Bump the minor-and-patch group across 1 directory with 7 updates

[dependabot]

Bumps the minor-and-patch group with 7 updates in the / directory:

Package	From	To
ch.qos.logback:logback-classic	1.5.11	1.5.12
io.micrometer:micrometer-registry-prometheus	1.12.8	1.14.1
com.fasterxml.jackson.datatype:jackson-datatype-jsr310	2.18.0	2.18.2
io.zonky.test:embedded-postgres	2.0.7	2.1.0
io.confluent:kafka-avro-serializer	7.7.1	7.8.0
com.nimbusds:nimbus-jose-jwt	9.41.2	9.47
com.gradleup.shadow	8.3.3	8.3.5

Updates ch.qos.logback:logback-classic from 1.5.11 to 1.5.12

Commits

• 3a64b51 prepare release 1.5.12
• ecae664 fix issues/879
• 85968fa logger call ends with two exceptions - fix issues/876
• ea3cec8 Update README.md
• 887cbba update README.md
• df2a3b6 start work on 1.5.12-SNAPSHOT
• See full diff in compare view

Updates io.micrometer:micrometer-registry-prometheus from 1.12.8 to 1.14.1

Release notes

Sourced from io.micrometer:micrometer-registry-prometheus's releases.

1.14.1

📔 Documentation

• Gauges may be silently ignored when MeterFilters drop or transform tags #5616

🔨 Dependency Upgrades

• Bump com.netflix.spectator:spectator-reg-atlas from 1.8.1 to 1.8.2 #5685
• Bump software.amazon.awssdk:cloudwatch from 2.29.7 to 2.29.14 #5669
• Bump shaded netty to 4.1.115.Final in micrometer-registry-statsd to address CVE-2024-47535 #5660

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​izeye

1.14.0

Micrometer 1.14.0 is the GA version of a new feature release. See our support policy for support timelines.

Below are the combined release notes of all the pre-release milestones and release candidate preceding this GA release.

⚠️ Noteworthy

• Support ExponentialHistogram in OTLP #3861
• Virtual thread metrics #3956
• Validate expected Observation API call ordering on TestObservationRegistry #5239

⭐ New Features / Enhancements

• Expose TestObservationRegistry as an AssertJ AssertProvider #5551
• Use failure with actual and expected message to improve IDE experience for ObservationContextAssert #5550
• Replace @Nonnull(when = When.MAYBE) with @CheckForNull in @Nullable #5485
• Warn about Prometheus meter registration failure #5228
• Improve performance of merging two Tags/KeyValues instances #5140
• Allow user-provided custom scheduler for periodically binding KafkaMetrics #4976
• Allow specifying the meterNameConsumer for HighCardinalityTagsDetector #4028
• Virtual thread metrics #3956
• Allow tagsBasedOnJoinPoint to override extraTags with CountedAspect #2461
• Configurable _source.enabled Elastic mapping property #1629
• Skip registering Caffeine meters when statistics are not enabled #5409
• Log a warning when instrumenting a cache that is not recording stats in CaffeineCacheMetrics #5402
• MultiGauge.register should accept more types #5390
• Metrics not collected after ExecutorService recreation #5366
• Add "cancelled" information to the GrpcServerObservationContext #5301
• process_start_time_seconds HELP description inconsistency between Prometheus and micrometer #5290
• Add history-tracking to ObservationValidator #5370
• [dynatrace/v2] reduce log verbosity #5306
• Validate expected Observation API call ordering on TestObservationRegistry #5239
• Add JvmThreadDeadlockMetrics #5222
• Allow multiple MeterTag annotations for multiple tags from same target #4081

... (truncated)

Commits

• 2f8b914 Bump software.amazon.awssdk:cloudwatch from 2.29.7 to 2.29.14 (#5669)
• 2b125f4 Bump com.netflix.spectator:spectator-reg-atlas from 1.8.1 to 1.8.2 (#5685)
• 745be35 Bump spring6 from 6.1.14 to 6.1.15 (#5676)
• 00a6e41 Bump com.gradle.develocity from 3.18.1 to 3.18.2 (#5678)
• c3a4ff9 Merge branch '1.13.x' into 1.14.x
• 41c0b53 Merge branch '1.12.x' into 1.13.x
• a0f4911 Bump org.mongodb:mongodb-driver-sync from 4.11.4 to 4.11.5 (#5675)
• f68cc21 Bump me.champeau.gradle:japicmp-gradle-plugin from 0.4.4 to 0.4.5 (#5671)
• 0f7b04e Bump com.amazonaws:aws-java-sdk-cloudwatch from 1.12.777 to 1.12.778 (#5670)
• 1969651 Merge branch '1.13.x' into 1.14.x
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.18.0 to 2.18.2

Updates io.zonky.test:embedded-postgres from 2.0.7 to 2.1.0

Release notes

Sourced from io.zonky.test:embedded-postgres's releases.

v2.1.0

Changes:

• Fixed dependency conflicts with commons-io and commons-compress libraries (#133)
• Removed unnecessary try-catch handling when extracting PostgreSQL binaries (#136)
• Upgraded dependencies: (#135 #142 #140 #130 #128)
  • Flyway to 9.22.3
  • Liquibase to 4.30.0
  • PostgreSQL JDBC Driver to 42.7.4
  • Embedded Postgres Binaries to 14.15.0
  • Apache Commons Compress to 1.26.2
  • Apache Commons IO to 2.16.1
  • Apache Commons Codec to 1.17.1
  • Apache Commons Lang to 3.15.0
  • Tukaani XZ to 1.10

Commits

• 8567f40 [maven-release-plugin] prepare release v2.1.0
• fd49283 Merge pull request #142 from zonkyio/dependency-upgrades
• 74552df upgrade postgresql driver, liquibase and junit dependencies
• dbdc9e4 Merge pull request #141 from zonkyio/postgres-14.15
• f25a23f #140 upgrade to embedded postgres binaries 14.15
• 2f830bf Merge pull request #136 from turbanoff/avoid_bogus_catch
• 389fc61 Merge pull request #137 from mikebell90/explain.rationale
• 87a0377 Minor adjustments to the project description
• 2b7e8b9 Clearer explanation for why the fork occurred, indicate the original library ...
• 41b4546 Remove empty IOException try-catch handling when extracting PostgreSQL binaries
• Additional commits viewable in compare view

Updates io.confluent:kafka-avro-serializer from 7.7.1 to 7.8.0

Commits

• 145b030 Set Confluent to 7.8.0, Kafka to 7.8.0.
• 6b58ab0 Added kafka-tools dependency (#3404) (#3405)
• 5e40d15 DGS-18853 Revert change to default rule actions (#3334) (#3345)
• c11bcb0 Merge branch '7.7.x' into 7.8.x by rayokota
• 93e7b26 Merge branch '7.6.x' into 7.7.x by rayokota
• 6e2c2b6 Merge branch '7.5.x' into 7.6.x by rayokota
• b4f6a17 Merge branch '7.4.x' into 7.5.x by rayokota
• bc2890a Return encrypted value instead of throwing in MetadataEncoderService (#76) (#...
• 226ae3a Merge branch '7.7.x' into 7.8.x by kcorman0
• 315ea8d Merge branch '7.6.x' into 7.7.x by kcorman0
• Additional commits viewable in compare view

Updates com.nimbusds:nimbus-jose-jwt from 9.41.2 to 9.47

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

9.41.2 (2024-10-01) * JWEHeader must support the special case of an "aud" header value of type string (iss #569).

9.42 (2024-10-28) * Promotes getCompatibleAlgorithms from MACSigner to MACProvider. * Promotes getMinRequiredSecretLength from MACSigner to MACProvider. * Removes the Set argument from the protected MACProvider constructors, the compatible HSxxx algorithms are now determined within the constructor. * MACVerifier must enforce a minimum secret key length of 384 bits for HS384 and of 512 bits for HS512 (iss #563). * OctetSequenceKeyGenerator must support "exp", "nbf" and "iat" (iss #575). * Updates to com.google.crypto.tink:tink:1.15.0

9.43 (2024-10-31) * Adds JWK.toRevokedJWK(KeyRevocation) method.

9.44 (2024-11-01) * JWKMatcher receives a capability to match non-revoked and revoked keys only, with JWKMatcher.Builder.nonRevokedOnly and revokedOnly. * Adds JWKMatcher.Builder.withKeyUseOnly, deprecating hasKeyUse. * Adds JWKMatcher.Builder.withKeyIDOnly, deprecating hasKeyID. * Adds JWKMatcher.Builder.withX509CertChainOnly, deprecating hasX509CertChain.

9.45 (2024-11-01) * New JWKMatcher.Builder(JWKMatcher) constructor.

9.46 (2024-11-08) * Adds JWKParameterNames.PUBLIC constant Set with the standard public JWK parameter names.

9.47 (2024-11-14) * Adds static JSONArrayUtils.parse(String). * Adds static JSONArrayUtils.toJSONString(List). * JSONObjectUtils.toJSONString must throw NPE on null String (iss #577). * Fixes regression: Invalid JSON was accepted in versions 9.24+ (iss #574).

Commits

• See full diff in compare view

Updates com.gradleup.shadow from 8.3.3 to 8.3.5

Release notes

Sourced from com.gradleup.shadow's releases.

8.3.5

Fixed

• Revert "Bump Java level to 11" (#1011).
  This reverts the change to maintain compatibility with 8.x versions. The Java level will be bumped to 11 or above in the next major release.

8.3.4

Fixed

• Apply legacy plugin last, and declare capabilities for old plugins, fixes #964. (#991)

Commits

• 09be106 Prepare version 8.3.5
• f991608 Revert "Bump Java level to 11" (#1011)
• e9aa551 Migrate existing Junit 4 usages to Junit 5 (#998)
• 2c30155 Update release dates
• 6d40a9e Prepare next development version
• 85cb991 Prepare version 8.3.4
• 1bb88d1 chore(deps): update plugin com.diffplug.spotless to v7.0.0.beta4 (#1007)
• 8aad9ad Apply legacy plugin last, and declare capabilities for old plugins (#991)
• b0842f2 fix(deps): update junit5 monorepo to v5.11.3 (#1006)
• 0465d01 chore(deps): update plugin com.diffplug.spotless to v7.0.0.beta3 (#1003)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #496.