Bump io.zipkin.zipkin2:zipkin from 2.24.4 to 2.25.2

[dependabot]

Bumps io.zipkin.zipkin2:zipkin from 2.24.4 to 2.25.2.

Release notes

Sourced from io.zipkin.zipkin2:zipkin's releases.

Zipkin 2.25.2 adds the ppc64le architecture to our production zipkin and zipkin-slim images. It also fixes a couple docker crashes when run on Apple Silicon. Finally, we documented how to run the Elasticsearch Service Depedencies graph job ad-hoc, as it has been frequently asked about.

Special thanks to @​NishikantThorat from Knative for the help progressing ppc64le, as well @​anuraaga for lots of review support.

Full Changelog: openzipkin/zipkin@2.25.1...2.25.2

Zipkin 2.25.1 sets a milestone where a trivy scan of our openzipkin/zipkin:2.25.1 docker image came clear of all vulnerabilities:

$ trivy image openzipkin/zipkin:2.25.1
2023-12-14T21:38:42.716+0700	INFO	Vulnerability scanning is enabled
2023-12-14T21:38:42.717+0700	INFO	Secret scanning is enabled
2023-12-14T21:38:42.717+0700	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-12-14T21:38:42.717+0700	INFO	Please see also https://aquasecurity.github.io/trivy/v0.48/docs/scanner/secret/#recommendation for faster secret detection
2023-12-14T21:38:47.299+0700	INFO	Detected OS: alpine
2023-12-14T21:38:47.299+0700	WARN	This OS version is not on the EOL list: alpine 3.19
2023-12-14T21:38:47.299+0700	INFO	Detecting Alpine vulnerabilities...
2023-12-14T21:38:47.301+0700	INFO	Number of language-specific files: 1
2023-12-14T21:38:47.301+0700	INFO	Detecting jar vulnerabilities...
openzipkin/zipkin:2.25.1 (alpine 3.19.0)
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

There was a lot of PR review support and again we have @​anuraaga to thank for being so available to keep things moving. We'd also like to thank @​tacigar for progress on renovating the Lens UI, resulting in a significant drop in NPM vulnerabilities as well.

Full Changelog: openzipkin/zipkin@2.25.0...2.25.1

Zipkin 2.25.0 was an infrastructure refactoring release with no significant main code changes from 2.24.4. This is a bridge version for those who extend zipkin with a few notable changes:

• New zipkin-activemq and zipkin-rabbitmq test images. Now, we have a test image for every combination of collector and storage.
• Removal of junit 4.x dependency. zipkin-junit is no longer published in favor of zipkin-junit5.
• Improved practice of AssertJ, JUnit Jupiter and SLF4J thanks to automated refactoring by @​TeamModerne and great support by @​timtebeek.

Full Changelog: openzipkin/zipkin@2.24.4...2.25.0

Commits

• 11e3b27 [maven-release-plugin] prepare release 2.25.2
• ced6a9c lens: reduces cves for top-level deps (#3657)
• 6e79b6d docker: documents how to use master version in examples (#3656)
• 8b2b331 ci: test building of javadoc (#3655)
• aed6d92 docker: adds ppc64le architecture to zipkin and zipkin-slim images (#3653)
• c40a50b docker: uses health check in examples and documents dependencies job (#3652)
• e21beed docker: updates Elasticsearch 7.x image to Elastic licensed 7.17.16 (#3654)
• 0092696 cassandra: moves to Apache Driver and fixes Apple Silicon docker crash (#3651)
• a78c162 deps: temporarily update boringssl ahead of netty to fix M1 docker crash (#3650)
• 9244952 [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (1d55d7d) 44.35% compared to head (781fb3c) 44.34%.

❗ Current head 781fb3c differs from pull request most recent head 174f5b8. Consider uploading reports for the commit 174f5b8 to get more accurate results

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #4151      +/-   ##
============================================
- Coverage     44.35%   44.34%   -0.02%     
+ Complexity     5395     5390       -5     
============================================
  Files          1384     1384              
  Lines         34331    34331              
  Branches       3325     3325              
============================================
- Hits          15229    15224       -5     
- Misses        17868    17870       +2     
- Partials       1234     1237       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.