Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump io.prometheus.simpleclient.version from 0.7.0 to 0.14.1 #70

Closed
wants to merge 1 commit into from
Closed

build(deps): bump io.prometheus.simpleclient.version from 0.7.0 to 0.14.1 #70

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Dec 26, 2021
edited
Loading

Bumps io.prometheus.simpleclient.version from 0.7.0 to 0.14.1.
Updates simpleclient from 0.7.0 to 0.14.1

Release notes

Sourced from simpleclient's releases.

0.14.1 / 2021-12-19

Bump the log4j version in simpleclient_log4j2 to 2.17.0. Apart from that this release is identical to 0.14.0.

0.14.0 / 2021-12-18

Yet another log4j version update in simpleclient_log4j2: This time to 2.16.0. Note that the log4j dependency in simpleclient_log4j2 has scope provided, i.e. simpleclient_log4j2 does not ship with log4j. simpleclient_log4j2 uses whatever log4j version the monitored application provides at runtime. Updating the log4j dependency in simpleclient_log4j2 helps getting rid of security scanner warnings (see #733), but in order to eliminate the log4j vulnerability you must make sure that the application you monitor ships with an up-to-date log4j version.

Apart from the log4j update we have a new feature:

[ENHANCEMENT] The HTTPServer can now be configured to use SSL (#695). Thanks @​dhoard.

0.13.0 / 2021-12-13

We updated log4j to 2.15.0, which fixes the log4shell vulnerability (CVE-2021-44228) (#726). Technically simpleclient_log4j2 is not directly affected by the vulnerability, because as long as you update log4j in your monitored application simpleclient_log4j2 will pick up the updated version. However, it makes sense to remove the vulnerable versions from the dependency tree, therefore the update.

In addition to the log4j update in simpleclient_log4j2, this release contains the following enhancements and fixes:

[ENHANCEMENT] Allow passing a custom registry to the logback InstrumentedAppender (#690). Thanks @​MatthewDolan. [BUGFIX] Correct handling of HEAD requests (#688). Thanks @​dhoard. [ENHANCEMENT] Lots of more integration tests and tests with different Java versions. [ENHANCEMENT] Make HTTPMetricHandler public so that users can use them in their own HttpServers (#722). Thanks @​dhoard. [ENHANCEMENT] Make Base64 encoding in the HTTP authentication for the PushGateway work with all Java versions (#698). Thanks @​dhoard.

0.12.0 / 2021-08-29

This release has a (minor) breaking change in the simpleclient_hotspot module, fixing an incompatibility with OpenMetrics:

The metric jvm_classes_loaded from the ClassLoadingExports was renamed to jvm_classes_currently_loaded #681. The reason is that there is another metric named jvm_classes_loaded_total, and in OpenMetrics this resulted in a name conflict because the base name jvm_classes_loaded was the same, see prometheus/jmx_exporter#621.

[ENHANCEMENT] add support for Jakarta Servlet, implemented in the new simpleclient_servlet_jakarta module #647. Thanks @​mmadoo for the initial PR. [ENHANCEMENT] provide a way for filtering metrics by name / name prefix. This can be configured either in the HTTPServer, or in the Servlet exporter (both javax and Jakarta). For example, if some JMX metrics cause performance issues, this can be used for excluding these metrics #680. [ENHANCEMENT] for the Servlet filter (both javax and Jakarta): Add a parameter to strip the deployment path from the path label #639. Thanks @​lapo-luchini ! [ENHANCEMENT] Add HTTP Authentication to the HTTPServer #682. Thanks @​dhoard. [BUGFIX] Use <packaging>bundle</packaging> everywhere so that client_java works with OSGI again #678. Thanks @​bigmarvin. [BUGFIX] use the correct name for the metric type gaugehistogram in OpenMetrics (previously this was wrongly named gauge_histogram)

0.11.0 / 2021-05-30

[FEATURE] Exemplars: API for adding OpenMetrics Exemplars and out-of-the-box integration with OpenTelemetry tracing (#652). [ENHANCEMENT] Introduce TestContainers integration test, for example for testing different Java versions. This means you need Docker installed to run ./mvnw verify (#652). [ENHANCEMENT] HTTPServer: Set request/response timeouts (#643). [ENHANCEMENT] HTTPServer: Make HTTPMetricHandler public so that it can be used in a custom HTTPServer (#665). [ENHANCEMENT] New JVM memory metrics: jvm_memory_pool_collection_used_bytes, jvm_memory_pool_collection_committed_bytes, jvm_memory_pool_collection_max_bytes, jvm_memory_pool_collection_init_bytes, jvm_memory_objects_pending_finalization (#661, #660). [ENHANCEMENT] Version bumps (junit, jetty, maven plugins)

0.10.0 / 2021-01-25

With this release the client_java simpleclient switches to the OpenMetrics data model and adds support for various new OpenMetrics-related features. This should be largely seamless, however any counters which lack a _total suffix on their sample will now have it added. If you'd prefer to make that change more gradually, you should change your metric names before upgrading to this version.

[CHANGE] Switch data model to OpenMetrics. Primarily this means that _total if present is stripped from the metric name of counters, and _total is now always a suffix on the sample value. This means that all Counter samples now have a _total suffix (#615) [CHANGE] The io.prometheus.client.Collector.Type enum' value UNTYPED renamed to UNKNOWN (#615) [FEATURE] Add Info and Enumeration metric types for direct instrumentation (#615) [FEATURE] Counter, Summary, and Histogram metrics now expose a _created sample with when their child was created (#615) [FEATURE] Add support for units (#615) [FEATURE] Add gauge histograms, info, stateset for custom collectors (#615)

... (truncated)

Commits
  • 39e40da [maven-release-plugin] prepare release parent-0.14.1
  • c867d8e Bump log4j2 version
  • c7ed85c Bump log4j-core from 2.16.0 to 2.17.0 in /integration_tests/it_log4j2
  • 715aaa3 Added missing @​Test annotation
  • 3af6571 [maven-release-plugin] prepare for next development iteration
  • db4c538 [maven-release-plugin] prepare release parent-0.14.0
  • d30ddee Added cleaner SSL support to HTTPServer
  • ffb1416 Bump log4j2 version
  • ab82f6f Update common Prometheus files (#730)
  • 837bb6d [maven-release-plugin] prepare for next development iteration
  • Additional commits viewable in compare view

Updates simpleclient_httpserver from 0.7.0 to 0.14.1

Release notes

Sourced from simpleclient_httpserver's releases.

0.14.1 / 2021-12-19

Bump the log4j version in simpleclient_log4j2 to 2.17.0. Apart from that this release is identical to 0.14.0.

0.14.0 / 2021-12-18

Yet another log4j version update in simpleclient_log4j2: This time to 2.16.0. Note that the log4j dependency in simpleclient_log4j2 has scope provided, i.e. simpleclient_log4j2 does not ship with log4j. simpleclient_log4j2 uses whatever log4j version the monitored application provides at runtime. Updating the log4j dependency in simpleclient_log4j2 helps getting rid of security scanner warnings (see #733), but in order to eliminate the log4j vulnerability you must make sure that the application you monitor ships with an up-to-date log4j version.

Apart from the log4j update we have a new feature:

[ENHANCEMENT] The HTTPServer can now be configured to use SSL (#695). Thanks @​dhoard.

0.13.0 / 2021-12-13

We updated log4j to 2.15.0, which fixes the log4shell vulnerability (CVE-2021-44228) (#726). Technically simpleclient_log4j2 is not directly affected by the vulnerability, because as long as you update log4j in your monitored application simpleclient_log4j2 will pick up the updated version. However, it makes sense to remove the vulnerable versions from the dependency tree, therefore the update.

In addition to the log4j update in simpleclient_log4j2, this release contains the following enhancements and fixes:

[ENHANCEMENT] Allow passing a custom registry to the logback InstrumentedAppender (#690). Thanks @​MatthewDolan. [BUGFIX] Correct handling of HEAD requests (#688). Thanks @​dhoard. [ENHANCEMENT] Lots of more integration tests and tests with different Java versions. [ENHANCEMENT] Make HTTPMetricHandler public so that users can use them in their own HttpServers (#722). Thanks @​dhoard. [ENHANCEMENT] Make Base64 encoding in the HTTP authentication for the PushGateway work with all Java versions (#698). Thanks @​dhoard.

0.12.0 / 2021-08-29

This release has a (minor) breaking change in the simpleclient_hotspot module, fixing an incompatibility with OpenMetrics:

The metric jvm_classes_loaded from the ClassLoadingExports was renamed to jvm_classes_currently_loaded #681. The reason is that there is another metric named jvm_classes_loaded_total, and in OpenMetrics this resulted in a name conflict because the base name jvm_classes_loaded was the same, see prometheus/jmx_exporter#621.

[ENHANCEMENT] add support for Jakarta Servlet, implemented in the new simpleclient_servlet_jakarta module #647. Thanks @​mmadoo for the initial PR. [ENHANCEMENT] provide a way for filtering metrics by name / name prefix. This can be configured either in the HTTPServer, or in the Servlet exporter (both javax and Jakarta). For example, if some JMX metrics cause performance issues, this can be used for excluding these metrics #680. [ENHANCEMENT] for the Servlet filter (both javax and Jakarta): Add a parameter to strip the deployment path from the path label #639. Thanks @​lapo-luchini ! [ENHANCEMENT] Add HTTP Authentication to the HTTPServer #682. Thanks @​dhoard. [BUGFIX] Use <packaging>bundle</packaging> everywhere so that client_java works with OSGI again #678. Thanks @​bigmarvin. [BUGFIX] use the correct name for the metric type gaugehistogram in OpenMetrics (previously this was wrongly named gauge_histogram)

0.11.0 / 2021-05-30

[FEATURE] Exemplars: API for adding OpenMetrics Exemplars and out-of-the-box integration with OpenTelemetry tracing (#652). [ENHANCEMENT] Introduce TestContainers integration test, for example for testing different Java versions. This means you need Docker installed to run ./mvnw verify (#652). [ENHANCEMENT] HTTPServer: Set request/response timeouts (#643). [ENHANCEMENT] HTTPServer: Make HTTPMetricHandler public so that it can be used in a custom HTTPServer (#665). [ENHANCEMENT] New JVM memory metrics: jvm_memory_pool_collection_used_bytes, jvm_memory_pool_collection_committed_bytes, jvm_memory_pool_collection_max_bytes, jvm_memory_pool_collection_init_bytes, jvm_memory_objects_pending_finalization (#661, #660). [ENHANCEMENT] Version bumps (junit, jetty, maven plugins)

0.10.0 / 2021-01-25

With this release the client_java simpleclient switches to the OpenMetrics data model and adds support for various new OpenMetrics-related features. This should be largely seamless, however any counters which lack a _total suffix on their sample will now have it added. If you'd prefer to make that change more gradually, you should change your metric names before upgrading to this version.

[CHANGE] Switch data model to OpenMetrics. Primarily this means that _total if present is stripped from the metric name of counters, and _total is now always a suffix on the sample value. This means that all Counter samples now have a _total suffix (#615) [CHANGE] The io.prometheus.client.Collector.Type enum' value UNTYPED renamed to UNKNOWN (#615) [FEATURE] Add Info and Enumeration metric types for direct instrumentation (#615) [FEATURE] Counter, Summary, and Histogram metrics now expose a _created sample with when their child was created (#615) [FEATURE] Add support for units (#615) [FEATURE] Add gauge histograms, info, stateset for custom collectors (#615)

... (truncated)

Commits
  • 39e40da [maven-release-plugin] prepare release parent-0.14.1
  • c867d8e Bump log4j2 version
  • c7ed85c Bump log4j-core from 2.16.0 to 2.17.0 in /integration_tests/it_log4j2
  • 715aaa3 Added missing @​Test annotation
  • 3af6571 [maven-release-plugin] prepare for next development iteration
  • db4c538 [maven-release-plugin] prepare release parent-0.14.0
  • d30ddee Added cleaner SSL support to HTTPServer
  • ffb1416 Bump log4j2 version
  • ab82f6f Update common Prometheus files (#730)
  • 837bb6d [maven-release-plugin] prepare for next development iteration
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 26, 2021
@dependabot dependabot bot force-pushed the dependabot/maven/io.prometheus.simpleclient.version-0.14.1 branch from aa2323e to a13e124 Compare January 1, 2022 01:38
@dependabot
build(deps): bump io.prometheus.simpleclient.version
480999f 
Bumps `io.prometheus.simpleclient.version` from 0.7.0 to 0.14.1.

Updates `simpleclient` from 0.7.0 to 0.14.1
- [Release notes](https://github.com/prometheus/client_java/releases)
- [Commits](prometheus/client_java@parent-0.7.0...parent-0.14.1)

Updates `simpleclient_httpserver` from 0.7.0 to 0.14.1
- [Release notes](https://github.com/prometheus/client_java/releases)
- [Commits](prometheus/client_java@parent-0.7.0...parent-0.14.1)

---
updated-dependencies:
- dependency-name: io.prometheus:simpleclient
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: io.prometheus:simpleclient_httpserver
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/maven/io.prometheus.simpleclient.version-0.14.1 branch from a13e124 to 480999f Compare January 15, 2022 20:53
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Feb 19, 2022

Superseded by #88.

@dependabot dependabot bot closed this Feb 19, 2022
@dependabot dependabot bot deleted the dependabot/maven/io.prometheus.simpleclient.version-0.14.1 branch February 19, 2022 21:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants