Update dependency io.zipkin.reporter2:zipkin-reporter-brave to v2.17.2

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
io.zipkin.reporter2:zipkin-reporter-brave	2.16.3 -> 2.17.2

---

Release Notes

openzipkin/zipkin-reporter-java (io.zipkin.reporter2:zipkin-reporter-brave)

v2.17.2: Zipkin Reporter 2.17.2

Compare Source

Zipkin Reporter v2.17.2 fixes a bug where the jars that should be at Java 1.6 or 1.7 bytecode were not.

Full Changelog: https://github.com/openzipkin/zipkin-reporter-java/compare/2.17.0..2.17.2

v2.17.1

Compare Source

v2.17.0: Zipkin Reporter 2.17.0

Compare Source

Zipkin Reporter v2.17.0 updates default versions of dependencies so that CVE scanners like trivy pass by default. Details below for the interested.

For example, trivy is now clean.

$ trivy -q --skip-files "**/src/it/*/pom.xml" repo https://github.com/openzipkin/zipkin-reporter-java

In order to do this, and based on user demand, we had to change some default practice in our senders (the transport plug-in for sending spans to a zipkin compatible endpoint). Here is a summary of each and how versions are handled.

• activemq-client - Note that the recently released 6.x version is not compatible with 5.x due to package import change from javax.jms to jakarta.jms. Raise an issue if you need a later client as it will require a copy of the entire module to resolve.
• amqp-client (rabbitmq) - The 4.x version is no longer maintained, so we set a 5.x version and test the old one.
• kafka - the kafka-clients driver has not had any known compatibility problems, so we've left it as-is.
• libthrift (scribe) - libthrift (used for the deprecated scribe transport) has never released a 1.0 version, so occasionally causes revlocks. @​zhfeng noticed this in apache camel, as updating past the 4 year old 0.13 was impossible to work around. Luckily versions after that seem compatible with each other.
• okhttp3 - The 3.x version is no longer maintained, so we set a 4.x version and test the old one. Thanks @​evantorrie for explaining why this is important and @​shakuzen for helping in the discussion.

While not end-user affecting, we have also migrated from JUnit 4 to JUnit 5, thanks to OpenRewrite recipes from @​TeamModerne. Also, we use docker images to test all messaging transports. This ensures compatibility with upstream in transparent ways, and also removes classpath conflicts from java-based messaging transports such as ActiveMQ and Kafka.

Thanks a lot to @​anuraaga for copious support work on this release, as well.

Full Changelog: openzipkin/zipkin-reporter-java@2.16.5...2.17.0

Note: To pass Trivy at the moment, we have to skip old versions used only for compatibility testing. There is a discussion about making this default.

v2.16.5: Zipkin Reporter 2.16.5

Compare Source

Zipkin Reporter v2.16.5 updates dependencies and moves the build to work on current LTS JDKs (11, 17 and 21). Runtime Java versions remain the same. For example, the minimum Java version of the core jar remains 1.6.

Full Changelog: openzipkin/zipkin-reporter-java@2.16.4...2.16.5

v2.16.4: Zipkin Reporter 2.16.4

Compare Source

What's Changed

• chore: update kafka to 3.4 by @​jeqo in https://github.com/openzipkin/zipkin-reporter-java/pull/210

Full Changelog: openzipkin/zipkin-reporter-java@2.16.3...2.16.4

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.