Bump the centralized-integration-deps group across 1 directory with 4 updates

[dependabot]

Bumps the centralized-integration-deps group with 4 updates in the /centralized-sampling-tests/integration-tests directory: io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha, io.opentelemetry.contrib:opentelemetry-aws-xray, com.jayway.jsonpath:json-path and io.spring.dependency-management.

Updates io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha from 1.32.0-alpha to 2.5.0-alpha

Release notes

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha's releases.

Version 2.4.0

This release targets the OpenTelemetry SDK 1.38.0.

Note that many artifacts have the -alpha suffix attached to their version number, reflecting that they are still alpha quality and will continue to have breaking changes. Please see the VERSIONING.md for more details.

🌟 New javaagent instrumentation

• InfluxDB (#10850)
• Armeria gRPC (#11351)
• Apache ShenYu (#11260)

📈 Enhancements

• Instrument ConnectionSource in Akka/Pekko HTTP Servers (#11103)
• Use constant span name when using Spring AMQP AnonymousQueues (#11141)
• Add support for RestClient in Spring starter (#11038)
• Add support for WebFlux server in Spring starter (#11185)
• Add async operation end strategy for Kotlin coroutines flow (#11168)
• Add automatic JDBC instrumentation to the Spring starter (#11258)
• Add StructuredTaskScope instrumentation (#11202)
• Allow reading OTel context from reactor ContextView (#11235)
• Add spring starter r2dbc support (#11221)
• Enable instrumentation of Spring EJB clients (#11104)
• Support otel.instrumentation.kafka.experimental-span-attributes in Spring starter (#11263)
• Remove incubating semconv dependency from library instrumentation (#11324)
• Add extension functions for Ktor plugins (#10963)
• Add dedicated flag for R2DBC statement sanitizer (#11384)
• Allow library instrumentations to override span name (#11355)
• Don't sanitize PostgreSQL parameter markers (#11388)
• Make statement sanitizer configurable for Spring Boot (#11350)

🛠️ Bug fixes

• Fix GraphQL instrumentation to work with latest version (#11142)
• Fix jmx-metrics on WildFly (#11151)
• End gRPC server span in onComplete instead of close (#11170)
• Fix a bug in undertow instrumentation related to HTTP/2 (#11361)
• Armeria http client reports wrong protocol version (#11334)
• Use daemon thread for scheduling in jmx-metrics BeanFinder (#11337)

🙇 Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

@​123liuziming @​aaron-ai @​AlchemyDing @​ArtyomGabeev @​aschugunov @​breedx-splk

... (truncated)

Changelog

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha's changelog.

Changelog

Unreleased

Version 2.5.0 (2024-06-17)

📈 Enhancements

• Add support for Informix connection string parsing in JDBC instrumentation (#11542)
• Generate an SBOM for the javaagent artifact (#11075)
• Extract sql operation even when the sanitizer is disabled (#11472)
• Improve security manager support (#11466)
• Generate Log4j2Plugin.dat for OpenTelemetryAppender (#11503)
• Stop kotlin coroutine dispatcher from propagating context (#11500)
• Handle Vert.x sub routes (#11535)
• Undertow: run response customizer on all ServerConnection implementations (#11539)
• Allow configuring MDC key names for trace_id, span_id, trace_flags (#11329)
• Apply async end strategy to all kotlin coroutine flows (#11583)

🛠️ Bug fixes

• Fix container.id issue in some crio scenarios (#11382)
• Fix Finagle http client context propagation (#11400)
• Fix sporadically failing finagle test (#11441)
• Fix request header capture corrupting tomcat request (#11469)
• Fix Ktor server instrumentation when Ktor client library is not present (#11454)
• Fix gRPC instrumentation adding duplicates to metadata instead of overwriting (#11308)
• Avoid NullPointerException when JMS destination is not available (#11570)
• Fix Spring Kafka instrumentation closing the trace too early (#11471)

Version 1.33.3 (2024-05-21)

... (truncated)

Commits

• See full diff in compare view

Updates io.opentelemetry.contrib:opentelemetry-aws-xray from 1.32.0 to 1.36.0

Release notes

Sourced from io.opentelemetry.contrib:opentelemetry-aws-xray's releases.

Version 1.36.0

This release targets the OpenTelemetry SDK 1.36.0.

AWS resources

• Optimization: don't attempt detection if a cloud provider has already been detected (#1225)

Baggage processor - New 🌟

This module provides a SpanProcessor that stamps baggage onto spans as attributes on start.

Consistent sampling

• Assume random trace ID and set th-field only for sampled spans (#1278)

GCP Resources

• Optimization: don't attempt detection if a cloud provider has already been detected (#1225)
• Update guidance for manual instrumentation usage (#1250)

JMX metrics

• Remove slf4j-simple dependency (#1283)

Maven extension

• Disable metrics and logs by default (#1276)
• Migrate to current semconv (#1299)
• Migrate from Plexus to JSR 330 dependency injection APIs (#1320)

Span stack trace

• Enable publishing to maven central (#1297)

🙇 Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

@​akats7 @​breedx-splk @​cijothomas @​cyrille-leclerc @​jack-berg @​jackshirazi @​jmacd @​JonasKunz @​jsuereth @​kenfinnigan @​laurit @​LikeTheSalad

... (truncated)

Changelog

Sourced from io.opentelemetry.contrib:opentelemetry-aws-xray's changelog.

Version 1.36.0 (2024-05-29)

AWS resources

• Optimization: don't attempt detection if a cloud provider has already been detected (#1225)

Baggage processor - New 🌟

This module provides a SpanProcessor that stamps baggage onto spans as attributes on start.

Consistent sampling

• Assume random trace ID and set th-field only for sampled spans (#1278)

GCP Resources

• Optimization: don't attempt detection if a cloud provider has already been detected (#1225)
• Update guidance for manual instrumentation usage (#1250)

JMX metrics

• Remove slf4j-simple dependency (#1283)

Maven extension

• Disable metrics and logs by default (#1276)
• Migrate to current semconv (#1299)
• Migrate from Plexus to JSR 330 dependency injection APIs (#1320)

Span stack trace

• Enable publishing to maven central (#1297)

Version 1.35.0 (2024-04-16)

JMX metrics

• Add support for newly named Tomcat MBean with Spring (#1269)

Span stack traces - New 🌟

... (truncated)

Commits

• 386a7ef [release/v1.36.x] Prepare release 1.36.0 (#1327)
• 2e9d881 Change log for upcoming release (#1325)
• aa5b65a Inline incubating attributes + central semconv-incubating dependency (#1298)
• 516aed9 [Maven Extension] Migrate from Plexus to JSR 330 dependency injection APIs (#...
• 14c385e Update micrometer packages to v1.13.0 (#1315)
• 72d7976 Add baggage span processor component (#1290)
• 71e5417 Update dependency io.opentelemetry.instrumentation:opentelemetry-instrumentat...
• 3e27e2b Update gradle enterprise packages to v3.17.4 (#1318)
• 34b505e Update dependency org.assertj:assertj-core to v3.26.0 (#1324)
• d91dfc6 Update dependency com.google.cloud.opentelemetry:detector-resources-support t...
• Additional commits viewable in compare view

Updates com.jayway.jsonpath:json-path from 2.8.0 to 2.9.0

Release notes

Sourced from com.jayway.jsonpath:json-path's releases.

json-path-2.9.0

What's Changed

• Fix for CVE-2023-51074.
• update dependencies by @​SingingBush in json-path/JsonPath#965
• JPMS: define Automatic-Module-Name as json.path by @​SingingBush in json-path/JsonPath#966
• Bump json-smart version from 2.4.10 to 2.5.0 by @​shoothzj in json-path/JsonPath#945
• Fixed rendering error on $..book[?(@.price <= $['expensive'])] in README.md by @​lulunac27a in json-path/JsonPath#967
• [build] Remove deprecated gradle convetion usage by @​shoothzj in json-path/JsonPath#946
• Check for the existence of the next significant bracket by @​twobiers in json-path/JsonPath#985
• Update versions by @​kallestenflo in json-path/JsonPath#987

New Contributors

• @​lulunac27a made their first contribution in json-path/JsonPath#967
• @​twobiers made their first contribution in json-path/JsonPath#985

Full Changelog: json-path/JsonPath@json-path-2.8.0...json-path-2.9.0

Commits

• af7e516 Release 2.9.0
• af4dfcc Make PropertyPathToken public, closes #955
• 49b1151 Update versions (#987)
• 71a09c1 Check for the existence of the next significant bracket (#985)
• 900ebfe Remove deprecated gradle usage (#946)
• 946274d Fixed rendering error on $..book[?(@.price <= $['expensive'])] in README.md...
• 425bcb1 Bump json-smart version from 2.4.10 to 2.5.0 (#945)
• 2d57ab3 JPMS: define Automatic-Module-Name as json.path (#966)
• 1a57f78 update dependencies (#965)
• 21de620 Prepare next version
• See full diff in compare view

Updates io.spring.dependency-management from 1.1.4 to 1.1.5

Release notes

Sourced from io.spring.dependency-management's releases.

v1.1.5

🐞 Bug Fixes

• When a dependency has been substituted by changing its target, its version is managed based on its original group and artifact IDs #383
• Plugin triggers a deprecation warning for LenientConfiguration#getArtifacts(Spec) with Gradle 8.8 #381
• Exclusions are calculated unnecessarily for non-transitive configurations #372

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​fp7

Commits

• b3f62a0 Release v1.1.5
• 70f3e08 Release from GitHub Actions
• b5ed22b Correct the value of build-name when deploying to Artifactory
• 029d266 Specify the shell for build and publish step
• 2ddde6f Prepare snapshot workflow for addition of release workflow
• 6cc618e Enable linting and treat warnings as errors
• 7a56eaa Broaden Gradle version compatibility testing
• 63c2738 Upgrade to Gradle 7.6.4
• 2ed89ef Upgrade to Gradle Enterprise Conventions 0.0.17
• 0676dc0 Merge pull request #372 from fp7
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions