Bump the trace-java-client-gradle-deps group across 1 directory with 6 updates

[dependabot]

Bumps the trace-java-client-gradle-deps group with 6 updates in the /trace-java-client directory:

Package	From	To
com.google.code.gson:gson	2.10.1	2.12.1
io.opentracing.brave:brave-opentracing	1.0.0	1.0.1
org.apache.commons:commons-lang3	3.14.0	3.17.0
io.zipkin.zipkin2:zipkin	2.25.2	3.5.0
io.zipkin.reporter2:zipkin-sender-okhttp3	2.17.1	3.5.0
io.zipkin.brave:brave	5.17.0	6.1.0

Updates com.google.code.gson:gson from 2.10.1 to 2.12.1

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.12.1

The only difference between this release and 2.12.0 is that OSGi declarations in the Gson jar now specify that com.google.errorprone.annotations is an optional dependency, not a required one. If you do not use OSGi then there is no effective change.

Gson 2.12.0

What's Changed

The biggest change is that we no longer support Java 7. People who still need to run on Java 7 will need to use an earlier version of Gson.

Other changes:

• Allow registering adapters for JsonElement again by @​Marcono1234 in google/gson#2789
• Add nesting limit for JsonReader by @​Marcono1234 in google/gson#2588
• Add @CheckReturnValue to our packages. by @​cpovirk in google/gson#2693
• Add NullSafeTypeAdapter to prevent TypeAdapter.nullSafe() from returning nested null-safe type adapters (#2729) by @​lyubomyr-shaydariv in google/gson#2731
• Support Properties subclasses in GsonTypes.getMapKeyAndValueTypes by @​panic08 in google/gson#2758
• Enforce rawType to be a Class in ParameterizedTypeImpl by @​panic08 in google/gson#2759
• Remove AccessController usage for enum adapter by @​Marcono1234 in google/gson#2704
• Fix typeArguments array not being cloned when resolving ParameterizedType with changed owner by @​TBlueF in google/gson#2706
• Remove duplicated declaration of required OSGi execution environment by @​HannesWell in google/gson#2711
• Move bnd.bnd file configuration into 'bnd' element of bnd-maven-plugin by @​HannesWell in google/gson#2712
• Move enum and JsonElement adapter classes to separate class files by @​Marcono1234 in google/gson#2727
• EnumTypeAdapter constructor optimization by @​esaulpaugh in google/gson#2734
• OSGi / bnd: Remove the self-Import of gson.annotations by @​chrisrueger in google/gson#2735

New Contributors

• @​cpovirk made their first contribution in google/gson#2693
• @​jabagawee made their first contribution in google/gson#2701
• @​TBlueF made their first contribution in google/gson#2706
• @​HannesWell made their first contribution in google/gson#2711
• @​esaulpaugh made their first contribution in google/gson#2734
• @​chrisrueger made their first contribution in google/gson#2735
• @​panic08 made their first contribution in google/gson#2756

Full Changelog: google/gson@gson-parent-2.11.0...gson-parent-2.12.0

Gson 2.11.0

Most important changes

• Added default ProGuard / R8 rules (@​Marcono1234, #2397, #2420; @​sgjesse, #2448; @​sfreilich)
  If you are using ProGuard or R8 (for example for Android projects) you might not need any special Gson configuration anymore if your classes have a no-args constructor and use @SerializedName for their fields.
• On Android, Gson now requires API level 21 or newer
• Added new Strictness API (@​marten-voorberg & fellow students, #2437)
  Some of Gson's API is still lenient by default, but you can now use the newly added methods GsonBuilder#setStrictness, JsonReader#setStrictness and JsonWriter#setStrictness with Strictness.STRICT to override this behavior and to instead strictly adhere to the JSON specification when parsing.
• New FormattingStyle class to allow configuring line breaks in JSON output (@​mihnita, #2231)
  Can be set using GsonBuilder#setFormattingStyle and JsonWriter#setFormattingStyle.
• TypeToken can no longer capture type variables by default (@​Marcono1234, #2376)
  This was previously a common source of issues. The newly thrown exception refers to a Troubleshooting Guide article which explains this in more detail and provides suggestions for updating affected code.
• Added serialization support for anonymous and local classes with a custom adapter (@​Marcono1234, #2498)
  This affects for example List implementations returned by libraries such as Guava which are implemented as anonymous class, which were previously serialized as null. Anonymous and local classes without custom adapter will still be serialized as null.
• Added dependency on com.google.errorprone:error_prone_annotations
  Your project can use Maven or Gradle dependency exclusions to remove the transitive error_prone_annotations dependency from Gson. Or if you are manually maintaining dependencies as JARs in your project you can omit error_prone_annotations. And it should still work correctly.\

... (truncated)

Commits

• 29e3d1d [maven-release-plugin] prepare release gson-parent-2.12.1
• be456cf Make the import of com.google.errorprone optional (#2795)
• b2e26fa Bump the github-actions group with 3 updates (#2785)
• 10bdd6d Simplify collection type adapters slightly. (#2791)
• ab9c54f [maven-release-plugin] prepare for next development iteration
• aaf7a12 [maven-release-plugin] prepare release gson-parent-2.12.0
• a2b1c3c Allow registering adapters for JsonElement again (#2789)
• e5dce84 Bump the maven group with 8 updates (#2784)
• 84e5f16 Bump the maven group with 7 updates (#2777)
• 9f3e577 Bump the github-actions group with 2 updates (#2778)
• Additional commits viewable in compare view

Updates io.opentracing.brave:brave-opentracing from 1.0.0 to 1.0.1

Commits

• See full diff in compare view

Updates org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0

Updates io.zipkin.zipkin2:zipkin from 2.25.2 to 3.5.0

Release notes

Sourced from io.zipkin.zipkin2:zipkin's releases.

3.5.0

What's Changed

Zipkin now supports Apache Pulsar as a span transport, enabled by PULSAR_SERVICE_URL and documented here. Kudos to @​CodePrometheus for all the work on this!

We also updated all libraries and docker base layers to latest, fixing all critical CVEs. Thanks to @​reta on the continued help keeping things tidy and routinely released!

New Contributors

• @​CodePrometheus made their first contribution in openzipkin/zipkin#3789

Full Changelog: openzipkin/zipkin@3.4.4...3.5.0

3.4.4

What's Changed

• Update Spring Boot to 3.4.1 and other dependency updates by @​reta in openzipkin/zipkin#3787

Full Changelog: openzipkin/zipkin@3.4.3...3.4.4

Zipkin 3.4.3

What's Changed

• Updates to latest maven versions aligned with latest docker images by @​codefromthecrypt in openzipkin/zipkin#3785

Full Changelog: openzipkin/zipkin@3.4.2...3.4.3

Zipkin 3.4.2 is a maintenance release, updating dependency versions to prevent problems such as bugs or CVEs.

Notable library updates:

• Update Spring Boot (address CVEs) and few other dependencies by @​reta in openzipkin/zipkin#3778
• Update Spring / Netty /Micrometer related dependencies by @​reta in openzipkin/zipkin#3779
• Routine dependency updates by @​reta in openzipkin/zipkin#3780

Full Changelog: openzipkin/zipkin@3.4.1...3.4.2

Zipkin 3.4.1 is a maintenance release, updating dependency versions to prevent problems such as bugs or CVEs.

Notable library updates:

• Spring Boot 3.3.0 -> 3.3.2
• Armeria 1.28.4 -> 1.29.4

Notable Docker image updates:

• Alpine 3.20.0 -> 3.20.2
• JRE 21.0.3_p9 -> 21.0.4_p7

Thanks also @​ceddy4395 for improving our CI setup.

For fine grained details, see the changes since 3.4.0.

... (truncated)

Commits

• 0f8fc88 [maven-release-plugin] prepare release 3.5.0
• 03e6ea2 Bump to 3.5.0-SNAPSHOT (#3795)
• d344596 docker: updates zipkin-cassandra test image to 4.1.8 (#3794)
• faa1650 Updates library versions to latest (#3793)
• 23ff7ba Updates docker images to latest base layer and package versions (#3792)
• e151986 Add Pulsar collector (#3788)
• 4254a48 bumps to latest test docker images (#3791)
• 43f88ea docker: add pulsar example (#3789)
• d018d74 [maven-release-plugin] prepare for next development iteration
• 18c1872 [maven-release-plugin] prepare release 3.4.4
• Additional commits viewable in compare view

Updates io.zipkin.reporter2:zipkin-sender-okhttp3 from 2.17.1 to 3.5.0

Release notes

Sourced from io.zipkin.reporter2:zipkin-sender-okhttp3's releases.

Zipkin Reporter 3.5

What's Changed

This adds a sender for the new pulsar transport contributed by @​CodePrometheus, and available by default as a collector in Zipkin 3.5. Thanks @​shakuzen for support on this work.

This also removes the dependency "io.zipkin.zipkin2:zipkin" from zipkin-reporter-bom, as it is no longer a required dependency. Thanks @​wilkinsona for the idea.

Finally, this updates all dependency versions as usual. Thanks a lot to @​reta who has been diligent in this project and others!

New Contributors

• @​CodePrometheus made their first contribution in openzipkin/zipkin-reporter-java#273

Full Changelog: openzipkin/zipkin-reporter-java@3.4.3...3.5.0

Zipkin Reporter 3.4 deprecates AsyncReporter/SpanHandler queuedMaxBytes and disables it by default.

When introduced, AsyncReporter had three ways to trigger a queue flush:

• queuedMaxSpans - when the number of spans in the queue exceeds a threshold
• queuedMaxBytes - when the size of the spans in the queue exceeds a threshold
• messageTimeout - when a span has been in the queue longer than a threshold

queuedMaxBytes was deprecated because requires time in the critical path, to calculate the size of a span to make sure it doesn't breach the threshold. This is problematic in tools that check for pinning, like Virtual Threads.

Thanks a lot to @​reta for sorting this out!

Full Changelog: https://github.com/openzipkin/zipkin-reporter-java/compare/3.3.0..3.4.1

Zipkin Reporter 3.3 adds a BaseHttpSender type, which eases http library integration. It also adds HttpEndpointSupplier which supports dynamic endpoint discovery such as from Eureka, as well utilities to create constants or rate-limit suppliers. Finally, brave users get a native PROTO3 encoder through the new MutableSpanBytesEncoder type.

These features were made in support of spring-boot, but available to any user with no new dependencies. For example, the PROTO encoder adds no library dependency, even if it increases the size of zipkin-reporter-brave by a couple dozen KB. A lion's share of thanks goes to @​reta and @​anuraaga who were on design and review duty for several days leading to this.

Here's an example of pulling most of these things together, integrating a sender with spring-cloud-loadbalancer (a client-side loadbalancer library).

This endpoint supplier will get the configuration endpoint value and look up the next target to use with the loadBalancerClient. The rate limiter will ensure a gap of 30 seconds between queries. While below is hard-coded, it covers some routine advanced features formerly only available in spring-cloud-sleuth. Now, anyone can use them!

@Configuration(proxyBeanMethods = false)
public class ZipkinDiscoveryConfiguration {
  @Bean HttpEndpointSupplier.Factory loadbalancerEndpoints(LoadBalancerClient loadBalancerClient) {
    LoadBalancerHttpEndpointSupplier.Factory httpEndpointSupplierFactory =
        new LoadBalancerHttpEndpointSupplier.Factory(loadBalancerClient);
    // don't ask more than 30 seconds (just to show)
    return HttpEndpointSuppliers.newRateLimitedFactory(httpEndpointSupplierFactory, 30);
  }
record LoadBalancerHttpEndpointSupplier(LoadBalancerClient loadBalancerClient, URI virtualURL)
implements HttpEndpointSupplier {
record Factory(LoadBalancerClient loadBalancerClient) implements HttpEndpointSupplier.Factory {
  @Override public HttpEndpointSupplier create(String endpoint) {
    return new LoadBalancerHttpEndpointSupplier(loadBalancerClient, URI.create(endpoint));

</tr></table>

... (truncated)

Commits

• 6634450 [maven-release-plugin] prepare release 3.5.0
• 300dd7e bumps deps to latest versions (#279)
• dbc33e6 aligns maven versions with openzipkin/docker-java (#278)
• 9927591 Fix bug when send multi messages in pulsar sender (#277)
• 80676b9 Removes io.zipkin.zipkin2:zipkin from bom (#276)
• cacf9e9 Adds Pulsar sender (#273)
• 9382d9c fixes markdown-link-check until we switch to lycheeverse/lychee (#275)
• 0959243 [maven-release-plugin] prepare for next development iteration
• 7e3c437 [maven-release-plugin] prepare release 3.4.3
• e6f3a02 Fix Import-Package OSGI manifest (zipkin-reporter-brave) (#272)
• Additional commits viewable in compare view

Updates io.zipkin.brave:brave from 5.17.0 to 6.1.0

Release notes

Sourced from io.zipkin.brave:brave's releases.

6.1.0

What's Changed

• adjusts remaining drift around checkout configuration by @​codefromthecrypt in openzipkin/brave#1435
• Adds SECURITY.md and scanning workflow by @​codefromthecrypt in openzipkin/brave#1437
• docker: bumps zipkin test images by @​codefromthecrypt in openzipkin/brave#1436
• Remove brave-instrumentation-benchmarks from brave-bom since this artifact is not published to Maven Central by @​reta in openzipkin/brave#1446
• Routine dependency updates by @​reta in openzipkin/brave#1447
• Note about potential deadlock with virtual threads by @​shakuzen in openzipkin/brave#1448
• Adds RocketMQ plugin by @​CodePrometheus in openzipkin/brave#1449
• Fix Spring XML configuration resource by @​emmanuel-ferdman in openzipkin/brave#1451
• Remove mention of JDBC tracing by @​reftel in openzipkin/brave#1439
• Updates all dependencies that don't require instrumentation changes by @​reta in openzipkin/brave#1452

New Contributors

• @​CodePrometheus made their first contribution in openzipkin/brave#1449
• @​emmanuel-ferdman made their first contribution in openzipkin/brave#1451

Full Changelog: openzipkin/brave@6.0.3...6.1.0

Brave 6.0.3 including the following minor changes. Thanks very much to @​reta and @​anuraaga for review support!

• fixes bug that allowed setting local or remote service names to the empty string ("")
• fixed thread safety issue when using Tag.tag
• ports brave-instrumentation-mongodb to work on the new org.mongodb:mongodb-driver-core v5
  • Note: the floor JRE of this instrumentation is now 1.7, where it formerly was 1.6
• changes license headers to SPDX style, as used in zipkin and zipkin-reporter

Full Changelog: https://github.com/openzipkin/brave/compare/6.0.2..6.0.3

Brave 6.0.2 fixes a propagation glitch on kafka streams processors using context.forward(). Tons of thanks to @​frosiere for the help on this! We also changed how dependencies are managed so that less false-positives show up due to our backwards compatability testing. We appreciate your continued use and feedback!

Full Changelog: https://github.com/openzipkin/brave/compare/6.0.1..6.0.2

Brave 6.0.1 simplifies internals of the json encoder and kafka-streams instrumentation. It also fixes a bug where a Tag<Throwable> passed to MutableSpanBytesEncoder.zipkinJsonV2 always used the key "error" even when set to something else. Finally @​reta fixed a flakey JMS integration test which was plaguing our CI builds!

Full Changelog: https://github.com/openzipkin/brave/compare/6.0.0..6.0.1

Brave 6 removes all modules and functions deprecated in Brave 5.x. It no longer has any dependency on io.zipkin.zipkin2:zipkin. Special thanks to @​reta and @​anuraaga for a lot of review support leading to this release!

No more deprecated functions

The final release of Brave 5 with deprecated functions was 5.18.1. Removing these functions was the only way to decouple Brave from zipkin's core library (io.zipkin.zipkin2:zipkin). However, this does not change Brave's floor Java 6 support. We still integration test this via the brave-example repository.

Here's an example of a working Java 6 and Spring 2.5 application, which is 280KB smaller due to use of the lean combination of Brave 6 and Zipkin Reporter 3.x:

# brave 5.18.1
3860    target/brave-example-webmvc25-1.0-SNAPSHOT.war
# brave 6.0.0
3580    target/brave-example-webmvc25-1.0-SNAPSHOT.war
</tr></table> 

... (truncated)

Commits

• e84a3aa [maven-release-plugin] prepare release 6.1.0
• 5ed54db Updates all dependencies that don't require instrumentation changes (#1452)
• 798fc02 Remove mention of JDBC tracing (#1439)
• 62f460d Fix Spring XML configuration resource (#1451)
• ec007eb Adds RocketMQ plugin (#1449)
• 06b47b1 Note about potential deadlock with virtual threads (#1448)
• 67f563c Routine dependency updates (#1447)
• b83a6af Remove brave-instrumentation-benchmarks from brave-bom since this artifact is...
• 69003df docker: bumps zipkin test images (#1436)
• d2a205a Adds SECURITY.md and scanning workflow (#1437)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions