.com/prometheus/client_java/issues/768";>#768</a>). Thanks <a href="https://github.com/SvenssonWeb";><code>@SvenssonWeb</code></a> [ENHANCEMENT] Lots of dependency version bumps.</p> <h2>0.15.0 / 2022-02-05</h2> <p>Major refactoring of Quantiles in Summary metrics. This will make them faster and use less memory. The new implementation also supports two corner cases that were not possible before: You can now use <code>.quantile(0, 0)</code> to track the minimum observed value and <code>.quantile(1, 0)</code> to track the maximum observed value. Thanks a lot <a href="https://github.com/DieBauer";><code>@DieBauer</code></a>! <a href="https://redirect.github.com/prometheus/client_java/issues/755";>#755</a></p> <p>In addition to that the release includes:</p> <p>[ENHANCEMENT] Lots of dependency version bumps. [BUGFIX] Apply <code>ServletConfig</code> during Servlet initialization in <code>simpleclient_servlet</code> and <code>simpleclient_servlet_jakarta</code> <a href="https://redirect.github.com/prometheus/client_java/issues/739";>#739</a> [BUGFIX] <code>HTTPServer</code>: Don't send a Content-Length header when Transfer-Encoding is chunked <a href="https://redirect.github.com/prometheus/client_java/issues/738";>#738</a>. Thanks <a href="https://github.com/dhoard";><code>@dhoard</code></a> [BUGFIX] <code>simpleclient_log4j</code> set the log4j dependency scope as <code>provided</code> so that users don't accidentally pull the log4j version used in client_java. Note: This module is for monitoring log4j version 1, in <code>simpleclient_log4j2</code> the dependency is already <code>provided</code>. [BUGFIX] <code>simpleclient_dropwizard</code> set the Dropwizard dependency scope as <code>provided</code> so that users don't accidentally pull the Dropwizard version used in client_java.</p> <h2>0.14.1 / 2021-12-19</h2> <p>Bump the <code>log4j</code> version in <code>simpleclient_log4j2</code> to 2.17.0. Apart from that this release is identical to 0.14.0.</p> <h2>0.14.0 / 2021-12-18</h2> <p>Yet another <code>log4j</code> version update in <code>simpleclient_log4j2</code>: This time to 2.16.0. Note that the <code>log4j</code> dependency in <code>simpleclient_log4j2</code> has scope <code>provided</code>, i.e. <code>simpleclient_log4j2</code> does not ship with <code>log4j</code>. <code>simpleclient_log4j2</code> uses whatever <code>log4j</code> version the monitored application provides at runtime. Updating the <code>log4j</code> dependency in <code>simpleclient_log4j2</code> helps getting rid of security scanner warnings (see <a href="https://redirect.github.com/prometheus/client_java/issues/733";>#733</a>), but in order to eliminate the <code>log4j</code> vulnerability you must make sure that the application you monitor ships with an up-to-date <code>log4j</code> version.</p> <p>Apart from the <code>log4j</code> update we have a new feature:</p> <p>[ENHANCEMENT] The <code>HTTPServer</code> can now be configured to use SSL (<a href="https://redirect.github.com/prometheus/client_java/issues/695";>#695</a>). Thanks <a href="https://github.com/dhoard";><code>@dhoard</code></a>.</p> <h2>0.13.0 / 2021-12-13</h2> <p>We updated <code>log4j</code> to 2.15.0, which fixes the log4shell vulnerability (CVE-2021-44228) (<a href="https://redirect.github.com/prometheus/client_java/issues/726";>#726</a>). Technically <code>simpleclient_log4j2</code> is not directly affected by the vulnerability, because as long as you update log4j in your monitored application <code>simpleclient_log4j2</code> will pick up the updated version. However, it makes sense to remove the vulnerable versions from the dependency tree, therefore the update.</p> <p>In addition to the log4j update in <code>simpleclient_log4j2</code>, this release contains the following enhancements and fixes:</p> <p>[ENHANCEMENT] Allow passing a custom registry to the logback InstrumentedAppender (<a href="https://redirect.github.com/prometheus/client_java/issues/690";>#690</a>). Thanks <a href="https://github.com/MatthewDolan";><code>@MatthewDolan</code></a>. [BUGFIX] Correct handling of HEAD requests (<a href="https://redirect.github.com/prometheus/client_java/issues/688";>#688</a>). Thanks <a href="https://github.com/dhoard";><code>@dhoard</code></a>. [ENHANCEMENT] Lots of more integration tests and tests with different Java versions. [ENHANCEMENT] Make HTTPMetricHandler public so that users can use them in their own HttpServers (<a href="https://redirect.github.com/prometheus/client_java/issues/722";>#722</a>). Thanks <a href="https://github.com/dhoard";><code>@dhoard</code></a>. [ENHANCEMENT] Make Base64 encoding in the HTTP authentication for the PushGateway work with all Java versions (<a href="https://redirect.github.com/prometheus/client_java/issues/698";>#698</a>). Thanks <a href="https://github.com/dhoard";><code>@dhoard</code></a>.</p> <h2>0.12.0 / 2021-08-29</h2> <p>This release has a (minor) <strong>breaking change</strong> in the <code>simpleclient_hotspot</code> module, fixing an incompatibility with <a href="https://openmetrics.io";>OpenMetrics</a>:</p> <p>The metric <code>jvm_classes_loaded</code> from the <code>ClassLoadingExports</code> was renamed to <code>jvm_classes_currently_loaded</code> <a href="https://redirect.github.com/prometheus/client_java/issues/681";>#681</a>. The reason is that there is another metric named <code>jvm_classes_loaded_total</code>, and in OpenMetrics this resulted in a name conflict because the base name <code>jvm_classes_loaded</code> was the same, see <a href="https://redirect.github.com/prometheus/jmx_exporter/issues/621";>prometheus/jmx_exporter#621</a>.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/prometheus/client_java/commit/ed0d7ae3b57a3986f6531d1a37db031a331227e6";><code>ed0d7ae</code></a> [maven-release-plugin] prepare release parent-0.16.0</li> <li><a href="https://github.com/prometheus/client_java/commit/6ac453dfaead46516ab81ad6e0083f45d5d1cdff";><code>6ac453d</code></a> Update maintainer notes</li> <li><a href="https://github.com/prometheus/client_java/commit/5e65821c49c89fa723f81233ac7e3eb888cf61cc";><code>5e65821</code></a> Bump dependency versions</li> <li><a href="https://github.com/prometheus/client_java/commit/7de891ee551ecc0b27b8eb37f9a6df3a4b4b35d8";><code>7de891e</code></a> Fix Describable returning an empty list (<a href="https://redirect.github.com/prometheus/client_java/issues/785";>#785</a>)</li> <li><a href="https://github.com/prometheus/client_java/commit/6730f3e32199d6bf0e963b306ff69ef08ac5b178";><code>6730f3e</code></a> Support <code>_created</code> time series suppression (<a href="https://redirect.github.com/prometheus/client_java/issues/791";>#791</a>)</li> <li><a href="https://github.com/prometheus/client_java/commit/75baa060b650ae5d8b5e59efc5c81ca276cc73eb";><code>75baa06</code></a> Move servlet adapters to an internal package to avoid duplicating classes whe...</li> <li><a href="https://github.com/prometheus/client_java/commit/e517786de891a3e35070d4d4ef1bac195a959391";><code>e517786</code></a> Mark opentelemtry-api as optional to make it an optional dependency in OSGi.</li> <li><a href="https://github.com/prometheus/client_java/commit/7c9fc397c21ebc9119f40131f075e1b2ed7b3079";><code>7c9fc39</code></a> Fixed HttpServletResponseAdapterImpl setStatus method to call correct delegat...</li> <li><a href="https://github.com/prometheus/client_java/commit/2be241cc3efeefd46c8bd7a6f403f3079a18e7e2";><code>2be241c</code></a> Added defensive code for scenario where thread id <= 0</li> <li><a href="https://github.com/prometheus/client_java/commit/2f31b96666ce705e18d7216771f18c83f0dce0c5";><code>2f31b96</code></a> Reduce number of core threads in HTTPServer to one</li> <li>Additional commits viewable in <a href="https://github.com/prometheus/client_java/compare/parent-0.8.1...parent-0.16.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@eventmesh.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@eventmesh.apache.org For additional commands, e-mail: dev-h...@eventmesh.apache.org
