Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump com.alibaba.nacos:nacos-client from 2.3.2 to 2.4.0 #178

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 22, 2024

Bumps com.alibaba.nacos:nacos-client from 2.3.2 to 2.4.0.

Release notes

Sourced from com.alibaba.nacos:nacos-client's releases.

2.4.0 (July 19th, 2024)

This version is an important version which support many new features.

The most mainly feature is Nacos support maintainer to initialize the admin user nacos password instead of using default password to improve the default security for deploy nacos clusters.

One more thing is default disabled derby ops API to prevent false alarms regarding corresponding risks for users without authentication enabled when deploying in standalone mode. If maintainers want use this API to maintain and query data in derby, maintainers can use nacos.config.derby.ops.enabled=true to open this API.

And other mainly features are support TLS Grpc communication between Nacos cluster nodes as an optional feature to improve Nacos security, which means nacos not only support TLS communication between client and server; What's more, Nacos start to support user extend Selector before callback Subscriber for naming module, not only can select instance of services by healthy and clusters. And Nacos client support callback service diffs by new event to reduce Subscriber cache and compare logics.

Third mainly features are support some configs usages in Nacos console and support more enhancement usage for plugins, such as support add all metadata to prometheus sd protocol and support aliyun ram v4 signature.

In addition to substantial feature updates, this version also fixes some bugs from previous versions and upgrades certain dependencies with security vulnerabilities.

Detail see:

Feature

#10374 Support naming custom selectors and support service diff events. #11456 Support TLS Grpc communication between Nacos cluster nodes. #11847 Nacos console support publish config with cas. #11943 Record users for import configs. #11957 Remove default password for user nacos. #12130 Add metadata as labels in prometheus http sd. #12162 Support aliyun ram v4 signature method.

Enhancement&Refactor

#11956 Refactor nacos client logging module, use SPI load current logger adapter. #12013 Enhance to fast config Nacos memory setting in startup.sh by environment CUSTOM_NACOS_MEMORY. #12072 Support does not impose any limit when totalCountLimit is less than 0. #12166 Enhance nacos client init properties logger. #12177 Update console header link to new nacos.io. #12178 Add total record count display in pagination. #12185 Use nacos properties in CacheDirUtil. #12221 Remove the accessToken from the URL. #12235 Enhance logging format in the ResponseExceptionHandler. #12246 Internationalize the display of total counts in the configuration list and service list. #12321 Enhance log for unexpected exception from NetworkInterface.ifUp. #12355 Record the cost of ConfigDump in Prometheus. #12372 Disable derby ops api default. #12382 Support ram info switch.

BugFix

#10639 Fix the encrypted_data_key is text type so that old version can't upgrade directly. #11902 Fix leak of request and response for java native runtime for nacos-client. #11926 Fix Nacos can't triggle self protection when disk full in some OS. #11951 Fix the problem that the serviceName and groupName are not resolved correctly when deleting an empty service instance. #11967 Fix Config can't publish and listen when dataId contains some special words in Window OS. #11968 Fix Multiple config change plugin implementation configuration conflicts problem. #12022 Fix nacos datasource plugin ClassCastException problem. #12046 Fix cipher-aes config encrypt plugin not effect when publish config again. #12060 Fix too large ttl when auth disabled.

... (truncated)

Commits
  • 4e77625 Upgrade to 2.4.0 (#12384)
  • ad83ff0 Develop support ram info switch (#12382)
  • ed7bd03 Close derby ops api default. (#12372)
  • fc5e502 Upgrade grpc to 1.64.2 (#12369)
  • 1879c81 fix(#12333): fixed auth Plugin resource parser can't parser v2 config openAPI...
  • 4f827ca Adjust integration tests for common modules in the core module to comply with...
  • c717538 [IT]Adjust integration tests for cluster,code,smoke modules in the core modul...
  • 8664a1a fix [ISSUE #12323] , using the project's logback packagingData configuration ...
  • a6047fa Remove the accessToken from the URL. (#12353)
  • 47d913d feat(#12355): Record the cost of ConfigDump in Prometheus. (#12356)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [com.alibaba.nacos:nacos-client](https://github.com/alibaba/nacos) from 2.3.2 to 2.4.0.
- [Release notes](https://github.com/alibaba/nacos/releases)
- [Changelog](https://github.com/alibaba/nacos/blob/develop/CHANGELOG.md)
- [Commits](alibaba/nacos@2.3.2...2.4.0)

---
updated-dependencies:
- dependency-name: com.alibaba.nacos:nacos-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 22, 2024
@Pil0tXia Pil0tXia merged commit 179e85e into main Jul 23, 2024
5 checks passed
@dependabot dependabot bot deleted the dependabot/maven/com.alibaba.nacos-nacos-client-2.4.0 branch July 23, 2024 12:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant