Solves. #6991
This PR implements the request portion of the new gRPC metadata
instrumentation spec:
https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/semantic_conventions/rpc.md#grpc-request-and-response-metadata
The changes include:
- new CommonConfig entry for desired gRPC metadata values:
'otel.instrumentation.grpc.capture-metadata.request'
(Similar to http headers)
- setting the desired metadata values in GrpcTelemetry
- new property in GrpcAttributesExtractor that holds a reference to the
GrpcRpcAttributesGetter
- new property in GrpcAttributesExtractor that stores the desired values
so it can iterate them and extract each one from the request
- inject the GrpcRpcAttributesGetter to GrpcAttributesExtractor (in
GrpcTelemetryBuilder)
- logic in GrpcRpcAttributesGetter to safely extract the gRPC metadata
value
- A new test in GrpcTest that makes sure that when a certain metadata
key name is inserted, it also ends up in the span attributes
** Doesn't take care of the response because gRPC response is not
implemented in java-instrumentation yet. (This is absolutely necessary
but out of scope for this PR)
** "metadataValue" is only implemented inside GrpcRpcAttributesGetter
and not in RpcAttributesGetter to avoid providing implementations for
every RpcAttributesGetter in the repo as this PR only focuses on gRPC.
Co-authored-by: Trask Stalnaker <trask.stalnaker@gmail.com>
Let's keep close to the SDK repo config.
I reverted some of the changes, only left those that I think make sense
anyway (e.g. comparing enums with `==`)
Bumps dependency-check-gradle from 7.4.4 to 8.0.0.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [joox](https://github.com/jOOQ/jOOX) from 1.6.2 to 2.0.0.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/jOOQ/jOOX/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [mockito-core](https://github.com/mockito/mockito) from 4.11.0 to
5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/mockito/mockito/releases">mockito-core's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h1>Mockito 5: prepare for future JDK versions</h1>
<p>For a while now, we have seen an increase in
problems/incompatibilities with recent versions of the JDK due to our
usage of JVM-internal API.
Most notably, JDK 17 made some changes which are incompatible with the
current subclass mockmaker.
Therefore, to prepare for the future of JDK, we are making some core
changes to ensure Mockito keeps on working.</p>
<h2>Switch the default mockmaker to <code>mockito-inline</code></h2>
<p>Back in Mockito 2.7.6, we published a new mockmaker based on the
"inline bytecode" principle.
This mockmaker creates mocks manipulating bytecode equivalent within the
original class such that its method implementations hook into the normal
Mockito machinery.
As a comparison, the subclass mockmaker generates "real"
subclasses for mocks, to mimic the same behavior.
While the approaches are similar, the inline mockmaker avoids certain
restrictions that the JDK imposes.
For example, it does not violate module boundaries (introduced in JDK 9,
but more heavily used in JDK 17) and avoids the leaking of the creation
of the subclass.</p>
<p>Massive thanks to community member <a
href="https://github.com/reta"><code>@reta</code></a> who implemented
this change.</p>
<h3>When should I still be using the subclass mockmaker?</h3>
<p>There are legitimate remaining use cases for the subclass mockmaker.
For example, on the Graal VM's native image, the inline mockmaker will
not work and the subclass mockmaker is the appropriate choice.
Additionally, if you would like to avoid mocking final classes, using
the subclass mockmaker is a possibibility.
Note however that if you solely want to use the subclass mockmaker to
avoid mocking final, you will run into the above mentioned issues on JDK
17+.
We want to leave this choice up to our users, which is why we will keep
on supporting the subclass mockmaker.</p>
<p>If you want to use the subclass mockmaker instead, you can use the
new <code>mockito-subclass</code> artifact (published <a
href="https://search.maven.org/artifact/org.mockito/mockito-subclass">on
Maven Central</a> along with all our other artifacts).</p>
<h2>Update the minimum supported Java version to 11</h2>
<p>Mockito 4 supports Java 8 and above.
Similar to other open source projects, we are moving away from JDK 8 and
to newer versions.
The primary reason for moving away from JDK 8 is the increasing
maintenance costs with keeping our own infrastructure working.
Lately we have been running into more and more JDK 8 breakages.
Additionally, while we want to support the newest JDK API's, our current
solution to support both JDK 8 and newer versions causes <a
href="https://github-redirect.dependabot.com/mockito/mockito/issues/2798">issues
with the <code>SecurityManager</code></a>.
Since we want Mockito to work on the newest version and more and more
businesses adopting JDK 11, we have decided to make the switch as
well.</p>
<p>Massive thanks to community member <a
href="https://github.com/reta"><code>@reta</code></a> who implemented
this change.</p>
<h3>What should I do if I still run JDK 8?</h3>
<p>For JDK 8 and below, you can keep on using Mockito 4.
This is similar to if you are using JDK 6, for which you can keep on
using Mockito 2.
The changes in Mockito 5 (for now) are primarily focused on the latest
JDK versions, which means the API differences between Mockito 4 and 5
are minimal.
However, over time this will most likely widen, so we do recommend
adopting JDK 11 in the future.</p>
<h2>New <code>type()</code> method on <code>ArgumentMatcher</code></h2>
<p>One of our most used public API's for customizing Mockito is the <a
href="https://javadoc.io/doc/org.mockito/mockito-core/latest/org/mockito/ArgumentMatcher.html"><code>ArgumentMatcher</code>
interface</a>.
The interface allows you to define a custom matcher, which you can pass
into method arguments to provide more targeted matches.
One major shortcoming of the <code>ArgumentMatcher</code> was the lack
of varargs support.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="adf528d173"><code>adf528d</code></a>
Bump versions.bytebuddy from 1.12.21 to 1.12.22 (<a
href="https://github-redirect.dependabot.com/mockito/mockito/issues/2864">#2864</a>)</li>
<li><a
href="2418419a19"><code>2418419</code></a>
Bump versions.junitJupiter from 5.9.1 to 5.9.2 (<a
href="https://github-redirect.dependabot.com/mockito/mockito/issues/2858">#2858</a>)</li>
<li><a
href="3d40cd51d3"><code>3d40cd5</code></a>
Bump junit-platform-launcher from 1.9.1 to 1.9.2 (<a
href="https://github-redirect.dependabot.com/mockito/mockito/issues/2859">#2859</a>)</li>
<li><a
href="9bec8e3a1a"><code>9bec8e3</code></a>
Bump versions.errorprone from 2.17.0 to 2.18.0 (<a
href="https://github-redirect.dependabot.com/mockito/mockito/issues/2857">#2857</a>)</li>
<li><a
href="a9595f559c"><code>a9595f5</code></a>
Switch the default mockmaker to the inline mockmaker on JDK 17+ (<a
href="https://github-redirect.dependabot.com/mockito/mockito/issues/2834">#2834</a>)</li>
<li><a
href="c5d7fbc532"><code>c5d7fbc</code></a>
Bump assertj-core from 3.23.1 to 3.24.1 (<a
href="https://github-redirect.dependabot.com/mockito/mockito/issues/2854">#2854</a>)</li>
<li><a
href="dbd7f2ff4a"><code>dbd7f2f</code></a>
Bump versions.bytebuddy from 1.12.20 to 1.12.21 (<a
href="https://github-redirect.dependabot.com/mockito/mockito/issues/2852">#2852</a>)</li>
<li><a
href="4d62fa75c7"><code>4d62fa7</code></a>
Bump junit from 1.1.4 to 1.1.5 (<a
href="https://github-redirect.dependabot.com/mockito/mockito/issues/2850">#2850</a>)</li>
<li><a
href="b1b6d6afcb"><code>b1b6d6a</code></a>
Bump espresso-core from 3.5.0 to 3.5.1 (<a
href="https://github-redirect.dependabot.com/mockito/mockito/issues/2849">#2849</a>)</li>
<li><a
href="7b5b8dd840"><code>7b5b8dd</code></a>
Remove use case for non-existent method VerificationWithTimeout#never
(<a
href="https://github-redirect.dependabot.com/mockito/mockito/issues/2848">#2848</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/mockito/mockito/compare/v4.11.0...v5.0.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [spotless-plugin-gradle](https://github.com/diffplug/spotless)
from 6.12.1 to 6.13.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fdb58d79c7"><code>fdb58d7</code></a>
Published plugin-gradle/6.13.0</li>
<li><a
href="5d73b3ba23"><code>5d73b3b</code></a>
Fix bug in gradle publishing.</li>
<li><a
href="54bcc6068d"><code>54bcc60</code></a>
spotlessApply</li>
<li><a
href="5c10387fa9"><code>5c10387</code></a>
Bump plugin-maven changelog.</li>
<li><a
href="be90ffcf49"><code>be90ffc</code></a>
Oops, fix the gradle plugin build.</li>
<li><a
href="84b42b46e8"><code>84b42b4</code></a>
Fix deprecation in how gradle plugins are published.</li>
<li><a
href="49505b819c"><code>49505b8</code></a>
Improve deploy.yml docs since we're actually using Base64.</li>
<li><a
href="49e370b927"><code>49e370b</code></a>
Published lib/2.32.0</li>
<li><a
href="3adaa1c35d"><code>3adaa1c</code></a>
Fix subgroups leading catch all matcher (<a
href="https://github-redirect.dependabot.com/diffplug/spotless/issues/1485">#1485</a>)</li>
<li><a
href="109ffa6b65"><code>109ffa6</code></a>
spotlessApply</li>
<li>Additional commits viewable in <a
href="https://github.com/diffplug/spotless/compare/gradle/6.12.1...plugin-gradle/6.13.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps com.diffplug.spotless from 6.12.1 to 6.13.0.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [nullaway](https://github.com/uber/NullAway) from 0.10.7 to
0.10.8.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/uber/NullAway/blob/master/CHANGELOG.md">nullaway's
changelog</a>.</em></p>
<blockquote>
<h2>Version 0.10.8</h2>
<ul>
<li>Don't do checks for type casts and parameterized trees in
unannotated code (<a
href="https://github-redirect.dependabot.com/uber/NullAway/issues/712">#712</a>)</li>
<li>Add an initial <code>nullaway:nullaway-annotations</code> artifact.
(<a
href="https://github-redirect.dependabot.com/uber/NullAway/issues/709">#709</a>)
<ul>
<li>Contains only an implementation of <code>@Initializer</code> for
now.</li>
</ul>
</li>
<li>NullAwayInfer/Annotator data serialization support [experimental]
<ul>
<li>Update region selection for initialization errors. (<a
href="https://github-redirect.dependabot.com/uber/NullAway/issues/713">#713</a>)</li>
<li>Update path serialization for reported errors and fixes. (<a
href="https://github-redirect.dependabot.com/uber/NullAway/issues/714">#714</a>)</li>
</ul>
</li>
<li>Build / CI tooling for NullAway itself:
<ul>
<li>Turn up various Error Prone checks (<a
href="https://github-redirect.dependabot.com/uber/NullAway/issues/710">#710</a>)</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8309d67fa0"><code>8309d67</code></a>
Prepare for release 0.10.8.</li>
<li><a
href="535772a507"><code>535772a</code></a>
[FixSerialization] Update path serialization for reported errors and
fixes. (...</li>
<li><a
href="dcadcfae37"><code>dcadcfa</code></a>
Update region selection for initialization errors. (<a
href="https://github-redirect.dependabot.com/uber/NullAway/issues/713">#713</a>)</li>
<li><a
href="2f871a8329"><code>2f871a8</code></a>
Don't do checks for type casts and parameterized trees in unannotated
code (#...</li>
<li><a
href="ab0a17df03"><code>ab0a17d</code></a>
Turn up various Error Prone checks (<a
href="https://github-redirect.dependabot.com/uber/NullAway/issues/710">#710</a>)</li>
<li><a
href="afb8fd4902"><code>afb8fd4</code></a>
Add an initial annotations artifact (with sample <a
href="https://github.com/Initializer"><code>@Initializer</code></a>
implementation)...</li>
<li><a
href="3ad8876b14"><code>3ad8876</code></a>
Prepare next development version.</li>
<li>See full diff in <a
href="https://github.com/uber/NullAway/compare/v0.10.7...v0.10.8">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps com.diffplug.spotless from 6.12.1 to 6.13.0.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [grpc-bom](https://github.com/grpc/grpc-java) from 1.52.0 to
1.52.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="57dfe8c913"><code>57dfe8c</code></a>
Bump version to 1.52.1</li>
<li><a
href="69f10e2662"><code>69f10e2</code></a>
Update README etc to reference 1.52.1</li>
<li><a
href="15026d5efb"><code>15026d5</code></a>
xds:fix cancel xds watcher accidentally removes the url (v1.52 backport)
(<a
href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/9810">#9810</a>)</li>
<li><a
href="a13a2dd960"><code>a13a2dd</code></a>
Bump version to 1.52.1-SNAPSHOT</li>
<li>See full diff in <a
href="https://github.com/grpc/grpc-java/compare/v1.52.0...v1.52.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
for okhttp-3.0 instrumentation, the README uses `OkHttpTracing`:
```java
import io.opentelemetry.instrumentation.okhttp.v3_0.OkHttpTracing;
...
return OkHttpTracing.builder(openTelemetry).build().newCallFactory(createClient());
```
#5624 changed `OkHttpTracing` to `OkHttpTelemetry` but the docs still
show the previous value which no longer works
Bumps [byte-buddy-dep](https://github.com/raphw/byte-buddy) from 1.12.21
to 1.12.22.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/raphw/byte-buddy/releases">byte-buddy-dep's
releases</a>.</em></p>
<blockquote>
<h2>Byte Buddy 1.12.22</h2>
<ul>
<li>Support <code>MethodHandle</code> and <code>MethodType</code> in
<code>Advice.Origin</code> annotation.</li>
<li>Support <code>MethodHandles.Lookup</code> in <code>Origin</code> and
<code>Advice.Origin</code> annotations.</li>
<li>Use modern API for Gradle Android API, if available, to avoid now
failing cast.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/raphw/byte-buddy/blob/master/release-notes.md">byte-buddy-dep's
changelog</a>.</em></p>
<blockquote>
<h2>Byte Buddy release notes</h2>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="641f5a329e"><code>641f5a3</code></a>
[maven-release-plugin] prepare release byte-buddy-1.12.22</li>
<li><a
href="d732497c77"><code>d732497</code></a>
[release] Release new version</li>
<li><a
href="cc7c5c207c"><code>cc7c5c2</code></a>
Adjust internal type hierarchy.</li>
<li><a
href="99e6861754"><code>99e6861</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/raphw/byte-buddy/issues/1389">#1389</a>
from LikeTheSalad/master</li>
<li><a
href="6fe8a5c4ab"><code>6fe8a5c</code></a>
Using debug logs for DependenciesClasspathProvider</li>
<li><a
href="0ba7bd78ed"><code>0ba7bd7</code></a>
Added class headers</li>
<li><a
href="e8c15a67bc"><code>e8c15a6</code></a>
Using DependenciesClasspathProvider implementations</li>
<li><a
href="6ff15e3fda"><code>6ff15e3</code></a>
Created the DependenciesClasspathProvider interface and its
implementations</li>
<li><a
href="6a3facab94"><code>6a3faca</code></a>
Updated dependencies verification metadata</li>
<li><a
href="493eb7d1b7"><code>493eb7d</code></a>
Update to latest version.</li>
<li>Additional commits viewable in <a
href="https://github.com/raphw/byte-buddy/compare/byte-buddy-1.12.21...byte-buddy-1.12.22">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps `playVer` from 2.8.18 to 2.8.19.
Updates `play-guice_2.12` from 2.8.18 to 2.8.19
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/playframework/playframework/releases">play-guice_2.12's
releases</a>.</em></p>
<blockquote>
<h2>Play 2.8.19</h2>
<p>The Play Team is happy to announce the release of Play 2.8.19
🥳</p>
<h2>📗 What is new?</h2>
<h2>ping/pong support for WebSockets 🏓</h2>
<p><a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11521">Finally</a>!
Check out the documentation:</p>
<ul>
<li><a
href="https://www.playframework.com/documentation/2.8.19/ScalaWebSockets#Configuring-keep-alive-Frames">WebSockets
Play Scala</a></li>
<li><a
href="https://www.playframework.com/documentation/2.8.19/JavaWebSockets#Configuring-keep-alive-Frames">WebSockets
Play Java</a></li>
</ul>
<h2>Using Netty, WebSockets time out now ⏳</h2>
<p><a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11420">Another
fix</a> for WebSockets ships with this release as well:
If you are using the Netty backend the
<code>play.server.http[s].idleTimeout</code> setting will now be honored
for WebSocket connections. Until now, when using Netty, a WebSocket
connection never timed out. That might even was desirable for some use
cases, but now that we have ping/pong support you have to make use of
that to keep WebSocket connections open. That is the correct way of
doing things and not closing connections after an idle timeout was
actually a bug. The akka-http backend was always working correctly and
didn't need to be fixed.</p>
<h2>Removed the shutdown hook from the default logback config
🪝</h2>
<p>If you have</p>
<pre lang="xml"><code><shutdownHook
class="ch.qos.logback.core.hook.DelayingShutdownHook"/>
</code></pre>
<p>in your logback config, you should remove that line. Play handles the
shutdown of the logger context, the line shown is not necassary anymore
since at least Play 2.7 and is a leftover that should have been removed
a while ago. More details can be found in the <a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11532">according
pull request</a>.</p>
<h2>Correctly encode <code>Content-Disposition: form-data;
name="..."; filename="..."</code>
🔠</h2>
<p>When Play renders a request body containing multipart/form data it
will now encode the name and the filename fields according the <a
href="https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data">"WHATWG
HTML living standard" section 4.10.21.8</a>. <code>curl</code>,
Firefox, Chrome and other libraries like Python's urllib3 follow the
same approach. Until now, Play didn't encode those fields which could
result in security implications. Just to be clear, this is not about
receiving and parsing multipart/form data from a client, but when
sending multipart/form data e.g. via ws or when using the
<code>RequestBuilder</code> to build a request for testing purposes.
Details can be found in pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11571">#11571</a>.</p>
<h2>A few words on Play's compatibility with sbt 1.8 🔧</h2>
<p>Now that sbt 1.8 got released there have been reports that it isn't
working out of the box with Play, caused by a version conflict regarding
scala-xml, see <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11522">#11522</a>.
Unfortunately, right now, we don't have a fix for that yet. Even if we
bump scala-xml to version 2.x in Play and all its dependencies, we can't
currently make sbt 1.8 work with Play because of another problem
described in <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11527">#11527</a>.
The good news is, that isn't a showstopper if you still want to upgrade
to sbt 1.8. You can do that right now by putting</p>
<pre lang="scala"><code>ThisBuild / libraryDependencySchemes +=
"org.scala-lang.modules" %% "scala-xml" %
VersionScheme.Always
</code></pre>
<p>in <code>project/plugins.sbt</code>. That is possible because
scala-xml 1.x and 2.x are compatible anyway. However, like described in
<a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11527">#11527</a>
you will not be able to use <code>PlayNonBlockingInteractionMode</code>
with sbt 1.8 then (which probably not many people do anyway)</p>
<h2>Further roadmap 🗺️</h2>
<p>...news coming soon...</p>
<h1>Merged pull requests</h1>
<p>Following pull requests got merged for this release:</p>
<ul>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11604">#11604</a>
[2.8.x] Upgrade netty + netty reactive streams + fix backports by <a
href="https://github.com/mkurz"><code>@mkurz</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11603">#11603</a>
[2.8.x] Escape Content-Disposition params according to WHATWG HTML
living standard (backport <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11571">#11571</a>)
by <a href="https://github.com/mkurz"><code>@mkurz</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11602">#11602</a>
[2.8.x] Add exceptionOverrideClassName Hikari config setting (backport
<a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11601">#11601</a>)
by <a
href="https://github.com/benwaffle"><code>@benwaffle</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11598">#11598</a>
[2.8.x] Fix the example code to DiscardingCookie for
Results#discardingCookies (backport <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11597">#11597</a>)
by <a
href="https://github.com/tsuyoshizawa"><code>@tsuyoshizawa</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11593">#11593</a>
Update PlayApplicationOverview.md by <a
href="https://github.com/SenthilNayagan"><code>@SenthilNayagan</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f71c8c9d48"><code>f71c8c9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11604">#11604</a>
from mkurz/upgrades</li>
<li><a
href="a0d913f1d8"><code>a0d913f</code></a>
Use --release instead of -source, -targe, -bootclasspath</li>
<li><a
href="cb98bbdf5e"><code>cb98bbd</code></a>
Scala 2.12 compatibility</li>
<li><a
href="d78a9ec953"><code>d78a9ec</code></a>
Fix backport: Keep using scala.collection.JavaConverters._</li>
<li><a
href="caf25fe528"><code>caf25fe</code></a>
Upgrade netty + netty reactive streams</li>
<li><a
href="f81bc59354"><code>f81bc59</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11603">#11603</a>
from playframework/mergify/bp/2.8.x/pr-11571</li>
<li><a
href="bb1c127ae4"><code>bb1c127</code></a>
Fix conflicts</li>
<li><a
href="f6f1b864ec"><code>f6f1b86</code></a>
Escape Content-Disposition params according to WHATWG HTML living
standard</li>
<li><a
href="abbebe4326"><code>abbebe4</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11602">#11602</a>
from playframework/mergify/bp/2.8.x/pr-11601</li>
<li><a
href="baf3860434"><code>baf3860</code></a>
Only two params needed/allowed</li>
<li>Additional commits viewable in <a
href="https://github.com/playframework/playframework/compare/2.8.18...2.8.19">compare
view</a></li>
</ul>
</details>
<br />
Updates `play-logback_2.12` from 2.8.18 to 2.8.19
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/playframework/playframework/releases">play-logback_2.12's
releases</a>.</em></p>
<blockquote>
<h2>Play 2.8.19</h2>
<p>The Play Team is happy to announce the release of Play 2.8.19
🥳</p>
<h2>📗 What is new?</h2>
<h2>ping/pong support for WebSockets 🏓</h2>
<p><a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11521">Finally</a>!
Check out the documentation:</p>
<ul>
<li><a
href="https://www.playframework.com/documentation/2.8.19/ScalaWebSockets#Configuring-keep-alive-Frames">WebSockets
Play Scala</a></li>
<li><a
href="https://www.playframework.com/documentation/2.8.19/JavaWebSockets#Configuring-keep-alive-Frames">WebSockets
Play Java</a></li>
</ul>
<h2>Using Netty, WebSockets time out now ⏳</h2>
<p><a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11420">Another
fix</a> for WebSockets ships with this release as well:
If you are using the Netty backend the
<code>play.server.http[s].idleTimeout</code> setting will now be honored
for WebSocket connections. Until now, when using Netty, a WebSocket
connection never timed out. That might even was desirable for some use
cases, but now that we have ping/pong support you have to make use of
that to keep WebSocket connections open. That is the correct way of
doing things and not closing connections after an idle timeout was
actually a bug. The akka-http backend was always working correctly and
didn't need to be fixed.</p>
<h2>Removed the shutdown hook from the default logback config
🪝</h2>
<p>If you have</p>
<pre lang="xml"><code><shutdownHook
class="ch.qos.logback.core.hook.DelayingShutdownHook"/>
</code></pre>
<p>in your logback config, you should remove that line. Play handles the
shutdown of the logger context, the line shown is not necassary anymore
since at least Play 2.7 and is a leftover that should have been removed
a while ago. More details can be found in the <a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11532">according
pull request</a>.</p>
<h2>Correctly encode <code>Content-Disposition: form-data;
name="..."; filename="..."</code>
🔠</h2>
<p>When Play renders a request body containing multipart/form data it
will now encode the name and the filename fields according the <a
href="https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data">"WHATWG
HTML living standard" section 4.10.21.8</a>. <code>curl</code>,
Firefox, Chrome and other libraries like Python's urllib3 follow the
same approach. Until now, Play didn't encode those fields which could
result in security implications. Just to be clear, this is not about
receiving and parsing multipart/form data from a client, but when
sending multipart/form data e.g. via ws or when using the
<code>RequestBuilder</code> to build a request for testing purposes.
Details can be found in pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11571">#11571</a>.</p>
<h2>A few words on Play's compatibility with sbt 1.8 🔧</h2>
<p>Now that sbt 1.8 got released there have been reports that it isn't
working out of the box with Play, caused by a version conflict regarding
scala-xml, see <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11522">#11522</a>.
Unfortunately, right now, we don't have a fix for that yet. Even if we
bump scala-xml to version 2.x in Play and all its dependencies, we can't
currently make sbt 1.8 work with Play because of another problem
described in <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11527">#11527</a>.
The good news is, that isn't a showstopper if you still want to upgrade
to sbt 1.8. You can do that right now by putting</p>
<pre lang="scala"><code>ThisBuild / libraryDependencySchemes +=
"org.scala-lang.modules" %% "scala-xml" %
VersionScheme.Always
</code></pre>
<p>in <code>project/plugins.sbt</code>. That is possible because
scala-xml 1.x and 2.x are compatible anyway. However, like described in
<a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11527">#11527</a>
you will not be able to use <code>PlayNonBlockingInteractionMode</code>
with sbt 1.8 then (which probably not many people do anyway)</p>
<h2>Further roadmap 🗺️</h2>
<p>...news coming soon...</p>
<h1>Merged pull requests</h1>
<p>Following pull requests got merged for this release:</p>
<ul>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11604">#11604</a>
[2.8.x] Upgrade netty + netty reactive streams + fix backports by <a
href="https://github.com/mkurz"><code>@mkurz</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11603">#11603</a>
[2.8.x] Escape Content-Disposition params according to WHATWG HTML
living standard (backport <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11571">#11571</a>)
by <a href="https://github.com/mkurz"><code>@mkurz</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11602">#11602</a>
[2.8.x] Add exceptionOverrideClassName Hikari config setting (backport
<a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11601">#11601</a>)
by <a
href="https://github.com/benwaffle"><code>@benwaffle</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11598">#11598</a>
[2.8.x] Fix the example code to DiscardingCookie for
Results#discardingCookies (backport <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11597">#11597</a>)
by <a
href="https://github.com/tsuyoshizawa"><code>@tsuyoshizawa</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11593">#11593</a>
Update PlayApplicationOverview.md by <a
href="https://github.com/SenthilNayagan"><code>@SenthilNayagan</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f71c8c9d48"><code>f71c8c9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11604">#11604</a>
from mkurz/upgrades</li>
<li><a
href="a0d913f1d8"><code>a0d913f</code></a>
Use --release instead of -source, -targe, -bootclasspath</li>
<li><a
href="cb98bbdf5e"><code>cb98bbd</code></a>
Scala 2.12 compatibility</li>
<li><a
href="d78a9ec953"><code>d78a9ec</code></a>
Fix backport: Keep using scala.collection.JavaConverters._</li>
<li><a
href="caf25fe528"><code>caf25fe</code></a>
Upgrade netty + netty reactive streams</li>
<li><a
href="f81bc59354"><code>f81bc59</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11603">#11603</a>
from playframework/mergify/bp/2.8.x/pr-11571</li>
<li><a
href="bb1c127ae4"><code>bb1c127</code></a>
Fix conflicts</li>
<li><a
href="f6f1b864ec"><code>f6f1b86</code></a>
Escape Content-Disposition params according to WHATWG HTML living
standard</li>
<li><a
href="abbebe4326"><code>abbebe4</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11602">#11602</a>
from playframework/mergify/bp/2.8.x/pr-11601</li>
<li><a
href="baf3860434"><code>baf3860</code></a>
Only two params needed/allowed</li>
<li>Additional commits viewable in <a
href="https://github.com/playframework/playframework/compare/2.8.18...2.8.19">compare
view</a></li>
</ul>
</details>
<br />
Updates `filters-helpers_2.12` from 2.8.18 to 2.8.19
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/playframework/playframework/releases">filters-helpers_2.12's
releases</a>.</em></p>
<blockquote>
<h2>Play 2.8.19</h2>
<p>The Play Team is happy to announce the release of Play 2.8.19
🥳</p>
<h2>📗 What is new?</h2>
<h2>ping/pong support for WebSockets 🏓</h2>
<p><a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11521">Finally</a>!
Check out the documentation:</p>
<ul>
<li><a
href="https://www.playframework.com/documentation/2.8.19/ScalaWebSockets#Configuring-keep-alive-Frames">WebSockets
Play Scala</a></li>
<li><a
href="https://www.playframework.com/documentation/2.8.19/JavaWebSockets#Configuring-keep-alive-Frames">WebSockets
Play Java</a></li>
</ul>
<h2>Using Netty, WebSockets time out now ⏳</h2>
<p><a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11420">Another
fix</a> for WebSockets ships with this release as well:
If you are using the Netty backend the
<code>play.server.http[s].idleTimeout</code> setting will now be honored
for WebSocket connections. Until now, when using Netty, a WebSocket
connection never timed out. That might even was desirable for some use
cases, but now that we have ping/pong support you have to make use of
that to keep WebSocket connections open. That is the correct way of
doing things and not closing connections after an idle timeout was
actually a bug. The akka-http backend was always working correctly and
didn't need to be fixed.</p>
<h2>Removed the shutdown hook from the default logback config
🪝</h2>
<p>If you have</p>
<pre lang="xml"><code><shutdownHook
class="ch.qos.logback.core.hook.DelayingShutdownHook"/>
</code></pre>
<p>in your logback config, you should remove that line. Play handles the
shutdown of the logger context, the line shown is not necassary anymore
since at least Play 2.7 and is a leftover that should have been removed
a while ago. More details can be found in the <a
href="https://github-redirect.dependabot.com/playframework/playframework/pull/11532">according
pull request</a>.</p>
<h2>Correctly encode <code>Content-Disposition: form-data;
name="..."; filename="..."</code>
🔠</h2>
<p>When Play renders a request body containing multipart/form data it
will now encode the name and the filename fields according the <a
href="https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data">"WHATWG
HTML living standard" section 4.10.21.8</a>. <code>curl</code>,
Firefox, Chrome and other libraries like Python's urllib3 follow the
same approach. Until now, Play didn't encode those fields which could
result in security implications. Just to be clear, this is not about
receiving and parsing multipart/form data from a client, but when
sending multipart/form data e.g. via ws or when using the
<code>RequestBuilder</code> to build a request for testing purposes.
Details can be found in pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11571">#11571</a>.</p>
<h2>A few words on Play's compatibility with sbt 1.8 🔧</h2>
<p>Now that sbt 1.8 got released there have been reports that it isn't
working out of the box with Play, caused by a version conflict regarding
scala-xml, see <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11522">#11522</a>.
Unfortunately, right now, we don't have a fix for that yet. Even if we
bump scala-xml to version 2.x in Play and all its dependencies, we can't
currently make sbt 1.8 work with Play because of another problem
described in <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11527">#11527</a>.
The good news is, that isn't a showstopper if you still want to upgrade
to sbt 1.8. You can do that right now by putting</p>
<pre lang="scala"><code>ThisBuild / libraryDependencySchemes +=
"org.scala-lang.modules" %% "scala-xml" %
VersionScheme.Always
</code></pre>
<p>in <code>project/plugins.sbt</code>. That is possible because
scala-xml 1.x and 2.x are compatible anyway. However, like described in
<a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11527">#11527</a>
you will not be able to use <code>PlayNonBlockingInteractionMode</code>
with sbt 1.8 then (which probably not many people do anyway)</p>
<h2>Further roadmap 🗺️</h2>
<p>...news coming soon...</p>
<h1>Merged pull requests</h1>
<p>Following pull requests got merged for this release:</p>
<ul>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11604">#11604</a>
[2.8.x] Upgrade netty + netty reactive streams + fix backports by <a
href="https://github.com/mkurz"><code>@mkurz</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11603">#11603</a>
[2.8.x] Escape Content-Disposition params according to WHATWG HTML
living standard (backport <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11571">#11571</a>)
by <a href="https://github.com/mkurz"><code>@mkurz</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11602">#11602</a>
[2.8.x] Add exceptionOverrideClassName Hikari config setting (backport
<a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11601">#11601</a>)
by <a
href="https://github.com/benwaffle"><code>@benwaffle</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11598">#11598</a>
[2.8.x] Fix the example code to DiscardingCookie for
Results#discardingCookies (backport <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11597">#11597</a>)
by <a
href="https://github.com/tsuyoshizawa"><code>@tsuyoshizawa</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11593">#11593</a>
Update PlayApplicationOverview.md by <a
href="https://github.com/SenthilNayagan"><code>@SenthilNayagan</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f71c8c9d48"><code>f71c8c9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11604">#11604</a>
from mkurz/upgrades</li>
<li><a
href="a0d913f1d8"><code>a0d913f</code></a>
Use --release instead of -source, -targe, -bootclasspath</li>
<li><a
href="cb98bbdf5e"><code>cb98bbd</code></a>
Scala 2.12 compatibility</li>
<li><a
href="d78a9ec953"><code>d78a9ec</code></a>
Fix backport: Keep using scala.collection.JavaConverters._</li>
<li><a
href="caf25fe528"><code>caf25fe</code></a>
Upgrade netty + netty reactive streams</li>
<li><a
href="f81bc59354"><code>f81bc59</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11603">#11603</a>
from playframework/mergify/bp/2.8.x/pr-11571</li>
<li><a
href="bb1c127ae4"><code>bb1c127</code></a>
Fix conflicts</li>
<li><a
href="f6f1b864ec"><code>f6f1b86</code></a>
Escape Content-Disposition params according to WHATWG HTML living
standard</li>
<li><a
href="abbebe4326"><code>abbebe4</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/playframework/playframework/issues/11602">#11602</a>
from playframework/mergify/bp/2.8.x/pr-11601</li>
<li><a
href="baf3860434"><code>baf3860</code></a>
Only two params needed/allowed</li>
<li>Additional commits viewable in <a
href="https://github.com/playframework/playframework/compare/2.8.18...2.8.19">compare
view</a></li>
</ul>
</details>
<br />
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Can be reproduce (at least on Windows) using
```
java -javaagent:opentelemetry-javaagent.jar anything C:\one
```
producing
```
[otel.javaagent 2023-01-13 11:38:47:978 -0800] [main] INFO io.opentelemetry.javaagent.tooling.VersionLogger - opentelemetry-javaagent - version: 1.22.0
OpenTelemetry Javaagent failed to start
java.nio.file.InvalidPathException: Illegal char <:> at index 10: anything C:\one
at java.base/sun.nio.fs.WindowsPathParser.normalize(WindowsPathParser.java:182)
at java.base/sun.nio.fs.WindowsPathParser.parse(WindowsPathParser.java:153)
at java.base/sun.nio.fs.WindowsPathParser.parse(WindowsPathParser.java:77)
at java.base/sun.nio.fs.WindowsPath.parse(WindowsPath.java:92)
at java.base/sun.nio.fs.WindowsFileSystem.getPath(WindowsFileSystem.java:229)
at java.base/java.nio.file.Path.of(Path.java:147)
at java.base/java.nio.file.Paths.get(Paths.java:69)
at io.opentelemetry.instrumentation.resources.JarServiceNameDetector.getJarPathFromSunCommandLine(JarServiceNameDetector.java:104)
at io.opentelemetry.instrumentation.resources.JarServiceNameDetector.createResource(JarServiceNameDetector.java:59)
at io.opentelemetry.sdk.autoconfigure.ResourceConfiguration.configureResource(ResourceConfiguration.java:59)
at io.opentelemetry.sdk.autoconfigure.AutoConfiguredOpenTelemetrySdkBuilder.build(AutoConfiguredOpenTelemetrySdkBuilder.java:332)
at io.opentelemetry.javaagent.tooling.OpenTelemetryInstaller.installOpenTelemetrySdk(OpenTelemetryInstaller.java:29)
at io.opentelemetry.javaagent.tooling.AgentInstaller.installBytebuddyAgent(AgentInstaller.java:114)
at io.opentelemetry.javaagent.tooling.AgentInstaller.installBytebuddyAgent(AgentInstaller.java:94)
at io.opentelemetry.javaagent.tooling.AgentStarterImpl.start(AgentStarterImpl.java:78)
at io.opentelemetry.javaagent.bootstrap.AgentInitializer.initialize(AgentInitializer.java:35)
at io.opentelemetry.javaagent.OpenTelemetryAgent.startAgent(OpenTelemetryAgent.java:57)
at io.opentelemetry.javaagent.OpenTelemetryAgent.premain(OpenTelemetryAgent.java:45)
```
Related to #7107 and #7202
Support WebFlux 6.
Supporting reactor 3.5 seems pretty straightforward, the
`subscriberContext()` was deprecated in 3.4 in favor of
`contextWrite()`. In 3.5, `subscriberContext()` was removed.
This PR doesn't bump `latestDepTestLibrary` to 3.5 yet because there are
a couple of tests that succeed in 3.4 using `contextWrite()` but fail in
3.5 using `contextWrite()`.
My proposal is to review/merge this PR, and then I can ping our resident
reactor experts to see if they have thoughts on the failing tests in
3.5.
There were so many changes in the tests that extracting a base class
wouldn't really improve the readability; so I just reimplemented them in
Java.
The instrumentation itself is pretty much a copy-paste of the `jms-1.1`
instrumentation, with `s/javax/jakarta/` applied.
Bumps [junit-bom](https://github.com/junit-team/junit5) from 5.9.1 to
5.9.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/junit-team/junit5/releases">junit-bom's
releases</a>.</em></p>
<blockquote>
<p>JUnit 5.9.2 = Platform 1.9.2 + Jupiter 5.9.2 + Vintage 5.9.2</p>
<p>See <a
href="http://junit.org/junit5/docs/5.9.2/release-notes/">Release
Notes</a>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8ed3c66c7e"><code>8ed3c66</code></a>
Release 5.9.2</li>
<li><a
href="742f99fcce"><code>742f99f</code></a>
Prepare 5.9.2 release notes</li>
<li><a
href="a9a3cf5fb7"><code>a9a3cf5</code></a>
Fix bug and polish contribution</li>
<li><a
href="825ea38857"><code>825ea38</code></a>
Introduce new <code>@MethodSource</code> syntax to differentiate
overloaded local factor...</li>
<li><a
href="0c40f5ef05"><code>0c40f5e</code></a>
Polish Javadoc</li>
<li><a
href="7d54016421"><code>7d54016</code></a>
Update codecov-action</li>
<li><a
href="bfeeac4d41"><code>bfeeac4</code></a>
Remove duplicate copyright comment</li>
<li><a
href="b0d9083315"><code>b0d9083</code></a>
Format integration test projects with Spotless as well</li>
<li><a
href="c4ed325cb2"><code>c4ed325</code></a>
Update copyright</li>
<li><a
href="0e3a1d32e5"><code>0e3a1d3</code></a>
Update upload-artifact action</li>
<li>Additional commits viewable in <a
href="https://github.com/junit-team/junit5/compare/r5.9.1...r5.9.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot]
Andrei Chugunov
Trask Stalnaker
Anurag Agarwal
Tav Herzlich
Mateusz Rzeszutek
Amir Blum
OpenTelemetry Bot
wallezhang