Bump io.zipkin.brave:brave-bom from 5.17.0 to 6.0.2

[dependabot]

Bumps io.zipkin.brave:brave-bom from 5.17.0 to 6.0.2.

Release notes

Sourced from io.zipkin.brave:brave-bom's releases.

Brave 6.0.2 fixes a propagation glitch on kafka streams processors using context.forward(). Tons of thanks to @​frosiere for the help on this! We also changed how dependencies are managed so that less false-positives show up due to our backwards compatability testing. We appreciate your continued use and feedback!

Full Changelog: https://github.com/openzipkin/brave/compare/6.0.1..6.0.2

Brave 6.0.1 simplifies internals of the json encoder and kafka-streams instrumentation. It also fixes a bug where a Tag<Throwable> passed to MutableSpanBytesEncoder.zipkinJsonV2 always used the key "error" even when set to something else. Finally @​reta fixed a flakey JMS integration test which was plaguing our CI builds!

Full Changelog: https://github.com/openzipkin/brave/compare/6.0.0..6.0.1

Brave 6 removes all modules and functions deprecated in Brave 5.x. It no longer has any dependency on io.zipkin.zipkin2:zipkin. Special thanks to @​reta and @​anuraaga for a lot of review support leading to this release!

No more deprecated functions

The final release of Brave 5 with deprecated functions was 5.18.1. Removing these functions was the only way to decouple Brave from zipkin's core library (io.zipkin.zipkin2:zipkin). However, this does not change Brave's floor Java 6 support. We still integration test this via the brave-example repository.

Here's an example of a working Java 6 and Spring 2.5 application, which is 280KB smaller due to use of the lean combination of Brave 6 and Zipkin Reporter 3.x:

# brave 5.18.1
3860    target/brave-example-webmvc25-1.0-SNAPSHOT.war
# brave 6.0.0
3580    target/brave-example-webmvc25-1.0-SNAPSHOT.war

No more io.zipkin.reporter2:zipkin-reporter or io.zipkin.zipkin2:zipkin dependencies

io.zipkin.brave:brave-bom used to manage zipkin-reporter dependencies. Since Brave no longer has dependencies on zipkin, it no longer manages them.

This impact is that users will need to manage their own versions for zipkin-reporter, likely via io.zipkin.reporter2:zipkin-reporter-bom described in the zipkin-reporter README.

To fully remove a zipkin core library dependency from your traced applications, use io.zipkin.reporter2:zipkin-reporter-brave 3.x AsyncZipkinSpanHandler. This is described in the zipkin-reporter README. You can expect currently maintained frameworks to do this on your behalf.

Thanks for your patience with the major upgrade. Things like this allow easier maintenance and a longer life for Brave, particularly as zipkin-server moves ahead with later Java versions.

Full Changelog: https://github.com/openzipkin/brave/compare/5.17.1..5.18.1

Brave 5.18 prepares for Brave 6 by deprecating instrumentation for libraries not released in 1.5-3.5 years including:

• context/rxjava2 - last released Feb 2021
  • replaced by RxJava3, but unlikely this module will be ported as it wasn't used widely.
• instrumentation/dubbo-rpc - (alibaba) last released Dec 2021
  • replaced by Apache Dubbo instrumentation/dubbo
• instrumentation/p6spy - last released July 2020
  • project dormant
• instrumentation/sparkjava - last released July 2022
  • project dormant

A minor change is we changed the artifact we use to test MySQL 8 to com.mysql:mysql-connector-j (instead of mysql:mysql-connector-java), to ensure we validate against current versions. Thanks @​m1ngyuan for the help on this.

Full Changelog: https://github.com/openzipkin/brave/compare/5.17.1..5.18.1

... (truncated)

Commits

• 987a681 [maven-release-plugin] prepare release 6.0.2
• 7dcd132 deps: updates all dependencies, notably Kafka (#1419)
• 91fcd8e spring-beans: uses version with CVEs only via invoker (#1417)
• 6224d3f kafka-tracing: injects init context on forward (#1409)
• 328107c [maven-release-plugin] prepare for next development iteration
• 03bbeca [maven-release-plugin] prepare release 6.0.1
• 7158ba2 json: fixes incorrect handling of error tag (#1415)
• 665e3e8 removes IpLiteral dependency from ZipkinV2JsonWriter (#1414)
• 710e7c3 log4j12: uses version with CVEs only via invoker (#1413)
• 21779e3 flakey test: brave.jms.ITJms_2_0_TracingMessageConsumer (#1410)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.