[PF-2983]: Bump the minor-patch-dependencies group with 7 updates

[dependabot]

Bumps the minor-patch-dependencies group with 7 updates:

Package	From	To
org.bouncycastle:bcprov-jdk18on	1.79	1.80
com.google.cloud:libraries-bom	26.52.0	26.53.0
bio.terra:stairway-gcp	1.1.17-SNAPSHOT	1.1.18-SNAPSHOT
bio.terra:stairway-azure	1.1.17-SNAPSHOT	1.1.18-SNAPSHOT
io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha	2.9.0-alpha	2.12.0-alpha
com.github.ben-manes.versions	0.51.0	0.52.0
org.springframework.boot	3.4.1	3.4.2

Updates org.bouncycastle:bcprov-jdk18on from 1.79 to 1.80

Changelog

Sourced from org.bouncycastle:bcprov-jdk18on's changelog.

2.1.1 Version Release: 1.80 Date:      2025, 14th January.

... (truncated)

Commits

• See full diff in compare view

Updates com.google.cloud:libraries-bom from 26.52.0 to 26.53.0

Release notes

Sourced from com.google.cloud:libraries-bom's releases.

v26.53.0

GCP Libraries BOM 26.53.0

Here are the differences from the previous version (26.52.0)

The group ID of the following artifacts is com.google.cloud.

Notable Changes

google-cloud-bigquery 2.46.0 (prev: 2.45.0)

• bigquery: Support IAM conditions in datasets in Java client. (#3602) (6696a9c)

• NPE when reading BigQueryResultSet from empty tables (#3627) (9a0b05a)

• test: Force usage of ReadAPI (#3625) (5ca7d4a)

google-cloud-pubsub 1.136.0 (prev: 1.135.0)

• Add Kafka-based sources to IngestionDataSourceSettings proto and IngestionFailureEvent proto (2947169)

google-cloud-spanner 6.85.0 (prev: 6.83.0)

• Add support for ARRAY<STRUCT> to CloudCilentExecutor (#3544) (6cbaf7e)

• Add transaction runner for connections (#3559) (5a1be3d)

• Exposing InstanceType in Instance configuration (to define PROVISIONED or FREE spanner instance) (8d295c4)

• Improve tracing by adding attributes (#3576) (eee333b)

• spanner: Add jdbc support for external hosts (#3536) (801346a)

• AsyncTransactionManager did not always close the session (#3580) (d9813a0)

• Retry specific internal errors (#3565) (b9ce1a6)

• Update max_in_use_session at 10 mins interval (#3570) (cc1753d)

• Add gcp client attributes in OpenTelemetry traces (#3595) (7893f24)

• Add LockHint feature (#3588) (326442b)

• spanner: MTLS setup for spanner external host clients (#3574) (f8dd152)

google-cloud-spanner-jdbc 2.26.0 (prev: 2.25.1)

• Clear interrupted flag after cancel (#1880) (e1fd4e1), closes #1879

• Support for spanner external host (#1884) (123a7bc)

google-cloud-storage 2.47.0 (prev: 2.46.0)

• Add MoveObject RPC (34b8ac4)

• Introductory beta level support for OpenTelemetry tracing on c.g.c.storage.Storage methods (#2837) (dd889ea)

• De-beta storage-v2 artifacts (#2852) (77a2e8a)

• Fix interrupt spiral in grpc ReadObject drainQueue (#2850) (c1dac83)

• Update request handling of gRPC based CopyWriter (#2858) (093cb87)

Other libraries

• [aiplatform] add a new thought field in content proto (b68c98c)

... (truncated)

Commits

• c8074d1 chore: release main (#6904)
• a5a6f30 deps: update protobuf to 4.29.0 (#6903)
• 7a0748f deps: update dependency com.google.cloud:google-cloud-logging-logback to v0.1...
• b617eee deps: update dependency com.google.cloud:google-cloud-logging-bom to v3.21.1 ...
• 42aa242 deps: update dependency com.google.cloud:google-cloud-spanner-jdbc to v2.26.0...
• 692b250 deps: update dependency com.google.cloud:google-cloud-firestore-bom to v3.30....
• f37e24d deps: update dependency com.google.cloud:google-cloud-bigquery to v2.46.0 (#6...
• f8b4af6 deps: update dependency com.google.cloud:google-cloud-spanner-bom to v6.85.0 ...
• 1413e7a deps: update dependency com.google.cloud:google-cloud-datastore-bom to v2.25....
• 68830a5 deps: update dependency com.google.cloud:google-cloud-pubsublite-bom to v1.15...
• Additional commits viewable in compare view

Updates bio.terra:stairway-gcp from 1.1.17-SNAPSHOT to 1.1.18-SNAPSHOT

Updates bio.terra:stairway-azure from 1.1.17-SNAPSHOT to 1.1.18-SNAPSHOT

Updates bio.terra:stairway-azure from 1.1.17-SNAPSHOT to 1.1.18-SNAPSHOT

Updates io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha from 2.9.0-alpha to 2.12.0-alpha

Release notes

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha's releases.

Version 2.11.0

This release targets the OpenTelemetry SDK 1.45.0.

Note that many artifacts have the -alpha suffix attached to their version number, reflecting that they are still alpha quality and will continue to have breaking changes. Please see the VERSIONING.md for more details.

Migration notes

In preparation for stabilizing HTTP library instrumentation soon:

• addAttributeExtractor methods in a few *TelemetryBuilder classes have been deprecated and renamed to addAttributesExtractor (which is how most of them were named already) (#12860)
• setEmitExperimental* methods in *TelemetryBuilder classes have been deprecated and moved to internal/experimental classes, see Javadoc @deprecated for exact relocation (#12847)
• ApacheHttpClient5* classes have been deprecated and renamed to ApacheHttpClient* (#12854)
• RatpackTelemetry* classes have been deprecated and split into RatpackClientTelemetry* and RatpackServerTelemetry* (#12853)
• SpringWebfluxTelemetry* classes have been deprecated and split into SpringWebfluxClientTelemetry* and SpringWebfluxServerTelemetry* (#12852)
• ArmeriaTelemetry* classes have been deprecated and split into ArmeriaClientTelemetry* and ArmeriaServerTelemetry* (#12851)
• *KtorClientTracing* and *KtorServerTracing* have been deprecated and renamed to *KtorClientTelemetry* and *KtorServerTelemetry* (#12855)
• Experimental opt-in attribute spring-webflux.handler.type was removed in favor of standard code.* attributes (#12887)

📈 Enhancements

• Map lettuce 5.1 db.namespace to db.name (unless using experimental database semconv stability opt-in) (#12609)
• Log4j2: add option to fill code attributes (#12592)
• Fill jvm.thread.state attribute for jvm.thread.count metric on jdk8 (#12724)
• Update Spring Scheduling code.* attribute extraction for latest release of Spring Scheduling (#12739)
• Add jctools classes to reflect-config.json for better native image support (#12736)
• Support Pulsar Client send message with transaction (#12731)
• Implement reading of simple key-value Logstash JSON Marker attributes (#12513)
• Add agent instrumentation for Ratpack 1.7+ (#12572)
• Added spring-scheduling.enabled property to spring-configuration-metadata.json (#12791)
• Remove class files from spring-boot-autoconfigure source jar (#12798)
• Updated Camel rules adding route.started, route.added, and thread pools' pool.core_size (#12763)
• Add database client metrics (when using experimental database semconv stability opt-in) (#12806, #12818)
• Add dynamodb instrumenter for aws v1_11 sdk (#12756)
• Remove public suffixes list from the agent (#10763)
• Add an option to disable automatic kafka interceptor configuration in spring starter (#12833)
• Add code attributes to spring webmvc controller spans (#12839)
• Hibernate 6: don't record error on NoResultException (#12879)
• Add support for missing spring list properties (#12819)
• Ktor: support setting custom spanNameExtractor (#12842) (#12850)
• Rename "db.client.connections.usage" to "db.client.connection.count" (when using experimental database semconv stability opt-in) (#12886)
• Support Struts 7.0 (#12935)
• Support latest Ktor release (#12937)

🛠️ Bug fixes

• Logback: don't make MDCPropertyMap of logging event immutable (#12718)
• Avoid exception when redisson address is null (#12883)
• Add close to fix CWE-404 (#12908)

🙇 Thank you

... (truncated)

Changelog

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha's changelog.

Changelog

Unreleased

Migration notes

• io.opentelemetry.instrumentation.api.incubator.semconv.util.SpanNames has been deprecated, replaced by the stable io.opentelemetry.instrumentation.api.semconv.util.SpanNames
• In preparation for stabilizing HTTP library instrumentation, the classes and methods that were deprecated in the prior two releases have now been removed

Version 2.12.0 (2025-01-17)

Migration notes

• Some Java agent instrumentation suppression keys have been renamed to match their module names:
  • elasticsearch-rest-6.0 --> elasticsearch-rest-6.4
  • internal-application-logging --> internal-application-logger
  • javalin-5 -> javalin-5.0
  • pulsar-2.8.0 -> pulsar-2.8
• In preparation for stabilizing HTTP library instrumentation soon:
  • setCaptured*Headers(List) methods in *TelemetryBuilder classes were changed to setCaptured*Headers(Collection) (#12901)
  • setKnownMethods(Set) methods in *TelemetryBuilder classes were changed to setKnownMethods(Collection) (#12902)

📈 Enhancements

• Support ExtendedTextMapGetter in gRPC instrumentation (#13011)
• Add database client metrics in DynamoDB instrumentation (#13033)
• Propagate context into async http client CompletableFuture callbacks (#13041)
• Exclude spring routing data source from Spring Starter instrumentation (#13054)
• Instrument jdbc batch queries (#12797)

🛠️ Bug fixes

• Fix incorrect dubbo trace caused by using rpcContext.isProviderSide() (#12930)
• Fix ClickHouse query failing with syntax error (#13020)
• Fix instrumentation module not loading silently when duplicate helper classnames are detected (#13005)
• Fix compatibility problem due to DubboHeadersGetter#keys in Dubbo 2.7.6 and 2.7.7

... (truncated)

Commits

• See full diff in compare view

Updates com.github.ben-manes.versions from 0.51.0 to 0.52.0

Updates org.springframework.boot from 3.4.1 to 3.4.2

Release notes

Sourced from org.springframework.boot's releases.

v3.4.2

🐞 Bug Fixes

• Property metadata for "logging.structured.json.customizer" has incorrect type #43916
• GraylogExtendedLogFormatProperties throws NullPointerException when only 'logging.structured.gelf.host' is specified #43863
• Structured logging properties have no effect in a native image #43862
• Docker Compose support for ClickHouse does not allow an empty password when ALLOW_EMPTY_PASSWORD=yes #43790
• docker compose ps now fails due to unknown --orphans flag with 2.23 or earlier #43717
• Build info timestamp is truncated to seconds #43617
• FileWatcher used for SSL reload does not support symlinks #43604
• BindableRuntimeHintsRegistrar should handle TypeNotPresentException #43600
• CapturedOutput is empty when using Log4J2 StatusLogger #43578
• Spring Boot 3.4 is not compatible with Gson 2.10 #43442
• NoClassDefFoundError when using JUnit to test a Gradle 7.6.x app that depends on spring-boot-actuator-autoconfigure but not on org.junit.platform:junit-platform-launcher #43340

📔 Documentation

• Document that the @ConfigurationProperties annotation processor cannot generate description and defaultValue metadata for external types #43929
• Fix description of management.metrics.graphql.autotime.enabled #43905
• Document 'base64:' prefix support #43835
• Document handling of @Fallback beans in ConditionalOnSingleCandidate's javadoc #43826
• Javadoc of DataSourceBuilder does not reference all supported types #43732
• Update OpenTelemetry section in Supported Monitoring Systems to refer to OTLP instead #43729
• Consistently document the minimum supported versions of Gradle #43725
• Document that system libraries are a reason to customize the builder and switch away from builder-jammy-java-tiny #43716
• Links to the Javadoc of Jakarta Messaging are invalid #43662
• Paragraph HTML tags are rendered as-is in Maven Plugin reference documentation #43623
• Javadoc link for jakarta.xml.bind is invalid #43607
• Documentation still has references to 'layertools' #43605
• Javadoc of ConstructorBinding should not use markdown formatting #43599
• Managed Dependency Coordinates lists Spock and OkHttp dependencies that are not managed #43584

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.5 #43791
• Upgrade to Commons Codec 1.17.2 #43720
• Upgrade to Couchbase Client 3.7.7 #43843
• Upgrade to FreeMarker 2.3.34 #43721
• Upgrade to Hibernate 6.6.5.Final #43910
• Upgrade to HttpCore5 5.3.2 #43792
• Upgrade to Infinispan 15.0.12.Final #43911
• Upgrade to Jersey 3.1.10 #43793
• Upgrade to jOOQ 3.19.18 #43844
• Upgrade to Lettuce 6.4.2.RELEASE #43609
• Upgrade to Logback 1.5.16 #43715
• Upgrade to Micrometer 1.14.3 #43745
• Upgrade to Micrometer Tracing 1.4.2 #43746
• Upgrade to Netty 4.1.117.Final #43845
• Upgrade to Postgresql 42.7.5 #43846
• Upgrade to Pulsar 3.3.4 #43912

... (truncated)

Commits

• f775945 Release v3.4.2
• 068b960 Merge branch '3.3.x' into 3.4.x
• 34c8353 Next development version (v3.3.9-SNAPSHOT)
• f184e98 Merge branch '3.3.x' into 3.4.x
• 390963f Document when defaultValue and description cannot be extracted
• ef82719 Fix memory comparison in ProcessInfoTests
• 1e35a0b Correct the type of logging.structured.json.customizer
• 24e40e8 Upgrade to Spring Pulsar 1.2.2
• 30dd62a Merge branch '3.3.x' into 3.4.x
• a3eaafb Upgrade to Spring Pulsar 1.1.8
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha	[>= 2.10.a, < 2.11]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[LizBaldo]

Only opentelemetry seems to have deprecated a few things, let's see what the tests do

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[mmorgantaylor]

@LizBaldo I'm not sure if it's a problem to be diverging here in terms of what the Spring Boot plugin and the opentelemetry bom each define. It was a problem in the past as I recall (hence these comments) but I think that if it builds and tests succeed we're ok.

[mmorgantaylor]

Hopefully the updates to the comments make sense and are helpful to our future selves