This pr gives classes defined in agent and extension class loaders all
permissions. Injected helper classes are also defined with all
permissions. Agent startup is altered so that we won't call methods that
require permission before we are able to get those permissions.
This pr does not attempt to address issues where agent code could allow
user code to circumvent security manager e.g.
https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/main/javaagent-bootstrap/src/main/java/io/opentelemetry/javaagent/bootstrap/InstrumentationHolder.java
gives access to `Instrumentation` that could be used to redefine classes
and remove security checks. Also this pr does not address failed
permission checks that could arise from user code calling agent code.
When user code, that does not have privileges, calls agent code, that
has the privileges, and agent code performs a sensitive operation then
permission check would fail because it is performed for all calling
classes, including the user classes. To fix this agent code should uses
`AccessController.doPrivileged` which basically means that, hey I have
done all the checks, run this call with my privileges and ignore the
privileges of my callers.
Bumps [io.grpc:grpc-bom](https://github.com/grpc/grpc-java) from 1.53.0
to 1.54.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e988f84d14"><code>e988f84</code></a>
Bump version to 1.54.0</li>
<li><a
href="abdb6980ec"><code>abdb698</code></a>
Update README etc to reference 1.54.0</li>
<li><a
href="61ec299352"><code>61ec299</code></a>
Remove sleep from Observability Interop Test binary now that its done in
clos...</li>
<li><a
href="9f26b7dd08"><code>9f26b7d</code></a>
gcp-o11y: add default custom tag for metrics exporter</li>
<li><a
href="fefa2d9b16"><code>fefa2d9</code></a>
examples: add gcp-observability examples (v1.54.x backport) (<a
href="https://redirect.github.com/grpc/grpc-java/issues/9987">#9987</a>)</li>
<li><a
href="882a27bcb6"><code>882a27b</code></a>
gcp-o11y: add sleep in Observability close()</li>
<li><a
href="2e41c9a5cb"><code>2e41c9a</code></a>
disable recording real-time metrics using in gcp-o11y</li>
<li><a
href="132bf3e573"><code>132bf3e</code></a>
interop-testing: Do not System.exit(0) from interop client</li>
<li><a
href="85ce900dfc"><code>85ce900</code></a>
gcp-observability, census: add trace information to logs (<a
href="https://redirect.github.com/grpc/grpc-java/issues/9963">#9963</a>)</li>
<li><a
href="bb39ca3ec9"><code>bb39ca3</code></a>
gcp-observability: Update logging fields for GA and use custom
BatchingSettin...</li>
<li>Additional commits viewable in <a
href="https://github.com/grpc/grpc-java/compare/v1.53.0...v1.54.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps io.quarkus from 2.16.4.Final to 2.16.5.Final.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[io.quarkus.platform:quarkus-bom](https://github.com/quarkusio/quarkus-platform)
from 2.16.4.Final to 2.16.5.Final.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a50db2af02"><code>a50db2a</code></a>
[maven-release-plugin] prepare release 2.16.5.Final</li>
<li><a
href="cf4efaeb14"><code>cf4efae</code></a>
Merge pull request <a
href="https://redirect.github.com/quarkusio/quarkus-platform/issues/793">#793</a>
from gsmet/quarkus-2.16.5</li>
<li><a
href="3510fd1737"><code>3510fd1</code></a>
Upgrade to Quarkus 2.16.5.Final</li>
<li><a
href="92d3885bd3"><code>92d3885</code></a>
Merge pull request <a
href="https://redirect.github.com/quarkusio/quarkus-platform/issues/784">#784</a>
from aloubyansky/2.16-sbom</li>
<li><a
href="181d0015a3"><code>181d001</code></a>
Refactor depsToBuild profile to sbom and generate SBOMs with appropriate
file...</li>
<li><a
href="44fcf9fd36"><code>44fcf9f</code></a>
Merge pull request <a
href="https://redirect.github.com/quarkusio/quarkus-platform/issues/779">#779</a>
from kie-ci/drools_kogito_optaplanner_1.35_8.35</li>
<li><a
href="b6783c3b01"><code>b6783c3</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li><a
href="d5e2c03f55"><code>d5e2c03</code></a>
Bump up kogito to 1.35.0.Final</li>
<li>See full diff in <a
href="https://github.com/quarkusio/quarkus-platform/compare/2.16.4.Final...2.16.5.Final">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Add application name to spring boot smoke test app so that it could be
used for testing spring boot service name auto detection. Also fixes
logging dependencies.
Bumps com.google.protobuf:protobuf-java-util from 3.22.0 to 3.22.2.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[io.quarkus.platform:quarkus-bom](https://github.com/quarkusio/quarkus-platform)
from 2.16.3.Final to 2.16.4.Final.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4d34799461"><code>4d34799</code></a>
[maven-release-plugin] prepare release 2.16.4.Final</li>
<li><a
href="96101cf3a3"><code>96101cf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/quarkusio/quarkus-platform/issues/778">#778</a>
from metacosm/2.16</li>
<li><a
href="50bae2c2ed"><code>50bae2c</code></a>
Update to Quarkus 2.16.4.Final</li>
<li><a
href="3ddee572e2"><code>3ddee57</code></a>
Update QOSDK to 5.1.1, skipping failing tests for now</li>
<li><a
href="e241821a11"><code>e241821</code></a>
Update QOSDK to 5.1.0</li>
<li><a
href="00b4468063"><code>00b4468</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/quarkusio/quarkus-platform/issues/775">#775</a>
from Naros/debezium-2.1.2-upgrade-2.16</li>
<li><a
href="e4a62d3077"><code>e4a62d3</code></a>
Upgrade to Debezium 2.1.2.Final</li>
<li><a
href="6a7cd63b3e"><code>6a7cd63</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/quarkusio/quarkus-platform/issues/774">#774</a>
from loicmathieu/gcp-1-4-0</li>
<li><a
href="05b61d3147"><code>05b61d3</code></a>
Upgrade to Google Cloud Services 1.4</li>
<li><a
href="03ed71ad15"><code>03ed71a</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li>See full diff in <a
href="https://github.com/quarkusio/quarkus-platform/compare/2.16.3.Final...2.16.4.Final">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps io.quarkus from 2.16.3.Final to 2.16.4.Final.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Basically, `akka-http` instrumenter has the responsibility to instrument
the `http.server.duration` for the Play framework application, but the
current implementation has not marked the `http.route` attribute.
ref:
8e8161cb2e/instrumentation/akka/akka-http-10.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/akkahttp/server/AkkaHttpServerAttributesGetter.java (L59)
Actually, it's hard to record that attribute by only the akka-http layer
because that library's request object doesn't hold the route
information, e.g. placeholder.
So this patch delegates that job to the `play-mvc` instrumenter and when
that has been able to get the route info, the instrumenter puts
`http.route` attribute onto `http.server.duration`.
For example, when the routes configuration of the Play is like the
following:
```
GET /foo/:bar controllers.HomeController.doSomething(bar: String)
```
and when it tries to access that API, then OTEL instruments like so:
```prometheus
http_server_duration_count{otel_scope_name="io.opentelemetry.akka-http-10.0",otel_scope_version="1.23.0-alpha-SNAPSHOT",http_flavor="1.1",http_method="GET",http_route="/foo/$bar<[^/]+>",http_scheme="http",http_status_code="200",net_host_name="localhost",net_host_port="9000"} 1.0 1676078079798
http_server_duration_sum{otel_scope_name="io.opentelemetry.akka-http-10.0",otel_scope_version="1.23.0-alpha-SNAPSHOT",http_flavor="1.1",http_method="GET",http_route="/foo/$bar<[^/]+>",http_scheme="http",http_status_code="200",net_host_name="localhost",net_host_port="9000"} 12183.558843 1676078079798
http_server_duration_bucket{otel_scope_name="io.opentelemetry.akka-http-10.0",otel_scope_version="1.23.0-alpha-SNAPSHOT",http_flavor="1.1",http_method="GET",http_route="/foo/$bar<[^/]+>",http_scheme="http",http_status_code="200",net_host_name="localhost",net_host_port="9000",le="0.0"} 0.0 1676078079798
...
http_server_duration_bucket{otel_scope_name="io.opentelemetry.akka-http-10.0",otel_scope_version="1.23.0-alpha-SNAPSHOT",http_flavor="1.1",http_method="GET",http_route="/foo/$bar<[^/]+>",http_scheme="http",http_status_code="200",net_host_name="localhost",net_host_port="9000",le="+Inf"} 1.0 1676078079798
```
Rel: #1415
---------
Signed-off-by: moznion <moznion@mail.moznion.net>
Bumps
[com.linecorp.armeria:armeria-grpc](https://github.com/line/armeria)
from 1.21.0 to 1.22.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/line/armeria/releases">com.linecorp.armeria:armeria-grpc's
releases</a>.</em></p>
<blockquote>
<h2>armeria-1.22.0</h2>
<p>See <a href="https://armeria.dev/release-notes/1.22.0/">the release
notes</a> for the complete change list.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c1fca3092b"><code>c1fca30</code></a>
Release armeria-1.22.0</li>
<li><a
href="904aee7e08"><code>904aee7</code></a>
Add release notes for 1.22.0 (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4656">#4656</a>)</li>
<li><a
href="a43cfa2204"><code>a43cfa2</code></a>
Return "431 Request Header Fields Too Large" for long headers
on HTTP/1 (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4655">#4655</a>)</li>
<li><a
href="e971022cc0"><code>e971022</code></a>
Fix a bug where duplicate parameters are shown in DocService (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4645">#4645</a>)</li>
<li><a
href="3713d52f39"><code>3713d52</code></a>
Fix a bug where <code>ClosedSessionException</code> is set to
<code>responseCause</code> for a succ...</li>
<li><a
href="bfc1924444"><code>bfc1924</code></a>
Use gRPC StatusRuntimeException instead of StatusException. (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4658">#4658</a>)</li>
<li><a
href="c11b7abf74"><code>c11b7ab</code></a>
Upgrade dependencies for 1.22.0 (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4653">#4653</a>)</li>
<li><a
href="c2cadb8c80"><code>c2cadb8</code></a>
Fix a <code>NullPointerException</code> raised while an aborted
<code>FixedStreamMessage</code> is ...</li>
<li><a
href="c6013672ac"><code>c601367</code></a>
Add <code>AsyncServerInterceptor</code> for gRPC services (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4647">#4647</a>)</li>
<li><a
href="36164e279f"><code>36164e2</code></a>
Support Thrift TypeDef in DocService (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4628">#4628</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/line/armeria/compare/armeria-1.21.0...armeria-1.22.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[io.quarkus.platform:quarkus-bom](https://github.com/quarkusio/quarkus-platform)
from 2.16.1.Final to 2.16.2.Final.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2ded23f828"><code>2ded23f</code></a>
[maven-release-plugin] prepare release 2.16.2.Final</li>
<li><a
href="df8791ce90"><code>df8791c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/quarkusio/quarkus-platform/issues/763">#763</a>
from gsmet/quarkus-2.16.2</li>
<li><a
href="5411b35e4c"><code>5411b35</code></a>
Update quarkus-platform-bom-maven-plugin to 0.0.76</li>
<li><a
href="919324bdf9"><code>919324b</code></a>
Set a higher Xmx for the build</li>
<li><a
href="c8b64bdc20"><code>c8b64bd</code></a>
Update to Quarkus Qpid JMS 0.42.0, uses Qpid JMS 1.8.0 against Quarkus
2.16.0...</li>
<li><a
href="0ef9a4d113"><code>0ef9a4d</code></a>
add ability to use different artifact version for qpid-jms integration
tests</li>
<li><a
href="abf56f3b8f"><code>abf56f3</code></a>
Upgrade to Quarkus 2.16.2.Final</li>
<li><a
href="09353dbb97"><code>09353db</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li>See full diff in <a
href="https://github.com/quarkusio/quarkus-platform/compare/2.16.1.Final...2.16.2.Final">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps io.quarkus from 2.16.1.Final to 2.16.2.Final.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps io.quarkus from 2.16.0.Final to 2.16.1.Final.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[io.quarkus.platform:quarkus-bom](https://github.com/quarkusio/quarkus-platform)
from 2.16.0.Final to 2.16.1.Final.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="88839c0bb3"><code>88839c0</code></a>
[maven-release-plugin] prepare release 2.16.1.Final</li>
<li><a
href="0d866dceb4"><code>0d866dc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/quarkusio/quarkus-platform/issues/760">#760</a>
from gsmet/quarkus-2.16.1</li>
<li><a
href="e4a2ef344b"><code>e4a2ef3</code></a>
Upgrade to Quarkus 2.16.1.Final</li>
<li><a
href="9c016685cb"><code>9c01668</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li>See full diff in <a
href="https://github.com/quarkusio/quarkus-platform/compare/2.16.0.Final...2.16.1.Final">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Let's keep close to the SDK repo config.
I reverted some of the changes, only left those that I think make sense
anyway (e.g. comparing enums with `==`)
Bumps [grpc-bom](https://github.com/grpc/grpc-java) from 1.52.0 to
1.52.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="57dfe8c913"><code>57dfe8c</code></a>
Bump version to 1.52.1</li>
<li><a
href="69f10e2662"><code>69f10e2</code></a>
Update README etc to reference 1.52.1</li>
<li><a
href="15026d5efb"><code>15026d5</code></a>
xds:fix cancel xds watcher accidentally removes the url (v1.52 backport)
(<a
href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/9810">#9810</a>)</li>
<li><a
href="a13a2dd960"><code>a13a2dd</code></a>
Bump version to 1.52.1-SNAPSHOT</li>
<li>See full diff in <a
href="https://github.com/grpc/grpc-java/compare/v1.52.0...v1.52.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps `playVer` from 2.8.18 to 2.8.19.
Updates `play-guice_2.12` from 2.8.18 to 2.8.19
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/playframework/playframework/releases">play-guice_2.12's
releases</a>.</em></p>
<blockquote>
<h2>Play 2.8.19</h2>
<p>The Play Team is happy to announce the release of Play 2.8.19
🥳</p>
<h2>📗 What is new?</h2>
<h2>ping/pong support for WebSockets 🏓</h2>
<p><a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11521">Finally</a>!
Check out the documentation:</p>
<ul>
<li><a
href="https://www.playframework.com/documentation/2.8.19/ScalaWebSockets#Configuring-keep-alive-Frames">WebSockets
Play Scala</a></li>
<li><a
href="https://www.playframework.com/documentation/2.8.19/JavaWebSockets#Configuring-keep-alive-Frames">WebSockets
Play Java</a></li>
</ul>
<h2>Using Netty, WebSockets time out now ⏳</h2>
<p><a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11420">Another
fix</a> for WebSockets ships with this release as well:
If you are using the Netty backend the
<code>play.server.http[s].idleTimeout</code> setting will now be honored
for WebSocket connections. Until now, when using Netty, a WebSocket
connection never timed out. That might even was desirable for some use
cases, but now that we have ping/pong support you have to make use of
that to keep WebSocket connections open. That is the correct way of
doing things and not closing connections after an idle timeout was
actually a bug. The akka-http backend was always working correctly and
didn't need to be fixed.</p>
<h2>Removed the shutdown hook from the default logback config
🪝</h2>
<p>If you have</p>
<pre lang="xml"><code><shutdownHook
class="ch.qos.logback.core.hook.DelayingShutdownHook"/>
</code></pre>
<p>in your logback config, you should remove that line. Play handles the
shutdown of the logger context, the line shown is not necassary anymore
since at least Play 2.7 and is a leftover that should have been removed
a while ago. More details can be found in the <a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11532">according
pull request</a>.</p>
<h2>Correctly encode <code>Content-Disposition: form-data;
name="..."; filename="..."</code>
🔠</h2>
<p>When Play renders a request body containing multipart/form data it
will now encode the name and the filename fields according the <a
href="https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data">"WHATWG
HTML living standard" section 4.10.21.8</a>. <code>curl</code>,
Firefox, Chrome and other libraries like Python's urllib3 follow the
same approach. Until now, Play didn't encode those fields which could
result in security implications. Just to be clear, this is not about
receiving and parsing multipart/form data from a client, but when
sending multipart/form data e.g. via ws or when using the
<code>RequestBuilder</code> to build a request for testing purposes.
Details can be found in pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11571">#11571</a>.</p>
<h2>A few words on Play's compatibility with sbt 1.8 🔧</h2>
<p>Now that sbt 1.8 got released there have been reports that it isn't
working out of the box with Play, caused by a version conflict regarding
scala-xml, see <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11522">#11522</a>.
Unfortunately, right now, we don't have a fix for that yet. Even if we
bump scala-xml to version 2.x in Play and all its dependencies, we can't
currently make sbt 1.8 work with Play because of another problem
described in <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11527">#11527</a>.
The good news is, that isn't a showstopper if you still want to upgrade
to sbt 1.8. You can do that right now by putting</p>
<pre lang="scala"><code>ThisBuild / libraryDependencySchemes +=
"org.scala-lang.modules" %% "scala-xml" %
VersionScheme.Always
</code></pre>
<p>in <code>project/plugins.sbt</code>. That is possible because
scala-xml 1.x and 2.x are compatible anyway. However, like described in
<a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11527">#11527</a>
you will not be able to use <code>PlayNonBlockingInteractionMode</code>
with sbt 1.8 then (which probably not many people do anyway)</p>
<h2>Further roadmap 🗺️</h2>
<p>...news coming soon...</p>
<h1>Merged pull requests</h1>
<p>Following pull requests got merged for this release:</p>
<ul>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11604">#11604</a>
[2.8.x] Upgrade netty + netty reactive streams + fix backports by <a
href="https://github.com/mkurz"><code>@mkurz</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11603">#11603</a>
[2.8.x] Escape Content-Disposition params according to WHATWG HTML
living standard (backport <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11571">#11571</a>)
by <a href="https://github.com/mkurz"><code>@mkurz</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11602">#11602</a>
[2.8.x] Add exceptionOverrideClassName Hikari config setting (backport
<a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11601">#11601</a>)
by <a
href="https://github.com/benwaffle"><code>@benwaffle</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11598">#11598</a>
[2.8.x] Fix the example code to DiscardingCookie for
Results#discardingCookies (backport <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11597">#11597</a>)
by <a
href="https://github.com/tsuyoshizawa"><code>@tsuyoshizawa</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11593">#11593</a>
Update PlayApplicationOverview.md by <a
href="https://github.com/SenthilNayagan"><code>@SenthilNayagan</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f71c8c9d48"><code>f71c8c9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11604">#11604</a>
from mkurz/upgrades</li>
<li><a
href="a0d913f1d8"><code>a0d913f</code></a>
Use --release instead of -source, -targe, -bootclasspath</li>
<li><a
href="cb98bbdf5e"><code>cb98bbd</code></a>
Scala 2.12 compatibility</li>
<li><a
href="d78a9ec953"><code>d78a9ec</code></a>
Fix backport: Keep using scala.collection.JavaConverters._</li>
<li><a
href="caf25fe528"><code>caf25fe</code></a>
Upgrade netty + netty reactive streams</li>
<li><a
href="f81bc59354"><code>f81bc59</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11603">#11603</a>
from playframework/mergify/bp/2.8.x/pr-11571</li>
<li><a
href="bb1c127ae4"><code>bb1c127</code></a>
Fix conflicts</li>
<li><a
href="f6f1b864ec"><code>f6f1b86</code></a>
Escape Content-Disposition params according to WHATWG HTML living
standard</li>
<li><a
href="abbebe4326"><code>abbebe4</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11602">#11602</a>
from playframework/mergify/bp/2.8.x/pr-11601</li>
<li><a
href="baf3860434"><code>baf3860</code></a>
Only two params needed/allowed</li>
<li>Additional commits viewable in <a
href="https://github.com/playframework/playframework/compare/2.8.18...2.8.19">compare
view</a></li>
</ul>
</details>
<br />
Updates `play-logback_2.12` from 2.8.18 to 2.8.19
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/playframework/playframework/releases">play-logback_2.12's
releases</a>.</em></p>
<blockquote>
<h2>Play 2.8.19</h2>
<p>The Play Team is happy to announce the release of Play 2.8.19
🥳</p>
<h2>📗 What is new?</h2>
<h2>ping/pong support for WebSockets 🏓</h2>
<p><a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11521">Finally</a>!
Check out the documentation:</p>
<ul>
<li><a
href="https://www.playframework.com/documentation/2.8.19/ScalaWebSockets#Configuring-keep-alive-Frames">WebSockets
Play Scala</a></li>
<li><a
href="https://www.playframework.com/documentation/2.8.19/JavaWebSockets#Configuring-keep-alive-Frames">WebSockets
Play Java</a></li>
</ul>
<h2>Using Netty, WebSockets time out now ⏳</h2>
<p><a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11420">Another
fix</a> for WebSockets ships with this release as well:
If you are using the Netty backend the
<code>play.server.http[s].idleTimeout</code> setting will now be honored
for WebSocket connections. Until now, when using Netty, a WebSocket
connection never timed out. That might even was desirable for some use
cases, but now that we have ping/pong support you have to make use of
that to keep WebSocket connections open. That is the correct way of
doing things and not closing connections after an idle timeout was
actually a bug. The akka-http backend was always working correctly and
didn't need to be fixed.</p>
<h2>Removed the shutdown hook from the default logback config
🪝</h2>
<p>If you have</p>
<pre lang="xml"><code><shutdownHook
class="ch.qos.logback.core.hook.DelayingShutdownHook"/>
</code></pre>
<p>in your logback config, you should remove that line. Play handles the
shutdown of the logger context, the line shown is not necassary anymore
since at least Play 2.7 and is a leftover that should have been removed
a while ago. More details can be found in the <a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11532">according
pull request</a>.</p>
<h2>Correctly encode <code>Content-Disposition: form-data;
name="..."; filename="..."</code>
🔠</h2>
<p>When Play renders a request body containing multipart/form data it
will now encode the name and the filename fields according the <a
href="https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data">"WHATWG
HTML living standard" section 4.10.21.8</a>. <code>curl</code>,
Firefox, Chrome and other libraries like Python's urllib3 follow the
same approach. Until now, Play didn't encode those fields which could
result in security implications. Just to be clear, this is not about
receiving and parsing multipart/form data from a client, but when
sending multipart/form data e.g. via ws or when using the
<code>RequestBuilder</code> to build a request for testing purposes.
Details can be found in pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11571">#11571</a>.</p>
<h2>A few words on Play's compatibility with sbt 1.8 🔧</h2>
<p>Now that sbt 1.8 got released there have been reports that it isn't
working out of the box with Play, caused by a version conflict regarding
scala-xml, see <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11522">#11522</a>.
Unfortunately, right now, we don't have a fix for that yet. Even if we
bump scala-xml to version 2.x in Play and all its dependencies, we can't
currently make sbt 1.8 work with Play because of another problem
described in <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11527">#11527</a>.
The good news is, that isn't a showstopper if you still want to upgrade
to sbt 1.8. You can do that right now by putting</p>
<pre lang="scala"><code>ThisBuild / libraryDependencySchemes +=
"org.scala-lang.modules" %% "scala-xml" %
VersionScheme.Always
</code></pre>
<p>in <code>project/plugins.sbt</code>. That is possible because
scala-xml 1.x and 2.x are compatible anyway. However, like described in
<a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11527">#11527</a>
you will not be able to use <code>PlayNonBlockingInteractionMode</code>
with sbt 1.8 then (which probably not many people do anyway)</p>
<h2>Further roadmap 🗺️</h2>
<p>...news coming soon...</p>
<h1>Merged pull requests</h1>
<p>Following pull requests got merged for this release:</p>
<ul>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11604">#11604</a>
[2.8.x] Upgrade netty + netty reactive streams + fix backports by <a
href="https://github.com/mkurz"><code>@mkurz</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11603">#11603</a>
[2.8.x] Escape Content-Disposition params according to WHATWG HTML
living standard (backport <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11571">#11571</a>)
by <a href="https://github.com/mkurz"><code>@mkurz</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11602">#11602</a>
[2.8.x] Add exceptionOverrideClassName Hikari config setting (backport
<a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11601">#11601</a>)
by <a
href="https://github.com/benwaffle"><code>@benwaffle</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11598">#11598</a>
[2.8.x] Fix the example code to DiscardingCookie for
Results#discardingCookies (backport <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11597">#11597</a>)
by <a
href="https://github.com/tsuyoshizawa"><code>@tsuyoshizawa</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11593">#11593</a>
Update PlayApplicationOverview.md by <a
href="https://github.com/SenthilNayagan"><code>@SenthilNayagan</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f71c8c9d48"><code>f71c8c9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11604">#11604</a>
from mkurz/upgrades</li>
<li><a
href="a0d913f1d8"><code>a0d913f</code></a>
Use --release instead of -source, -targe, -bootclasspath</li>
<li><a
href="cb98bbdf5e"><code>cb98bbd</code></a>
Scala 2.12 compatibility</li>
<li><a
href="d78a9ec953"><code>d78a9ec</code></a>
Fix backport: Keep using scala.collection.JavaConverters._</li>
<li><a
href="caf25fe528"><code>caf25fe</code></a>
Upgrade netty + netty reactive streams</li>
<li><a
href="f81bc59354"><code>f81bc59</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11603">#11603</a>
from playframework/mergify/bp/2.8.x/pr-11571</li>
<li><a
href="bb1c127ae4"><code>bb1c127</code></a>
Fix conflicts</li>
<li><a
href="f6f1b864ec"><code>f6f1b86</code></a>
Escape Content-Disposition params according to WHATWG HTML living
standard</li>
<li><a
href="abbebe4326"><code>abbebe4</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11602">#11602</a>
from playframework/mergify/bp/2.8.x/pr-11601</li>
<li><a
href="baf3860434"><code>baf3860</code></a>
Only two params needed/allowed</li>
<li>Additional commits viewable in <a
href="https://github.com/playframework/playframework/compare/2.8.18...2.8.19">compare
view</a></li>
</ul>
</details>
<br />
Updates `filters-helpers_2.12` from 2.8.18 to 2.8.19
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/playframework/playframework/releases">filters-helpers_2.12's
releases</a>.</em></p>
<blockquote>
<h2>Play 2.8.19</h2>
<p>The Play Team is happy to announce the release of Play 2.8.19
🥳</p>
<h2>📗 What is new?</h2>
<h2>ping/pong support for WebSockets 🏓</h2>
<p><a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11521">Finally</a>!
Check out the documentation:</p>
<ul>
<li><a
href="https://www.playframework.com/documentation/2.8.19/ScalaWebSockets#Configuring-keep-alive-Frames">WebSockets
Play Scala</a></li>
<li><a
href="https://www.playframework.com/documentation/2.8.19/JavaWebSockets#Configuring-keep-alive-Frames">WebSockets
Play Java</a></li>
</ul>
<h2>Using Netty, WebSockets time out now ⏳</h2>
<p><a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11420">Another
fix</a> for WebSockets ships with this release as well:
If you are using the Netty backend the
<code>play.server.http[s].idleTimeout</code> setting will now be honored
for WebSocket connections. Until now, when using Netty, a WebSocket
connection never timed out. That might even was desirable for some use
cases, but now that we have ping/pong support you have to make use of
that to keep WebSocket connections open. That is the correct way of
doing things and not closing connections after an idle timeout was
actually a bug. The akka-http backend was always working correctly and
didn't need to be fixed.</p>
<h2>Removed the shutdown hook from the default logback config
🪝</h2>
<p>If you have</p>
<pre lang="xml"><code><shutdownHook
class="ch.qos.logback.core.hook.DelayingShutdownHook"/>
</code></pre>
<p>in your logback config, you should remove that line. Play handles the
shutdown of the logger context, the line shown is not necassary anymore
since at least Play 2.7 and is a leftover that should have been removed
a while ago. More details can be found in the <a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11532">according
pull request</a>.</p>
<h2>Correctly encode <code>Content-Disposition: form-data;
name="..."; filename="..."</code>
🔠</h2>
<p>When Play renders a request body containing multipart/form data it
will now encode the name and the filename fields according the <a
href="https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data">"WHATWG
HTML living standard" section 4.10.21.8</a>. <code>curl</code>,
Firefox, Chrome and other libraries like Python's urllib3 follow the
same approach. Until now, Play didn't encode those fields which could
result in security implications. Just to be clear, this is not about
receiving and parsing multipart/form data from a client, but when
sending multipart/form data e.g. via ws or when using the
<code>RequestBuilder</code> to build a request for testing purposes.
Details can be found in pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11571">#11571</a>.</p>
<h2>A few words on Play's compatibility with sbt 1.8 🔧</h2>
<p>Now that sbt 1.8 got released there have been reports that it isn't
working out of the box with Play, caused by a version conflict regarding
scala-xml, see <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11522">#11522</a>.
Unfortunately, right now, we don't have a fix for that yet. Even if we
bump scala-xml to version 2.x in Play and all its dependencies, we can't
currently make sbt 1.8 work with Play because of another problem
described in <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11527">#11527</a>.
The good news is, that isn't a showstopper if you still want to upgrade
to sbt 1.8. You can do that right now by putting</p>
<pre lang="scala"><code>ThisBuild / libraryDependencySchemes +=
"org.scala-lang.modules" %% "scala-xml" %
VersionScheme.Always
</code></pre>
<p>in <code>project/plugins.sbt</code>. That is possible because
scala-xml 1.x and 2.x are compatible anyway. However, like described in
<a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11527">#11527</a>
you will not be able to use <code>PlayNonBlockingInteractionMode</code>
with sbt 1.8 then (which probably not many people do anyway)</p>
<h2>Further roadmap 🗺️</h2>
<p>...news coming soon...</p>
<h1>Merged pull requests</h1>
<p>Following pull requests got merged for this release:</p>
<ul>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11604">#11604</a>
[2.8.x] Upgrade netty + netty reactive streams + fix backports by <a
href="https://github.com/mkurz"><code>@mkurz</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11603">#11603</a>
[2.8.x] Escape Content-Disposition params according to WHATWG HTML
living standard (backport <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11571">#11571</a>)
by <a href="https://github.com/mkurz"><code>@mkurz</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11602">#11602</a>
[2.8.x] Add exceptionOverrideClassName Hikari config setting (backport
<a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11601">#11601</a>)
by <a
href="https://github.com/benwaffle"><code>@benwaffle</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11598">#11598</a>
[2.8.x] Fix the example code to DiscardingCookie for
Results#discardingCookies (backport <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11597">#11597</a>)
by <a
href="https://github.com/tsuyoshizawa"><code>@tsuyoshizawa</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11593">#11593</a>
Update PlayApplicationOverview.md by <a
href="https://github.com/SenthilNayagan"><code>@SenthilNayagan</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f71c8c9d48"><code>f71c8c9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11604">#11604</a>
from mkurz/upgrades</li>
<li><a
href="a0d913f1d8"><code>a0d913f</code></a>
Use --release instead of -source, -targe, -bootclasspath</li>
<li><a
href="cb98bbdf5e"><code>cb98bbd</code></a>
Scala 2.12 compatibility</li>
<li><a
href="d78a9ec953"><code>d78a9ec</code></a>
Fix backport: Keep using scala.collection.JavaConverters._</li>
<li><a
href="caf25fe528"><code>caf25fe</code></a>
Upgrade netty + netty reactive streams</li>
<li><a
href="f81bc59354"><code>f81bc59</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11603">#11603</a>
from playframework/mergify/bp/2.8.x/pr-11571</li>
<li><a
href="bb1c127ae4"><code>bb1c127</code></a>
Fix conflicts</li>
<li><a
href="f6f1b864ec"><code>f6f1b86</code></a>
Escape Content-Disposition params according to WHATWG HTML living
standard</li>
<li><a
href="abbebe4326"><code>abbebe4</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11602">#11602</a>
from playframework/mergify/bp/2.8.x/pr-11601</li>
<li><a
href="baf3860434"><code>baf3860</code></a>
Only two params needed/allowed</li>
<li>Additional commits viewable in <a
href="https://github.com/playframework/playframework/compare/2.8.18...2.8.19">compare
view</a></li>
</ul>
</details>
<br />
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps io.quarkus from 2.15.2.Final to 2.15.3.Final.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [quarkus-bom](https://github.com/quarkusio/quarkus-platform) from
2.15.2.Final to 2.15.3.Final.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3447093c5b"><code>3447093</code></a>
[maven-release-plugin] prepare release 2.15.3.Final</li>
<li><a
href="7859fa644d"><code>7859fa6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/quarkusio/quarkus-platform/issues/743">#743</a>
from gsmet/quarkus-2.15.3</li>
<li><a
href="2f3b9b9fd2"><code>2f3b9b9</code></a>
Upgrade to Quarkus 2.15.3.Final</li>
<li><a
href="55678c7e08"><code>55678c7</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li>See full diff in <a
href="https://github.com/quarkusio/quarkus-platform/compare/2.15.2.Final...2.15.3.Final">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [quarkus-bom](https://github.com/quarkusio/quarkus-platform) from
2.15.1.Final to 2.15.2.Final.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="32beed6ca6"><code>32beed6</code></a>
[maven-release-plugin] prepare release 2.15.2.Final</li>
<li><a
href="bae99cfe6e"><code>bae99cf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/quarkusio/quarkus-platform/issues/742">#742</a>
from gsmet/quarkus-2.15.2</li>
<li><a
href="f46af6db88"><code>f46af6d</code></a>
Upgrade to Quarkus 2.15.2.Final</li>
<li><a
href="055f644d9b"><code>055f644</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li>See full diff in <a
href="https://github.com/quarkusio/quarkus-platform/compare/2.15.1.Final...2.15.2.Final">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps io.quarkus from 2.15.1.Final to 2.15.2.Final.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [spotless-plugin-gradle](https://github.com/diffplug/spotless)
from 6.12.0 to 6.12.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="718a504c12"><code>718a504</code></a>
Published gradle/6.12.1</li>
<li><a
href="c13acee213"><code>c13acee</code></a>
Published lib/2.31.1</li>
<li><a
href="552aabf876"><code>552aabf</code></a>
fix(deps): update dependency com.facebook:ktfmt to v0.42 (<a
href="https://github-redirect.dependabot.com/diffplug/spotless/issues/1421">#1421</a>)</li>
<li><a
href="4063e9f6d1"><code>4063e9f</code></a>
Add support for KtLint 0.48.0 (<a
href="https://github-redirect.dependabot.com/diffplug/spotless/issues/1432">#1432</a>
fixes <a
href="https://github-redirect.dependabot.com/diffplug/spotless/issues/1430">#1430</a>)</li>
<li><a
href="062e835846"><code>062e835</code></a>
Bump changelogs.</li>
<li><a
href="8f7e00594d"><code>8f7e005</code></a>
spotlessApply</li>
<li><a
href="9a8ccae9ec"><code>9a8ccae</code></a>
Bump default ktfmt 0.41 -> 0.42</li>
<li><a
href="fb4277d2b1"><code>fb4277d</code></a>
Merge branch 'main-ktlint-0.48.0' into renovate/ver_ktfmt</li>
<li><a
href="b44d70d00a"><code>b44d70d</code></a>
Move changelog entries to the correct release.</li>
<li><a
href="b3d8e89002"><code>b3d8e89</code></a>
spotlessApply for 2023</li>
<li>Additional commits viewable in <a
href="https://github.com/diffplug/spotless/compare/gradle/6.12.0...gradle/6.12.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mateusz Rzeszutek <mrzeszutek@splunk.com>
Bumps [quarkus-bom](https://github.com/quarkusio/quarkus-platform) from
2.15.0.Final to 2.15.1.Final.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5a96ce0de3"><code>5a96ce0</code></a>
[maven-release-plugin] prepare release 2.15.1.Final</li>
<li><a
href="b5b8c36e01"><code>b5b8c36</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/quarkusio/quarkus-platform/issues/738">#738</a>
from gsmet/quarkus-2.15.1</li>
<li><a
href="42165b0d27"><code>42165b0</code></a>
Upgrade to Quarkus 2.15.1.Final</li>
<li><a
href="33b6706928"><code>33b6706</code></a>
Bump up kogito to 1.32.0.Final</li>
<li><a
href="732679c78f"><code>732679c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/quarkusio/quarkus-platform/issues/735">#735</a>
from gsmet/amazon-services-1.4.0-2.15</li>
<li><a
href="c77846591f"><code>c778465</code></a>
Upgrade Amazon Services to 1.4.0</li>
<li><a
href="f781da9ffb"><code>f781da9</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li>See full diff in <a
href="https://github.com/quarkusio/quarkus-platform/compare/2.15.0.Final...2.15.1.Final">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps io.quarkus from 2.15.0.Final to 2.15.1.Final.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [armeria-grpc](https://github.com/line/armeria) from 1.20.3 to
1.21.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/line/armeria/releases">armeria-grpc's
releases</a>.</em></p>
<blockquote>
<h2>armeria-1.21.0</h2>
<p>See <a href="https://armeria.dev/release-notes/1.21.0/">the release
notes</a> for the complete change list.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a2de8291b1"><code>a2de829</code></a>
Release armeria-1.21.0</li>
<li><a
href="684329f5ee"><code>684329f</code></a>
Update to use JDK 19 when releasing</li>
<li><a
href="fbc45b3a39"><code>fbc45b3</code></a>
Update the project version to 1.21.1-SNAPSHOT</li>
<li><a
href="d18f029a72"><code>d18f029</code></a>
Add release note for 1.21.0 and 1.16.1 (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4581">#4581</a>)</li>
<li><a
href="3a23bffac4"><code>3a23bff</code></a>
Update dependencies (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4579">#4579</a>)</li>
<li><a
href="2ff218bae2"><code>2ff218b</code></a>
build with jdk 19 and Gradle 7.6 (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4466">#4466</a>)</li>
<li><a
href="5d92b30a73"><code>5d92b30</code></a>
<code>Flags#meterRegistry</code> returns a <code>MeterRegistry</code>
(<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4580">#4580</a>)</li>
<li><a
href="dd49448e73"><code>dd49448</code></a>
Limit the max length of decoded content in
<code>Decoding{Service,Client}</code> (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4564">#4564</a>)</li>
<li><a
href="fee87f8da9"><code>fee87f8</code></a>
Add client and server default headers (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4520">#4520</a>)</li>
<li><a
href="f4781d52a3"><code>f4781d5</code></a>
Fix a deadlock when a late response are written first in HTTP/1
pipelining (#...</li>
<li>Additional commits viewable in <a
href="https://github.com/line/armeria/compare/armeria-1.20.3...armeria-1.21.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps protobuf-java-util from 3.21.11 to 3.21.12.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [grpc-bom](https://github.com/grpc/grpc-java) from 1.51.0 to
1.51.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="68b7089223"><code>68b7089</code></a>
Bump version to 1.51.1</li>
<li><a
href="d448478dad"><code>d448478</code></a>
Update README etc to reference 1.51.1</li>
<li><a
href="eec9f67afc"><code>eec9f67</code></a>
xds:Fix ConcurrentModificationException in PriorityLoadBalancer (<a
href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/9728">#9728</a>)
(<a
href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/9744">#9744</a>)</li>
<li><a
href="73c4194774"><code>73c4194</code></a>
Bump version to 1.51.1-SNAPSHOT</li>
<li>See full diff in <a
href="https://github.com/grpc/grpc-java/compare/v1.51.0...v1.51.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps io.quarkus from 2.14.3.Final to 2.15.0.Final.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps protobuf-java-util from 3.21.10 to 3.21.11.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
I think these were excluded when we were still using adoptopenjdk, but I
think should work now that we are using ibm-semeru-runtimes
note: Java 18 looks like the latest release in ibm-semeru-runtimes (no
Java 19 yet)
* Use separate steps to build and test smoke tests
* Use gradle-build-action only to set up cache
* Update .github/workflows/reusable-smoke-test.yml
Co-authored-by: Trask Stalnaker <trask.stalnaker@gmail.com>
Co-authored-by: Trask Stalnaker <trask.stalnaker@gmail.com>
* Work around jvm crash on early 1.8
* skip retransform if class was already transformed during load
* fix imports after rebase
* add test
* disable test on windows
* Add smoke test image for websphere and update other images
* fix windows liberty image build
* modify workflow to build websphere images
* correct liberty release
* fix typo
* add windows supported flag to server matrix
renovate[bot]
Lauri Tulmin
Trask Stalnaker
dependabot[bot]
jason plumb
Jérôme Prinet
Mateusz Rzeszutek
Abhinandan Seshadri
siyuniu-ms
Felix Wong
moznion
Aaron Ai
jack-berg
Lauri Tulmin
Anuraag Agrawal
Nikita Salnikov-Tarnovski
Martin