[PR] Bump cxf.aspectj.version from 1.9.22 to 1.9.22.1 [cxf]
dependabot[bot] opened a new pull request, #1862: URL: https://github.com/apache/cxf/pull/1862 Bumps `cxf.aspectj.version` from 1.9.22 to 1.9.22.1. Updates `org.aspectj:aspectjweaver` from 1.9.22 to 1.9.22.1 Release notes Sourced from https://github.com/eclipse/org.aspectj/releases";>org.aspectj:aspectjweaver's releases. 1.9.22.1 Java 22 maintenance release Commits See full diff in https://github.com/eclipse/org.aspectj/commits";>compare view Updates `org.aspectj:aspectjrt` from 1.9.22 to 1.9.22.1 Release notes Sourced from https://github.com/eclipse/org.aspectj/releases";>org.aspectj:aspectjrt's releases. 1.9.22.1 Java 22 maintenance release Commits See full diff in https://github.com/eclipse/org.aspectj/commits";>compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump cxf.mockito.version from 5.11.0 to 5.12.0 [cxf]
dependabot[bot] opened a new pull request, #1863: URL: https://github.com/apache/cxf/pull/1863 Bumps `cxf.mockito.version` from 5.11.0 to 5.12.0. Updates `org.mockito:mockito-subclass` from 5.11.0 to 5.12.0 Release notes Sourced from https://github.com/mockito/mockito/releases";>org.mockito:mockito-subclass's releases. v5.12.0 Changelog generated by https://github.com/shipkit/shipkit-changelog";>Shipkit Changelog Gradle Plugin 5.12.0 2024-05-11 - https://github.com/mockito/mockito/compare/v5.11.0...v5.12.0";>25 commit(s) by Piotr Przybylak, Stefano Cordio, Tim van der Lippe, dependabot[bot], jonghoonpark Bump com.gradle.enterprise from 3.17.2 to 3.17.3 [(https://redirect.github.com/mockito/mockito/issues/3341";>#3341)](https://redirect.github.com/mockito/mockito/pull/3341";>mockito/mockito#3341) Bump org.jetbrains.kotlin:kotlin-stdlib from 1.9.23 to 1.9.24 [(https://redirect.github.com/mockito/mockito/issues/3339";>#3339)](https://redirect.github.com/mockito/mockito/pull/3339";>mockito/mockito#3339) Bump versions.bytebuddy from 1.14.14 to 1.14.15 [(https://redirect.github.com/mockito/mockito/issues/3338";>#3338)](https://redirect.github.com/mockito/mockito/pull/3338";>mockito/mockito#3338) Bump org.shipkit:shipkit-auto-version from 2.0.6 to 2.0.7 [(https://redirect.github.com/mockito/mockito/issues/3337";>#3337)](https://redirect.github.com/mockito/mockito/pull/3337";>mockito/mockito#3337) Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.23 to 1.9.24 [(https://redirect.github.com/mockito/mockito/issues/3336";>#3336)](https://redirect.github.com/mockito/mockito/pull/3336";>mockito/mockito#3336) Fixes https://redirect.github.com/mockito/mockito/issues/3331";>#3331 : Fix AdditionalMatchers.and() and AdditionalMatchers.or() not to swap the order of matchers [(https://redirect.github.com/mockito/mockito/issues/3335";>#3335)](https://redirect.github.com/mockito/mockito/pull/3335";>mockito/mockito#3335) AdditionalMatchers.and() and or() swap matcher order [(https://redirect.github.com/mockito/mockito/issues/3331";>#3331)](https://redirect.github.com/mockito/mockito/issues/3331";>mockito/mockito#3331) Bump gradle/wrapper-validation-action from 3.3.1 to 3.3.2 [(https://redirect.github.com/mockito/mockito/issues/3327";>#3327)](https://redirect.github.com/mockito/mockito/pull/3327";>mockito/mockito#3327) Bump versions.bytebuddy from 1.14.13 to 1.14.14 [(https://redirect.github.com/mockito/mockito/issues/3324";>#3324)](https://redirect.github.com/mockito/mockito/pull/3324";>mockito/mockito#3324) Bump org.shipkit:shipkit-auto-version from 2.0.5 to 2.0.6 [(https://redirect.github.com/mockito/mockito/issues/3322";>#3322)](https://redirect.github.com/mockito/mockito/pull/3322";>mockito/mockito#3322) Bump gradle/wrapper-validation-action from 3.3.0 to 3.3.1 [(https://redirect.github.com/mockito/mockito/issues/3320";>#3320)](https://redirect.github.com/mockito/mockito/pull/3320";>mockito/mockito#3320) Bump com.gradle.enterprise from 3.17 to 3.17.2 [(https://redirect.github.com/mockito/mockito/issues/3318";>#3318)](https://redirect.github.com/mockito/mockito/pull/3318";>mockito/mockito#3318) Bump gradle/wrapper-validation-action from 2.1.2 to 3.3.0 [(https://redirect.github.com/mockito/mockito/issues/3317";>#3317)](https://redirect.github.com/mockito/mockito/pull/3317";>mockito/mockito#3317) Update codecov-action version [(https://redirect.github.com/mockito/mockito/issues/3316";>#3316)](https://redirect.github.com/mockito/mockito/pull/3316";>mockito/mockito#3316) Bump com.google.googlejavaformat:google-java-format from 1.21.0 to 1.22.0 [(https://redirect.github.com/mockito/mockito/issues/3312";>#3312)](https://redirect.github.com/mockito/mockito/pull/3312";>mockito/mockito#3312) Bump com.gradle.enterprise from 3.16.2 to 3.17 [(https://redirect.github.com/mockito/mockito/issues/3311";>#3311)](https://redirect.github.com/mockito/mockito/pull/3311";>mockito/mockito#3311) Bump versions.bytebuddy from 1.14.12 to 1.14.13 [(https://redirect.github.com/mockito/mockito/issues/3308";>#3308)](https://redirect.github.com/mockito/mockito/pull/3308";>mockito/mockito#3308) Fix README logo [(https://redirect.github.com/mockito/mockito/issues/3305";>#3305)](https://redirect.github.com/mockito/mockito/pull/3305";>mockito/mockito#3305) Bump gradle/wrapper-validation-action from 2.1.1 to 2.1.2 [(https://redirect.github.com/mockito/mockito/issues/3303";>#3303)](https://redirect.github.com/mockito/mockito/pull/3303";>mockito/mockito#3303) Bump org.shipkit:shipkit-auto-version from 2.0.4 to 2.0.5 [(https://redirect.github.com/mockito/mockito/issues/3298";>#3298)](https://redirect.github.com/mockito/mockito/pull/3298";>mockito/mockito#3298) Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.22 to 1.9.23 [(https://redirect.github.com/mockito/mockito/issues/3296";>#3296)](https://redirect.github.com/mockito/mockito/pull/3296";>
[PR] Bump cxf.opentelemetry.version from 1.34.1 to 1.38.0 [cxf]
dependabot[bot] opened a new pull request, #1864: URL: https://github.com/apache/cxf/pull/1864 Bumps `cxf.opentelemetry.version` from 1.34.1 to 1.38.0. Updates `io.opentelemetry:opentelemetry-bom` from 1.34.1 to 1.38.0 Release notes Sourced from https://github.com/open-telemetry/opentelemetry-java/releases";>io.opentelemetry:opentelemetry-bom's releases. Version 1.38.0 API Stabilize synchronous gauge (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6419";>#6419) Incubator Add put(AttributeKey, T) overload to EventBuilder (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6331";>#6331) Baggage Baggage filters space-only keys (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6431";>#6431) SDK Add experimental scope config to enable / disable scopes (i.e. meter, logger, tracer) (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6375";>#6375) Traces Add ReadableSpan#getAttributes (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6382";>#6382) Use standard ArrayList size rather than max number of links for initial span links allocation (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6252";>#6252) Metrics Use low precision Clock#now when computing timestamp for exemplars (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6417";>#6417) Update invalid instrument name log message now that forward slash / is valid (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6343";>#6343) Exporters Introduce low allocation OTLP marshalers. If using autoconfigure, opt in via OTEL_JAVA_EXPERIMENTAL_EXPORTER_MEMORY_MODE=REUSABLE_DATA. * Low allocation OTLP logs marshaler (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6429";>#6429) * Low allocation OTLP metrics marshaler (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6422";>#6422) * Low allocation OTLP trace marshaler (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6410";>#6410) * Add memory mode support to OTLP exporters (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6430";>#6430) * Marshal span status description without allocation (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6423";>#6423) * Add private constructors for stateless marshalers (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6434";>#6434) Mark opentelemetry-exporter-sender-jdk stable (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6357";>#6357) PrometheusHttpServer prevent concurrent reads when reusable memory mode (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6371";>#6371) Ignore TLS components (SSLContext, TrustManager, KeyManager) if plain HTTP protocol is used for exporting (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6329";>#6329) Add is_remote_parent span flags to OTLP exported Spans and SpanLinks (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6388";>#6388) Add missing fields to OTLP metric exporters toString() (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6402";>#6402) Extensions Rename otel.config.file to otel.experimental.config.file for autoconfigure (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6396";>#6396) OpenCensus Shim Fix opencensus shim spanBuilderWithRemoteParent behavior (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6415";>#6415) Tooling Add additional API incubator docs (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6356";>#6356) Run build on java 21 (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6370";>#6370) Fix running tests with java 8 on macos (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6411";>#6411) Move away from deprecated gradle enterprise APIs (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6363";>#6363) ... (truncated) Changelog Sourced from https://github.com/open-telemetry/opentelemetry-java/blob/main/CHANGELOG.md";>io.opentelemetry:opentelemetry-bom's changelog. Version 1.38.0 (2024-05-10) API Stabilize synchronous gauge (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6419";>#6419) Incubator Add put(AttributeKey, T) overload to EventBuilder (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6331";>#6331) Baggage Baggage filters space-only keys (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6431";>#6431) SDK Add experimental scope config to enable / disable scopes (i.e. meter, logger, tracer) (https://redirect.github.c
[PR] Bump ossf/scorecard-action from 2.3.1 to 2.3.3 [cxf]
dependabot[bot] opened a new pull request, #1866: URL: https://github.com/apache/cxf/pull/1866 Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3. Release notes Sourced from https://github.com/ossf/scorecard-action/releases";>ossf/scorecard-action's releases. v2.3.3 [!NOTE] There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag What's Changed :seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by https://github.com/spencerschrock";>@spencerschrock in https://redirect.github.com/ossf/scorecard-action/pull/1366";>ossf/scorecard-action#1366 :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by https://github.com/spencerschrock";>@spencerschrock in https://redirect.github.com/ossf/scorecard-action/pull/1374";>ossf/scorecard-action#1374 :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by https://github.com/spencerschrock";>@spencerschrock in https://redirect.github.com/ossf/scorecard-action/pull/1377";>ossf/scorecard-action#1377 For a full changelist of what these include, see the https://github.com/ossf/scorecard/releases/tag/v5.0.0-rc1";>v5.0.0-rc1 and https://github.com/ossf/scorecard/releases/tag/v5.0.0-rc2";>v5.0.0-rc2 release notes. Documentation :book: Move token discussion out of main README. by https://github.com/spencerschrock";>@spencerschrock in https://redirect.github.com/ossf/scorecard-action/pull/1279";>ossf/scorecard-action#1279 :book: link to ossf/scorecard workflow instead of maintaining an example by https://github.com/spencerschrock";>@spencerschrock in https://redirect.github.com/ossf/scorecard-action/pull/1352";>ossf/scorecard-action#1352 :book: update api links to new scorecard.dev site by https://github.com/spencerschrock";>@spencerschrock in https://redirect.github.com/ossf/scorecard-action/pull/1376";>ossf/scorecard-action#1376 Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3";>https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3 Commits https://github.com/ossf/scorecard-action/commit/dc50aa9510b46c811795eb24b2f1ba02a914e534";>dc50aa9 :seedling: Bump docker tag for v2.3.3 release (https://redirect.github.com/ossf/scorecard-action/issues/1368";>#1368) https://github.com/ossf/scorecard-action/commit/8ff570017382a0ef795f21f71e519b27a9b5f29e";>8ff5700 :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0 https://github.com/ossf/scorecard-action/commit/8ba5e73d11a5fd0917494d02ab01dfd7866d2191";>8ba5e73 update api links to new scorecard.dev site (https://redirect.github.com/ossf/scorecard-action/issues/1376";>#1376) https://github.com/ossf/scorecard-action/commit/92ddde3eaffd7e147638317c023642a6adc8a874";>92ddde3 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (https://redirect.github.com/ossf/scorecard-action/issues/1374";>#1374) https://github.com/ossf/scorecard-action/commit/6c55905542a1ce814c7ec177a96904f5bc74aab5";>6c55905 :seedling: Bump golang.org/x/net from 0.24.0 to 0.25.0 (https://redirect.github.com/ossf/scorecard-action/issues/1373";>#1373) https://github.com/ossf/scorecard-action/commit/09bb953b6a0e34c84fb453985435a07cc2baa3a3";>09bb953 :seedling: Bump distroless/base in the docker-images group (https://redirect.github.com/ossf/scorecard-action/issues/1372";>#1372) https://github.com/ossf/scorecard-action/commit/1511e1305b9d7e51245388421563264573c77bc7";>1511e13 :seedling: Bump the github-actions group across 1 directory with 6 updates (#... https://github.com/ossf/scorecard-action/commit/df66cd8fd834fab4483ac0031b8d8ff819b62422";>df66cd8 :seedling: Bump the docker-images group with 2 updates (https://redirect.github.com/ossf/scorecard-action/issues/1370";>#1370) https://github.com/ossf/scorecard-action/commit/fad9a3cc533bb069b1f01f272f1f630895cd690a";>fad9a3c :seedling: Bump distroless/base in the docker-images group (https://redirect.github.com/ossf/scorecard-action/issues/1364";>#1364) https://github.com/ossf/scorecard-action/commit/1e01a309c1de65b6221c25768bcfc322bac8ccee";>1e01a30 :seedling: Bump the github-actions group with 3 updates (https://redirect.github.com/ossf/scorecard-action/issues/1365";>#1365) Additional commits viewable in https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...dc50aa9510b46c811795eb24b2f1ba02a914e534";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-
[PR] Bump actions/checkout from 4.1.4 to 4.1.5 [cxf]
dependabot[bot] opened a new pull request, #1865: URL: https://github.com/apache/cxf/pull/1865 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.4 to 4.1.5. Release notes Sourced from https://github.com/actions/checkout/releases";>actions/checkout's releases. v4.1.5 What's Changed Update NPM dependencies by https://github.com/cory-miller";>@cory-miller in https://redirect.github.com/actions/checkout/pull/1703";>actions/checkout#1703 Bump github/codeql-action from 2 to 3 by https://github.com/dependabot";>@dependabot in https://redirect.github.com/actions/checkout/pull/1694";>actions/checkout#1694 Bump actions/setup-node from 1 to 4 by https://github.com/dependabot";>@dependabot in https://redirect.github.com/actions/checkout/pull/1696";>actions/checkout#1696 Bump actions/upload-artifact from 2 to 4 by https://github.com/dependabot";>@dependabot in https://redirect.github.com/actions/checkout/pull/1695";>actions/checkout#1695 README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by https://github.com/cory-miller";>@cory-miller in https://redirect.github.com/actions/checkout/pull/1707";>actions/checkout#1707 Full Changelog: https://github.com/actions/checkout/compare/v4.1.4...v4.1.5";>https://github.com/actions/checkout/compare/v4.1.4...v4.1.5 Commits https://github.com/actions/checkout/commit/44c2b7a8a4ea60a981eaca3cf939b5f4305c123b";>44c2b7a README: Suggest user.email to be `41898282+github-actions[bot]https://github.com/users";>@users.norepl... https://github.com/actions/checkout/commit/8459bc0c7e3759cdf591f513d9f141a95fef0a8f";>8459bc0 Bump actions/upload-artifact from 2 to 4 (https://redirect.github.com/actions/checkout/issues/1695";>#1695) https://github.com/actions/checkout/commit/3f603f6d5e9f40714f97b2f017aa0df2a443192a";>3f603f6 Bump actions/setup-node from 1 to 4 (https://redirect.github.com/actions/checkout/issues/1696";>#1696) https://github.com/actions/checkout/commit/fd084cde189b7b76ec305d52e27be545a0172823";>fd084cd Bump github/codeql-action from 2 to 3 (https://redirect.github.com/actions/checkout/issues/1694";>#1694) https://github.com/actions/checkout/commit/9c1e94e0ad997d618b6113a2171b055037589028";>9c1e94e Update NPM dependencies (https://redirect.github.com/actions/checkout/issues/1703";>#1703) See full diff in https://github.com/actions/checkout/compare/0ad4b8fadaa221de15dcec353f45205ec38ea70b...44c2b7a8a4ea60a981eaca3cf939b5f4305c123b";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
