Bump the trace-java-client-gradle-deps group in /trace-java-client with 4 updates

[dependabot]

Bumps the trace-java-client-gradle-deps group in /trace-java-client with 4 updates: io.opentracing.brave:brave-opentracing, io.zipkin.zipkin2:zipkin, io.zipkin.reporter2:zipkin-sender-okhttp3 and io.zipkin.brave:brave.

Updates io.opentracing.brave:brave-opentracing from 1.0.0 to 1.0.1

Commits

• See full diff in compare view

Updates io.zipkin.zipkin2:zipkin from 2.25.2 to 3.2.1

Release notes

Sourced from io.zipkin.zipkin2:zipkin's releases.

Zipkin 3.2.1 fixes a regression where libraries that improve network performance (netty-tcnative) were not included in the main zipkin jar, resulting in unpublished Docker images.

Zipkin 3.2 improves accessibility blindness and language controls.

Before, there was no way to control "dark mode". Also, the color scheme lacked contrast and other features to support vision accessibility. @​giaroc's first commit to zipkin knocked this out of the park, resulting in an easier to read and control UI.

before:

after:

Full Changelog: https://github.com/openzipkin/zipkin/compare/3.1.1..3.2.0

Zipkin 3.1.1 is a hardening release, notably polishing out some UI glitches and experience problems for Cassandra users. Thanks a lot for all the feedback and patience, as we delayed this patch until we felt confident glitches were handled in a way that would be easy to diagnose in the future!

UI Fixes

Users and maintainers have noticed a few glitches since our UI moved from the abandoned react-scripts to vite for packaging. We think we've corrected everything at this point, but please reach out if you believe we didn't.

• Fixed our test image ghcr.io/openzipkin/zipkin-ui resulting in 404s
• Fixed handling of the env variable ZIPKIN_UI_BASEDIR, used when zipkin is deployed in a proxying
  • added a new ghcr.io/openzipkin/zipkin-uiproxy image that proves this works.
  • A lot of folks pitched in here, special thanks to @​ujo-trackunit who uses this and provided a lot of insight leading to the fix, as well @​SamTV12345 @​reta and @​anuraaga who all took time away to contribute towards resolution.

Cassandra and SASI default change

When STORAGE_TYPE=cassandra3, zipkin uses a feature called SASI for search features. This was enabled by default in Cassandra 3.11+, but in 4.x it became disabled by default.

Unlike schema settings, sasi_indexes_enabled: true is not something zipkin can change. Before, we weren't logging this critical setup problem, so users upgrading from cassandra 3 to 4 had a very hard time figuring it out. We now properly log what's going on, with more context. Ideally, this will help folks correct their configuration.

Here's an example, if you use the default cassandra docker image which has SASI disabled

2024-03-07T08:02:47.184+08:00 ERROR [/] 83635 --- [cking-tasks-2-1] z.s.c.Schema                             : Failed to execute [CREATE CUSTOM INDEX IF NOT EXISTS ON zipkin2.span (l_service) USING 'org.apache.cassandra.index.sasi.SASIIndex'
   WITH OPTIONS = {'mode': 'PREFIX'}]: SASI indexes are disabled. Enable in cassandra.yaml to use.

Build updates

While these changes won't impact end users, they do affect forks and are important.

• we moved from long form license headers to SPDX ID
• @​anuraaga fixed our ServerIntegratedBenchmark

Full Changelog: https://github.com/openzipkin/zipkin/compare/3.1.0..3.1.1

Zipkin 3.1 includes our first additional features since the 3.0 platform update. Notably gRPC span collection is enabled by default, Eureka registration includes more properties, and you can now disable the UI independent of the REST API. Those using kubernetes should have a second look at our helm chart which is recently renovated as well!

While most won't see this, we'd like to give a special shout out to @​SamTV12345 for helping renovate our javascript build. It was Sam's first change in the project and quite a big one. We'd like to thank all the users for your feedback and the continued support from our all volunteer team, notably @​reta and @​anuraaga who've stuck here with you so long.

... (truncated)

Commits

• abed874 [maven-release-plugin] prepare release 3.2.1
• 82c26a2 Restores tcnative accidentally left out of 3.2.0 (#3760)
• 2de2642 [maven-release-plugin] prepare for next development iteration
• 9300c35 [maven-release-plugin] prepare release 3.2.0
• 3467f1d deps: updates to latest (clean trivy run) (#3759)
• 845312a benchmarks: moves dependency scope to test except wire (#3756)
• ab8a251 docker: fix cassandra pip install and bump all images (#3758)
• 78b2669 ci: pins markdown-link-check due to regression (#3757)
• 03c9588 Zipkin improve accessibility blindness and language controls (#3755)
• e0f6803 chore: remove repetitive words (#3754)
• Additional commits viewable in compare view

Updates io.zipkin.reporter2:zipkin-sender-okhttp3 from 2.17.1 to 3.4.0

Release notes

Sourced from io.zipkin.reporter2:zipkin-sender-okhttp3's releases.

Zipkin Reporter 3.4 deprecates AsyncReporter/SpanHandler queuedMaxBytes and disables it by default.

When introduced, AsyncReporter had three ways to trigger a queue flush:

• queuedMaxSpans - when the number of spans in the queue exceeds a threshold
• queuedMaxBytes - when the size of the spans in the queue exceeds a threshold
• messageTimeout - when a span has been in the queue longer than a threshold

queuedMaxBytes was deprecated because requires time in the critical path, to calculate the size of a span to make sure it doesn't breach the threshold. This is problematic in tools that check for pinning, like Virtual Threads.

Thanks a lot to @​reta for sorting this out!

Full Changelog: https://github.com/openzipkin/zipkin-reporter-java/compare/3.3.0..3.4.0

Zipkin Reporter 3.3 adds a BaseHttpSender type, which eases http library integration. It also adds HttpEndpointSupplier which supports dynamic endpoint discovery such as from Eureka, as well utilities to create constants or rate-limit suppliers. Finally, brave users get a native PROTO3 encoder through the new MutableSpanBytesEncoder type.

These features were made in support of spring-boot, but available to any user with no new dependencies. For example, the PROTO encoder adds no library dependency, even if it increases the size of zipkin-reporter-brave by a couple dozen KB. A lion's share of thanks goes to @​reta and @​anuraaga who were on design and review duty for several days leading to this.

Here's an example of pulling most of these things together, integrating a sender with spring-cloud-loadbalancer (a client-side loadbalancer library).

This endpoint supplier will get the configuration endpoint value and look up the next target to use with the loadBalancerClient. The rate limiter will ensure a gap of 30 seconds between queries. While below is hard-coded, it covers some routine advanced features formerly only available in spring-cloud-sleuth. Now, anyone can use them!

@Configuration(proxyBeanMethods = false)
public class ZipkinDiscoveryConfiguration {
  @Bean HttpEndpointSupplier.Factory loadbalancerEndpoints(LoadBalancerClient loadBalancerClient) {
    LoadBalancerHttpEndpointSupplier.Factory httpEndpointSupplierFactory =
        new LoadBalancerHttpEndpointSupplier.Factory(loadBalancerClient);
    // don't ask more than 30 seconds (just to show)
    return HttpEndpointSuppliers.newRateLimitedFactory(httpEndpointSupplierFactory, 30);
  }
record LoadBalancerHttpEndpointSupplier(LoadBalancerClient loadBalancerClient, URI virtualURL)
implements HttpEndpointSupplier {
record Factory(LoadBalancerClient loadBalancerClient) implements HttpEndpointSupplier.Factory {
  @Override public HttpEndpointSupplier create(String endpoint) {
    return new LoadBalancerHttpEndpointSupplier(loadBalancerClient, URI.create(endpoint));
  }
}
@Override public String get() {
ServiceInstance instance = loadBalancerClient.choose(virtualURL.getHost());
if (instance != null) {
return instance.getUri() + virtualURL.getPath();
}
throw new IllegalArgumentException(virtualURL.getHost() + " is not registered");
}
@Override public void close() {
}

</tr></table>

... (truncated)

Commits

• 0af48b8 [maven-release-plugin] prepare release 3.4.0
• 22b6727 Adds spring-beans context test and defaults to Spring 5 (#265)
• fcc67bb Deprecates AsyncReporter/SpanHandler queuedMaxBytes (#264)
• e54db40 ci: adds lint check, fixes yaml formatting and unnecessary auth (#263)
• f30ee66 AsyncReporter/SpanHandler: make queuedMaxBytes=0 disable pre-flight size chec...
• 0c62f8b benchmarks: moves dependency scope to test (#262)
• 939b6e4 deps: fix kafka floor JRE to 8 and updates all libs to latest (#261)
• 16686ce license: removes copyright year and uses SPDX ID (#257)
• f3b9cf7 [maven-release-plugin] prepare for next development iteration
• 9b4489e [maven-release-plugin] prepare release 3.3.0
• Additional commits viewable in compare view

Updates io.zipkin.brave:brave from 5.17.0 to 6.0.3

Release notes

Sourced from io.zipkin.brave:brave's releases.

Brave 6.0.3 including the following minor changes. Thanks very much to @​reta and @​anuraaga for review support!

• fixes bug that allowed setting local or remote service names to the empty string ("")
• fixed thread safety issue when using Tag.tag
• ports brave-instrumentation-mongodb to work on the new org.mongodb:mongodb-driver-core v5
  • Note: the floor JRE of this instrumentation is now 1.7, where it formerly was 1.6
• changes license headers to SPDX style, as used in zipkin and zipkin-reporter

Full Changelog: https://github.com/openzipkin/brave/compare/6.0.2..6.0.3

Brave 6.0.2 fixes a propagation glitch on kafka streams processors using context.forward(). Tons of thanks to @​frosiere for the help on this! We also changed how dependencies are managed so that less false-positives show up due to our backwards compatability testing. We appreciate your continued use and feedback!

Full Changelog: https://github.com/openzipkin/brave/compare/6.0.1..6.0.2

Brave 6.0.1 simplifies internals of the json encoder and kafka-streams instrumentation. It also fixes a bug where a Tag<Throwable> passed to MutableSpanBytesEncoder.zipkinJsonV2 always used the key "error" even when set to something else. Finally @​reta fixed a flakey JMS integration test which was plaguing our CI builds!

Full Changelog: https://github.com/openzipkin/brave/compare/6.0.0..6.0.1

Brave 6 removes all modules and functions deprecated in Brave 5.x. It no longer has any dependency on io.zipkin.zipkin2:zipkin. Special thanks to @​reta and @​anuraaga for a lot of review support leading to this release!

No more deprecated functions

The final release of Brave 5 with deprecated functions was 5.18.1. Removing these functions was the only way to decouple Brave from zipkin's core library (io.zipkin.zipkin2:zipkin). However, this does not change Brave's floor Java 6 support. We still integration test this via the brave-example repository.

Here's an example of a working Java 6 and Spring 2.5 application, which is 280KB smaller due to use of the lean combination of Brave 6 and Zipkin Reporter 3.x:

# brave 5.18.1
3860    target/brave-example-webmvc25-1.0-SNAPSHOT.war
# brave 6.0.0
3580    target/brave-example-webmvc25-1.0-SNAPSHOT.war

No more io.zipkin.reporter2:zipkin-reporter or io.zipkin.zipkin2:zipkin dependencies

io.zipkin.brave:brave-bom used to manage zipkin-reporter dependencies. Since Brave no longer has dependencies on zipkin, it no longer manages them.

This impact is that users will need to manage their own versions for zipkin-reporter, likely via io.zipkin.reporter2:zipkin-reporter-bom described in the zipkin-reporter README.

To fully remove a zipkin core library dependency from your traced applications, use io.zipkin.reporter2:zipkin-reporter-brave 3.x AsyncZipkinSpanHandler. This is described in the zipkin-reporter README. You can expect currently maintained frameworks to do this on your behalf.

Thanks for your patience with the major upgrade. Things like this allow easier maintenance and a longer life for Brave, particularly as zipkin-server moves ahead with later Java versions.

Full Changelog: https://github.com/openzipkin/brave/compare/5.17.1..5.18.1

Brave 5.18 prepares for Brave 6 by deprecating instrumentation for libraries not released in 1.5-3.5 years including:

• context/rxjava2 - last released Feb 2021
  • replaced by RxJava3, but unlikely this module will be ported as it wasn't used widely.
• instrumentation/dubbo-rpc - (alibaba) last released Dec 2021

... (truncated)

Commits

• 95ae4c2 [maven-release-plugin] prepare release 6.0.3
• 08e8e39 Fixes thread safety issue in Tag.tag (#1434)
• 57f27e2 license: removes copyright year and uses SPDX ID (#1433)
• 170c79f Speeds up dubbo tests, aligns conventions and bumps deps (#1432)
• ef6fbbd Adds support for org.mongodb:mongodb-driver-core v5 (#1431)
• fe3c8b4 fixes bug setting service names to empty (#1428)
• 69e30f3 Adds BaggagePropagation benchmarks for decorate (#1425)
• b7ece7b Consolidates notes on "extra" data (#1424)
• d8dc495 benchmarks: moves dependency scope to test (#1422)
• 5552507 [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #1615.