dependabot[bot] opened a new pull request, #4308: URL: https://github.com/apache/servicecomb-java-chassis/pull/4308
Bumps [io.zipkin.zipkin2:zipkin](https://github.com/openzipkin/zipkin) from 3.1.1 to 3.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/openzipkin/zipkin/releases";>io.zipkin.zipkin2:zipkin's releases</a>.</em></p> <blockquote> <p>Zipkin 3.3 is maintenance only with no new features since the last release.</p> <p>Notably, this raises the floor JRE version of libraries except core from 11 to 17. The only reason we had 11 in the past was due to Spark limitations that affected zipkin-dependencies. This was resolved by Spark 3.4, which we were recently able to upgrade to once libraries we used all became compatible with it.</p> <p>Also, we now run <a href="https://github.com/aquasecurity/trivy";>Trivy security and misconfiguration scanner</a> on every commit, in support of our new <a href="https://github.com/openzipkin/zipkin/blob/master/SECURITY.md";>security policy</a>. This policy was designed around the norms of our maintenance community, which is currently 100pct volunteers with no dedicated paid time for the project.</p> <p>We appreciate Trivy adjusting the open source code for the somewhat unique needs of tracing projects: it <a href="https://github.com/aquasecurity/trivy/discussions/5787#discussioncomment-8602516";>requires running tests on old library versions</a>. Their open mindedness in classification policy was critical in coming up with a policy at all. We need to focus the small amount of time we have available to the most important alerts, and not the noise: now we can.</p> <p>Zipkin 3.2.1 fixes a regression where libraries that improve network performance (netty-tcnative) were not included in the main zipkin jar, resulting in unpublished Docker images.</p> <p>Zipkin 3.2 improves accessibility blindness and language controls.</p> <p>Before, there was no way to control "dark mode". Also, the color scheme lacked contrast and other features to support vision accessibility. <a href="https://github.com/giaroc";><code>@​giaroc</code></a>'s first commit to zipkin knocked this out of the park, resulting in an easier to read and control UI.</p> <h3>before:</h3> <!-- raw HTML omitted --> <h3>after:</h3> <!-- raw HTML omitted --> <p><strong>Full Changelog</strong>: <a href="https://github.com/openzipkin/zipkin/compare/3.1.1..3.2.0";>https://github.com/openzipkin/zipkin/compare/3.1.1..3.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/openzipkin/zipkin/commit/dfd8ee2ad08f5c3385e54e5b1337a4e1eb40f220";><code>dfd8ee2</code></a> [maven-release-plugin] prepare release 3.3.0</li> <li><a href="https://github.com/openzipkin/zipkin/commit/1ed6c4a3c337257e7890be8932dca133789ffa33";><code>1ed6c4a</code></a> Adds SECURITY.md and scanning workflow (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3764";>#3764</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/b44940d5c82952e33b198fc1c20ab66a29abc1a6";><code>b44940d</code></a> Raises floor JRE version from 11 to 17 except core (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3763";>#3763</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/846ad9a0aa240f5af24e17aa8a91606c5a3df1e6";><code>846ad9a</code></a> docker: fixes building zipkin from source (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3762";>#3762</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/6248dd263937443c7293741c18f7b90b5a7d5ba1";><code>6248dd2</code></a> docker: gives more memory to prevent crash on OOM (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3761";>#3761</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/e941823ed3a680241d6fd78520323acec3307e12";><code>e941823</code></a> [maven-release-plugin] prepare for next development iteration</li> <li><a href="https://github.com/openzipkin/zipkin/commit/abed8745cd86a693328ccd2da504678f90d5578e";><code>abed874</code></a> [maven-release-plugin] prepare release 3.2.1</li> <li><a href="https://github.com/openzipkin/zipkin/commit/82c26a2203a479463f4fa9c9966cd9f9690d10f4";><code>82c26a2</code></a> Restores tcnative accidentally left out of 3.2.0 (<a href="https://redirect.github.com/openzipkin/zipkin/issues/3760";>#3760</a>)</li> <li><a href="https://github.com/openzipkin/zipkin/commit/2de26423ffecb040c7341d4a1b5613b77dc9016e";><code>2de2642</code></a> [maven-release-plugin] prepare for next development iteration</li> <li><a href="https://github.com/openzipkin/zipkin/commit/9300c35002fc5d6bf52d82707c57e3f703de7802";><code>9300c35</code></a> [maven-release-plugin] prepare release 3.2.0</li> <li>Additional commits viewable in <a href="https://github.com/openzipkin/zipkin/compare/3.1.1...3.3.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
