build(deps): bump io.prometheus.simpleclient.version from 0.7.0 to 0.15.0

[dependabot]

Bumps io.prometheus.simpleclient.version from 0.7.0 to 0.15.0.
Updates simpleclient from 0.7.0 to 0.15.0

Release notes

Sourced from simpleclient's releases.

0.15.0 / 2022-02-05

Major refactoring of Quantiles in Summary metrics. This will make them faster and use less memory. The new implementation also supports two corner cases that were not possible before: You can now use .quantile(0, 0) to track the minimum observed value and .quantile(1, 0) to track the maximum observed value. Thanks a lot @​DieBauer! #755

In addition to that the release includes:

[ENHANCEMENT] Lots of dependency version bumps. [BUGFIX] Apply ServletConfig during Servlet initialization in simpleclient_servlet and simpleclient_servlet_jakarta #739 [BUGFIX] HTTPServer: Don't send a Content-Length header when Transfer-Encoding is chunked #738. Thanks @​dhoard [BUGFIX] simpleclient_log4j set the log4j dependency scope as provided so that users don't accidentally pull the log4j version used in client_java. Note: This module is for monitoring log4j version 1, in simpleclient_log4j2 the dependency is already provided. [BUGFIX] simpleclient_dropwizard set the Dropwizard dependency scope as provided so that users don't accidentally pull the Dropwizard version used in client_java.

0.14.1 / 2021-12-19

Bump the log4j version in simpleclient_log4j2 to 2.17.0. Apart from that this release is identical to 0.14.0.

0.14.0 / 2021-12-18

Yet another log4j version update in simpleclient_log4j2: This time to 2.16.0. Note that the log4j dependency in simpleclient_log4j2 has scope provided, i.e. simpleclient_log4j2 does not ship with log4j. simpleclient_log4j2 uses whatever log4j version the monitored application provides at runtime. Updating the log4j dependency in simpleclient_log4j2 helps getting rid of security scanner warnings (see #733), but in order to eliminate the log4j vulnerability you must make sure that the application you monitor ships with an up-to-date log4j version.

Apart from the log4j update we have a new feature:

[ENHANCEMENT] The HTTPServer can now be configured to use SSL (#695). Thanks @​dhoard.

0.13.0 / 2021-12-13

We updated log4j to 2.15.0, which fixes the log4shell vulnerability (CVE-2021-44228) (#726). Technically simpleclient_log4j2 is not directly affected by the vulnerability, because as long as you update log4j in your monitored application simpleclient_log4j2 will pick up the updated version. However, it makes sense to remove the vulnerable versions from the dependency tree, therefore the update.

In addition to the log4j update in simpleclient_log4j2, this release contains the following enhancements and fixes:

[ENHANCEMENT] Allow passing a custom registry to the logback InstrumentedAppender (#690). Thanks @​MatthewDolan. [BUGFIX] Correct handling of HEAD requests (#688). Thanks @​dhoard. [ENHANCEMENT] Lots of more integration tests and tests with different Java versions. [ENHANCEMENT] Make HTTPMetricHandler public so that users can use them in their own HttpServers (#722). Thanks @​dhoard. [ENHANCEMENT] Make Base64 encoding in the HTTP authentication for the PushGateway work with all Java versions (#698). Thanks @​dhoard.

0.12.0 / 2021-08-29

This release has a (minor) breaking change in the simpleclient_hotspot module, fixing an incompatibility with OpenMetrics:

The metric jvm_classes_loaded from the ClassLoadingExports was renamed to jvm_classes_currently_loaded #681. The reason is that there is another metric named jvm_classes_loaded_total, and in OpenMetrics this resulted in a name conflict because the base name jvm_classes_loaded was the same, see prometheus/jmx_exporter#621.

[ENHANCEMENT] add support for Jakarta Servlet, implemented in the new simpleclient_servlet_jakarta module #647. Thanks @​mmadoo for the initial PR. [ENHANCEMENT] provide a way for filtering metrics by name / name prefix. This can be configured either in the HTTPServer, or in the Servlet exporter (both javax and Jakarta). For example, if some JMX metrics cause performance issues, this can be used for excluding these metrics #680. [ENHANCEMENT] for the Servlet filter (both javax and Jakarta): Add a parameter to strip the deployment path from the path label #639. Thanks @​lapo-luchini ! [ENHANCEMENT] Add HTTP Authentication to the HTTPServer #682. Thanks @​dhoard. [BUGFIX] Use <packaging>bundle</packaging> everywhere so that client_java works with OSGI again #678. Thanks @​bigmarvin. [BUGFIX] use the correct name for the metric type gaugehistogram in OpenMetrics (previously this was wrongly named gauge_histogram)

0.11.0 / 2021-05-30

[FEATURE] Exemplars: API for adding OpenMetrics Exemplars and out-of-the-box integration with OpenTelemetry tracing (#652). [ENHANCEMENT] Introduce TestContainers integration test, for example for testing different Java versions. This means you need Docker installed to run ./mvnw verify (#652). [ENHANCEMENT] HTTPServer: Set request/response timeouts (#643). [ENHANCEMENT] HTTPServer: Make HTTPMetricHandler public so that it can be used in a custom HTTPServer (#665). [ENHANCEMENT] New JVM memory metrics: jvm_memory_pool_collection_used_bytes, jvm_memory_pool_collection_committed_bytes, jvm_memory_pool_collection_max_bytes, jvm_memory_pool_collection_init_bytes, jvm_memory_objects_pending_finalization (#661, #660).

... (truncated)

Commits

• eb70395 [maven-release-plugin] prepare release parent-0.15.0
• c205ef3 Fix JavaDoc warnings
• c70a2e2 Bump OpenTelemetry version
• 3568b24 Remove call to Math.floor in f()
• a3954b0 Dependency version bumps (#761)
• b56849c simpleclient_log4j: make log4j dependency provided
• 5796943 Bump vertx-web from 3.3.2 to 3.5.4 in /simpleclient_vertx (#758)
• f9a1171 Summaries: Allow 0.0 and 1.0 quantiles and update documentation
• fd9da3e CKMS Quantiles: Add tests, refactor, fix tests
• 787eef3 Improve CKMSQuantiles and address memory leak
• Additional commits viewable in compare view

Updates simpleclient_httpserver from 0.7.0 to 0.15.0

Release notes

Sourced from simpleclient_httpserver's releases.

0.15.0 / 2022-02-05

Major refactoring of Quantiles in Summary metrics. This will make them faster and use less memory. The new implementation also supports two corner cases that were not possible before: You can now use .quantile(0, 0) to track the minimum observed value and .quantile(1, 0) to track the maximum observed value. Thanks a lot @​DieBauer! #755

In addition to that the release includes:

[ENHANCEMENT] Lots of dependency version bumps. [BUGFIX] Apply ServletConfig during Servlet initialization in simpleclient_servlet and simpleclient_servlet_jakarta #739 [BUGFIX] HTTPServer: Don't send a Content-Length header when Transfer-Encoding is chunked #738. Thanks @​dhoard [BUGFIX] simpleclient_log4j set the log4j dependency scope as provided so that users don't accidentally pull the log4j version used in client_java. Note: This module is for monitoring log4j version 1, in simpleclient_log4j2 the dependency is already provided. [BUGFIX] simpleclient_dropwizard set the Dropwizard dependency scope as provided so that users don't accidentally pull the Dropwizard version used in client_java.

0.14.1 / 2021-12-19

Bump the log4j version in simpleclient_log4j2 to 2.17.0. Apart from that this release is identical to 0.14.0.

0.14.0 / 2021-12-18

Yet another log4j version update in simpleclient_log4j2: This time to 2.16.0. Note that the log4j dependency in simpleclient_log4j2 has scope provided, i.e. simpleclient_log4j2 does not ship with log4j. simpleclient_log4j2 uses whatever log4j version the monitored application provides at runtime. Updating the log4j dependency in simpleclient_log4j2 helps getting rid of security scanner warnings (see #733), but in order to eliminate the log4j vulnerability you must make sure that the application you monitor ships with an up-to-date log4j version.

Apart from the log4j update we have a new feature:

[ENHANCEMENT] The HTTPServer can now be configured to use SSL (#695). Thanks @​dhoard.

0.13.0 / 2021-12-13

We updated log4j to 2.15.0, which fixes the log4shell vulnerability (CVE-2021-44228) (#726). Technically simpleclient_log4j2 is not directly affected by the vulnerability, because as long as you update log4j in your monitored application simpleclient_log4j2 will pick up the updated version. However, it makes sense to remove the vulnerable versions from the dependency tree, therefore the update.

In addition to the log4j update in simpleclient_log4j2, this release contains the following enhancements and fixes:

[ENHANCEMENT] Allow passing a custom registry to the logback InstrumentedAppender (#690). Thanks @​MatthewDolan. [BUGFIX] Correct handling of HEAD requests (#688). Thanks @​dhoard. [ENHANCEMENT] Lots of more integration tests and tests with different Java versions. [ENHANCEMENT] Make HTTPMetricHandler public so that users can use them in their own HttpServers (#722). Thanks @​dhoard. [ENHANCEMENT] Make Base64 encoding in the HTTP authentication for the PushGateway work with all Java versions (#698). Thanks @​dhoard.

0.12.0 / 2021-08-29

This release has a (minor) breaking change in the simpleclient_hotspot module, fixing an incompatibility with OpenMetrics:

The metric jvm_classes_loaded from the ClassLoadingExports was renamed to jvm_classes_currently_loaded #681. The reason is that there is another metric named jvm_classes_loaded_total, and in OpenMetrics this resulted in a name conflict because the base name jvm_classes_loaded was the same, see prometheus/jmx_exporter#621.

[ENHANCEMENT] add support for Jakarta Servlet, implemented in the new simpleclient_servlet_jakarta module #647. Thanks @​mmadoo for the initial PR. [ENHANCEMENT] provide a way for filtering metrics by name / name prefix. This can be configured either in the HTTPServer, or in the Servlet exporter (both javax and Jakarta). For example, if some JMX metrics cause performance issues, this can be used for excluding these metrics #680. [ENHANCEMENT] for the Servlet filter (both javax and Jakarta): Add a parameter to strip the deployment path from the path label #639. Thanks @​lapo-luchini ! [ENHANCEMENT] Add HTTP Authentication to the HTTPServer #682. Thanks @​dhoard. [BUGFIX] Use <packaging>bundle</packaging> everywhere so that client_java works with OSGI again #678. Thanks @​bigmarvin. [BUGFIX] use the correct name for the metric type gaugehistogram in OpenMetrics (previously this was wrongly named gauge_histogram)

0.11.0 / 2021-05-30

[FEATURE] Exemplars: API for adding OpenMetrics Exemplars and out-of-the-box integration with OpenTelemetry tracing (#652). [ENHANCEMENT] Introduce TestContainers integration test, for example for testing different Java versions. This means you need Docker installed to run ./mvnw verify (#652). [ENHANCEMENT] HTTPServer: Set request/response timeouts (#643). [ENHANCEMENT] HTTPServer: Make HTTPMetricHandler public so that it can be used in a custom HTTPServer (#665). [ENHANCEMENT] New JVM memory metrics: jvm_memory_pool_collection_used_bytes, jvm_memory_pool_collection_committed_bytes, jvm_memory_pool_collection_max_bytes, jvm_memory_pool_collection_init_bytes, jvm_memory_objects_pending_finalization (#661, #660).

... (truncated)

Commits

• eb70395 [maven-release-plugin] prepare release parent-0.15.0
• c205ef3 Fix JavaDoc warnings
• c70a2e2 Bump OpenTelemetry version
• 3568b24 Remove call to Math.floor in f()
• a3954b0 Dependency version bumps (#761)
• b56849c simpleclient_log4j: make log4j dependency provided
• 5796943 Bump vertx-web from 3.3.2 to 3.5.4 in /simpleclient_vertx (#758)
• f9a1171 Summaries: Allow 0.0 and 1.0 quantiles and update documentation
• fd9da3e CKMS Quantiles: Add tests, refactor, fix tests
• 787eef3 Improve CKMSQuantiles and address memory leak
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)