Bump io.prometheus:simpleclient_httpserver from 0.8.1 to 0.16.0

[dependabot]

Bumps io.prometheus:simpleclient_httpserver from 0.8.1 to 0.16.0.

Release notes

Sourced from io.prometheus:simpleclient_httpserver's releases.

0.16.0 / 2022-06-15

[ENHANCEMENT] Environment variable PROMETHEUS_DISABLE_CREATED_SERIES=true for disabling _created metrics (#791). Thanks @​mindw [ENHANCEMENT] Support for OpenTelemetry trace sampling: Only traces that are sampled will be used as exemplars (#766). Thanks @​fscellos [ENHANCEMENT] Handle thread IDs <= 0. Apparently Apache Zookeeper generates negative thread IDs, which causes issues in jmx_exporter (#784). Thanks @​dhoard [ENHANCEMENT] Mark opentelemtry-api as optional to make it an optional dependency in OSGi (#790). Thanks @​adessaigne. [ENHANCEMENT] Move servlet adapters to an internal package to avoid duplicating classes when building OSGi bundles (#789). Thanks @​adessaigne [ENHANCEMENT] Extend the API of the HTTPServer.Builder to allow custom ExecutorService instances (#756). Thanks @​dhoard [ENHANCEMENT] Reduce the number of core threads in HTTPServer from 5 to 1. The HTTPServer will still start up to 5 threads on demand if there are parallel requests, but it will use only 1 thread as long as requests are sequential (#786). [ENHANCEMENT] Optimize metric name sanitization: Replace the regular expression with a hard-coded optimized algorithm to improve performance (#777). Thanks @​fwbrasil [BUGFIX] Fix missing Dropwizard metrics in Vertx (#780). Thanks @​yaronel. [BUGFIX] Fix incorrect buffer size in the Servlet exporter (#794). Thanks @​GreenRover for finding the issue and @​dhoard for the fix. [BUGFIX] Fix sample name filter for the JMX metric jvm_memory_bytes_committed (#768). Thanks @​SvenssonWeb [ENHANCEMENT] Lots of dependency version bumps.

0.15.0 / 2022-02-05

Major refactoring of Quantiles in Summary metrics. This will make them faster and use less memory. The new implementation also supports two corner cases that were not possible before: You can now use .quantile(0, 0) to track the minimum observed value and .quantile(1, 0) to track the maximum observed value. Thanks a lot @​DieBauer! #755

In addition to that the release includes:

[ENHANCEMENT] Lots of dependency version bumps. [BUGFIX] Apply ServletConfig during Servlet initialization in simpleclient_servlet and simpleclient_servlet_jakarta #739 [BUGFIX] HTTPServer: Don't send a Content-Length header when Transfer-Encoding is chunked #738. Thanks @​dhoard [BUGFIX] simpleclient_log4j set the log4j dependency scope as provided so that users don't accidentally pull the log4j version used in client_java. Note: This module is for monitoring log4j version 1, in simpleclient_log4j2 the dependency is already provided. [BUGFIX] simpleclient_dropwizard set the Dropwizard dependency scope as provided so that users don't accidentally pull the Dropwizard version used in client_java.

0.14.1 / 2021-12-19

Bump the log4j version in simpleclient_log4j2 to 2.17.0. Apart from that this release is identical to 0.14.0.

0.14.0 / 2021-12-18

Yet another log4j version update in simpleclient_log4j2: This time to 2.16.0. Note that the log4j dependency in simpleclient_log4j2 has scope provided, i.e. simpleclient_log4j2 does not ship with log4j. simpleclient_log4j2 uses whatever log4j version the monitored application provides at runtime. Updating the log4j dependency in simpleclient_log4j2 helps getting rid of security scanner warnings (see #733), but in order to eliminate the log4j vulnerability you must make sure that the application you monitor ships with an up-to-date log4j version.

Apart from the log4j update we have a new feature:

[ENHANCEMENT] The HTTPServer can now be configured to use SSL (#695). Thanks @​dhoard.

0.13.0 / 2021-12-13

We updated log4j to 2.15.0, which fixes the log4shell vulnerability (CVE-2021-44228) (#726). Technically simpleclient_log4j2 is not directly affected by the vulnerability, because as long as you update log4j in your monitored application simpleclient_log4j2 will pick up the updated version. However, it makes sense to remove the vulnerable versions from the dependency tree, therefore the update.

In addition to the log4j update in simpleclient_log4j2, this release contains the following enhancements and fixes:

[ENHANCEMENT] Allow passing a custom registry to the logback InstrumentedAppender (#690). Thanks @​MatthewDolan. [BUGFIX] Correct handling of HEAD requests (#688). Thanks @​dhoard. [ENHANCEMENT] Lots of more integration tests and tests with different Java versions. [ENHANCEMENT] Make HTTPMetricHandler public so that users can use them in their own HttpServers (#722). Thanks @​dhoard. [ENHANCEMENT] Make Base64 encoding in the HTTP authentication for the PushGateway work with all Java versions (#698). Thanks @​dhoard.

0.12.0 / 2021-08-29

This release has a (minor) breaking change in the simpleclient_hotspot module, fixing an incompatibility with OpenMetrics:

The metric jvm_classes_loaded from the ClassLoadingExports was renamed to jvm_classes_currently_loaded #681. The reason is that there is another metric named jvm_classes_loaded_total, and in OpenMetrics this resulted in a name conflict because the base name jvm_classes_loaded was the same, see prometheus/jmx_exporter#621.

... (truncated)

Commits

• ed0d7ae [maven-release-plugin] prepare release parent-0.16.0
• 6ac453d Update maintainer notes
• 5e65821 Bump dependency versions
• 7de891e Fix Describable returning an empty list (#785)
• 6730f3e Support _created time series suppression (#791)
• 75baa06 Move servlet adapters to an internal package to avoid duplicating classes whe...
• e517786 Mark opentelemtry-api as optional to make it an optional dependency in OSGi.
• 7c9fc39 Fixed HttpServletResponseAdapterImpl setStatus method to call correct delegat...
• 2be241c Added defensive code for scenario where thread id <= 0
• 2f31b96 Reduce number of core threads in HTTPServer to one
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[codecov]

Codecov Report

Merging #3677 (ae9125a) into master (7f00524) will not change coverage.
The diff coverage is n/a.

❗ Current head ae9125a differs from pull request most recent head 9ec8cae. Consider uploading reports for the commit 9ec8cae to get more accurate results

@@            Coverage Diff            @@
##             master    #3677   +/-   ##
=========================================
  Coverage     13.76%   13.76%           
  Complexity     1291     1291           
=========================================
  Files           571      571           
  Lines         29239    29239           
  Branches       2885     2885           
=========================================
  Hits           4024     4024           
  Misses        24841    24841           
  Partials        374      374           

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[Pil0tXia]

@dependabot rebase

[dependabot]

Looks like io.prometheus:simpleclient_httpserver is no longer a dependency, so this is no longer needed.