Bump dubbo from 2.6.6 to 2.6.8

[dependabot-preview]

Bumps dubbo from 2.6.6 to 2.6.8.

Release notes

Sourced from dubbo's releases.

apache-dubbo-2.6.8

Please upgrade to the latest version to avoid potential security issues.

Vulnerability

CVE-2019-17564, Apache Dubbo deserialization vulnerability.

apache-dubbo-2.6.7

2.6.7

Enhancement / New feature：

• Multicast ipv6 support #3430
• Add Annotation-Driven for MethodConfig and ArgumentConfig #2298
• @Method default value will be set to the field of MethodConfig #3642
• ignore unrecognized dubbo versions. #4486

Bugfixes:

• @Reference field can't refer its' @Service Bean in same JVM from v2.6.6 #3695
• Nacos Dubbo Registry can't sense the change of service instances #4348
• Dubbo throws IoException with error message while decoding fail #4396

详情

1. [功能] 广播注册中心支持 IP V6
2. [功能] 为注解驱动添加 MethodConfig 以及 ArgumentConfig 支持 #2298
3. [功能] 添加 @Method 注解属性的默认值 #3642
4. [提升] 忽略无法识别的 Dubbo 版本，提升 Dubbo 应用的健壮性 #4486
5. [问题修复] @Reference 无法引用本地 @Service Bean #3695
6. [问题修复] Dubbo Nacos 注册中心无法感知应用实例的变化 #4348
7. [问题修复] 当 decoding 错误时，修正 IOException 错误信息 #4396

Changelog

Sourced from dubbo's changelog.

Release Notes

2.7.5

Features

• Support HTTP/2 through gRPC, offers all features supported by HTTP/2 and gRPC
  • Stream communication: client stream, server stream and bi-stream.
  • Reactive stream style RPC call.
  • Back pressure based on HTTP/2 flow-control mechanism.
  • TLS secure transport layer.
  • Define service using IDL
• Protobuf support for native Dubbo
  • Define service using IDL
  • Protobuf serialization
• TLS for netty4 server
• New SPI for dynamically adding extra parameters into provider URL, especially env parameters.
• [BETA] Brand new Service Discovery mechanism: Service Reflection - instance (application) level service discovery.
• [BETA] Brand new API for bootstraping Dubbo projects

Performance Tuning

• Overall performance improved by nearly 30% compared to v2.7.3 (by QPS in certain circumstances)
• Improved consumer side thread model to avoid thread allocation and context switch, especially useful for services serving big traffic.

Enhancement

• Load balance strategy among multiple registries:
  • Preferred
  • Same zone first
  • Weighted LB
  • The first one available
• New callback SPI for receiving address change notifications
• Refactoring of config module

Bugfixes

check 2.7.5 milestone for details.

2.7.4.1

Enhancement

• Enhance ProtobufTypeBuilder support generate type definition which contains Bytes List or Bytes Map. #5083
• Using the ID of Dubbo Config as the alias of Bean. #5094
• tag router supports anyhost. #4431
• optimize generic invoke. #4076
• dubbo zookeeper registry too slow #4828
• use consul with group and version. #4755
• qos support host config. #4720
• migrate http protocol #4781
• Some unit test optimization. #5026 #4803 #4687

Bugfixes

... (truncated)

Commits

• 5a6a069 copyright 2018-2020
• 8c2141c remove incubating
• 98cfbd6 upgrade version to 2.6.8
• 112990d backport changes from 2.7(#5767)
• a8f6f99 user can custom registry cluster (#5601)
• 69cc9bd Dubbo 2.6.x cannot found correct method with telnet command (#4611)
• 07bcafb dubbo zookeeper registry too slow (#5037)
• 89b213f Fix null attachment issue when consumer use generic (#5390)
• 7797074 修复nacos默认设置weight=1.0,导致权重获取bug (#5144)
• 116c9c3 fix default setting (#4955)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #217.