Currently our `WeakConcurrentMap` is only cleaned of stale entries when
it is accessed. There is an option to clean from a background thread,
but this creates a separate thread for every map. This pr introduces a
single background thread that cleans all maps.
I removed the option to create a thread per map as we don't use it, if
there is interest I could attempt to find a way to add it back.
Co-authored-by: Trask Stalnaker <trask.stalnaker@gmail.com>
When a webflux filter is added which throws an exception, the
instrumentation does not currently capture the `http.status_code`.
The fix is to move `WebClientTracingFilter` from the first to the last
filter in the chain, which I think(?) is the general strategy we've
taken for other client instrumentation, e.g. so that if a filter makes
another http call it won't be suppressed.
I don't love the test coverage I added, so let me know if you have any
better suggestions?
EDIT: btw, I did archaeology to confirm that behavior (adding to the
beginning of the chain) has been in place since the webflux
instrumentation was added originally
6f472a62a0 (diff-493ad89b5bde807c90387aa2bb67eb10d3bcef6b6a388bd31e11796a6d01ac38R36)
Run callbacks added to the `CompletableFuture` returned from `sendAsync`
with the context that was used when `sendAsync` was called.
Add test for capturing message headers.
Bumps [logback-classic](https://github.com/qos-ch/logback) from 1.4.4 to
1.4.5.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="34a6efc534"><code>34a6efc</code></a>
preparfe release 1.4.5</li>
<li><a
href="0d3ac63114"><code>0d3ac63</code></a>
fix LOGBACK-1698, [Nested appenders are not allowed] warning using
SiftingApp...</li>
<li><a
href="a64b8d43b4"><code>a64b8d4</code></a>
make jakarta.servlet-api as both provided and optional</li>
<li><a
href="114b3ded2d"><code>114b3de</code></a>
bump slf4j version</li>
<li><a
href="1df66621e4"><code>1df6662</code></a>
fix LOGBACK-1706</li>
<li><a
href="ea165fb023"><code>ea165fb</code></a>
fix LOGBACK-1703</li>
<li><a
href="9e07bd075a"><code>9e07bd0</code></a>
fix LOGBACK-1703</li>
<li><a
href="a871e9f1b5"><code>a871e9f</code></a>
minor edits in README.md</li>
<li><a
href="7dc0ce5118"><code>7dc0ce5</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/qos-ch/logback/issues/605">#605</a>
from Zardoz89/patch-1</li>
<li><a
href="7130dfe3a4"><code>7130dfe</code></a>
README.md MUST inform about Java & Jackarta EE support</li>
<li>Additional commits viewable in <a
href="https://github.com/qos-ch/logback/compare/v_1.4.4...v_1.4.5">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [logback-classic](https://github.com/qos-ch/logback) from 1.4.4 to
1.4.5.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="34a6efc534"><code>34a6efc</code></a>
preparfe release 1.4.5</li>
<li><a
href="0d3ac63114"><code>0d3ac63</code></a>
fix LOGBACK-1698, [Nested appenders are not allowed] warning using
SiftingApp...</li>
<li><a
href="a64b8d43b4"><code>a64b8d4</code></a>
make jakarta.servlet-api as both provided and optional</li>
<li><a
href="114b3ded2d"><code>114b3de</code></a>
bump slf4j version</li>
<li><a
href="1df66621e4"><code>1df6662</code></a>
fix LOGBACK-1706</li>
<li><a
href="ea165fb023"><code>ea165fb</code></a>
fix LOGBACK-1703</li>
<li><a
href="9e07bd075a"><code>9e07bd0</code></a>
fix LOGBACK-1703</li>
<li><a
href="a871e9f1b5"><code>a871e9f</code></a>
minor edits in README.md</li>
<li><a
href="7dc0ce5118"><code>7dc0ce5</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/qos-ch/logback/issues/605">#605</a>
from Zardoz89/patch-1</li>
<li><a
href="7130dfe3a4"><code>7130dfe</code></a>
README.md MUST inform about Java & Jackarta EE support</li>
<li>Additional commits viewable in <a
href="https://github.com/qos-ch/logback/compare/v_1.4.4...v_1.4.5">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps dependency-check-gradle from 7.3.0 to 7.3.2.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [logback-classic](https://github.com/qos-ch/logback) from 1.3.4 to
1.3.5.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dd4a0a8de7"><code>dd4a0a8</code></a>
preparfe release 1.3.5</li>
<li><a
href="4313ecb74e"><code>4313ecb</code></a>
fix LOGBACK-1698, [Nested appenders are not allowed] warning using
SiftingApp...</li>
<li><a
href="f22b07ae7a"><code>f22b07a</code></a>
align with 1.4 ordering of optional directive</li>
<li><a
href="08348646eb"><code>0834864</code></a>
bump slf4j version</li>
<li><a
href="5769294367"><code>5769294</code></a>
fix LOGBACK-1706</li>
<li><a
href="d54ab44ff5"><code>d54ab44</code></a>
fix LOGBACK-1703</li>
<li><a
href="8a441b2c12"><code>8a441b2</code></a>
fix LOGBACK-1703</li>
<li><a
href="7461ebaa79"><code>7461eba</code></a>
fix LOGBACK-1699</li>
<li><a
href="8112c02466"><code>8112c02</code></a>
start work on 1.3.5-SNAPSHOT</li>
<li>See full diff in <a
href="https://github.com/qos-ch/logback/compare/v_1.3.4...v_1.3.5">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps `byteBuddyVersion` from 1.12.18 to 1.12.19.
Updates `byte-buddy` from 1.12.18 to 1.12.19
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/raphw/byte-buddy/releases">byte-buddy's
releases</a>.</em></p>
<blockquote>
<h2>Byte Buddy 1.12.19</h2>
<ul>
<li>Avoid possible lock through circular class loading of
<code>TypeDescription</code> subtypes.</li>
<li>Avoid access error when using unsafe API on Java 17 with an active
security manager.</li>
<li>Close URL class loader used in Gradle plugin.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/raphw/byte-buddy/blob/master/release-notes.md">byte-buddy's
changelog</a>.</em></p>
<blockquote>
<h2>Byte Buddy release notes</h2>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c93425a1e9"><code>c93425a</code></a>
[maven-release-plugin] prepare release byte-buddy-1.12.19</li>
<li><a
href="b1f4e9b4ee"><code>b1f4e9b</code></a>
[release] New release</li>
<li><a
href="8d17e3a2a3"><code>8d17e3a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/raphw/byte-buddy/issues/1359">#1359</a>
from eyalkoren/protection-domain</li>
<li><a
href="c57139e69c"><code>c57139e</code></a>
Using explicit ProtectionDomain in dynamically loaded classes</li>
<li><a
href="ff8be9a91b"><code>ff8be9a</code></a>
Attempt cloning protection domain from accessible object to avoid
security ma...</li>
<li><a
href="6fe45f76ef"><code>6fe45f7</code></a>
Make s in message optional.</li>
<li><a
href="9023501243"><code>9023501</code></a>
Fix scope of summary variable.</li>
<li><a
href="02091f13f4"><code>02091f1</code></a>
Update codeql-analysis.yml</li>
<li><a
href="628b6a90c5"><code>628b6a9</code></a>
Close class loader in Gradle plugin, if possible.</li>
<li><a
href="9a81856525"><code>9a81856</code></a>
Remove unused import.</li>
<li>Additional commits viewable in <a
href="https://github.com/raphw/byte-buddy/compare/byte-buddy-1.12.18...byte-buddy-1.12.19">compare
view</a></li>
</ul>
</details>
<br />
Updates `byte-buddy-dep` from 1.12.18 to 1.12.19
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/raphw/byte-buddy/releases">byte-buddy-dep's
releases</a>.</em></p>
<blockquote>
<h2>Byte Buddy 1.12.19</h2>
<ul>
<li>Avoid possible lock through circular class loading of
<code>TypeDescription</code> subtypes.</li>
<li>Avoid access error when using unsafe API on Java 17 with an active
security manager.</li>
<li>Close URL class loader used in Gradle plugin.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/raphw/byte-buddy/blob/master/release-notes.md">byte-buddy-dep's
changelog</a>.</em></p>
<blockquote>
<h2>Byte Buddy release notes</h2>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c93425a1e9"><code>c93425a</code></a>
[maven-release-plugin] prepare release byte-buddy-1.12.19</li>
<li><a
href="b1f4e9b4ee"><code>b1f4e9b</code></a>
[release] New release</li>
<li><a
href="8d17e3a2a3"><code>8d17e3a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/raphw/byte-buddy/issues/1359">#1359</a>
from eyalkoren/protection-domain</li>
<li><a
href="c57139e69c"><code>c57139e</code></a>
Using explicit ProtectionDomain in dynamically loaded classes</li>
<li><a
href="ff8be9a91b"><code>ff8be9a</code></a>
Attempt cloning protection domain from accessible object to avoid
security ma...</li>
<li><a
href="6fe45f76ef"><code>6fe45f7</code></a>
Make s in message optional.</li>
<li><a
href="9023501243"><code>9023501</code></a>
Fix scope of summary variable.</li>
<li><a
href="02091f13f4"><code>02091f1</code></a>
Update codeql-analysis.yml</li>
<li><a
href="628b6a90c5"><code>628b6a9</code></a>
Close class loader in Gradle plugin, if possible.</li>
<li><a
href="9a81856525"><code>9a81856</code></a>
Remove unused import.</li>
<li>Additional commits viewable in <a
href="https://github.com/raphw/byte-buddy/compare/byte-buddy-1.12.18...byte-buddy-1.12.19">compare
view</a></li>
</ul>
</details>
<br />
Updates `byte-buddy-agent` from 1.12.18 to 1.12.19
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/raphw/byte-buddy/releases">byte-buddy-agent's
releases</a>.</em></p>
<blockquote>
<h2>Byte Buddy 1.12.19</h2>
<ul>
<li>Avoid possible lock through circular class loading of
<code>TypeDescription</code> subtypes.</li>
<li>Avoid access error when using unsafe API on Java 17 with an active
security manager.</li>
<li>Close URL class loader used in Gradle plugin.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/raphw/byte-buddy/blob/master/release-notes.md">byte-buddy-agent's
changelog</a>.</em></p>
<blockquote>
<h2>Byte Buddy release notes</h2>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c93425a1e9"><code>c93425a</code></a>
[maven-release-plugin] prepare release byte-buddy-1.12.19</li>
<li><a
href="b1f4e9b4ee"><code>b1f4e9b</code></a>
[release] New release</li>
<li><a
href="8d17e3a2a3"><code>8d17e3a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/raphw/byte-buddy/issues/1359">#1359</a>
from eyalkoren/protection-domain</li>
<li><a
href="c57139e69c"><code>c57139e</code></a>
Using explicit ProtectionDomain in dynamically loaded classes</li>
<li><a
href="ff8be9a91b"><code>ff8be9a</code></a>
Attempt cloning protection domain from accessible object to avoid
security ma...</li>
<li><a
href="6fe45f76ef"><code>6fe45f7</code></a>
Make s in message optional.</li>
<li><a
href="9023501243"><code>9023501</code></a>
Fix scope of summary variable.</li>
<li><a
href="02091f13f4"><code>02091f1</code></a>
Update codeql-analysis.yml</li>
<li><a
href="628b6a90c5"><code>628b6a9</code></a>
Close class loader in Gradle plugin, if possible.</li>
<li><a
href="9a81856525"><code>9a81856</code></a>
Remove unused import.</li>
<li>Additional commits viewable in <a
href="https://github.com/raphw/byte-buddy/compare/byte-buddy-1.12.18...byte-buddy-1.12.19">compare
view</a></li>
</ul>
</details>
<br />
Updates `byte-buddy-gradle-plugin` from 1.12.18 to 1.12.19
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/raphw/byte-buddy/releases">byte-buddy-gradle-plugin's
releases</a>.</em></p>
<blockquote>
<h2>Byte Buddy 1.12.19</h2>
<ul>
<li>Avoid possible lock through circular class loading of
<code>TypeDescription</code> subtypes.</li>
<li>Avoid access error when using unsafe API on Java 17 with an active
security manager.</li>
<li>Close URL class loader used in Gradle plugin.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/raphw/byte-buddy/blob/master/release-notes.md">byte-buddy-gradle-plugin's
changelog</a>.</em></p>
<blockquote>
<h2>Byte Buddy release notes</h2>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c93425a1e9"><code>c93425a</code></a>
[maven-release-plugin] prepare release byte-buddy-1.12.19</li>
<li><a
href="b1f4e9b4ee"><code>b1f4e9b</code></a>
[release] New release</li>
<li><a
href="8d17e3a2a3"><code>8d17e3a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/raphw/byte-buddy/issues/1359">#1359</a>
from eyalkoren/protection-domain</li>
<li><a
href="c57139e69c"><code>c57139e</code></a>
Using explicit ProtectionDomain in dynamically loaded classes</li>
<li><a
href="ff8be9a91b"><code>ff8be9a</code></a>
Attempt cloning protection domain from accessible object to avoid
security ma...</li>
<li><a
href="6fe45f76ef"><code>6fe45f7</code></a>
Make s in message optional.</li>
<li><a
href="9023501243"><code>9023501</code></a>
Fix scope of summary variable.</li>
<li><a
href="02091f13f4"><code>02091f1</code></a>
Update codeql-analysis.yml</li>
<li><a
href="628b6a90c5"><code>628b6a9</code></a>
Close class loader in Gradle plugin, if possible.</li>
<li><a
href="9a81856525"><code>9a81856</code></a>
Remove unused import.</li>
<li>Additional commits viewable in <a
href="https://github.com/raphw/byte-buddy/compare/byte-buddy-1.12.18...byte-buddy-1.12.19">compare
view</a></li>
</ul>
</details>
<br />
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mateusz Rzeszutek <mrzeszutek@splunk.com>
Bumps byte-buddy-gradle-plugin from 1.12.18 to 1.12.19.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [logback-classic](https://github.com/qos-ch/logback) from 1.3.1 to
1.3.4.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="01f1e455f3"><code>01f1e45</code></a>
prepare release 1.3.4</li>
<li><a
href="7bd25cf623"><code>7bd25cf</code></a>
fix LOGBACK-1695</li>
<li><a
href="d564918f51"><code>d564918</code></a>
add com.sun.mail as implementatoin</li>
<li><a
href="f4f1a23ce1"><code>f4f1a23</code></a>
test changes related to LOGBACK-1693 LOGBACK-1694</li>
<li><a
href="6c4fc98612"><code>6c4fc98</code></a>
cleanup dependency declarations</li>
<li><a
href="c3f992b17d"><code>c3f992b</code></a>
cleanup dependency declarations</li>
<li><a
href="aaabe89816"><code>aaabe89</code></a>
fix LOGBACK-1693</li>
<li><a
href="08daaf98a2"><code>08daaf9</code></a>
start work on 1.3.4-SNAPSHOT</li>
<li><a
href="daf07d203c"><code>daf07d2</code></a>
prepare release 1.3.3</li>
<li><a
href="2a451a88fa"><code>2a451a8</code></a>
fix LOGBACK-LOGBACK-1690</li>
<li>Additional commits viewable in <a
href="https://github.com/qos-ch/logback/compare/v_1.3.1...v_1.3.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [byte-buddy-dep](https://github.com/raphw/byte-buddy) from 1.12.18
to 1.12.19.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/raphw/byte-buddy/releases">byte-buddy-dep's
releases</a>.</em></p>
<blockquote>
<h2>Byte Buddy 1.12.19</h2>
<ul>
<li>Avoid possible lock through circular class loading of
<code>TypeDescription</code> subtypes.</li>
<li>Avoid access error when using unsafe API on Java 17 with an active
security manager.</li>
<li>Close URL class loader used in Gradle plugin.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/raphw/byte-buddy/blob/master/release-notes.md">byte-buddy-dep's
changelog</a>.</em></p>
<blockquote>
<h2>Byte Buddy release notes</h2>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c93425a1e9"><code>c93425a</code></a>
[maven-release-plugin] prepare release byte-buddy-1.12.19</li>
<li><a
href="b1f4e9b4ee"><code>b1f4e9b</code></a>
[release] New release</li>
<li><a
href="8d17e3a2a3"><code>8d17e3a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/raphw/byte-buddy/issues/1359">#1359</a>
from eyalkoren/protection-domain</li>
<li><a
href="c57139e69c"><code>c57139e</code></a>
Using explicit ProtectionDomain in dynamically loaded classes</li>
<li><a
href="ff8be9a91b"><code>ff8be9a</code></a>
Attempt cloning protection domain from accessible object to avoid
security ma...</li>
<li><a
href="6fe45f76ef"><code>6fe45f7</code></a>
Make s in message optional.</li>
<li><a
href="9023501243"><code>9023501</code></a>
Fix scope of summary variable.</li>
<li><a
href="02091f13f4"><code>02091f1</code></a>
Update codeql-analysis.yml</li>
<li><a
href="628b6a90c5"><code>628b6a9</code></a>
Close class loader in Gradle plugin, if possible.</li>
<li><a
href="9a81856525"><code>9a81856</code></a>
Remove unused import.</li>
<li>Additional commits viewable in <a
href="https://github.com/raphw/byte-buddy/compare/byte-buddy-1.12.18...byte-buddy-1.12.19">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [byte-buddy-dep](https://github.com/raphw/byte-buddy) from 1.12.18
to 1.12.19.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/raphw/byte-buddy/releases">byte-buddy-dep's
releases</a>.</em></p>
<blockquote>
<h2>Byte Buddy 1.12.19</h2>
<ul>
<li>Avoid possible lock through circular class loading of
<code>TypeDescription</code> subtypes.</li>
<li>Avoid access error when using unsafe API on Java 17 with an active
security manager.</li>
<li>Close URL class loader used in Gradle plugin.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/raphw/byte-buddy/blob/master/release-notes.md">byte-buddy-dep's
changelog</a>.</em></p>
<blockquote>
<h2>Byte Buddy release notes</h2>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c93425a1e9"><code>c93425a</code></a>
[maven-release-plugin] prepare release byte-buddy-1.12.19</li>
<li><a
href="b1f4e9b4ee"><code>b1f4e9b</code></a>
[release] New release</li>
<li><a
href="8d17e3a2a3"><code>8d17e3a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/raphw/byte-buddy/issues/1359">#1359</a>
from eyalkoren/protection-domain</li>
<li><a
href="c57139e69c"><code>c57139e</code></a>
Using explicit ProtectionDomain in dynamically loaded classes</li>
<li><a
href="ff8be9a91b"><code>ff8be9a</code></a>
Attempt cloning protection domain from accessible object to avoid
security ma...</li>
<li><a
href="6fe45f76ef"><code>6fe45f7</code></a>
Make s in message optional.</li>
<li><a
href="9023501243"><code>9023501</code></a>
Fix scope of summary variable.</li>
<li><a
href="02091f13f4"><code>02091f1</code></a>
Update codeql-analysis.yml</li>
<li><a
href="628b6a90c5"><code>628b6a9</code></a>
Close class loader in Gradle plugin, if possible.</li>
<li><a
href="9a81856525"><code>9a81856</code></a>
Remove unused import.</li>
<li>Additional commits viewable in <a
href="https://github.com/raphw/byte-buddy/compare/byte-buddy-1.12.18...byte-buddy-1.12.19">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [byte-buddy-dep](https://github.com/raphw/byte-buddy) from 1.12.18
to 1.12.19.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/raphw/byte-buddy/releases">byte-buddy-dep's
releases</a>.</em></p>
<blockquote>
<h2>Byte Buddy 1.12.19</h2>
<ul>
<li>Avoid possible lock through circular class loading of
<code>TypeDescription</code> subtypes.</li>
<li>Avoid access error when using unsafe API on Java 17 with an active
security manager.</li>
<li>Close URL class loader used in Gradle plugin.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/raphw/byte-buddy/blob/master/release-notes.md">byte-buddy-dep's
changelog</a>.</em></p>
<blockquote>
<h2>Byte Buddy release notes</h2>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c93425a1e9"><code>c93425a</code></a>
[maven-release-plugin] prepare release byte-buddy-1.12.19</li>
<li><a
href="b1f4e9b4ee"><code>b1f4e9b</code></a>
[release] New release</li>
<li><a
href="8d17e3a2a3"><code>8d17e3a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/raphw/byte-buddy/issues/1359">#1359</a>
from eyalkoren/protection-domain</li>
<li><a
href="c57139e69c"><code>c57139e</code></a>
Using explicit ProtectionDomain in dynamically loaded classes</li>
<li><a
href="ff8be9a91b"><code>ff8be9a</code></a>
Attempt cloning protection domain from accessible object to avoid
security ma...</li>
<li><a
href="6fe45f76ef"><code>6fe45f7</code></a>
Make s in message optional.</li>
<li><a
href="9023501243"><code>9023501</code></a>
Fix scope of summary variable.</li>
<li><a
href="02091f13f4"><code>02091f1</code></a>
Update codeql-analysis.yml</li>
<li><a
href="628b6a90c5"><code>628b6a9</code></a>
Close class loader in Gradle plugin, if possible.</li>
<li><a
href="9a81856525"><code>9a81856</code></a>
Remove unused import.</li>
<li>Additional commits viewable in <a
href="https://github.com/raphw/byte-buddy/compare/byte-buddy-1.12.18...byte-buddy-1.12.19">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps byte-buddy-gradle-plugin from 1.12.18 to 1.12.19.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps `autoValueVersion` from 1.10 to 1.10.1.
Updates `auto-value` from 1.10 to 1.10.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/auto/releases">auto-value's
releases</a>.</em></p>
<blockquote>
<h2>AutoValue 1.10.1</h2>
<ul>
<li>Two annotations from <code>org.jetbrains.annotations</code> were
accidentally included unshaded in the AutoValue jar. That has been
fixed. (6de325b0c)</li>
<li>Fixed an issue when a builder has a property <code>foo</code> with
both a getter <code>foo()</code> and a builder
<code>fooBuilder()</code>. (3659a0e64)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c698816ebd"><code>c698816</code></a>
Set version number for auto-value-parent to 1.10.1.</li>
<li><a
href="6de325b0cc"><code>6de325b</code></a>
Ensure that <code>org.jetbrains.annotations</code> is shaded in the
AutoValue jar.</li>
<li><a
href="61967ecd3c"><code>61967ec</code></a>
Fix the variable name in the example of "When parameter names are
unavailable".</li>
<li><a
href="a91775b68f"><code>a91775b</code></a>
Bump mockito-core from 4.8.1 to 4.9.0 in /value</li>
<li><a
href="d7218d5820"><code>d7218d5</code></a>
Bump kotlin.version from 1.7.20 to 1.7.21 in /value</li>
<li><a
href="eea4094fdc"><code>eea4094</code></a>
Bump maven-shade-plugin from 3.4.0 to 3.4.1 in /value</li>
<li><a
href="3659a0e643"><code>3659a0e</code></a>
Fix an issue with builder getters.</li>
<li><a
href="aeffb9065d"><code>aeffb90</code></a>
Bump mockito-core from 4.8.0 to 4.8.1 in /value</li>
<li><a
href="b8f2bad387"><code>b8f2bad</code></a>
Bump styfle/cancel-workflow-action from 0.10.1 to 0.11.0</li>
<li><a
href="4bb91ca4fc"><code>4bb91ca</code></a>
Propagate parameter annotations in generated factory code.</li>
<li>Additional commits viewable in <a
href="https://github.com/google/auto/compare/auto-value-1.10...auto-value-1.10.1">compare
view</a></li>
</ul>
</details>
<br />
Updates `auto-value-annotations` from 1.10 to 1.10.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/auto/releases">auto-value-annotations's
releases</a>.</em></p>
<blockquote>
<h2>AutoValue 1.10.1</h2>
<ul>
<li>Two annotations from <code>org.jetbrains.annotations</code> were
accidentally included unshaded in the AutoValue jar. That has been
fixed. (6de325b0c)</li>
<li>Fixed an issue when a builder has a property <code>foo</code> with
both a getter <code>foo()</code> and a builder
<code>fooBuilder()</code>. (3659a0e64)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c698816ebd"><code>c698816</code></a>
Set version number for auto-value-parent to 1.10.1.</li>
<li><a
href="6de325b0cc"><code>6de325b</code></a>
Ensure that <code>org.jetbrains.annotations</code> is shaded in the
AutoValue jar.</li>
<li><a
href="61967ecd3c"><code>61967ec</code></a>
Fix the variable name in the example of "When parameter names are
unavailable".</li>
<li><a
href="a91775b68f"><code>a91775b</code></a>
Bump mockito-core from 4.8.1 to 4.9.0 in /value</li>
<li><a
href="d7218d5820"><code>d7218d5</code></a>
Bump kotlin.version from 1.7.20 to 1.7.21 in /value</li>
<li><a
href="eea4094fdc"><code>eea4094</code></a>
Bump maven-shade-plugin from 3.4.0 to 3.4.1 in /value</li>
<li><a
href="3659a0e643"><code>3659a0e</code></a>
Fix an issue with builder getters.</li>
<li><a
href="aeffb9065d"><code>aeffb90</code></a>
Bump mockito-core from 4.8.0 to 4.8.1 in /value</li>
<li><a
href="b8f2bad387"><code>b8f2bad</code></a>
Bump styfle/cancel-workflow-action from 0.10.1 to 0.11.0</li>
<li><a
href="4bb91ca4fc"><code>4bb91ca</code></a>
Propagate parameter annotations in generated factory code.</li>
<li>Additional commits viewable in <a
href="https://github.com/google/auto/compare/auto-value-1.10...auto-value-1.10.1">compare
view</a></li>
</ul>
</details>
<br />
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
fyi I added topic for SIG meeting in 2 weeks b/c I'd like to automate
this but have some questions:
* What is the purpose of keeping around old diffs?
* If we need them, what about not including the empty ones?
* Do we diff minor versions against patches (if any), or only against
last minor?