fix(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
com.spotify:completable-futures (source)	0.3.5 -> 0.3.6
org.assertj:assertj-core (source)	3.24.2 -> 3.25.1
net.sourceforge.plantuml:plantuml	1.2023.12 -> 1.2023.13
com.fasterxml.jackson.datatype:jackson-datatype-jsr310	2.16.0 -> 2.16.1
com.fasterxml.jackson.core:jackson-core	2.16.0 -> 2.16.1
com.fasterxml.jackson.core:jackson-databind (source)	2.16.0 -> 2.16.1
com.fasterxml.jackson.core:jackson-annotations (source)	2.16.0 -> 2.16.1
com.github.javaparser:javaparser-symbol-solver-core (source)	3.25.7 -> 3.25.8
com.squareup.okio:okio	3.6.0 -> 3.7.0
io.projectreactor.netty:reactor-netty-core	1.1.13 -> 1.1.15
com.newrelic.agent.java:newrelic-api	8.7.0 -> 8.8.0
io.opentelemetry:opentelemetry-api	1.32.0 -> 1.34.0
org.apache.httpcomponents.client5:httpclient5	5.2.3 -> 5.3
io.projectreactor.netty:reactor-netty-http	1.1.13 -> 1.1.15
org.jetbrains.kotlin.jvm	1.9.21 -> 1.9.22

---

Release Notes

spotify/completable-futures (com.spotify:completable-futures)

v0.3.6

What's Changed

• Weaver ownership by @​cirpo in https://github.com/spotify/completable-futures/pull/88
• Add java 17 to LTS & Update JUnit to 5 by @​caesar-ralf in https://github.com/spotify/completable-futures/pull/92
• [Snyk] Upgrade com.google.code.findbugs:jsr305 from 3.0.1 to 3.0.2 by @​snyk-bot in https://github.com/spotify/completable-futures/pull/89
• Fix gpg plugin for being able to release by @​caesar-ralf in https://github.com/spotify/completable-futures/pull/94
• Bump foss-root to 16 by @​caesar-ralf in https://github.com/spotify/completable-futures/pull/95
• Supply compose async by @​thiml in https://github.com/spotify/completable-futures/pull/97

New Contributors

• @​cirpo made their first contribution in https://github.com/spotify/completable-futures/pull/88
• @​caesar-ralf made their first contribution in https://github.com/spotify/completable-futures/pull/92
• @​snyk-bot made their first contribution in https://github.com/spotify/completable-futures/pull/89
• @​thiml made their first contribution in https://github.com/spotify/completable-futures/pull/97

Full Changelog: spotify/completable-futures@v0.3.5...v0.3.6

javaparser/javaparser (com.github.javaparser:javaparser-symbol-solver-core)

v3.25.8

issues resolved

Added

• feat: creates cache statistics and moves Cache interface to javaparser-core (PR #​4278 by @​jlerbsc)
• feat: Add parseArrayInitializerExpr to JavaParser API (PR #​4276 by @​iMashtak)
• feat: A visitor looking for a node by its position in an AST (PR #​4258 by @​jlerbsc)

Changed

• fix: Partial removal of the use of instanceof in favour of the use of the API (PR #​4280 by @​jlerbsc)
• [GHA] Run on java 18 (PR #​4252 by @​hazendaz)

Fixed

• fix: issue 4240 Calling resolve on catch block parameter throws exception (PR #​4279 by @​jlerbsc)
• Fix: issue 4270 Exception when resolving ObjectCreationExpr with nested varargs (PR #​4273 by @​jlerbsc)
• add Java_18 to yieldSupport (PR #​4262 by @​Kimmmey)
• fix: issue #​4245 UnsupportedOperationException with LexicalPreservingPrinter when removing a sealed modified (PR #​4253 by @​jlerbsc)
• [ci] Fix change log released version as 3.25.7 (PR #​4251 by @​hazendaz)
• Fix: issue 3278 Lazy types cause stack overflow when trying to find the least upper bound type (PR #​4246 by @​jlerbsc)

Developer Changes

• chore(deps): bump com.google.guava:guava from 32.1.3-jre to 33.0.0-jre (PR #​4264 by @​dependabot[bot])

Uncategorised

• Revert "Refactoring: Move cache features to javaparser-core" (PR #​4274 by @​jlerbsc)

❤️ Contributors

Thank You to all contributors who worked on this release!

• @​hazendaz
• @​iMashtak
• @​jlerbsc
• @​Kimmmey

square/okio (com.squareup.okio:okio)

v3.7.0

2023-12-16

• New: Timeout.cancel() prevents a timeout from firing.
• Breaking: Drop the watchosX86 Kotlin/Native target. From [the Kotlin blog][watchosX86],
  ‘This is an obsolete simulator for Intel Macs. Use the watchosX64 target instead.’
• New: Add the watchosDeviceArm64 Kotlin/Native target.
• New: Timeout APIs that accept kotlin.time.Duration.
• Upgrade: [Kotlin 1.9.21][kotlin_1_9_21].

reactor/reactor-netty (io.projectreactor.netty:reactor-netty-core)

v1.1.15

Reactor Netty 1.1.15 is part of 2022.0.15 Release Train and 2023.0.2 Release Train.

This is a recommended update for all Reactor Netty 1.1.x users.

What's Changed

✨ New features and improvements

• Depend on Reactor Core v3.5.14 by @​chemicL in 0716665, see release notes
• Depend on Netty v4.1.104.Final by @​violetagg in #​2998
• Depend on Netty QUIC Codec v0.0.55.Final by @​violetagg in #​3001

🐞 Bug fixes

• Do not forward the last inbound data frame when it is empty by @​violetagg in #​3000
• Fix NullPointerException in TlsMetricsHandler when used together with SniHandler by @​violetagg in #​3023

📖 Documentation, Tests and Build

• Clarify TCP fallback is enabled by default for Host Name Resolution. by @​simonatan in #​3013
• Update dependabot configuration by @​violetagg in #​3020, cfea140, 24b1c9a, 300bf66

🆙 Build/Test Dependency Upgrades

• Bump tomcat-embed-core to version 9.0.84 by @​dependabot in #​2997
• Bump github/codeql-action to version 3 by @​dependabot in #​2999
• Bump jackson-databind to version 2.16.1 by @​dependabot in #​3007
• Bump build-info-extractor-gradle to version 4.33.10 by @​dependabot in #​3008
• Bump brotli4j to version 1.15.0 by @​dependabot in #​3010
• Bump assertj-core to version 3.25.1 by @​dependabot in #​3012
• Bump hoverfly-java-junit5 to version 0.16.0 by @​dependabot in #​3018
• Bump braveVersion to version 5.18.1 by @​dependabot in #​3021

Full Changelog: reactor/reactor-netty@v1.1.14...v1.1.15

v1.1.14

Reactor Netty 1.1.14 is part of 2022.0.14 Release Train and 2023.0.1 Release Train.

This is a recommended update for all Reactor Netty 1.1.x users.

What's Changed

✨ New features and improvements

• Depend on Reactor Core v3.5.13 by @​violetagg in 5f09da8, see release notes
• Depend on netty-incubator-transport-native-io_uring v0.0.24.Final by @​dependabot in #​2977
• Depend on Netty QUIC Codec v0.0.54.Final by @​violetagg in #​2991
• Add support for websocket client_no_context_takeover and server_no_context_takeover extension parameters by @​violetagg in #​2979
• Expose metrics for pending acquire operation latency by @​violetagg in #​2980

🐞 Bug fixes

• Ensure RFC 6265 compliance when sending multiple cookies by @​violetagg in #​2994

📖 Documentation, Tests and Build

• Update Reactor Core version in check_reactor_core_3.6_snapshots.yml by @​violetagg in #​2971

🆙 Build/Test Dependency Upgrades

• Bump tomcat-embed-core to version 9.0.83 by @​dependabot in #​2974
• Bump jackson-databind to version 2.16.0 by @​dependabot in #​2975
• Bump actions/setup-java to version 4 by @​dependabot in #​2989
• Bump logback-classic to version 1.2.13 by @​dependabot in #​2990
• Bump org.gradle.test-retry to version 1.5.8 by @​dependabot in #​2993

Full Changelog: reactor/reactor-netty@v1.1.13...v1.1.14

newrelic/newrelic-java-agent (com.newrelic.agent.java:newrelic-api)

v8.8.0: Version 8.8.0

New features and improvements

• Add support for Jetty 12, including Jetty’s implementation of the Jakarta EE 8, 9, and 10 specs. 1621

• Add support for Vert.x versions 4.0.0 through 4.4.x 1588

• Add instrumentation for graphql-java 21 1454

• Instrument r2dbc-postgresql 0.9.2 till latest 1413

• Reintroduce the legacy HTTP Attributes that were removed in v8.0.0 to support customers with alerts and dashboards that require them 1671
  The attributes are:

  • httpResponseCode
  • httpResponseMessage
  • response.status
  • response.statusMessage

  Attribute reporting is configurable via the following means.

  YAML:

  attributes:
    http_attribute_mode: both
  

  System property:

  -Dnewrelic.config.attributes.http_attribute_mode=both

  Environment variable:

  NEW_RELIC_ATTRIBUTES_HTTP_ATTRIBUTE=both 

  The configuration options are:

  • standard : The agent will send new standard attributes. This configuration is recommended but requires that any alerts or dashboards using attributes be updated to use these new attributes. This setting will reduce the amount of ingest used for attribute reporting.
  • legacy : The agent will send the legacy attributes referenced above. Customers with alerts or dashboard requiring these attributes can continue to be used as-is. This setting will reduce the amount of ingest used for attribute reporting.
  • both : This is the default configuration, the agent will send BOTH legacy AND standard HTTP attributes. This configuration was intended to support customers that are unable to modify their alerts or dashboards but this configuration will increase data ingest.

• Add an interface for our error API. Our error API can now be called via the code NewRelic.getAgent().getErrorApi() 1577

• Add log4j2 JsonLayout support and support log4j2 till latest. 1545

• Add httpstatus in the external segment for Spring Webclient 1610

• Enable slow transaction detection by default and bump the threshold to 10 minutes 1629

• Add support for string formatting with JBoss Logging. 1650

• Add logic to remove specific classes from being excluded from being weaved if the IAST security feature is enabled. 1453

  The affected classes belong in the following formats:

  • ^java/security/.*
  • ^javax/crypto/.* These are crypto classes which can cause class circularity errors if they get too far along in the class transformer.
  • ^net/sf/saxon.*

  If you wish to re-include these excluded rules, you can do so via the following means.

  YAML:

    class_transformer:
      excludes: ^javax/crypto/.*,^java/security/.*,^net/sf/saxon.*

  System property:

  -Dnewrelic.config.class_transformer.excludes=^javax/crypto/.*,^java/security/.*,^net/sf/saxon.*

  Environment variable:

  NEW_RELIC_CLASS_TRANSFORMER_EXCLUDES=^javax/crypto/.*,^java/security/.*,^net/sf/saxon.*

• Prevent license_key value from being written to the agent logs when using debug and/or audit_mode logging 1653

IAST

• The IAST feature now also supports Async HTTP client version 2 and above 142
• Added support for Sun Net HTTP Server 142
• JSON version bump to 1.1.1 142
• Add critical error logging via LogMessage event 142

Fixes

• Fix transaction naming in Spring controllers with a CGLIB proxy. Transactions now use the actual class name as opposed to the proxied class name. 1574

• Fix a NullPointerException caused by ServletContext in servlet instrumentation modules. 1636

• Fix a memory leak caused by Lettuce instrumentation. Duplicate code for transaction linking has been removed from the Lettuce instrumentation and is handled by netty-reactor instead. 1608

• Fix a bug where invalidating a license key causes a memory leak. Reconnection tasks are now capped in the event of a LicenseException. 1606

• Fix a NullPointerException caused by RPMServiceManager 1604

• Add a workaround for a memory leak that may occur in rare scenarios with instrumentation using the legacy async API in the Java Agent (which async servlets and Jetty Continuations use). 1555

  The option can be configured via the following means:

  Agent config file (this will update dynamically if the config file is changed)

  common: &default_settings
    legacy_async_api_skip_suspend: true

  System Property

  -Dnewrelic.config.legacy_async_api_skip_suspend=true

  Environment Variable

  NEW_RELIC_LEGACY_ASYNC_API_SKIP_SUSPEND=true

IAST

• DynamoDB v2 issue: missing attribute values for conditionCheck method in case of transactWriteItems operation on DynamoDB 142

• Fixed an Insecure cookie attack vulnerability. 142

• Never print LicenseKey 142

Deprecations

The following instrumentation modules are deprecated and will be removed in the next major release:

• aws-wrap-0.7.0
• java.completable-future-jdk8
• play-2.3
• spring-3.0.0
• netty-3.4
• Struts v1

Full Changelog: newrelic/newrelic-java-agent@v8.7.0...v8.8.0

open-telemetry/opentelemetry-java (io.opentelemetry:opentelemetry-api)

v1.34.0

API

• Ability to access version.properties API file with GraalVM native
  (#​6095)

SDK

Traces

• Only call SpanProcessor onStart / onEnd if required
  (#​6112)
• Add option to export unsampled spans from span processors
  (#​6057)

Metrics

• Memory Mode: Adding first part support for synchronous instruments - storage
  (#​5998)
• Base2ExponentialHistogramAggregation maxBuckets must be >= 2
  (#​6093)
• Convert histogram measurements to double before passing recording exemplar reservoir
  (#​6024)

Exporters

• Add compressor SPI to support additional compression algos
  (#​5990)
• Test OTLP exporters with different OkHttp versions
  (#​6045)
• Refactor prometheus exporter to use io.prometheus:prometheus-metrics-exporter-httpserver, add
  exponential Histogram support
  (#​6015)
• UpstreamGrpcSenderProvider uses minimal fallback managed channel when none is specified
  (#​6110)
• OTLP exporters propagate serialization IOException instead of rethrowing as runtime
  (#​6082)

Extensions

• Autoconfigure reads normalized otel.config.file property
  (#​6105)

v1.33.0

API

• Fix issue where wrapping "invalid" SpanContexts in Span does not preserve SpanContext
  (#​6044)

Incubator

• Refactor and add to ExtendedTracer, add ExtendedContextPropagators
  (#​6017)
• Base64 encode AnyValue bytes in string representation
  (#​6003)

SDK

Exporters

• Add connectTimeout configuration option OtlpHttp{Signal}Exporters
  (#​5941)
• Add ability for Otlp{Protocol}LogRecordExporter to serialize log body any value
  (#​5938)
• Android environments can now handle base64 encoded PEM keys, remove exception handling in
  TlsUtil#decodePem
  (#​6034)
• Add header supplier configuration option to OTLP exporters
  (#​6004)

Extensions

• Add autoconfigure option for customizing SpanProcessor, LogRecordProcessor
  (#​5986)
• Incubator allows for simpler creation of start-only and end-only SpanProcessors.
  (#​5923)

Testing

• Add hasAttributesSatisfying overload to AbstractPointAssert
  (#​6048)

Project Tooling

• Building animal sniffer signatures directly from android corelib
  (#​5973)
• Target kotlin 1.6 in kotlin extension
  (#​5910)
• Define language version compatibility requirements
  (#​5983)

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (5762012) 10.24% compared to head (cfe3268) 8.66%.

Additional details and impacted files

@@             Coverage Diff             @@
##               main    #526      +/-   ##
===========================================
- Coverage     10.24%   8.66%   -1.58%     
+ Complexity     1682    1257     -425     
===========================================
  Files          5941    5941              
  Lines         56127   56127              
  Branches        261     261              
===========================================
- Hits           5752    4866     -886     
- Misses        50210   51127     +917     
+ Partials        165     134      -31     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.