See comment in the github action that explains why I think this is
helpful:
> the benefit of this over dependabot is that this also analyzes
transitive dependencies
> while dependabot (at least currently) only analyzes top-level
dependencies
Working PR to capture all the changes required to update to otel java
1.19.0. The new log API force allows
`:instrumentation-appender-api-internal` and
`:instrumentation-appender-sdk-internal`, but necessitates a decent
amount of refactoring as a result.
The PR points at the `1.19.0-SNAPSHOT`, which I'll update upon
publication.
Co-authored-by: Mateusz Rzeszutek <mrzeszutek@splunk.com>
Co-authored-by: Trask Stalnaker <trask.stalnaker@gmail.com>
Co-authored-by: Lauri Tulmin <ltulmin@splunk.com>
Bumps asm-tree from 9.3 to 9.4.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mateusz Rzeszutek <mrzeszutek@splunk.com>
Bumps asm from 9.3 to 9.4.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
CI on `main` is failing on publishing snapshot, because javadoc is
emitting a warning and we fail on warnings. See code comment for more
explanation.
I tried pointing to
`https://docs.oracle.com/en/java/javase/11/docs/api/`, but that gives a
different error:
> warning: The code being documented uses packages in the unnamed
module, but the packages defined in
https://docs.oracle.com/en/java/javase/11/docs/api/ are in named
modules.
Bumps [junit-bom](https://github.com/junit-team/junit5) from 5.9.0 to
5.9.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/junit-team/junit5/releases">junit-bom's
releases</a>.</em></p>
<blockquote>
<p>JUnit 5.9.1 = Platform 1.9.1 + Jupiter 5.9.1 + Vintage 5.9.1</p>
<p>See <a
href="http://junit.org/junit5/docs/5.9.1/release-notes/">Release
Notes</a>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="732a5400f8"><code>732a540</code></a>
Release 5.9.1</li>
<li><a
href="88bf48d545"><code>88bf48d</code></a>
Prepare release notes for 5.9.1</li>
<li><a
href="d75e34d20f"><code>d75e34d</code></a>
Update scope for 5.9.1</li>
<li><a
href="9823f7329a"><code>9823f73</code></a>
Link to all 5.9 milestone pages</li>
<li><a
href="76719bb085"><code>76719bb</code></a>
Increase timeout for GraalVM test</li>
<li><a
href="2a809848e5"><code>2a80984</code></a>
Install GraalVM for main CI build on Linux</li>
<li><a
href="79f47f51aa"><code>79f47f5</code></a>
Refactor OpenTestReportGeneratingListener to work in native images</li>
<li><a
href="7229385d5e"><code>7229385</code></a>
Add failing integration test for execution on GraalVM native image</li>
<li><a
href="343170f314"><code>343170f</code></a>
Fix running tests in documentation from IntelliJ IDEA</li>
<li><a
href="352d06b3b2"><code>352d06b</code></a>
Attempt to stabilize test on Windows</li>
<li>Additional commits viewable in <a
href="https://github.com/junit-team/junit5/compare/r5.9.0...r5.9.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps byte-buddy-gradle-plugin from 1.12.10 to 1.12.16.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps gradle-animalsniffer-plugin from 1.5.4 to 1.6.0.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [assertj-core](https://github.com/assertj/assertj-core) from
3.22.0 to 3.23.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0256688fcf"><code>0256688</code></a>
[maven-release-plugin] prepare release assertj-core-3.23.1</li>
<li><a
href="6529933700"><code>6529933</code></a>
Downgrade <code>junit-jupiter</code> from 5.9.0-M1 to 5.8.2</li>
<li><a
href="d9cd2da03a"><code>d9cd2da</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li><a
href="6f19754e57"><code>6f19754</code></a>
[maven-release-plugin] prepare release assertj-core-3.23.0</li>
<li><a
href="c592c18a59"><code>c592c18</code></a>
Expose <code>ComparisonStrategy::areEqual</code> in
<code>AbstractAssert</code> (<a
href="https://github-redirect.dependabot.com/assertj/assertj-core/issues/2633">#2633</a>)</li>
<li><a
href="69c66a9bb6"><code>69c66a9</code></a>
Bump maven-invoker-plugin from 3.2.2 to 3.3.0 (<a
href="https://github-redirect.dependabot.com/assertj/assertj-core/issues/2636">#2636</a>)</li>
<li><a
href="795f5278be"><code>795f527</code></a>
Fix test</li>
<li><a
href="b44460623b"><code>b444606</code></a>
Bump hibernate-core from 6.0.1.Final to 6.0.2.Final (<a
href="https://github-redirect.dependabot.com/assertj/assertj-core/issues/2626">#2626</a>)</li>
<li><a
href="793241125e"><code>7932411</code></a>
Fix typos in Javadoc of ObjectEnumerableAssert (<a
href="https://github-redirect.dependabot.com/assertj/assertj-core/issues/2624">#2624</a>)</li>
<li><a
href="b746e6aeb4"><code>b746e6a</code></a>
[mvn] Update maven wrapper to 3.1.1 (<a
href="https://github-redirect.dependabot.com/assertj/assertj-core/issues/2622">#2622</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/assertj/assertj-core/compare/assertj-core-3.22.0...assertj-core-3.23.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps japicmp-gradle-plugin from 0.4.0 to 0.4.1.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps jmh-gradle-plugin from 0.6.6 to 0.6.7.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps test-retry-gradle-plugin from 1.3.1 to 1.4.1.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Merge javaagent-instrumentation-api into javaagent-extension-api
* remove some leftover references to javaagent-instrumentation-api
* add missing instrumentation-api to distro example
* Move concurrent instrumentation utils out from javaagent-instrumentation-api
* Move AgentLogEmitterProvider, InstrumentedTaskClasses and OpenTelemetrySdkAccess out of javaagent-instrumentation-api
* Library instrumentation should read its version from a file
* errorprone
* animalsniffer
* code review comments
* add name as task input too
* code review comments
* Add InternalJavadoc custom error prone check
* Add example usage
* Move to conventions
* Revert "Move to conventions"
This reverts commit d8a8209b59.
* Just get it working
* Clearer error message
* versions
* Apply almost everywhere
* feedback
* Always at the end of javadoc
* Fix test
* Missed (at least) one
* No longer internal
* Fix NPE
* Spotless
* Convert awslambda Java test to JUnit 5 so can reduce visibility
* Reduce visibility
* Rename the check
* More
* Move into errorprone-convention
* Fix UserExcludedClassesConfigurerTest
* rename artifacts and packages
* Library users shouldn't need to use internal
* Update docs
* Rename in order to simplify HelperClassPredicate
* Spotless
* Move AgentLogEmitterProvider to javaagent-instrumentation-api
* Sync gradle-plugins version with main project
* More fixes
* Can rely on examples build against all branches now?
* Use common version.gradle.kts
* Update doc
* Simplify
* Add functionality to generate API changes
* Update conventions/src/main/kotlin/otel.japicmp-conventions.gradle.kts
Co-authored-by: John Watson <jkwatson@gmail.com>
* Do not commit any API changes until we have stable release
Co-authored-by: John Watson <jkwatson@gmail.com>
* Include gradle-plugins as a composite build
* Make gradle-plugins project independent from the main one
* Delete old ClassRef and friends
* Fixes
* Polish
* Polish
* Simplify
Trask Stalnaker
dependabot[bot]
Aaron Ai
jack-berg
Lauri Tulmin
Mateusz Rzeszutek
Sam Xie
Anuraag Agrawal
Lauri Tulmin
Nikita Salnikov-Tarnovski