Bump io.zipkin.zipkin2:zipkin from 3.1.1 to 3.3.0 by dependabot[bot] · Pull Request #4308 · apache/servicecomb-java-chassis

dependabot · 2024-05-01T07:11:54Z

Bumps io.zipkin.zipkin2:zipkin from 3.1.1 to 3.3.0.

Release notes

Sourced from io.zipkin.zipkin2:zipkin's releases.

Zipkin 3.3 is maintenance only with no new features since the last release.

Notably, this raises the floor JRE version of libraries except core from 11 to 17. The only reason we had 11 in the past was due to Spark limitations that affected zipkin-dependencies. This was resolved by Spark 3.4, which we were recently able to upgrade to once libraries we used all became compatible with it.

Also, we now run Trivy security and misconfiguration scanner on every commit, in support of our new security policy. This policy was designed around the norms of our maintenance community, which is currently 100pct volunteers with no dedicated paid time for the project.

We appreciate Trivy adjusting the open source code for the somewhat unique needs of tracing projects: it requires running tests on old library versions. Their open mindedness in classification policy was critical in coming up with a policy at all. We need to focus the small amount of time we have available to the most important alerts, and not the noise: now we can.

Zipkin 3.2.1 fixes a regression where libraries that improve network performance (netty-tcnative) were not included in the main zipkin jar, resulting in unpublished Docker images.

Zipkin 3.2 improves accessibility blindness and language controls.

Before, there was no way to control "dark mode". Also, the color scheme lacked contrast and other features to support vision accessibility. @giaroc's first commit to zipkin knocked this out of the park, resulting in an easier to read and control UI.

before:

after:

Full Changelog: https://github.com/openzipkin/zipkin/compare/3.1.1..3.2.0

Commits

dfd8ee2 [maven-release-plugin] prepare release 3.3.0
1ed6c4a Adds SECURITY.md and scanning workflow (#3764)
b44940d Raises floor JRE version from 11 to 17 except core (#3763)
846ad9a docker: fixes building zipkin from source (#3762)
6248dd2 docker: gives more memory to prevent crash on OOM (#3761)
e941823 [maven-release-plugin] prepare for next development iteration
abed874 [maven-release-plugin] prepare release 3.2.1
82c26a2 Restores tcnative accidentally left out of 3.2.0 (#3760)
2de2642 [maven-release-plugin] prepare for next development iteration
9300c35 [maven-release-plugin] prepare release 3.2.0
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [io.zipkin.zipkin2:zipkin](https://github.com/openzipkin/zipkin) from 3.1.1 to 3.3.0. - [Release notes](https://github.com/openzipkin/zipkin/releases) - [Changelog](https://github.com/openzipkin/zipkin/blob/master/RELEASE.md) - [Commits](openzipkin/zipkin@3.1.1...3.3.0) --- updated-dependencies: - dependency-name: io.zipkin.zipkin2:zipkin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2024-05-06T02:50:08Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels May 1, 2024

liubao68 closed this May 6, 2024

dependabot Bot deleted the dependabot/maven/io.zipkin.zipkin2-zipkin-3.3.0 branch May 6, 2024 02:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump io.zipkin.zipkin2:zipkin from 3.1.1 to 3.3.0#4308

Bump io.zipkin.zipkin2:zipkin from 3.1.1 to 3.3.0#4308
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/io.zipkin.zipkin2-zipkin-3.3.0

dependabot Bot commented on behalf of github May 1, 2024

Uh oh!

dependabot Bot commented on behalf of github May 6, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 1, 2024

before:

after:

Uh oh!

dependabot Bot commented on behalf of github May 6, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant