che-server icon indicating copy to clipboard operation
che-server copied to clipboard

Published 20 hours ago verified publisher icon eclipse-che

build(deps): bump io.prometheus.simpleclient.version from 0.7.0 to 0.14.1

Open dependabot[bot] opened this issue 3 years ago • 1 comments

Bumps io.prometheus.simpleclient.version from 0.7.0 to 0.14.1. Updates simpleclient from 0.7.0 to 0.14.1

Release notes

Sourced from simpleclient's releases.

0.14.1 / 2021-12-19

Bump the log4j version in simpleclient_log4j2 to 2.17.0. Apart from that this release is identical to 0.14.0.

0.14.0 / 2021-12-18

Yet another log4j version update in simpleclient_log4j2: This time to 2.16.0. Note that the log4j dependency in simpleclient_log4j2 has scope provided, i.e. simpleclient_log4j2 does not ship with log4j. simpleclient_log4j2 uses whatever log4j version the monitored application provides at runtime. Updating the log4j dependency in simpleclient_log4j2 helps getting rid of security scanner warnings (see #733), but in order to eliminate the log4j vulnerability you must make sure that the application you monitor ships with an up-to-date log4j version.

Apart from the log4j update we have a new feature:

[ENHANCEMENT] The HTTPServer can now be configured to use SSL (#695). Thanks @​dhoard.

0.13.0 / 2021-12-13

We updated log4j to 2.15.0, which fixes the log4shell vulnerability (CVE-2021-44228) (#726). Technically simpleclient_log4j2 is not directly affected by the vulnerability, because as long as you update log4j in your monitored application simpleclient_log4j2 will pick up the updated version. However, it makes sense to remove the vulnerable versions from the dependency tree, therefore the update.

In addition to the log4j update in simpleclient_log4j2, this release contains the following enhancements and fixes:

[ENHANCEMENT] Allow passing a custom registry to the logback InstrumentedAppender (#690). Thanks @​MatthewDolan. [BUGFIX] Correct handling of HEAD requests (#688). Thanks @​dhoard. [ENHANCEMENT] Lots of more integration tests and tests with different Java versions. [ENHANCEMENT] Make HTTPMetricHandler public so that users can use them in their own HttpServers (#722). Thanks @​dhoard. [ENHANCEMENT] Make Base64 encoding in the HTTP authentication for the PushGateway work with all Java versions (#698). Thanks @​dhoard.

0.12.0 / 2021-08-29

This release has a (minor) breaking change in the simpleclient_hotspot module, fixing an incompatibility with OpenMetrics:

The metric jvm_classes_loaded from the ClassLoadingExports was renamed to jvm_classes_currently_loaded #681. The reason is that there is another metric named jvm_classes_loaded_total, and in OpenMetrics this resulted in a name conflict because the base name jvm_classes_loaded was the same, see prometheus/jmx_exporter#621.

[ENHANCEMENT] add support for Jakarta Servlet, implemented in the new simpleclient_servlet_jakarta module #647. Thanks @​mmadoo for the initial PR. [ENHANCEMENT] provide a way for filtering metrics by name / name prefix. This can be configured either in the HTTPServer, or in the Servlet exporter (both javax and Jakarta). For example, if some JMX metrics cause performance issues, this can be used for excluding these metrics #680. [ENHANCEMENT] for the Servlet filter (both javax and Jakarta): Add a parameter to strip the deployment path from the path label #639. Thanks @​lapo-luchini ! [ENHANCEMENT] Add HTTP Authentication to the HTTPServer #682. Thanks @​dhoard. [BUGFIX] Use <packaging>bundle</packaging> everywhere so that client_java works with OSGI again #678. Thanks @​bigmarvin. [BUGFIX] use the correct name for the metric type gaugehistogram in OpenMetrics (previously this was wrongly named gauge_histogram)

0.11.0 / 2021-05-30

[FEATURE] Exemplars: API for adding OpenMetrics Exemplars and out-of-the-box integration with OpenTelemetry tracing (#652). [ENHANCEMENT] Introduce TestContainers integration test, for example for testing different Java versions. This means you need Docker installed to run ./mvnw verify (#652). [ENHANCEMENT] HTTPServer: Set request/response timeouts (#643). [ENHANCEMENT] HTTPServer: Make HTTPMetricHandler public so that it can be used in a custom HTTPServer (#665). [ENHANCEMENT] New JVM memory metrics: jvm_memory_pool_collection_used_bytes, jvm_memory_pool_collection_committed_bytes, jvm_memory_pool_collection_max_bytes, jvm_memory_pool_collection_init_bytes, jvm_memory_objects_pending_finalization (#661, #660). [ENHANCEMENT] Version bumps (junit, jetty, maven plugins)

0.10.0 / 2021-01-25

With this release the client_java simpleclient switches to the OpenMetrics data model and adds support for various new OpenMetrics-related features. This should be largely seamless, however any counters which lack a _total suffix on their sample will now have it added. If you'd prefer to make that change more gradually, you should change your metric names before upgrading to this version.

[CHANGE] Switch data model to OpenMetrics. Primarily this means that _total if present is stripped from the metric name of counters, and _total is now always a suffix on the sample value. This means that all Counter samples now have a _total suffix (#615) [CHANGE] The io.prometheus.client.Collector.Type enum' value UNTYPED renamed to UNKNOWN (#615) [FEATURE] Add Info and Enumeration metric types for direct instrumentation (#615) [FEATURE] Counter, Summary, and Histogram metrics now expose a _created sample with when their child was created (#615) [FEATURE] Add support for units (#615) [FEATURE] Add gauge histograms, info, stateset for custom collectors (#615)

... (truncated)

Commits
  • 39e40da [maven-release-plugin] prepare release parent-0.14.1
  • c867d8e Bump log4j2 version
  • c7ed85c Bump log4j-core from 2.16.0 to 2.17.0 in /integration_tests/it_log4j2
  • 715aaa3 Added missing @​Test annotation
  • 3af6571 [maven-release-plugin] prepare for next development iteration
  • db4c538 [maven-release-plugin] prepare release parent-0.14.0
  • d30ddee Added cleaner SSL support to HTTPServer
  • ffb1416 Bump log4j2 version
  • ab82f6f Update common Prometheus files (#730)
  • 837bb6d [maven-release-plugin] prepare for next development iteration
  • Additional commits viewable in compare view

Updates simpleclient_httpserver from 0.7.0 to 0.14.1

Release notes

Sourced from simpleclient_httpserver's releases.

0.14.1 / 2021-12-19

Bump the log4j version in simpleclient_log4j2 to 2.17.0. Apart from that this release is identical to 0.14.0.

0.14.0 / 2021-12-18

Yet another log4j version update in simpleclient_log4j2: This time to 2.16.0. Note that the log4j dependency in simpleclient_log4j2 has scope provided, i.e. simpleclient_log4j2 does not ship with log4j. simpleclient_log4j2 uses whatever log4j version the monitored application provides at runtime. Updating the log4j dependency in simpleclient_log4j2 helps getting rid of security scanner warnings (see #733), but in order to eliminate the log4j vulnerability you must make sure that the application you monitor ships with an up-to-date log4j version.

Apart from the log4j update we have a new feature:

[ENHANCEMENT] The HTTPServer can now be configured to use SSL (#695). Thanks @​dhoard.

0.13.0 / 2021-12-13

We updated log4j to 2.15.0, which fixes the log4shell vulnerability (CVE-2021-44228) (#726). Technically simpleclient_log4j2 is not directly affected by the vulnerability, because as long as you update log4j in your monitored application simpleclient_log4j2 will pick up the updated version. However, it makes sense to remove the vulnerable versions from the dependency tree, therefore the update.

In addition to the log4j update in simpleclient_log4j2, this release contains the following enhancements and fixes:

[ENHANCEMENT] Allow passing a custom registry to the logback InstrumentedAppender (#690). Thanks @​MatthewDolan. [BUGFIX] Correct handling of HEAD requests (#688). Thanks @​dhoard. [ENHANCEMENT] Lots of more integration tests and tests with different Java versions. [ENHANCEMENT] Make HTTPMetricHandler public so that users can use them in their own HttpServers (#722). Thanks @​dhoard. [ENHANCEMENT] Make Base64 encoding in the HTTP authentication for the PushGateway work with all Java versions (#698). Thanks @​dhoard.

0.12.0 / 2021-08-29

This release has a (minor) breaking change in the simpleclient_hotspot module, fixing an incompatibility with OpenMetrics:

The metric jvm_classes_loaded from the ClassLoadingExports was renamed to jvm_classes_currently_loaded #681. The reason is that there is another metric named jvm_classes_loaded_total, and in OpenMetrics this resulted in a name conflict because the base name jvm_classes_loaded was the same, see prometheus/jmx_exporter#621.

[ENHANCEMENT] add support for Jakarta Servlet, implemented in the new simpleclient_servlet_jakarta module #647. Thanks @​mmadoo for the initial PR. [ENHANCEMENT] provide a way for filtering metrics by name / name prefix. This can be configured either in the HTTPServer, or in the Servlet exporter (both javax and Jakarta). For example, if some JMX metrics cause performance issues, this can be used for excluding these metrics #680. [ENHANCEMENT] for the Servlet filter (both javax and Jakarta): Add a parameter to strip the deployment path from the path label #639. Thanks @​lapo-luchini ! [ENHANCEMENT] Add HTTP Authentication to the HTTPServer #682. Thanks @​dhoard. [BUGFIX] Use <packaging>bundle</packaging> everywhere so that client_java works with OSGI again #678. Thanks @​bigmarvin. [BUGFIX] use the correct name for the metric type gaugehistogram in OpenMetrics (previously this was wrongly named gauge_histogram)

0.11.0 / 2021-05-30

[FEATURE] Exemplars: API for adding OpenMetrics Exemplars and out-of-the-box integration with OpenTelemetry tracing (#652). [ENHANCEMENT] Introduce TestContainers integration test, for example for testing different Java versions. This means you need Docker installed to run ./mvnw verify (#652). [ENHANCEMENT] HTTPServer: Set request/response timeouts (#643). [ENHANCEMENT] HTTPServer: Make HTTPMetricHandler public so that it can be used in a custom HTTPServer (#665). [ENHANCEMENT] New JVM memory metrics: jvm_memory_pool_collection_used_bytes, jvm_memory_pool_collection_committed_bytes, jvm_memory_pool_collection_max_bytes, jvm_memory_pool_collection_init_bytes, jvm_memory_objects_pending_finalization (#661, #660). [ENHANCEMENT] Version bumps (junit, jetty, maven plugins)

0.10.0 / 2021-01-25

With this release the client_java simpleclient switches to the OpenMetrics data model and adds support for various new OpenMetrics-related features. This should be largely seamless, however any counters which lack a _total suffix on their sample will now have it added. If you'd prefer to make that change more gradually, you should change your metric names before upgrading to this version.

[CHANGE] Switch data model to OpenMetrics. Primarily this means that _total if present is stripped from the metric name of counters, and _total is now always a suffix on the sample value. This means that all Counter samples now have a _total suffix (#615) [CHANGE] The io.prometheus.client.Collector.Type enum' value UNTYPED renamed to UNKNOWN (#615) [FEATURE] Add Info and Enumeration metric types for direct instrumentation (#615) [FEATURE] Counter, Summary, and Histogram metrics now expose a _created sample with when their child was created (#615) [FEATURE] Add support for units (#615) [FEATURE] Add gauge histograms, info, stateset for custom collectors (#615)

... (truncated)

Commits
  • 39e40da [maven-release-plugin] prepare release parent-0.14.1
  • c867d8e Bump log4j2 version
  • c7ed85c Bump log4j-core from 2.16.0 to 2.17.0 in /integration_tests/it_log4j2
  • 715aaa3 Added missing @​Test annotation
  • 3af6571 [maven-release-plugin] prepare for next development iteration
  • db4c538 [maven-release-plugin] prepare release parent-0.14.0
  • d30ddee Added cleaner SSL support to HTTPServer
  • ffb1416 Bump log4j2 version
  • ab82f6f Update common Prometheus files (#730)
  • 837bb6d [maven-release-plugin] prepare for next development iteration
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Dec 19 '21 16:12 dependabot[bot]

Can one of the admins verify this patch?

che-bot avatar Dec 19 '21 16:12 che-bot

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot] avatar Mar 30 '23 07:03 dependabot[bot]