chore(deps): bump the minor-and-patch group with 29 updates

[dependabot]

Bumps the minor-and-patch group with 29 updates:

Package	From	To
com.google.guava:guava	33.0.0-jre	33.4.0-jre
com.github.gestalt-config:gestalt-core	0.29.0	0.35.1
com.github.gestalt-config:gestalt-toml	0.29.0	0.35.1
com.fasterxml.jackson:jackson-bom	2.15.2	2.18.2
org.jctools:jctools-core	4.0.1	4.0.5
io.jsonwebtoken:jjwt-api	0.11.5	0.12.6
io.jsonwebtoken:jjwt-impl	0.11.5	0.12.6
io.jsonwebtoken:jjwt-jackson	0.11.5	0.12.6
io.vertx:vertx-auth-jwt	4.5.3	4.5.11
io.vertx:vertx-core	4.5.3	4.5.11
io.vertx:vertx-web	4.5.3	4.5.11
io.netty:netty-all	4.1.108.Final	4.1.117.Final
io.micrometer:micrometer-registry-prometheus	1.11.0	1.14.3
io.micrometer:micrometer-tracing-bom	1.1.1	1.4.2
ch.qos.logback:logback-core	1.4.12	1.5.16
ch.qos.logback:logback-classic	1.4.14	1.5.16
org.slf4j:slf4j-api	2.0.7	2.0.16
io.opentelemetry:opentelemetry-bom-alpha	1.26.0-alpha	1.46.0-alpha
io.opentelemetry:opentelemetry-bom	1.26.0	1.46.0
info.picocli:picocli	4.7.3	4.7.6
info.picocli:picocli-codegen	4.7.3	4.7.6
com.google.errorprone:error_prone_core	2.18.0	2.36.0
io.libp2p:jvm-libp2p	1.0.1-RELEASE	1.2.2-RELEASE
com.aayushatharva.brotli4j:brotli4j	1.16.0	1.18.0
org.junit.jupiter:junit-jupiter	5.9.1	5.11.4
org.junit.jupiter:junit-jupiter-engine	5.9.0	5.11.4
org.junit.platform:junit-platform-suite-api	1.9.1	1.11.4
org.junit.platform:junit-platform-suite-engine	1.9.1	1.11.4
org.junit.platform:junit-platform-reporting	1.9.1	1.11.4

Updates com.google.guava:guava from 33.0.0-jre to 33.4.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.4.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.4.0-jre</version>
  <!-- or, for Android: -->
  <version>33.4.0-android</version>
</dependency>

Jar files

• 33.4.0-jre.jar
• 33.4.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.2.jar

Javadoc

• 33.4.0-jre
• 33.4.0-android

JDiff

• 33.4.0-jre vs. 33.3.1-jre
• 33.4.0-android vs. 33.3.1-android
• 33.4.0-android vs. 33.4.0-jre

Changelog

• Exposed additional Java 8 APIs to Android users. (6082782134, 9b0109c662, 6ace8bc8ea, b650b9fe77, c6c268006c, 984f713d76, f9f3fffb87, cdc225474e)
• base: Deprecated Charsets constants in favor of StandardCharsets. We will not remove the constants, but we recommend using StandardCharsets for consistency. (45e6be2688)
• base: Added ToStringHelper.omitEmptyValues(). (f5ec2ab85c)
• collect: Added an optimized copyOf method to TreeRangeMap. (a46565dd1c)
• collect.testing: Fixed @Require annotations so that features implied by absent features are not also required to be absent. (81be061f85)
• io: Changed ByteSink and CharSink to no longer call flush() in some cases before close(). This is a no-op for well-behaved streams, which internally flush their data as part of closing. However, we have discovered some stream implementations that have overridden close() to do nothing, including not to flush some buffered data. If this change causes problems, the simplest fix is usually to change the close() override to at least call flush(). (6ace8bc8ea)
• net: Added HttpHeaders.ALT_SVC and MediaType.CBOR. (503ba429f9, 7c0bf0892d)

33.3.1

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
</tr></table> 

... (truncated)

Commits

• See full diff in compare view

Updates com.github.gestalt-config:gestalt-core from 0.29.0 to 0.35.1

Release notes

Sourced from com.github.gestalt-config:gestalt-core's releases.

v0.33.0 Annotations

What's Changed

• Feat/annotations by @​credmond-git in gestalt-config/gestalt#225

Certain annotations can be applied to a configuration using @{annotation}, this will covert the annotation to metadata that can be applied to the node. Then the metadata is used to apply the intended behaviour to the node.

For example, we can apply the temporary node feature on a node by using the annotation @{temp:1}

my.password=abcdef@{temp:1}

annotation	parameter	description
temp	(int) Number of times this temp node can be read	restrict the number of times a value can be read before it is released
encrypt	(boolean) if we should apply to this node	Encrypts the node in memory.
nocache	(boolean) if we should apply to this node	Will not cache the node. If a node is part of a object the whole object will not be cached.
secret	(boolean) if we should apply to this node	Treats the node as a secret, so it will not print it out in errors or the debug print.

Trim Whitespace

By default, white spaces before and after the annotation are trimmed. You can disable this feature using the gestalt builder and setting setAnnotationTrimWhiteSpace(false)

GestaltBuilder builder = new GestaltBuilder();
Gestalt gestalt = builder
  .addSource(MapConfigSourceBuilder.builder()
    .setCustomConfig(configs)
    .build())
  .setAnnotationTrimWhiteSpace(false)
  .build();

Full Changelog: gestalt-config/gestalt@v0.32.2...v0.33.0

v0.32.2

What's Changed

• Feat/207 node include source factories by @​credmond-git in gestalt-config/gestalt#214
  • Add additional node include sources:
    • URL Config Source
    • Env Vars
    • Kubernetes
    • System
    • S3 (AWS)
    • Blob (Azure)
    • git
    • Google Cloud Storage
• test: additional git tests. by @​credmond-git in gestalt-config/gestalt#217

Full Changelog: gestalt-config/gestalt@v0.32.1...v0.32.2

... (truncated)

Commits

• aad3846 chore: prepare release 0.35.1
• 9c3fb51 fix: module issues with RunTimeConfigNodeProcessor.
• 6f617a4 chore: update github actions.
• e341cb4 feat: prepare release v0.35.0
• 3b9719d dep: update to Kotlin 2.1.0
• 706c1cd perf: fix performance regression with cache since we added getConfigResult, a...
• ea3eb75 docs: update some details on the web page like changing the order of the anno...
• 19c23ea Update README.md
• ca3c5b5 test: add additional test for dist 100.
• b48fb58 chore: prepare release v0.34.0
• Additional commits viewable in compare view

Updates com.github.gestalt-config:gestalt-toml from 0.29.0 to 0.35.1

Release notes

Sourced from com.github.gestalt-config:gestalt-toml's releases.

v0.33.0 Annotations

What's Changed

• Feat/annotations by @​credmond-git in gestalt-config/gestalt#225

Certain annotations can be applied to a configuration using @{annotation}, this will covert the annotation to metadata that can be applied to the node. Then the metadata is used to apply the intended behaviour to the node.

For example, we can apply the temporary node feature on a node by using the annotation @{temp:1}

my.password=abcdef@{temp:1}

annotation	parameter	description
temp	(int) Number of times this temp node can be read	restrict the number of times a value can be read before it is released
encrypt	(boolean) if we should apply to this node	Encrypts the node in memory.
nocache	(boolean) if we should apply to this node	Will not cache the node. If a node is part of a object the whole object will not be cached.
secret	(boolean) if we should apply to this node	Treats the node as a secret, so it will not print it out in errors or the debug print.

Trim Whitespace

By default, white spaces before and after the annotation are trimmed. You can disable this feature using the gestalt builder and setting setAnnotationTrimWhiteSpace(false)

GestaltBuilder builder = new GestaltBuilder();
Gestalt gestalt = builder
  .addSource(MapConfigSourceBuilder.builder()
    .setCustomConfig(configs)
    .build())
  .setAnnotationTrimWhiteSpace(false)
  .build();

Full Changelog: gestalt-config/gestalt@v0.32.2...v0.33.0

v0.32.2

What's Changed

• Feat/207 node include source factories by @​credmond-git in gestalt-config/gestalt#214
  • Add additional node include sources:
    • URL Config Source
    • Env Vars
    • Kubernetes
    • System
    • S3 (AWS)
    • Blob (Azure)
    • git
    • Google Cloud Storage
• test: additional git tests. by @​credmond-git in gestalt-config/gestalt#217

Full Changelog: gestalt-config/gestalt@v0.32.1...v0.32.2

... (truncated)

Commits

• aad3846 chore: prepare release 0.35.1
• 9c3fb51 fix: module issues with RunTimeConfigNodeProcessor.
• 6f617a4 chore: update github actions.
• e341cb4 feat: prepare release v0.35.0
• 3b9719d dep: update to Kotlin 2.1.0
• 706c1cd perf: fix performance regression with cache since we added getConfigResult, a...
• ea3eb75 docs: update some details on the web page like changing the order of the anno...
• 19c23ea Update README.md
• ca3c5b5 test: add additional test for dist 100.
• b48fb58 chore: prepare release v0.34.0
• Additional commits viewable in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.15.2 to 2.18.2

Commits

• 55ff098 [maven-release-plugin] prepare release jackson-bom-2.18.2
• 84a6fe4 Prep for 2.18.2 release
• 88591c6 Merge branch '2.17' into 2.18
• bc1206e Back to snapshot dep
• 1021173 [maven-release-plugin] prepare for next development iteration
• e3fd468 [maven-release-plugin] prepare release jackson-bom-2.17.3
• ef13a7a Start 2.17.3 release
• 1ed3d25 Back to snapshot deps
• fac9a3b [maven-release-plugin] prepare for next development iteration
• ef33ac7 [maven-release-plugin] prepare release jackson-bom-2.18.1
• Additional commits viewable in compare view

Updates org.jctools:jctools-core from 4.0.1 to 4.0.5

Release notes

Sourced from org.jctools:jctools-core's releases.

Fix bytecode version and add unpadded atomic queues

No release notes provided.

Minor Release 4.0.2

Same code, new bundling post #370

Commits

• a17b56f Update development version to 4.0.5-SNAPSHOT
• 173423c Addressing Nitsan's comment
• 4b7d2ac Adding Atomic Unpadded queues
• 5c1b88b Update development version to 4.0.4-SNAPSHOT
• 0dae71c Update development version to 4.0.3-SNAPSHOT
• f36b00f Fix #384, ## in javadoc instead of #
• 463181b Add module descriptor to jctools-core
• 3e54465 Add CodeQL workflow for GitHub code scanning
• 25c1a28 Adding benchmark for thread-local object pool use case
• 9c39910 Update RELEASE-NOTES.md post 4.0.1 release
• Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-api from 0.11.5 to 0.12.6

Release notes

Sourced from io.jsonwebtoken:jjwt-api's releases.

0.12.6

This patch release:

• Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See jwtk/jjwt#947.
• Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See jwtk/jjwt#949.
• Upgrades BouncyCastle to 1.78 via jwtk/jjwt#941
• Usees Acsiidoc as README format by @​bdemers in jwtk/jjwt#777
• Allows using GenericSecret for HmacSHA* algorithms by @​mnylen in jwtk/jjwt#935
• Enables JWE arbitrary content compression by @​mnylen in jwtk/jjwt#937

New Contributors

• @​mnylen made their first contribution in jwtk/jjwt#935

Full Changelog: jwtk/jjwt@0.12.5...0.12.6

0.12.5

This release fixes issue #916 and ensures that builders' NestedCollection changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call .and() to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:

JwtBuilder builder = Jwts.builder();
builder.audience().add("an-audience"); // no .and() call
builder.compact(); // would not keep 'an-audience'

Now this code works as expected and all other NestedCollection instances like it apply changes immediately (e.g. when calling .add(value)).

However, standard fluent builder chains are still recommended for readability when feasible, e.g.

Jwts.builder()
    .audience().add("an-audience").and() // allows fluent chaining
    .subject("Joe")
    // etc...
    .compact()

These same notes are repeated in the CHANGELOG, and as always, project documentation is in the README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

0.12.4

This is patch release completes 10 issues, with two especially noteworthy changes, and a number of other smaller bug fixes and enhancements.

1. The default Jackson deserializer will now reject duplicate JSON members by default in an attempt to be a little more strict at rejecting potentially malicious or malformed JSON. This is a default and can be overridden with a custom ObjectMapper if desired.
2. Password-based JWE encryption key algorithms (PBES2_HS256_A128KW, PBES2_HS384_A192KW and PBES2_HS512_A256KW) now enforce an upper bound (maximum) number of iterations allowed during decryption to mitigate against potential DoS attacks. Many thanks to Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for their work on this!

A number of other issues fixed: thread-safe ServiceLoader usage for dynamic JSON processor lookup, Android enhancements for JSON Reader APIs, fixed Elliptic Curve field element padding, and more. Please read the 0.12.4 CHANGELOG for full details of all of these changes, and as always, project documentation is in the 0.12.4 README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

... (truncated)

Changelog

Sourced from io.jsonwebtoken:jjwt-api's changelog.

0.12.6

This patch release:

• Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See Issue 947.
• Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See Issue 949.
• Upgrades BouncyCastle to 1.78 via PR 941.

0.12.5

This patch release:

• Ensures that builders' NestedCollection changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call .and() to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:

  JwtBuilder builder = Jwts.builder();
  builder.audience().add("an-audience"); // no .and() call
  builder.compact(); // would not keep 'an-audience'

  Now this code works as expected and all other NestedCollection instances like it apply changes immediately (e.g. when calling .add(value)).

  However, standard fluent builder chains are still recommended for readability when feasible, e.g.

  Jwts.builder()
      .audience().add("an-audience").and() // allows fluent chaining
      .subject("Joe")
      // etc...
      .compact()

  See Issue 916.

0.12.4

This patch release includes various changes listed below.

Jackson Default Parsing Behavior

This release makes two behavioral changes to JJWT's default Jackson ObjectMapper parsing settings:

1. In the interest of having stronger standards to reject potentially malformed/malicious/accidental JSON that could have undesirable effects on an application, JJWT's default ObjectMapper is now configured to explicitly reject/fail parsing JSON (JWT headers and/or Claims) if/when that JSON contains duplicate JSON member names.

   For example, now the following JSON, if parsed, would fail (be rejected) by default:

... (truncated)

Commits

• 0df9756 [maven-release-plugin] prepare release 0.12.6
• aacdfdc - Updated README.adoc :project-version: to be 0.12.6.
• d14f27b Bump org.bouncycastle:bcprov-jdk18on from 1.76 to 1.78 (#941)
• 0c2d96c Fixes #949 (#950)
• a7de554 Fixes #947 (#948)
• 7543248 Bump org.bouncycastle:bcpkix-jdk18on from 1.76 to 1.78 (#943)
• 3489fdb JWE arbitrary content compression (#937)
• 23d9a33 Allow using GenericSecret for HmacSHA* (#935)
• c673b76 Update SECURITY.md
• 2694861 Use Acsiidoc as README format (#777)
• Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-impl from 0.11.5 to 0.12.6

Release notes

Sourced from io.jsonwebtoken:jjwt-impl's releases.

0.12.6

This patch release:

• Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See jwtk/jjwt#947.
• Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See jwtk/jjwt#949.
• Upgrades BouncyCastle to 1.78 via jwtk/jjwt#941
• Usees Acsiidoc as README format by @​bdemers in jwtk/jjwt#777
• Allows using GenericSecret for HmacSHA* algorithms by @​mnylen in jwtk/jjwt#935
• Enables JWE arbitrary content compression by @​mnylen in jwtk/jjwt#937

New Contributors

• @​mnylen made their first contribution in jwtk/jjwt#935

Full Changelog: jwtk/jjwt@0.12.5...0.12.6

0.12.5

This release fixes issue #916 and ensures that builders' NestedCollection changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call .and() to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:

JwtBuilder builder = Jwts.builder();
builder.audience().add("an-audience"); // no .and() call
builder.compact(); // would not keep 'an-audience'

Now this code works as expected and all other NestedCollection instances like it apply changes immediately (e.g. when calling .add(value)).

However, standard fluent builder chains are still recommended for readability when feasible, e.g.

Jwts.builder()
    .audience().add("an-audience").and() // allows fluent chaining
    .subject("Joe")
    // etc...
    .compact()

These same notes are repeated in the CHANGELOG, and as always, project documentation is in the README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

0.12.4

This is patch release completes 10 issues, with two especially noteworthy changes, and a number of other smaller bug fixes and enhancements.

1. The default Jackson deserializer will now reject duplicate JSON members by default in an attempt to be a little more strict at rejecting potentially malicious or malformed JSON. This is a default and can be overridden with a custom ObjectMapper if desired.
2. Password-based JWE encryption key algorithms (PBES2_HS256_A128KW, PBES2_HS384_A192KW and PBES2_HS512_A256KW) now enforce an upper bound (maximum) number of iterations allowed during decryption to mitigate against potential DoS attacks. Many thanks to Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for their work on this!

A number of other issues fixed: thread-safe ServiceLoader usage for dynamic JSON processor lookup, Android enhancements for JSON Reader APIs, fixed Elliptic Curve field element padding, and more. Please read the 0.12.4 CHANGELOG for full details of all of these changes, and as always, project documentation is in the 0.12.4 README.

Please allow 30 minutes from the time this announcement is published for the release to be available in Maven Central.

... (truncated)

Changelog

Sourced from io.jsonwebtoken:jjwt-impl's changelog.

0.12.6

This patch release:

• Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See Issue 947.
• Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See Issue 949.
• Upgrades BouncyCastle to 1.78 via PR 941.

0.12.5

This patch release:

• Ensures that builders' NestedCollection changes are applied to the collection immediately as mutation methods are called, no longer requiring application developers to call .and() to 'commit' or apply a change. For example, prior to this release, the following code did not apply changes:

  JwtBuilder builder = Jwts.builder();
  builder.audience().add("an-audience"); // no .and() call
  builder.compact(); // would not keep 'an-audience'

  Now this code works as expected and all other NestedCollection instances like it apply changes immediately (e.g. when calling .add(value)).

  However, standard fluent builder chains are still recommended for readability when feasible, e.g.

  Jwts.builder()
      .audience().add("an-audience").and() // allows fluent chaining
      .subject("Joe")
      // etc...
      .compact()

  See Issue 916.

0.12.4

This patch release includes various changes listed below.

Jackson Default Parsing Behavior

This release makes two behavioral changes to JJWT's default Jackson ObjectMapper parsing settings:

1. In the interest of having stronger standards to reject potentially malformed/malicious/accidental JSON that could have undesirable effects on an application, JJWT's default ObjectMapper is now configured to explicitly reject/fail parsing JSON (JWT headers and/or Claims) if/when that JSON contains duplicate JSON member names.

   For example, now the following JSON, if parsed, would fail (be rejected) by default:

... (truncated)

Commits

• 0df9756 [maven-release-plugin] prepare release 0.12.6
• aacdfdc - Updated README.adoc :project-version: to be 0.12.6.
• d14f27b Bump org.bouncycastle:bcprov-jdk18on from 1.76 to 1.78 (#941)
• 0c2d96c Fixes #949 (#950)
• a7de554 Fixes #947 (#948)
• 7543248 Bump org.bouncycastle:bcpkix-jdk18on from 1.76 to 1.78 (#943)
• 3489fdb JWE arbitrary content compression (#937)
• 23d9a33 Allow using GenericSecret for HmacSHA* (#935)
• c673b76 Update SECURITY.md
• 2694861 Use Acsiidoc as README format (#777)
• Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-jackson from 0.11.5 to 0.12.6

Updates io.vertx:vertx-auth-jwt from 4.5.3 to 4.5.11

Updates io.vertx:vertx-core from 4.5.3 to 4.5.11

Commits

• 27e674d Releasing 4.5.11
• e87837f Decouple the handshake part ServerWebSocket API.
• fcfc661 Redefine what a context closed means.
• a87afd2 Future.await should interrupt the current thread when the worker executor is ...
• ccca2b8 Merge pull request #5316 from franz1981/4.x_unified_allocator_fix_ssl
• a7c2ba5 Provide opportunity to create a client WebSocket with a given vertx context t...
• 032de2b Add peer host and port info for server SslHandler
• 3600204 Save recursive locks on websocket writeFrame
• 775d945 Execute blocking operations and context worker tasks should be concurrent.
• a3393ac Adding new end 2 end test
• Additional commits viewable in compare view

Updates io.vertx:vertx-web from 4.5.3 to 4.5.11

Updates io.netty:netty-all from 4.1.108.Final to 4.1.117.Final

Commits

• 3b03648 [maven-release-plugin] prepare release netty-4.1.117.Final
• 28a81c6 Update java versions (#14660)
• 1bd459a Correcly handle comments appended to nameserver declarations (#14658)
• ad00d19 Add configure to be able to use perf / intellij profiler within devco… (#14661)
• cd3dfe9 Update maven to 3.9.9 (#14654)
• 4d1f98d Adaptive: Only use ThreadLocal if called from FastThreadLocalThread i… (#14656)
• 01e14bc Provides Brotli settings without com.aayushatharva.brotli4j dependency (#14...
• d5bad42 OpenSslSession: Add support to defensively check for peer certs (#14641)
• b8e25e0 SslHandler: Ensure buffers are never leaked when wrap(...) produce SS… (#14647)
• 9f0b38b Reentrant close in EmbeddedChannel (#14642)
• Additional commits viewable in compare view

Updates io.micrometer:micrometer-registry-prometheus from 1.11.0 to 1.14.3

Release notes

Sourced from io.micrometer:micrometer-registry-prometheus's releases.

1.14.3

🐞 Bug Fixes

• Handle RuntimeException when getting/setting JMS headers #5746
• NPE occurs when AOP is applied to a method that returns CompletableFuture #5741
• Performance regression in MeterRegistry#remove with many meters #5466
• Exponential histogram throws ArrayIndexOutOfBoundsException #5740

🔨 Dependency Upgrades

• Bump com.netflix.spectator:spectator-reg-atlas from 1.8.2 to 1.8.3 #5799
• Bump software.amazon.awssdk:cloudwatch from 2.29.23 to 2.29.46 #5795
• Bump io.prometheus:prometheus-metrics-bom from 1.3.4 to 1.3.5 #5783

📔 Documentation

• Polish gh-5751 #5760
• Improve docs for same name with different tags #5751
• Document no support for meta-annotations with @Timed/@Counted #5737
• Remove outdated warnings in docs for @Counted/@Timed #5736

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​cfredri4 and @​izeye

1.14.2

🐞 Bug Fixes

• Protect against concurrent reads/writes to Context keyvalues #5739
• Null stacktrace in InvalidObservationException using Virtual Threads #5702
• Deprecate AggregationTemporality#toOtlpAggregationTemporality #5733
• Warn about gauge re-registration #5688
• executor.queued metrics of ForkJoinPool does not include queued submissions #5650
• Default ObservationConventions for Grpc do not always use a consistent set of keyvalues #5609

🔨 Dependency Upgrades

• Bump software.amazon.awssdk:cloudwatch from 2.29.14 to 2.29.23 #5724
• Bump io.prometheus:prometheus-metrics-bom from 1.3.3 to 1.3.4 #5723
• Bump dropwizard-metrics from 4.2.28 to 4.2.29 #5721

📔 Documentation

• Remove duplicated contextpropagation.adoc #5693
• Polish "Grafana Dashboard" section #5662
• Use BOM for Micrometer dependency examples in reference docs #5652

❤️ Contributors

... (truncated)

Commits

• 73e7928 Merge branch '1.13.x' into 1.14.x
• 229a787 Adds post release action; fixes gh-5805
• 4c64ed5 Merge branch '1.13.x' into 1.14.x
• d1c8045 Merge branch '1.12.x' into 1.13.x
• 5010e2d Polish (#5759)
• 96f6e5d Polish 1c891c7 (#5804)
• 521d57d Add a test verifying that a single character meter name is allowed for Promet...
• 7e35196 Merge branch '1.13.x' into 1.14.x
• 819fa61 Merge branch '1.12.x' into 1.13.x
• be6f962 Handle all exceptions when getting/setting JMS headers
• Additional commits viewable in compare view

Updates io.micrometer:micrometer-tracing-bom from 1.1.1 to 1.4.2

Release notes

Sourced from io.micrometer:micrometer-tracing-bom's releases.

1.4.2

🐞 Bug Fixes

• OtelTraceContextBuilder throwing Exception #911

🔨 Dependency Upgrades

• Bump io.micrometer:micrometer-core from 1.14.2 to 1.14.3 #941

1.4.1

🐞 Bug Fixes

• OTel Span is not set to status "ok" when ends successfully #890

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.14.2 #908
• Bump io.zipkin.reporter2:zipkin-reporter-bom from 3.4.2 to 3.4.3 #903

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GFriedrich

1.4.0

⚠️ Noteworthy

• OTel dependency convergence issue #819

⭐ New Features

• Support list values in tags in Span and SpanCustomizer #817
• Make OtelSpan public instead of package-private #808
• Add @Nullable annotations #744
• Propagating values from Observation.Context to Trace's Baggage #455

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.14.0 #886
• Bump io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha to 2.9.0-alpha #876 (micrometer-metrics/tracing#876) (Brings in io.opentelemetry:opentelemetry-bom:1.43.0)
• Bump io.zipkin.reporter2:zipkin-reporter-bom to 3.4.2 #846

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Jasz, @​chemicL, @​ThomasVitale, @​m15o

... (truncated)

Commits

• b5f45f0 Updated post release workflow
• 9c440d3 Bumps micrometer to 1.14.3; fixes gh-941
• f425dff Merge branch '1.3.x' into 1.4.x
• 0d81c7d Bumps micrometer to 1.13.10; fixes gh-940
• 3ccbdc3 Merge branch '1.3.x' into 1.4.x
• 3ca2982 Adds post release tasks
• 3a92d4e Bump org.apache.logging.log4j:log4j-core from 2.24.2 to 2.24.3 (#913)
• d3aa93f Bump ch.qos.logback:logback-classic from 1.5.12 to 1.5.16 (#937)
• f68499e Bump org.junit:junit-bom from 5.11.3 to 5.11.4 (#916)
• 1ee4cbf Merge branch '1.3.x' into 1.4.x
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.4.12 to 1.5.16

Commits

• 74c9ebd prepare release 1.5.16
• 9308a58 javadocs structure changed
• 8935470 adapt test to SLF4J version 2.0.16
• cb60369 addded StubEventEvaluator as default class for evaluator element so as to dir...
• 1da2f17 bump jxr version
• 5bde644 bump slf4j version to 2.0.16
• aa2ebae remove stax related code
• 80db86b fix issues/860
• a8a2303 start work on 1.5.16-SNAPSHOT
• bf14c2c minor javadoc update
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.4.14 to 1.5.16

Commits

• 74c9ebd prepare release 1.5.16
• 9308a58 javadocs structure changed
• 8935470 adapt test to SLF4J version 2.0.16
• cb60369 addded StubEventEvaluator as default class for evaluator element so as to dir...
• 1da2f17 bump jxr version
• 5bde644 bump slf4j version to 2.0.16
• aa2ebae remove stax related code
• 80db86b fix issues/860
• a8a2303 start work on 1.5.16-SNAPSHOT
• bf14c2c minor javadoc update
• Additional commits viewable in compare view

Updates org.slf4j:slf4j-api from 2.0.7 to 2.0.16

Updates io.opentelemetry:opentelemetry-bom-alpha from 1.26.0-alpha to 1.46.0-alpha

Release notes

Sourced from io.opentelemetry:opentelemetry-bom-alpha's releases.

Version 1.45.0

API

• Add convenience method setAttribute(Attribute<Long>, int) to SpanBuilder (matching the existing convenience method in Span) (#6884)
• Extends TextMapGetter with experimental GetAll() method, implement usage in W3CBaggagePropagator (#6852)

SDK

Traces

• Add synchronization to SimpleSpanProcessor to ensure thread-safe export of spans (#6885)

Metrics

• Lazily initialize ReservoirCells (#6851)

Logs

• Add synchronization to SimpleLogRecordProcessor to ensure thread-safe export of logs (#6885)

Exporters

• OTLP: Update opentelementry-proto to 1.4 (#6906)
• OTLP: Rename internal Marshaler#writeJsonToGenerator method to allow jackson runtimeOnly dependency (#6896)
• OTLP: Fix repeated string serialization for JSON. (