This pr gives classes defined in agent and extension class loaders all
permissions. Injected helper classes are also defined with all
permissions. Agent startup is altered so that we won't call methods that
require permission before we are able to get those permissions.
This pr does not attempt to address issues where agent code could allow
user code to circumvent security manager e.g.
https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/main/javaagent-bootstrap/src/main/java/io/opentelemetry/javaagent/bootstrap/InstrumentationHolder.java
gives access to `Instrumentation` that could be used to redefine classes
and remove security checks. Also this pr does not address failed
permission checks that could arise from user code calling agent code.
When user code, that does not have privileges, calls agent code, that
has the privileges, and agent code performs a sensitive operation then
permission check would fail because it is performed for all calling
classes, including the user classes. To fix this agent code should uses
`AccessController.doPrivileged` which basically means that, hey I have
done all the checks, run this call with my privileges and ignore the
privileges of my callers.
Bumps [io.grpc:grpc-bom](https://github.com/grpc/grpc-java) from 1.53.0
to 1.54.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e988f84d14"><code>e988f84</code></a>
Bump version to 1.54.0</li>
<li><a
href="abdb6980ec"><code>abdb698</code></a>
Update README etc to reference 1.54.0</li>
<li><a
href="61ec299352"><code>61ec299</code></a>
Remove sleep from Observability Interop Test binary now that its done in
clos...</li>
<li><a
href="9f26b7dd08"><code>9f26b7d</code></a>
gcp-o11y: add default custom tag for metrics exporter</li>
<li><a
href="fefa2d9b16"><code>fefa2d9</code></a>
examples: add gcp-observability examples (v1.54.x backport) (<a
href="https://redirect.github.com/grpc/grpc-java/issues/9987">#9987</a>)</li>
<li><a
href="882a27bcb6"><code>882a27b</code></a>
gcp-o11y: add sleep in Observability close()</li>
<li><a
href="2e41c9a5cb"><code>2e41c9a</code></a>
disable recording real-time metrics using in gcp-o11y</li>
<li><a
href="132bf3e573"><code>132bf3e</code></a>
interop-testing: Do not System.exit(0) from interop client</li>
<li><a
href="85ce900dfc"><code>85ce900</code></a>
gcp-observability, census: add trace information to logs (<a
href="https://redirect.github.com/grpc/grpc-java/issues/9963">#9963</a>)</li>
<li><a
href="bb39ca3ec9"><code>bb39ca3</code></a>
gcp-observability: Update logging fields for GA and use custom
BatchingSettin...</li>
<li>Additional commits viewable in <a
href="https://github.com/grpc/grpc-java/compare/v1.53.0...v1.54.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps io.quarkus from 2.16.4.Final to 2.16.5.Final.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[io.quarkus.platform:quarkus-bom](https://github.com/quarkusio/quarkus-platform)
from 2.16.4.Final to 2.16.5.Final.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a50db2af02"><code>a50db2a</code></a>
[maven-release-plugin] prepare release 2.16.5.Final</li>
<li><a
href="cf4efaeb14"><code>cf4efae</code></a>
Merge pull request <a
href="https://redirect.github.com/quarkusio/quarkus-platform/issues/793">#793</a>
from gsmet/quarkus-2.16.5</li>
<li><a
href="3510fd1737"><code>3510fd1</code></a>
Upgrade to Quarkus 2.16.5.Final</li>
<li><a
href="92d3885bd3"><code>92d3885</code></a>
Merge pull request <a
href="https://redirect.github.com/quarkusio/quarkus-platform/issues/784">#784</a>
from aloubyansky/2.16-sbom</li>
<li><a
href="181d0015a3"><code>181d001</code></a>
Refactor depsToBuild profile to sbom and generate SBOMs with appropriate
file...</li>
<li><a
href="44fcf9fd36"><code>44fcf9f</code></a>
Merge pull request <a
href="https://redirect.github.com/quarkusio/quarkus-platform/issues/779">#779</a>
from kie-ci/drools_kogito_optaplanner_1.35_8.35</li>
<li><a
href="b6783c3b01"><code>b6783c3</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li><a
href="d5e2c03f55"><code>d5e2c03</code></a>
Bump up kogito to 1.35.0.Final</li>
<li>See full diff in <a
href="https://github.com/quarkusio/quarkus-platform/compare/2.16.4.Final...2.16.5.Final">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Add application name to spring boot smoke test app so that it could be
used for testing spring boot service name auto detection. Also fixes
logging dependencies.
Bumps com.google.protobuf:protobuf-java-util from 3.22.0 to 3.22.2.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[io.quarkus.platform:quarkus-bom](https://github.com/quarkusio/quarkus-platform)
from 2.16.3.Final to 2.16.4.Final.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4d34799461"><code>4d34799</code></a>
[maven-release-plugin] prepare release 2.16.4.Final</li>
<li><a
href="96101cf3a3"><code>96101cf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/quarkusio/quarkus-platform/issues/778">#778</a>
from metacosm/2.16</li>
<li><a
href="50bae2c2ed"><code>50bae2c</code></a>
Update to Quarkus 2.16.4.Final</li>
<li><a
href="3ddee572e2"><code>3ddee57</code></a>
Update QOSDK to 5.1.1, skipping failing tests for now</li>
<li><a
href="e241821a11"><code>e241821</code></a>
Update QOSDK to 5.1.0</li>
<li><a
href="00b4468063"><code>00b4468</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/quarkusio/quarkus-platform/issues/775">#775</a>
from Naros/debezium-2.1.2-upgrade-2.16</li>
<li><a
href="e4a62d3077"><code>e4a62d3</code></a>
Upgrade to Debezium 2.1.2.Final</li>
<li><a
href="6a7cd63b3e"><code>6a7cd63</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/quarkusio/quarkus-platform/issues/774">#774</a>
from loicmathieu/gcp-1-4-0</li>
<li><a
href="05b61d3147"><code>05b61d3</code></a>
Upgrade to Google Cloud Services 1.4</li>
<li><a
href="03ed71ad15"><code>03ed71a</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li>See full diff in <a
href="https://github.com/quarkusio/quarkus-platform/compare/2.16.3.Final...2.16.4.Final">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps io.quarkus from 2.16.3.Final to 2.16.4.Final.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Basically, `akka-http` instrumenter has the responsibility to instrument
the `http.server.duration` for the Play framework application, but the
current implementation has not marked the `http.route` attribute.
ref:
8e8161cb2e/instrumentation/akka/akka-http-10.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/akkahttp/server/AkkaHttpServerAttributesGetter.java (L59)
Actually, it's hard to record that attribute by only the akka-http layer
because that library's request object doesn't hold the route
information, e.g. placeholder.
So this patch delegates that job to the `play-mvc` instrumenter and when
that has been able to get the route info, the instrumenter puts
`http.route` attribute onto `http.server.duration`.
For example, when the routes configuration of the Play is like the
following:
```
GET /foo/:bar controllers.HomeController.doSomething(bar: String)
```
and when it tries to access that API, then OTEL instruments like so:
```prometheus
http_server_duration_count{otel_scope_name="io.opentelemetry.akka-http-10.0",otel_scope_version="1.23.0-alpha-SNAPSHOT",http_flavor="1.1",http_method="GET",http_route="/foo/$bar<[^/]+>",http_scheme="http",http_status_code="200",net_host_name="localhost",net_host_port="9000"} 1.0 1676078079798
http_server_duration_sum{otel_scope_name="io.opentelemetry.akka-http-10.0",otel_scope_version="1.23.0-alpha-SNAPSHOT",http_flavor="1.1",http_method="GET",http_route="/foo/$bar<[^/]+>",http_scheme="http",http_status_code="200",net_host_name="localhost",net_host_port="9000"} 12183.558843 1676078079798
http_server_duration_bucket{otel_scope_name="io.opentelemetry.akka-http-10.0",otel_scope_version="1.23.0-alpha-SNAPSHOT",http_flavor="1.1",http_method="GET",http_route="/foo/$bar<[^/]+>",http_scheme="http",http_status_code="200",net_host_name="localhost",net_host_port="9000",le="0.0"} 0.0 1676078079798
...
http_server_duration_bucket{otel_scope_name="io.opentelemetry.akka-http-10.0",otel_scope_version="1.23.0-alpha-SNAPSHOT",http_flavor="1.1",http_method="GET",http_route="/foo/$bar<[^/]+>",http_scheme="http",http_status_code="200",net_host_name="localhost",net_host_port="9000",le="+Inf"} 1.0 1676078079798
```
Rel: #1415
---------
Signed-off-by: moznion <moznion@mail.moznion.net>
Bumps
[com.linecorp.armeria:armeria-grpc](https://github.com/line/armeria)
from 1.21.0 to 1.22.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/line/armeria/releases">com.linecorp.armeria:armeria-grpc's
releases</a>.</em></p>
<blockquote>
<h2>armeria-1.22.0</h2>
<p>See <a href="https://armeria.dev/release-notes/1.22.0/">the release
notes</a> for the complete change list.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c1fca3092b"><code>c1fca30</code></a>
Release armeria-1.22.0</li>
<li><a
href="904aee7e08"><code>904aee7</code></a>
Add release notes for 1.22.0 (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4656">#4656</a>)</li>
<li><a
href="a43cfa2204"><code>a43cfa2</code></a>
Return "431 Request Header Fields Too Large" for long headers
on HTTP/1 (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4655">#4655</a>)</li>
<li><a
href="e971022cc0"><code>e971022</code></a>
Fix a bug where duplicate parameters are shown in DocService (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4645">#4645</a>)</li>
<li><a
href="3713d52f39"><code>3713d52</code></a>
Fix a bug where <code>ClosedSessionException</code> is set to
<code>responseCause</code> for a succ...</li>
<li><a
href="bfc1924444"><code>bfc1924</code></a>
Use gRPC StatusRuntimeException instead of StatusException. (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4658">#4658</a>)</li>
<li><a
href="c11b7abf74"><code>c11b7ab</code></a>
Upgrade dependencies for 1.22.0 (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4653">#4653</a>)</li>
<li><a
href="c2cadb8c80"><code>c2cadb8</code></a>
Fix a <code>NullPointerException</code> raised while an aborted
<code>FixedStreamMessage</code> is ...</li>
<li><a
href="c6013672ac"><code>c601367</code></a>
Add <code>AsyncServerInterceptor</code> for gRPC services (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4647">#4647</a>)</li>
<li><a
href="36164e279f"><code>36164e2</code></a>
Support Thrift TypeDef in DocService (<a
href="https://github-redirect.dependabot.com/line/armeria/issues/4628">#4628</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/line/armeria/compare/armeria-1.21.0...armeria-1.22.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[io.quarkus.platform:quarkus-bom](https://github.com/quarkusio/quarkus-platform)
from 2.16.1.Final to 2.16.2.Final.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2ded23f828"><code>2ded23f</code></a>
[maven-release-plugin] prepare release 2.16.2.Final</li>
<li><a
href="df8791ce90"><code>df8791c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/quarkusio/quarkus-platform/issues/763">#763</a>
from gsmet/quarkus-2.16.2</li>
<li><a
href="5411b35e4c"><code>5411b35</code></a>
Update quarkus-platform-bom-maven-plugin to 0.0.76</li>
<li><a
href="919324bdf9"><code>919324b</code></a>
Set a higher Xmx for the build</li>
<li><a
href="c8b64bdc20"><code>c8b64bd</code></a>
Update to Quarkus Qpid JMS 0.42.0, uses Qpid JMS 1.8.0 against Quarkus
2.16.0...</li>
<li><a
href="0ef9a4d113"><code>0ef9a4d</code></a>
add ability to use different artifact version for qpid-jms integration
tests</li>
<li><a
href="abf56f3b8f"><code>abf56f3</code></a>
Upgrade to Quarkus 2.16.2.Final</li>
<li><a
href="09353dbb97"><code>09353db</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li>See full diff in <a
href="https://github.com/quarkusio/quarkus-platform/compare/2.16.1.Final...2.16.2.Final">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps io.quarkus from 2.16.1.Final to 2.16.2.Final.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps io.quarkus from 2.16.0.Final to 2.16.1.Final.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[io.quarkus.platform:quarkus-bom](https://github.com/quarkusio/quarkus-platform)
from 2.16.0.Final to 2.16.1.Final.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="88839c0bb3"><code>88839c0</code></a>
[maven-release-plugin] prepare release 2.16.1.Final</li>
<li><a
href="0d866dceb4"><code>0d866dc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/quarkusio/quarkus-platform/issues/760">#760</a>
from gsmet/quarkus-2.16.1</li>
<li><a
href="e4a2ef344b"><code>e4a2ef3</code></a>
Upgrade to Quarkus 2.16.1.Final</li>
<li><a
href="9c016685cb"><code>9c01668</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li>See full diff in <a
href="https://github.com/quarkusio/quarkus-platform/compare/2.16.0.Final...2.16.1.Final">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot]
Mateusz Rzeszutek
Felix Wong
Lauri Tulmin
Trask Stalnaker
moznion