Skip to content

Bump the "java" group with 1 updates across multiple ecosystems #476

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Bump the "java" group with 1 updates across multiple ecosystems #476

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 14, 2025
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps the java group with 3 updates in the / directory: io.grpc:grpc-bom, io.opentelemetry:opentelemetry-bom and io.github.classgraph:classgraph.
Bumps the java group with 1 update in the /examples/fabric-contract-example-gradle-kotlin directory: org.junit.jupiter:junit-jupiter.

Updates io.grpc:grpc-bom from 1.75.0 to 1.76.0

Release notes

Sourced from io.grpc:grpc-bom's releases.

v1.76.0

Bug Fixes

  • xds: ClusterResolverLb has been converted to use XdsDepManager, which finishes the changes for gRFC A74 xDS Config Tears. This change should resolve some unnecessary reconnections introduced in v1.75.0 when using weighted_round_robin and maybe other policies.
  • compiler: A fix has been implemented for the blockingV2 stub to mangle generated method names that conflict with java.lang.Object methods.
  • servlet: A race condition in AsyncServletOutputStreamWriter has been fixed to prevent threads from getting stuck.
  • servlet: An issue where AsyncContext.complete() was called multiple times, causing an IllegalStateException, has been resolved.
  • binder: The REMOTE_UID is now required to hold the exact UID passed to the SecurityPolicy.
  • binder: The server will now only accept post-setup transactions from the authorized server UID.
  • util: AdvancedTlsX509TrustManager now errors with a message to say that files don’t exist instead of the previous “Files were unmodified before their initial update. Probably a bug.”
  • android: A fix has been implemented for network change handling on API levels below 24.

Improvements

  • api: Allocations of Attributes.Builder have been reduced. This mostly benefits attributes.toBuilder(), but that’s not expected to be visible in regular workloads.
  • api: An empty array allocation in LoadBalancer.CreateSubchannelArgs.Builder has been avoided. It is a small optimization and is not expected to have any performance impact.
  • servlet: A configurable methodNameResolver has been added to configure the mapping from servlet request paths to gRPC method name
  • servlet: Avoid a race by increasing the AsyncContext timeout by 5 seconds. The gRPC Context timeout should trigger first
  • xds: Pretty-print envoy.service.discovery.v3.Resource in debug logs
  • bazel: The java/proto rules from rules_java/rules_proto are now used instead of native rules.
  • bazel: Unnecessary direct build dependencies were removed from some targets
  • netty: Support for the BCJSSE provider has been added in GrpcSslContexts.
  • netty: Huffman coding in server response headers has been disabled; it was already disabled for client request headers
  • netty: Include allow header for HTTP response code 405
  • okhttp: Include allow header for HTTP response code 405
  • binder: Error descriptions for ServiceConnection callbacks have been improved
  • binder: Apps can now call SecurityPolicy.checkAuthorization() by PeerUid.

New Features

  • stub: Trailers are now propagated in StatusException when thrown by BlockingClientCall.
  • compiler: Support for macOS aarch64 with a universal binary has been added.
  • opentelemetry: grpc.subchannel.* metrics as described in gRFC A94 OTel metrics for Subchannels have been added. grpc.disconnect_error will show as “unknown” until transports implement support
  • binder: A NameResolver for Android's intent: URIs has been introduced.
  • binder: A basic SocketStats with just the local and remote addresses has been added for channelz.

Documentation

  • SECURITY.md: The documentation now describes how to use gcompat with LD_PRELOAD for Alpine.
  • examples: The documentation now explains Bazel BCR releases and the git_override option.

Dependencies

  • Upgraded Guava version to 33.4.8.
  • The org.apache.tomcat:annotations-api dependency has been removed from the examples.

Thanks to

@JoeCqupt @Sangamesh1997

... (truncated)

Commits
  • d0db129 Bump version to 1.76.0
  • aa672ca Update README etc to reference 1.76.0
  • 70b7249 netty: Unconditionally disable adaptive cumulator (#12390)
  • f89d1d8 api: remove nullable from StatusOr value methods (#12338)
  • 040665f examples: Explain Bazel BCR releases and git_override option
  • 4995700 xds: Remove verify TODO for onResult2 error status
  • afe7222 SECURITY.md: Mention gcompat for Alpine (#12365)
  • 1a7042a android: fix network change handling on API levels < 24
  • 8f0db07 api: Avoid allocating empty array in LoadBalancer (#12337)
  • 0c179e3 xds: Convert ClusterResolverLb to XdsDepManager
  • Additional commits viewable in compare view

Updates io.opentelemetry:opentelemetry-bom from 1.54.1 to 1.55.0

Release notes

Sourced from io.opentelemetry:opentelemetry-bom's releases.

Version 1.55.0

API

Common

  • Improve GraalVM native image compatibility (#7160)

Traces

  • Fix TraceState key validation limits to match W3C specification (#7575)

Incubator

  • Add ExtendedOpenTelemetry API (#7496)
  • Add incubator implementation of composite sampling specification (#7626)

SDK

Traces

  • Proactively avoid Unsafe on Java 23+ to avoid triggering JVM warning message (#7691)

Metrics

  • Add setMeterConfigurator() support to MeterProvider (incubating API) (#7346)

Exporters

  • OTLP: Configure metric exporter to use SDK's MeterProvider for internal metrics (#7541)
  • OTLP: Suppress logging of InterruptedException from managed OkHttp threads (#7565)
  • OTLP: Update dependency from okhttp-jvm back to okhttp for Gradle users, preserving okhttp-jvm for Maven users (#7681)
  • Prometheus: Remove separate otel_scope_info metric and always add scope labels to data points (#7398)
  • Prometheus: Update exporter dependencies to use protobuf-free formats (#7664)

Profiling

  • Update profiles exporter to support proto v1.8.0-alpha changes (#7638)
  • Add abstractions to assist with dictionary table assembly (#7717)
  • Add abstractions to assist with sample composition (#7727)

Extensions

  • Autoconfigure: Improve exception logging when running in Maven (#7336)
  • Declarative configuration: Return Resource (#7639)
  • Declarative configuration: Invoke auto-configure listeners (#7654)
  • Declarative configuration: Add logging when incompatible types are found (#7693)

Shims

OpenTracing Shim

... (truncated)

Changelog

Sourced from io.opentelemetry:opentelemetry-bom's changelog.

Version 1.55.0 (2025-10-13)

API

Common

  • Improve GraalVM native image compatibility (#7160)

Traces

  • Fix TraceState key validation limits to match W3C specification (#7575)

Incubator

  • Add ExtendedOpenTelemetry API (#7496)
  • Add incubator implementation of composite sampling specification (#7626)

SDK

Traces

  • Proactively avoid Unsafe on Java 23+ to avoid triggering JVM warning message (#7691)

Metrics

  • Add setMeterConfigurator() support to MeterProvider (incubating API) (#7346)

Exporters

  • OTLP: Configure metric exporter to use SDK's MeterProvider for internal metrics (#7541)
  • OTLP: Suppress logging of InterruptedException from managed OkHttp threads (#7565)
  • OTLP: Update dependency from okhttp-jvm back to okhttp for Gradle users, preserving okhttp-jvm for Maven users (#7681)
  • Prometheus: Remove separate otel_scope_info metric and always add scope labels to data points (#7398)
  • Prometheus: Update exporter dependencies to use protobuf-free formats (#7664)

Profiling

  • Update profiles exporter to support proto v1.8.0-alpha changes

... (truncated)

Commits
  • f612423 [release/v1.55.x] Prepare release 1.55.0 (#7752)
  • 4268621 fix(deps): update dependency com.squareup.okio:okio-bom to v3.16.1 (#7738)
  • 29f8b09 Clear context class loader from started threads (#7488)
  • a00f6a8 Update change log for upcoming release (#7744)
  • 926da40 chore(deps): update plugin com.gradle.develocity to v4.2.2 (#7750)
  • 4a11b72 fix(deps): update dependency com.gradle.develocity:com.gradle.develocity.grad...
  • d91425b fix(deps): update dependency org.owasp:dependency-check-gradle to v12.1.7 (#7...
  • 58b5699 chore(deps): update github/codeql-action action to v4 (#7749)
  • 6204e2c fix(deps): update dependency jacoco to v0.8.14 (#7746)
  • 74802e8 fix(deps): update dependency checkstyle to v12.0.1 (#7745)
  • Additional commits viewable in compare view

Updates io.github.classgraph:classgraph from 4.8.181 to 4.8.184

Release notes

Sourced from io.github.classgraph:classgraph's releases.

classgraph-4.8.184

classgraph-4.8.183

  • Fixed some build issues.

classgraph-4.8.182

  • Dropped support for JDK 7 (since JDK 7 is no longer supported by javac as of JDK 20).
  • Dropped support for JVM-Driver for overcoming strong encapsulation in problematic classloaders (Narcissus is still supported).
  • Fix broken module declaration (#923, #922, #911).
Commits

Updates org.junit.jupiter:junit-jupiter from 5.13.4 to 6.0.0

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0-M2...r6.0.0-RC1

JUnit 6.0.0-M2 = Platform 6.0.0-M2 + Jupiter 6.0.0-M2 + Vintage 6.0.0-M2

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0-M1...r6.0.0-M2

... (truncated)

Commits
  • 4f79594 Release 6.0.0
  • 55af30a Revert "Use develop/6.x branch for junit-examples during release build"
  • df3cfdd Release 5.14.0
  • fcb84a2 Disable backward compatibility check when offline
  • c9c8344 Prune 5.14.0 release notes
  • 03d8a72 Update broken link to using API Gaurdian with bndtools
  • 3a0b29b Use temporary JUnit 6 logo
  • 6603caa Rename eclipseClasspath to eclipseConventions to avoid confusion
  • ab3470b Make sealed MediaType work in Eclipse
  • a8cd41e Remove annotations not visible in Eclipse
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the java group across 2 directories with 4 updates
3624651 
Bumps the java group with 3 updates in the / directory: [io.grpc:grpc-bom](https://github.com/grpc/grpc-java), [io.opentelemetry:opentelemetry-bom](https://github.com/open-telemetry/opentelemetry-java) and [io.github.classgraph:classgraph](https://github.com/classgraph/classgraph).
Bumps the java group with 1 update in the /examples/fabric-contract-example-gradle-kotlin directory: [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit-framework).


Updates `io.grpc:grpc-bom` from 1.75.0 to 1.76.0
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](grpc/grpc-java@v1.75.0...v1.76.0)

Updates `io.opentelemetry:opentelemetry-bom` from 1.54.1 to 1.55.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-java/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-java/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-java@v1.54.1...v1.55.0)

Updates `io.github.classgraph:classgraph` from 4.8.181 to 4.8.184
- [Release notes](https://github.com/classgraph/classgraph/releases)
- [Commits](classgraph/classgraph@classgraph-4.8.181...classgraph-4.8.184)

Updates `org.junit.jupiter:junit-jupiter` from 5.13.4 to 6.0.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r5.13.4...r6.0.0)

---
updated-dependencies:
- dependency-name: io.grpc:grpc-bom
  dependency-version: 1.76.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java
- dependency-name: io.opentelemetry:opentelemetry-bom
  dependency-version: 1.55.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java
- dependency-name: io.github.classgraph:classgraph
  dependency-version: 4.8.184
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: java
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: java
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Oct 14, 2025
@dependabot dependabot bot requested a review from a team as a code owner October 14, 2025 11:11
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Oct 14, 2025
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@bestbeforetoday
Copy link
Member

These updates were already delivered in #475.

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 16, 2025

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/java-471b2f300a branch October 16, 2025 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bestbeforetoday