[PR] Bump cxf.opentelemetry.version from 1.39.0 to 1.40.0 [cxf]
dependabot[bot] opened a new pull request, #1953: URL: https://github.com/apache/cxf/pull/1953 Bumps `cxf.opentelemetry.version` from 1.39.0 to 1.40.0. Updates `io.opentelemetry:opentelemetry-bom` from 1.39.0 to 1.40.0 Release notes Sourced from https://github.com/open-telemetry/opentelemetry-java/releases";>io.opentelemetry:opentelemetry-bom's releases. Version 1.40.0 API Incubator Narrow ExtendedSpanBuilder return types for chaining (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6514";>#6514) Add APIs to determine if tracer, logger, instruments are enabled (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6502";>#6502) SDK Extensions Move autoconfigure docs to opentelemetry.io (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6491";>#6491) 🙇 Thank you This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests: https://github.com/breedx-splk";>@​breedx-splk https://github.com/heyams";>@​heyams https://github.com/huange7";>@​huange7 https://github.com/ICTylor";>@​ICTylor https://github.com/jack-berg";>@​jack-berg https://github.com/jaydeluca";>@​jaydeluca https://github.com/jkwatson";>@​jkwatson https://github.com/laurit";>@​laurit https://github.com/sebastian-alfers";>@​sebastian-alfers https://github.com/trask";>@​trask Changelog Sourced from https://github.com/open-telemetry/opentelemetry-java/blob/main/CHANGELOG.md";>io.opentelemetry:opentelemetry-bom's changelog. Version 1.40.0 (2024-07-05) API Incubator Narrow ExtendedSpanBuilder return types for chaining (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6514";>#6514) Add APIs to determine if tracer, logger, instruments are enabled (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6502";>#6502) SDK Extensions Move autoconfigure docs to opentelemetry.io (https://redirect.github.com/open-telemetry/opentelemetry-java/pull/6491";>#6491) Commits https://github.com/open-telemetry/opentelemetry-java/commit/8094b39a83be80962ac44975e5dcc9d69a58b058";>8094b39 [release/v1.40.x] Prepare release 1.40.0 (https://redirect.github.com/open-telemetry/opentelemetry-java/issues/6556";>#6556) https://github.com/open-telemetry/opentelemetry-java/commit/c48fe9427126809881b1c0698913f847025f4ea0";>c48fe94 Prepare changelog for 1.40.0 release (https://redirect.github.com/open-telemetry/opentelemetry-java/issues/6554";>#6554) https://github.com/open-telemetry/opentelemetry-java/commit/1f7d6a507e4032dca9d13f8d8b113f37f1c999d4";>1f7d6a5 Add APIs to determine if tracer, logger, instruments are enabled (https://redirect.github.com/open-telemetry/opentelemetry-java/issues/6502";>#6502) https://github.com/open-telemetry/opentelemetry-java/commit/9fd6bcae9e582ddbc8668974d7d0efb2984b6aaa";>9fd6bca Fix build after recent collector release (https://redirect.github.com/open-telemetry/opentelemetry-java/issues/6548";>#6548) https://github.com/open-telemetry/opentelemetry-java/commit/b56af03b995f1d0da7a1bc91a9588600d02faabd";>b56af03 Update dependency io.opentelemetry.proto:opentelemetry-proto to v1.3.1-alpha ... https://github.com/open-telemetry/opentelemetry-java/commit/22aaae8d441fb38479ace65ff449b5521d537983";>22aaae8 Update dependency org.skyscreamer:jsonassert to v1.5.3 (https://redirect.github.com/open-telemetry/opentelemetry-java/issues/6535";>#6535) https://github.com/open-telemetry/opentelemetry-java/commit/c1ff34c2bef1d13cde09ce3cc1021bbca314e43d";>c1ff34c Update dependency net.ltgt.gradle:gradle-errorprone-plugin to v4.0.1 (https://redirect.github.com/open-telemetry/opentelemetry-java/issues/6533";>#6533) https://github.com/open-telemetry/opentelemetry-java/commit/ed46fa36d01d6e366eae70fc77ae6c46a162c39b";>ed46fa3 Update dependency com.linecorp.armeria:armeria-bom to v1.29.1 (https://redirect.github.com/open-telemetry/opentelemetry-java/issues/6543";>#6543) https://github.com/open-telemetry/opentelemetry-java/commit/021e7fe4704cb209bf4b340c2061da232a33448d";>021e7fe Update dependency io.grpc:grpc-bom to v1.65.0 (https://redirect.github.com/open-telemetry/opentelemetry-java/issues/6544";>#6544) https://github.com/open-telemetry/opentelemetry-java/commit/4086210ba9b0c98da7f83ab77f147d0d8f214bf5";>4086210 Update dependency org.junit:junit-bom to v5.10.3 (https://redirect.github.com/open-telemetry/opentelemetry-java/issues/6542";>#6542) Additional commits viewable in https://github.com/open-telemetry/opentelemetry-java/compare/v1.39.0...v1.40.0";>compare view Updates `io.opentelemetry:opentelemetry-opentracing-shim` from 1.39.0 to 1.40.0 Release notes Sourced from https://github.com/open-telemetry/opentelemetry-java/releases";>io.opentelemetry:opentelemetry-opentraci
[PR] Bump org.owasp:dependency-check-maven from 10.0.1 to 10.0.2 [cxf]
dependabot[bot] opened a new pull request, #1954: URL: https://github.com/apache/cxf/pull/1954 Bumps [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) from 10.0.1 to 10.0.2. Release notes Sourced from https://github.com/jeremylong/DependencyCheck/releases";>org.owasp:dependency-check-maven's releases. Version 10.0.2 Refer to the https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md#change-log";>CHANGELOG.md for information about improvements and upgrade notes. Changelog Sourced from https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md";>org.owasp:dependency-check-maven's changelog. https://github.com/jeremylong/DependencyCheck/releases/tag/v10.0.2";>Version 10.0.2 (2024-07-06) Mandatory Upgrade - due to older versions of dependency-check causing numerous, spurious requests that end in processing failures, this upgrade is mandatory so that the NVD can differentiate valid requests and block the old clients. build(deps): bump open-vulnerability-clients (https://redirect.github.com/jeremylong/DependencyCheck/issues/6810";>#6810) fix(db): https://redirect.github.com/jeremylong/DependencyCheck/issues/6788";>#6788 removing redundant db index "idxVulnerability" on "vulnerability.cve" (https://redirect.github.com/jeremylong/DependencyCheck/issues/6807";>#6807) docs: Further improve formatting and docs of H2 database caching strats (https://redirect.github.com/jeremylong/DependencyCheck/issues/6804";>#6804) fix: update_vulnerability in dbStatements_oracle.properties (https://redirect.github.com/jeremylong/DependencyCheck/issues/6803";>#6803) fix: fix NPE (https://redirect.github.com/jeremylong/DependencyCheck/issues/6778";>#6778) fix: add hint to resolve false negative (https://redirect.github.com/jeremylong/DependencyCheck/issues/6802";>#6802) chore: update configure (https://redirect.github.com/jeremylong/DependencyCheck/issues/6794";>#6794) See the full listing of https://github.com/jeremylong/DependencyCheck/milestone/86?closed=1";>changes. Commits https://github.com/jeremylong/DependencyCheck/commit/b7b030c6a2c10161b299c9885ed03eaf0ad2ad71";>b7b030c build: prepare release v10.0.2 https://github.com/jeremylong/DependencyCheck/commit/f22ebf118f78a5852da7750443dd5995b669b350";>f22ebf1 docs: mandatory upgrade notice https://github.com/jeremylong/DependencyCheck/commit/bcbbe1ccba51d5fd5ee74e86c59846d7ac69d3b7";>bcbbe1c docs: release 10.0.2 https://github.com/jeremylong/DependencyCheck/commit/1b3398d222dabc54e4cab6a73500e11e635c2b76";>1b3398d build(deps): bump open-vulnerability-clients (https://redirect.github.com/jeremylong/DependencyCheck/issues/6810";>#6810) https://github.com/jeremylong/DependencyCheck/commit/06e39fcd647dd2312283bd8d87198dbfc059d1be";>06e39fc fix(db): https://redirect.github.com/jeremylong/DependencyCheck/issues/6788";>#6788 removing redundant db index "idxVulnerability" on "vulnerabili... https://github.com/jeremylong/DependencyCheck/commit/4926cd2f8aa9e0885624edd34fac902211d18c18";>4926cd2 build(deps): bump org.apache.maven.plugins:maven-dependency-plugin from 3.7.0... https://github.com/jeremylong/DependencyCheck/commit/3bfb39868220b71472d3ae5f87590e8c0bdc884b";>3bfb398 docs: Further improve formatting and docs of H2 database caching strats (https://redirect.github.com/jeremylong/DependencyCheck/issues/6804";>#6804) https://github.com/jeremylong/DependencyCheck/commit/51f84ff4dd20d85e46648f7ced16c3d0e30946b7";>51f84ff fix: update_vulnerability in dbStatements_oracle.properties (https://redirect.github.com/jeremylong/DependencyCheck/issues/6803";>#6803) https://github.com/jeremylong/DependencyCheck/commit/3f0ffa936a4f6821fffda259800e5c50c9e83ae9";>3f0ffa9 fix: fix NPE (https://redirect.github.com/jeremylong/DependencyCheck/issues/6778";>#6778) https://github.com/jeremylong/DependencyCheck/commit/9fbb99685970ec6a50824ac19dd06c8c12907f93";>9fbb996 fix: add hint to resolve false negative (https://redirect.github.com/jeremylong/DependencyCheck/issues/6802";>#6802) Additional commits viewable in https://github.com/jeremylong/DependencyCheck/compare/v10.0.1...v10.0.2";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trig
[PR] Bump actions/upload-artifact from 4.3.3 to 4.3.4 [cxf]
dependabot[bot] opened a new pull request, #1955: URL: https://github.com/apache/cxf/pull/1955 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.3 to 4.3.4. Release notes Sourced from https://github.com/actions/upload-artifact/releases";>actions/upload-artifact's releases. v4.3.4 What's Changed Update @​actions/artifact version, bump dependencies by https://github.com/robherley";>@​robherley in https://redirect.github.com/actions/upload-artifact/pull/584";>actions/upload-artifact#584 Full Changelog: https://github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4";>https://github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4 Commits https://github.com/actions/upload-artifact/commit/0b2256b8c012f0828dc542b3febcab082c67f72b";>0b2256b Merge pull request https://redirect.github.com/actions/upload-artifact/issues/584";>#584 from actions/robherley/bump-pkgs https://github.com/actions/upload-artifact/commit/488dcefb9bf01619ac19bad29c5c5409a1e4dd4c";>488dcef licensed cache https://github.com/actions/upload-artifact/commit/04c51f57662651dd286989e2dbc0fd07";>04c51f5 ncc https://github.com/actions/upload-artifact/commit/32a9e276a8f8ac18b4b2dce8213ed340ed4e5ed8";>32a9e27 bump @​actions/artifact and npm audit https://github.com/actions/upload-artifact/commit/552bf3722c16e81001aea7db72d8cedf64eb5f68";>552bf37 new version https://github.com/actions/upload-artifact/commit/79616d2ded92999fceefea2ca2e4bdf6101fa919";>79616d2 Merge pull request https://redirect.github.com/actions/upload-artifact/issues/565";>#565 from actions/eggyhead/use-artifact-v2.1.6 See full diff in https://github.com/actions/upload-artifact/compare/65462800fd760344b1a7b4382951275a0abb4808...0b2256b8c012f0828dc542b3febcab082c67f72b";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
