Skip to content

Bump the gradle group across 1 directory with 23 updates#1228

Merged
adwsingh merged 2 commits into
mainfrom
dependabot/gradle/gradle-e7f9cfb12e
Jun 10, 2026
Merged

Bump the gradle group across 1 directory with 23 updates#1228
adwsingh merged 2 commits into
mainfrom
dependabot/gradle/gradle-e7f9cfb12e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the gradle group with 22 updates in the / directory:

Package From To
org.apache.logging.log4j:log4j-api 2.25.4 2.26.0
org.apache.logging.log4j:log4j-core 2.25.4 2.26.0
org.slf4j:slf4j-api 2.0.17 2.0.18
ch.qos.logback:logback-classic 1.5.32 1.5.34
io.netty:netty-all 4.2.13.Final 4.2.15.Final
software.amazon.api.models:s3 1.0.17 1.0.19
software.amazon.api.models:transcribe-streaming 1.0.7 1.0.8
org.slf4j:slf4j-simple 2.0.17 2.0.18
software.amazon.awssdk:retries-spi 2.44.2 2.46.3
software.amazon.awssdk:retries 2.44.2 2.46.3
software.amazon.awssdk:sdk-core 2.44.2 2.46.3
software.amazon.awssdk:auth 2.44.2 2.46.3
io.opentelemetry:opentelemetry-bom 1.61.0 1.62.0
io.opentelemetry:opentelemetry-api 1.61.0 1.62.0
io.opentelemetry:opentelemetry-sdk-testing 1.61.0 1.62.0
tools.jackson.core:jackson-core 3.1.3 3.1.4
org.junit:junit-bom 6.0.3 6.1.0
software.amazon.api.models:all 1.0.226 1.0.244
com.diffplug.spotless:spotless-plugin-gradle 8.4.0 8.6.0
com.autonomousapps:dependency-analysis-gradle-plugin 3.10.0 3.14.1
org.graalvm.buildtools.native 1.1.0 1.1.1
com.gradleup.shadow 8.3.10 8.3.11

Updates org.apache.logging.log4j:log4j-api from 2.25.4 to 2.26.0

Updates org.apache.logging.log4j:log4j-core from 2.25.4 to 2.26.0

Updates org.slf4j:slf4j-api from 2.0.17 to 2.0.18

Updates org.apache.logging.log4j:log4j-core from 2.25.4 to 2.26.0

Updates ch.qos.logback:logback-classic from 1.5.32 to 1.5.34

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.34

2026-06-01 Release of logback version 1.5.34

• In case certain StackTraceElement values returned by the Throwable.getStackTrace method are null, StackTraceElementProxy substitutes a dummy instance instead of throwing an IllegalArgumentException. This resolves [issues #1040](qos-ch/logback#1040), reported by Naotsugu Kobayashi.

• HardenedObjectInputStream will now throw an InvalidClassException during deserialization attempts of Proxy classes. This change addresses potential deserialization whitelist bypass vulnerability reported by York Shen and registered as CVE-2026-10532.

• A bitwise identical binary of this version can be reproduced by building from source code at commit e62272ac152469aec1ede056c3c7d0d7314e7bfe associated with the tag v_1.5.34. This release was built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.33

2026-05-27 Release of logback version 1.5.33

PropertiesConfiguratorModelHandler now registers properties file URLs to the ConfigurationWatchList when scan is enabled (via local scan="true" attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in issues/1034.

• When processing <conversionRule> elements and both class and converterClass attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in issues/1031.

HardenedModelInputStream will no longer accept to deserialize all classes located under the "java.lang" and "java.util" packages but a limited number of explicitly authorized classes in those packages. This potential deserialization whitelist bypass vulnerability was reported by York Shen and registered as CVE-2026-9828.

• SSL parameters for SSLSocketAppender now enable hostname verification by default. Moreover, the default protocol is now "TLSv1.2". This potential vulnerability was reported by York Shen.

• When printing the status message field, ViewStatusMessagesServletBase now escapes special characters such as "&" as character entities. This potential vulnerability was reported by York Shen.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 124e8b49b55ac34d08743a0646bd463410192647 associated with the tag v_1.5.33. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • e62272a prepare release 1.5.34
  • 1e9e926 add resolveProxyClassRejectsDynamicProxies unit test
  • 2de5cbe added StackTraceElementProxyTest, minor edits to AGENTS.md
  • 0e9b927 in case StackTraceElement is null use a substitute, fixing issues/1040
  • f7a0654 prevent resolveProxyClass bypass
  • 249b81f docs are no longer distributed
  • 1c3b26a start work on 1.5.34-SNAPSHOT
  • 124e8b4 prepare release 1.5.33
  • d8fd6f2 escapeTags in message field when printing status messages
  • 95edbeb hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...
  • Additional commits viewable in compare view

Updates io.netty:netty-all from 4.2.13.Final to 4.2.15.Final

Release notes

Sourced from io.netty:netty-all's releases.

netty-4.2.15.Final

Security fixes

  • CVE-2026-48059: memory exhaustion in io.netty:netty-codec-haproxy (high).
  • CVE-2026-47691: DNS cache poisoning in io.netty:netty-resolver-dns (high).
  • CVE-2026-XXXXX: DDoS in io.netty:netty-codec-http2.
  • CVE-2026-XXXXX: memory exhaustion in io.netty:netty-codec-redis (high).
  • CVE-2026-44250: memory exhaustion in io.netty:netty-codec-redis (high).
  • CVE-2026-44890: memory exhaustion in io.netty:netty-codec-redis (high).
  • CVE-2026-XXXXX: information disclosure and denial of service in io.netty:netty-codec-classes-quic.
  • CVE-2026-44249: IPv6 subnet filter bypass in io.netty:netty-handler (high).
  • CVE-2026-XXXXX: request smuggling in io.netty:netty-codec-http.
  • CVE-2026-44892: memory exhaustion in io.netty:netty-codec-http3 (high).
  • CVE-2026-44893: memory leak in io.netty:netty-codec-haproxy (high).
  • CVE-2026-44894: traffic amplification in io.netty:netty-codec-classes-quic (high).
  • CVE-2026-XXXXX: TLS hostname verification accidentally disabled in io.netty:netty-handler (high).
  • CVE-2026-45673: DNS cache poisoning in io.netty:netty-resolver-dns.
  • CVE-2026-45416: excessive memory usage from SNIHandler in io.netty:netty-handler (high).
  • CVE-2026-45536: file descriptor leak in io.netty:netty-transport-native-epoll and io.netty:netty-transport-native-kqueue.
  • CVE-2026-45674: DNS cache poisoning in io.netty:netty-resolver-dns (high).
  • CVE-2026-46340: memory exhaustion in io.netty:netty-transport-sctp (high).
  • CVE-2026-47244: denial of service in io.netty:netty-codec-http2.
  • CVE-2026-48006: memory exhaustion in io.netty:netty-codec-redis (high).
  • CVE-2026-48748: memory exhaustion in io.netty:netty-codec-http3 (high).
  • CVE-2026-48043: memory exhaustion in io.netty:netty-codec-http2.

What's Changed

New Contributors

Full Changelog: netty/netty@netty-4.2.14.Final...netty-4.2.15.Final

netty-4.2.14.Final

What's Changed

... (truncated)

Commits
  • a41f7b2 [maven-release-plugin] prepare release netty-4.2.15.Final
  • 2394530 Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remain...
  • 0bd1657 Add maxWindowLog parameter to ZstdDecoder to bound memory allocation (#16850)
  • 76291f5 Fix SCTP and Redis tests (#16893)
  • e067b6e Fix revapi warnings (#16885)
  • 5a52600 Pass maxAllocation to Brotli and Zstd decoders (#16844)
  • 541add0 Merge commit from fork
  • 270800e Merge commit from fork
  • 3d45a1e Merge commit from fork
  • 75127ca Merge commit from fork
  • Additional commits viewable in compare view

Updates software.amazon.api.models:s3 from 1.0.17 to 1.0.19

Commits

Updates software.amazon.api.models:lambda from 1.0.17 to 1.0.19

Commits

Updates software.amazon.api.models:transcribe-streaming from 1.0.7 to 1.0.8

Commits

Updates org.slf4j:slf4j-simple from 2.0.17 to 2.0.18

Updates software.amazon.awssdk:retries-spi from 2.44.2 to 2.46.3

Updates software.amazon.awssdk:retries from 2.44.2 to 2.46.3

Updates software.amazon.awssdk:sdk-core from 2.44.2 to 2.46.3

Updates software.amazon.awssdk:auth from 2.44.2 to 2.46.3

Updates software.amazon.awssdk:retries from 2.44.2 to 2.46.3

Updates software.amazon.awssdk:sdk-core from 2.44.2 to 2.46.3

Updates software.amazon.awssdk:auth from 2.44.2 to 2.46.3

Updates io.opentelemetry:opentelemetry-bom from 1.61.0 to 1.62.0

Release notes

Sourced from io.opentelemetry:opentelemetry-bom's releases.

Version 1.62.0

API

Context

  • Fix GHSA-rcgg-9c38-7xpx: Apply limits to baggage entries for W3CBaggagePropagator, OtTracePropagator, JaegerPropagator (#8378)

SDK

Traces

  • Avoid parentContext allocation on span start for the common case (#8332)

Metrics

  • Add setMaxExportBatchSize to PeriodicMetricReaderBuilder (#8296)
  • Fix PeriodicMetricReader shutdown race that could drop the final flush (#8299)

Exporters

  • BREAKING Prometheus: Change default server host from 0.0.0.0 to localhost (#8298)
  • BREAKING Prometheus: Stop converting unit "1" to "ratio" (#8252)
  • OTLP: Fix null input handling in StringEncoder (#8312)
  • OTLP: Align proto field types and wire tag names in marshalers (#8293)
  • OTLP: Fix MarshalerUtil sizeRepeatedString calculation (#8284)
  • OTLP: Bound JdkHttpSender thread pool size to prevent unbounded thread creation (#8276)
  • OTLP Profiles: Split profiles data model into separate sdk-profiles and JFR shim modules (#8207)
  • OTLP Profiles: Publish alpha release of opentelemetry-sdk-profiles and opentelemetry-exporter-otlp-profiles (#8351)

Extensions

  • BREAKING Declarative config: Extract to new opentelemetry-sdk-extension-declarative-config artifact with new package io.opentelemetry.sdk.autoconfigure.declarativeconfig (#8265)
  • Autoconfigure: Add file size validation in OtlpConfigUtil to avoid unsafe cast to int (#8287)
  • Declarative config: Fix collection fields to not be initialized to empty by default (#8356)
  • Incubator: Add EventToSpanEventBridge to bridge log-based events to span events (#8372)

Testing

  • Add @Nullable to equalTo value argument in OpenTelemetryAssertions (#8301)
  • Add hasValueSatisfying to LongPointAssert and DoublePointAssert for fuzzy value matching (#8328)
  • Add containsPointsSatisfying to metric data asserts for "each given assertion must be satisfied by at least one point, extras allowed" checks on sum, gauge, histogram, exponential histogram, and summary data (#8329)

Project tooling

  • Add initial OSGi support (#7964)
  • Promote ApiUsageLogger to opentelemetry-common public API (#8318)
  • Establish exception logging guidelines and fix inconsistent patterns across exporters and SDK (#8231)
  • Add *.impl.* package naming convention for internal code with japicmp compatibility (#8325)
  • Add Sonatype dependency audit to build (#8365)

... (truncated)

Changelog

Sourced from io.opentelemetry:opentelemetry-bom's changelog.

Version 1.62.0 (2026-05-08)

API

Context

  • Fix GHSA-rcgg-9c38-7xpx: Apply limits to baggage entries for W3CBaggagePropagator, OtTracePropagator, JaegerPropagator (#8378)

SDK

Traces

  • Avoid parentContext allocation on span start for the common case (#8332)

Metrics

  • Add setMaxExportBatchSize to PeriodicMetricReaderBuilder (#8296)
  • Fix PeriodicMetricReader shutdown race that could drop the final flush (#8299)

Exporters

  • BREAKING Prometheus: Change default server host from 0.0.0.0 to localhost (#8298)
  • BREAKING Prometheus: Stop converting unit "1" to "ratio" (#8252)
  • OTLP: Fix null input handling in StringEncoder (#8312)
  • OTLP: Align proto field types and wire tag names in marshalers (#8293)
  • OTLP: Fix MarshalerUtil sizeRepeatedString calculation (#8284)
  • OTLP: Bound JdkHttpSender thread pool size to prevent unbounded thread creation (#8276)
  • OTLP Profiles: Split profiles data model into separate sdk-profiles and JFR shim modules (#8207)
  • OTLP Profiles: Publish alpha release of opentelemetry-sdk-profiles and opentelemetry-exporter-otlp-profiles (#8351)

Extensions

  • BREAKING Declarative config: Extract to new opentelemetry-sdk-extension-declarative-config artifact with new package io.opentelemetry.sdk.autoconfigure.declarativeconfig (#8265)
  • Autoconfigure: Add file size validation in OtlpConfigUtil to avoid unsafe cast to int (#8287)

... (truncated)

Commits
  • d03621f [release/v1.62.x] Prepare release 1.62.0 (#8385)
  • 3a62b7a Prepare 1.62.0 (#8378)
  • 893910b docs: Expand SIG meeting welcoming language (#8383)
  • 03837d3 Apply baggage limits (#8380)
  • cdadad6 Update dependency org.osgi:org.osgi.test.bom to v1.3.0 (#8376)
  • 8e0f196 Update error-prone monorepo to v2.49.0 (#8259)
  • 2923430 Add initial OSGi support (#7964)
  • 3f3780c Add guidance for null checking, promote ApiUsageLogger to opentelemetry-commo...
  • e224e19 Port event span event bridge from contrib (#8372)
  • b29f3df Update dependency com.google.api.grpc:proto-google-common-protos to v2.71.0 (...
  • Additional commits viewable in compare view

Updates io.opentelemetry:opentelemetry-api from 1.61.0 to 1.62.0

Release notes

Sourced from io.opentelemetry:opentelemetry-api's releases.

Version 1.62.0

API

Context

  • Fix GHSA-rcgg-9c38-7xpx: Apply limits to baggage entries for W3CBaggagePropagator, OtTracePropagator, JaegerPropagator (#8378)

SDK

Traces

  • Avoid parentContext allocation on span start for the common case (#8332)

Metrics

  • Add setMaxExportBatchSize to PeriodicMetricReaderBuilder (#8296)
  • Fix PeriodicMetricReader shutdown race that could drop the final flush (#8299)

Exporters

  • BREAKING Prometheus: Change default server host from 0.0.0.0 to localhost (#8298)
  • BREAKING Prometheus: Stop converting unit "1" to "ratio" (#8252)
  • OTLP: Fix null input handling in StringEncoder (#8312)
  • OTLP: Align proto field types and wire tag names in marshalers (#8293)
  • OTLP: Fix MarshalerUtil sizeRepeatedString calculation (#8284)
  • OTLP: Bound JdkHttpSender thread pool size to prevent unbounded thread creation (#8276)
  • OTLP Profiles: Split profiles data model into separate sdk-profiles and JFR shim modules (#8207)
  • OTLP Profiles: Publish alpha release of opentelemetry-sdk-profiles and opentelemetry-exporter-otlp-profiles (#8351)

Extensions

  • BREAKING Declarative config: Extract to new opentelemetry-sdk-extension-declarative-config artifact with new package io.opentelemetry.sdk.autoconfigure.declarativeconfig (#8265)
  • Autoconfigure: Add file size validation in OtlpConfigUtil to avoid unsafe cast to int (#8287)
  • Declarative config: Fix collection fields to not be initialized to empty by default (#8356)
  • Incubator: Add EventToSpanEventBridge to bridge log-based events to span events (#8372)

Testing

  • Add @Nullable to equalTo value argument in OpenTelemetryAssertions (#8301)
  • Add hasValueSatisfying to LongPointAssert and DoublePointAssert for fuzzy value matching (#8328)
  • Add containsPointsSatisfying to metric data asserts for "each given assertion must be satisfied by at least one point, extras allowed" checks on sum, gauge, histogram, exponential histogram, and summary data (#8329)

Project tooling

  • Add initial OSGi support (#7964)
  • Promote ApiUsageLogger to opentelemetry-common public API (#8318)
  • Establish exception logging guidelines and fix inconsistent patterns across exporters and SDK (#8231)
  • Add *.impl.* package naming convention for internal code with japicmp compatibility (#8325)
  • Add Sonatype dependency audit to build (#8365)

... (truncated)

Changelog

Sourced from io.opentelemetry:opentelemetry-api's changelog.

Version 1.62.0 (2026-05-08)

API

Context

  • Fix GHSA-rcgg-9c38-7xpx: Apply limits to baggage entries for W3CBaggagePropagator, OtTracePropagator, JaegerPropagator (#8378)

SDK

Traces

  • Avoid parentContext allocation on span start for the common case (#8332)

Metrics

  • Add setMaxExportBatchSize to PeriodicMetricReaderBuilder (#8296)
  • Fix PeriodicMetricReader shutdown race that could drop the final flush (#8299)

Exporters

  • BREAKING Prometheus: Change default server host from 0.0.0.0 to localhost (#8298)
  • BREAKING Prometheus: Stop converting unit "1" to "ratio" (#8252)
  • OTLP: Fix null input handling in StringEncoder (#8312)
  • OTLP: Align proto field types and wire tag names in marshalers (#8293)
  • OTLP: Fix MarshalerUtil sizeRepeatedString calculation (#8284)
  • OTLP: Bound JdkHttpSender thread pool size to prevent unbounded thread creation (#8276)
  • OTLP Profiles: Split profiles data model into separate sdk-profiles and JFR shim modules (#8207)
  • OTLP Profiles: Publish alpha release of opentelemetry-sdk-profiles and opentelemetry-exporter-otlp-profiles (#8351)

Extensions

  • BREAKING Declarative config: Extract to new opentelemetry-sdk-extension-declarative-config artifact with new package io.opentelemetry.sdk.autoconfigure.declarativeconfig (#8265)
  • Autoconfigure: Add file size validation in OtlpConfigUtil to avoid unsafe cast to int (#8287)

... (truncated)

Commits
  • d03621f [release/v1.62.x] Prepare release 1.62.0 (#8385)
  • 3a62b7a Prepare 1.62.0 (#8378)
  • 893910b docs: Expand SIG meeting welcoming language (#8383)
  • 03837d3 Apply baggage limits (#8380)
  • cdadad6 Update dependency org.osgi:org.osgi.test.bom to v1.3.0 (#8376)
  • 8e0f196 Update error-prone monorepo to v2.49.0 (#8259)
  • 2923430 Add initial OSGi support (#7964)
  • 3f3780c Add guidance for null checking, promote ApiUsageLogger to opentelemetry-commo...
  • e224e19 Port event span event bridge from contrib (#8372)
  • b29f3df Update dependency com.google.api.grpc:proto-google-common-protos to v2.71.0 (...
  • Additional commits viewable in compare view

Updates io.opentelemetry:opentelemetry-sdk-testing from 1.61.0 to 1.62.0

Release notes

Sourced from io.opentelemetry:opentelemetry-sdk-testing's releases.

Version 1.62.0

API

Context

  • Fix GHSA-rcgg-9c38-7xpx: Apply limits to baggage entries for W3CBaggagePropagator, OtTracePropagator, JaegerPropagator (#8378)

SDK

Traces

  • Avoid parentContext allocation on span start for the common case (#8332)

Metrics

  • Add setMaxExportBatchSize to PeriodicMetricReaderBuilder (#8296)
  • Fix PeriodicMetricReader shutdown race that could drop the final flush (#8299)

Exporters

  • BREAKING Prometheus: Change default server host from 0.0.0.0 to localhost (#8298)
  • BREAKING Prometheus: Stop converting unit "1" to "ratio" (#8252)
  • OTLP: Fix null input handling in StringEncoder (#8312)
  • OTLP: Align proto field types and wire tag names in marshalers (#8293)
  • OTLP: Fix MarshalerUtil sizeRepeatedString calculation (#8284)
  • OTLP: Bound JdkHttpSender thread pool size to prevent unbounded thread creation (#8276)
  • OTLP Profiles: Split profiles data model into separate sdk-profiles and JFR shim modules (#8207)
  • OTLP Profiles: Publish alpha release of opentelemetry-sdk-profiles and opentelemetry-exporter-otlp-profiles (#8351)

Extensions

  • BREAKING Declarative config: Extract to new opentelemetry-sdk-extension-declarative-config artifact with new package io.opentelemetry.sdk.autoconfigure.declarativeconfig (#8265)
  • Autoconfigure: Add file size validation in OtlpConfigUtil to avoid unsafe cast to int (#8287)
  • Declarative config: Fix collection fields to not be initialized to empty by default (#8356)
  • Incubator: Add EventToSpanEventBridge to bridge log-based events to span events (#8372)

Testing

  • Add @Nullable to equalTo value argument in OpenTelemetryAssertions (#8301)
  • Add hasValueSatisfying to LongPointAssert and DoublePointAssert for fuzzy value matching (#8328)
  • Add containsPointsSatisfying to metric data asserts for "each given assertion must be satisfied by at least one point, extras allowed" checks on sum, gauge, histogram, exponential histogram, and summary data (#8329)

Project tooling

  • Add initial OSGi support (#7964)
  • Promote ApiUsageLogger to opentelemetry-common public API (#8318)
  • Establish exception logging guidelines and fix inconsistent patterns across exporters and SDK (#8231)
  • Add *.impl.* package naming convention for internal code with japicmp compatibility (#8325)
  • Add Sonatype dependency audit to build (#8365)

... (truncated)

Changelog

Sourced from io.opentelemetry:opentelemetry-sdk-testing's changelog.

Version 1.62.0 (2026-05-08)

API

Context

  • Fix GHSA-rcgg-9c38-7xpx: Apply limits to baggage entries for W3CBaggagePropagator, OtTracePropagator, JaegerPropagator (#8378)

SDK

Traces

  • Avoid parentContext allocation on span start for the common case (#8332)

Metrics

  • Add setMaxExportBatchSize to PeriodicMetricReaderBuilder (#8296)
  • Fix PeriodicMetricReader shutdown race that could drop the final flush (#8299)

Exporters

  • BREAKING Prometheus: Change default server host from 0.0.0.0 to localhost (#8298)
  • BREAKING Prometheus: Stop converting unit "1" to "ratio" (#8252)
  • OTLP: Fix null input handling in StringEncoder (#8312)
  • OTLP: Align proto field types and wire tag names in marshalers (#8293)
  • OTLP: Fix MarshalerUtil sizeRepeatedString calculation (#8284)
  • OTLP: Bound JdkHttpSender thread pool size to prevent unbounded thread creation (#8276)
  • OTLP Profiles: Split profiles data model into separate sdk-profiles and JFR shim modules (#8207)
  • OTLP Profiles: Publish alpha release of opentelemetry-sdk-profiles and opentelemetry-exporter-otlp-profiles (#8351)

Extensions

  • BREAKING Declarative config: Extract to new opentelemetry-sdk-extension-declarative-config artifact with new package io.opentelemetry.sdk.autoconfigure.declarativeconfig (#8265)
  • Autoconfigure: Add file size validation in OtlpConfigUtil to avoid unsafe cast to int (#8287)

... (truncated)

Commits
  • d03621f [release/v1.62.x] Prepare release 1.62.0 (#8385)
  • 3a62b7a Prepare 1.62.0 (#8378)
  • 893910b docs: Expand SIG meeting welcoming language (#8383)
  • 03837d3 Apply baggage limits (#8380)
  • cdadad6 Update dependency org.osgi:org.osgi.test.bom to v1.3.0 (#8376)
  • 8e0f196 Update error-prone monorepo to v2.49.0 (#8259)
  • 2923430 Add initial OSGi support (#7964)
  • 3f3780c Add guidance for null checking, promote ApiUsageLogger to opentelemetry-commo...
  • e224e19 Port event span event bridge from contrib (#8372)
  • b29f3df Update dependency com.google.api.grpc:proto-google-common-protos to v2.71.0 (...
  • Additional commits viewable in compare view

Updates io.opentelemetry:opentelemetry-api from 1.61.0 to 1.62.0

Release notes

Sourced from io.opentelemetry:opentelemetry-api's releases.

Version 1.62.0

API

Context

  • Fix GHSA-rcgg-9c38-7xpx: Apply limits to baggage entries for W3CBaggagePropagator, OtTracePropagator, JaegerPropagator (#8378)

SDK

Traces

  • Avoid parentContext allocation on span start for the common case (#8332)

Metrics

  • Add setMaxExportBatchSize to PeriodicMetricReaderBuilder (#8296)
  • Fix PeriodicMetricReader shutdown race that could drop the final flush (#8299)

Exporters

  • BREAKING Prometheus: Change default server host from 0.0.0.0 to localhost (#8298)
  • BREAKING Prometheus: Stop converting unit "1" to "ratio" (#8252)
  • OTLP: Fix null input handling in StringEncoder (#8312)
  • OTLP: Align proto field types and wire tag names in marshalers (#8293)
  • OTLP: Fix MarshalerUtil sizeRepeatedString calculation (#8284)
  • OTLP: Bound JdkHttpSender thread pool size to prevent unbounded thread creation (#8276)
  • OTLP Profiles: Split profiles data model into separate sdk-profiles and JFR shim modules (#8207)
  • OTLP Profiles: Publish alpha release of opentelemetry-sdk-profiles and opentelemetry-exporter-otlp-profiles (#8351)

Extensions

  • BREAKING Declarative config: Extract to new opentelemetry-sdk-extension-declarative-config artifact with new package io.opentelemetry.sdk.autoconfigure.declarativeconfig (#8265)
  • Autoconfigure: Add file size validation in OtlpConfigUtil to avoid unsafe cast to int (#8287)
  • Declarative config: Fix collection fields to not be initialized to empty by default (#8356)
  • Incubator: Add EventToSpanEventBridge to bridge log-based events to span events (#8372)

Testing

  • Add @Nullable to equalTo value argument in OpenTelemetryAssertions (#8301)
  • Add hasValueSatisfying to LongPointAssert and DoublePointAssert for fuzzy value matching (#8328)
  • Add containsPointsSatisfying to metric data asserts for "each given assertion must be satisfied by at least one point, extras allowed" checks on sum, gauge, histogram, exponential histogram, and summary data (#8329)

Project tooling

  • Add initial OSGi support (#7964)
  • Promote ApiUsageLogger to opentelemetry-common public API (#8318)
  • Establish exception logging guidelines and fix inconsistent patterns across exporters and SDK (#8231)
  • Add *.impl.* package naming convention for internal code with japicmp compatibility (#8325)
  • Add Sonatype dependency audit to build (#8365)

... (truncated)

Changelog

Sourced from io.opentelemetry:opentelemetry-api's changelog.

Version 1.62.0 (2026-05-08)

API

Context

  • Fix GHSA-rcgg-9c38-7xpx: Apply limits to baggage entries for W3CBaggagePropagator, OtTracePropagator, JaegerPropagator (#8378)

SDK

Traces

  • Avoid parentContext allocation on span start for the common case (#8332)

Metrics

  • Add setMaxExportBatchSize to PeriodicMetricReaderBuilder (#8296)
  • Fix PeriodicMetricReader shutdown race that could drop the final flush (#8299)

Exporters

  • BREAKING Prometheus: Change default server host from 0.0.0.0 to localhost (#8298)
  • BREAKING Prometheus: Stop converting unit "1" to "ratio" (#8252)
  • OTLP: Fix null input handling in StringEncoder (#8312)
  • OTLP: Align proto field types and wire tag names in marshalers (#8293)
  • OTLP: Fix MarshalerUtil sizeRepeatedString calculation (#8284)
  • OTLP: Bound JdkHttpSender thread pool size to prevent unbounded thread creation (#8276)
  • OTLP Profiles: Split profiles data model into separate sdk-profiles and JFR shim modules (#8207)
  • OTLP Profiles: Publish alpha release of opentelemetry-sdk-profiles and opentelemetry-exporter-otlp-profiles (#8351)

Extensions

  • BREAKING Declarative config: Extract to new opentelemetry-sdk-extension-declarative-config artifact with new package io.opentelemetry.sdk.autoconfigure.declarativeconfig (#8265)
  • Autoconfigure: Add file size validation in OtlpConfigUtil to avoid unsafe cast to int (#8287)

... (truncated)

Commits
  • d03621f [release/v1....

    Description has been truncated

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 4, 2026
@dependabot @adwsingh
Bump the gradle group across 1 directory with 23 updates
00e7eff 
Bumps the gradle group with 22 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| org.apache.logging.log4j:log4j-api | `2.25.4` | `2.26.0` |
| org.apache.logging.log4j:log4j-core | `2.25.4` | `2.26.0` |
| org.slf4j:slf4j-api | `2.0.17` | `2.0.18` |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.32` | `1.5.34` |
| [io.netty:netty-all](https://github.com/netty/netty) | `4.2.13.Final` | `4.2.15.Final` |
| [software.amazon.api.models:s3](https://github.com/aws/api-models-aws) | `1.0.17` | `1.0.19` |
| [software.amazon.api.models:transcribe-streaming](https://github.com/aws/api-models-aws) | `1.0.7` | `1.0.8` |
| org.slf4j:slf4j-simple | `2.0.17` | `2.0.18` |
| software.amazon.awssdk:retries-spi | `2.44.2` | `2.46.3` |
| software.amazon.awssdk:retries | `2.44.2` | `2.46.3` |
| software.amazon.awssdk:sdk-core | `2.44.2` | `2.46.3` |
| software.amazon.awssdk:auth | `2.44.2` | `2.46.3` |
| [io.opentelemetry:opentelemetry-bom](https://github.com/open-telemetry/opentelemetry-java) | `1.61.0` | `1.62.0` |
| [io.opentelemetry:opentelemetry-api](https://github.com/open-telemetry/opentelemetry-java) | `1.61.0` | `1.62.0` |
| [io.opentelemetry:opentelemetry-sdk-testing](https://github.com/open-telemetry/opentelemetry-java) | `1.61.0` | `1.62.0` |
| [tools.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `3.1.3` | `3.1.4` |
| [org.junit:junit-bom](https://github.com/junit-team/junit-framework) | `6.0.3` | `6.1.0` |
| [software.amazon.api.models:all](https://github.com/aws/api-models-aws) | `1.0.226` | `1.0.244` |
| [com.diffplug.spotless:spotless-plugin-gradle](https://github.com/diffplug/spotless) | `8.4.0` | `8.6.0` |
| [com.autonomousapps:dependency-analysis-gradle-plugin](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin) | `3.10.0` | `3.14.1` |
| [org.graalvm.buildtools.native](https://github.com/graalvm/native-build-tools) | `1.1.0` | `1.1.1` |
| [com.gradleup.shadow](https://github.com/GradleUp/shadow) | `8.3.10` | `8.3.11` |



Updates `org.apache.logging.log4j:log4j-api` from 2.25.4 to 2.26.0

Updates `org.apache.logging.log4j:log4j-core` from 2.25.4 to 2.26.0

Updates `org.slf4j:slf4j-api` from 2.0.17 to 2.0.18

Updates `org.apache.logging.log4j:log4j-core` from 2.25.4 to 2.26.0

Updates `ch.qos.logback:logback-classic` from 1.5.32 to 1.5.34
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.32...v_1.5.34)

Updates `io.netty:netty-all` from 4.2.13.Final to 4.2.15.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](netty/netty@netty-4.2.13.Final...netty-4.2.15.Final)

Updates `software.amazon.api.models:s3` from 1.0.17 to 1.0.19
- [Commits](https://github.com/aws/api-models-aws/commits)

Updates `software.amazon.api.models:lambda` from 1.0.17 to 1.0.19
- [Commits](https://github.com/aws/api-models-aws/commits)

Updates `software.amazon.api.models:transcribe-streaming` from 1.0.7 to 1.0.8
- [Commits](https://github.com/aws/api-models-aws/commits)

Updates `org.slf4j:slf4j-simple` from 2.0.17 to 2.0.18

Updates `software.amazon.awssdk:retries-spi` from 2.44.2 to 2.46.3

Updates `software.amazon.awssdk:retries` from 2.44.2 to 2.46.3

Updates `software.amazon.awssdk:sdk-core` from 2.44.2 to 2.46.3

Updates `software.amazon.awssdk:auth` from 2.44.2 to 2.46.3

Updates `software.amazon.awssdk:retries` from 2.44.2 to 2.46.3

Updates `software.amazon.awssdk:sdk-core` from 2.44.2 to 2.46.3

Updates `software.amazon.awssdk:auth` from 2.44.2 to 2.46.3

Updates `io.opentelemetry:opentelemetry-bom` from 1.61.0 to 1.62.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-java/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-java/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-java@v1.61.0...v1.62.0)

Updates `io.opentelemetry:opentelemetry-api` from 1.61.0 to 1.62.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-java/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-java/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-java@v1.61.0...v1.62.0)

Updates `io.opentelemetry:opentelemetry-sdk-testing` from 1.61.0 to 1.62.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-java/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-java/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-java@v1.61.0...v1.62.0)

Updates `io.opentelemetry:opentelemetry-api` from 1.61.0 to 1.62.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-java/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-java/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-java@v1.61.0...v1.62.0)

Updates `io.opentelemetry:opentelemetry-sdk-testing` from 1.61.0 to 1.62.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-java/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-java/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-java@v1.61.0...v1.62.0)

Updates `tools.jackson.core:jackson-core` from 3.1.3 to 3.1.4
- [Commits](FasterXML/jackson-core@jackson-core-3.1.3...jackson-core-3.1.4)

Updates `org.junit:junit-bom` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `software.amazon.api.models:all` from 1.0.226 to 1.0.244
- [Commits](https://github.com/aws/api-models-aws/commits)

Updates `com.diffplug.spotless:spotless-plugin-gradle` from 8.4.0 to 8.6.0
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](diffplug/spotless@gradle/8.4.0...gradle/8.6.0)

Updates `com.autonomousapps:dependency-analysis-gradle-plugin` from 3.10.0 to 3.14.1
- [Changelog](https://github.com/autonomousapps/dependency-analysis-gradle-plugin/blob/main/CHANGELOG.md)
- [Commits](autonomousapps/dependency-analysis-gradle-plugin@v3.10.0...v3.14.1)

Updates `org.graalvm.buildtools.native` from 1.1.0 to 1.1.1
- [Release notes](https://github.com/graalvm/native-build-tools/releases)
- [Commits](graalvm/native-build-tools@1.1.0...1.1.1)

Updates `com.gradleup.shadow` from 8.3.10 to 8.3.11
- [Release notes](https://github.com/GradleUp/shadow/releases)
- [Commits](GradleUp/shadow@8.3.10...8.3.11)

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-api
  dependency-version: 2.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-version: 2.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: org.slf4j:slf4j-api
  dependency-version: 2.0.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-version: 2.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.34
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle
- dependency-name: io.netty:netty-all
  dependency-version: 4.2.15.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle
- dependency-name: software.amazon.api.models:s3
  dependency-version: 1.0.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle
- dependency-name: software.amazon.api.models:lambda
  dependency-version: 1.0.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle
- dependency-name: software.amazon.api.models:transcribe-streaming
  dependency-version: 1.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle
- dependency-name: org.slf4j:slf4j-simple
  dependency-version: 2.0.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle
- dependency-name: software.amazon.awssdk:retries-spi
  dependency-version: 2.46.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: software.amazon.awssdk:retries
  dependency-version: 2.46.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: software.amazon.awssdk:sdk-core
  dependency-version: 2.46.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: software.amazon.awssdk:auth
  dependency-version: 2.46.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: software.amazon.awssdk:retries
  dependency-version: 2.46.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: software.amazon.awssdk:sdk-core
  dependency-version: 2.46.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: software.amazon.awssdk:auth
  dependency-version: 2.46.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: io.opentelemetry:opentelemetry-bom
  dependency-version: 1.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: io.opentelemetry:opentelemetry-api
  dependency-version: 1.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: io.opentelemetry:opentelemetry-sdk-testing
  dependency-version: 1.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: io.opentelemetry:opentelemetry-api
  dependency-version: 1.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: io.opentelemetry:opentelemetry-sdk-testing
  dependency-version: 1.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: tools.jackson.core:jackson-core
  dependency-version: 3.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle
- dependency-name: org.junit:junit-bom
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: software.amazon.api.models:all
  dependency-version: 1.0.244
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle
- dependency-name: com.diffplug.spotless:spotless-plugin-gradle
  dependency-version: 8.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: com.autonomousapps:dependency-analysis-gradle-plugin
  dependency-version: 3.14.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: org.graalvm.buildtools.native
  dependency-version: 1.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle
- dependency-name: com.gradleup.shadow
  dependency-version: 8.3.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle
...

Signed-off-by: dependabot[bot] <support@github.com>
@adwsingh adwsingh force-pushed the dependabot/gradle/gradle-e7f9cfb12e branch from 311b5fd to 00e7eff Compare June 8, 2026 22:22
@adwsingh adwsingh enabled auto-merge (rebase) June 10, 2026 07:00
@adwsingh adwsingh disabled auto-merge June 10, 2026 07:00
@adwsingh adwsingh enabled auto-merge (rebase) June 10, 2026 07:00
@adwsingh adwsingh merged commit c8f9d8e into main Jun 10, 2026
5 checks passed
@adwsingh adwsingh deleted the dependabot/gradle/gradle-e7f9cfb12e branch June 10, 2026 07:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adwsingh adwsingh adwsingh approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@adwsingh