[PF-2983]: Bump the minor-patch-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the minor-patch-dependencies group with 5 updates in the / directory:

Package	From	To
com.google.cloud:libraries-bom	26.53.0	26.56.0
bio.terra:stairway-gcp	1.1.18-SNAPSHOT	1.1.21-SNAPSHOT
bio.terra:stairway-azure	1.1.18-SNAPSHOT	1.1.21-SNAPSHOT
io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha	2.12.0-alpha	2.13.3-alpha
org.springframework.boot	3.4.2	3.4.3

Updates com.google.cloud:libraries-bom from 26.53.0 to 26.56.0

Release notes

Sourced from com.google.cloud:libraries-bom's releases.

v26.56.0

26.56.0 (2025-03-03)

Dependencies

• update bigtable bom (#6974) (ca61d7d)
• update dependency com.google.cloud:first-party-dependencies to v3.44.0 (#6957) (5eba4d7)
• update dependency com.google.cloud:gapic-libraries-bom to v1.53.0 (#6970) (599bec2)
• update dependency com.google.cloud:google-cloud-bigquery to v2.48.1 (#6965) (d810cc6)
• update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.11.4 (#6958) (211ca26)
• update dependency com.google.cloud:google-cloud-bigtable-bom to v2.53.0 (#6973) (4c5e805)
• update dependency com.google.cloud:google-cloud-datastore-bom to v2.26.4 (#6956) (0174952)
• update dependency com.google.cloud:google-cloud-firestore-bom to v3.30.9 (#6959) (56ee88e)
• update dependency com.google.cloud:google-cloud-logging-bom to v3.21.4 (#6961) (6d6ab90)
• update dependency com.google.cloud:google-cloud-logging-logback to v0.132.4-alpha (#6962) (274a6e7)
• update dependency com.google.cloud:google-cloud-nio to v0.127.32 (#6966) (130b2be)
• update dependency com.google.cloud:google-cloud-pubsub-bom to v1.137.1 (#6964) (39d6c74)
• update dependency com.google.cloud:google-cloud-pubsublite-bom to v1.15.4 (#6967) (c452159)
• update dependency com.google.cloud:google-cloud-spanner-bom to v6.88.0 (#6971) (e56bfb4)
• update dependency com.google.cloud:google-cloud-spanner-jdbc to v2.27.1 (#6972) (6e2c575)
• update dependency com.google.cloud:google-cloud-storage-bom to v2.49.0 (#6969) (1c9287f)

v26.55.0

GCP Libraries BOM 26.55.0

Here are the differences from the previous version (26.54.0)

The group ID of the following artifacts is com.google.cloud.

All libraries managed by this BOM are now compatible with GraalVM for JDK 23

Notable Changes

google-cloud-bigquery 2.48.0 (prev: 2.47.0)

• Implement wasNull for BigQueryResultSet (#3650) (c7ef94b)

google-cloud-bigtable 2.52.0 (prev: 2.51.2)

• Automated backups are supported in the admin client (#2472) (48633e6)

• Extend timeouts for check consistency (47ca299)

google-cloud-pubsub 1.137.0 (prev: 1.136.1)

• Add support for message transforms to Topic and Subscription (3889a05)

google-cloud-spanner 6.87.0 (prev: 6.86.0)

• Add AddSplitPoints API (a5ebcd3)
• Add option for multiplexed sessions with partitioned operations (#3635) (dc89b4d)
• Add option to indicate that a statement is the last in a transaction (#3647) (b04ea80)
• Adding gfe_latencies metric to built-in metrics (#3490) (314dadc)

... (truncated)

Commits

• c2ac438 chore: release main (#6960)
• ca61d7d deps: update bigtable bom (#6974)
• 4c5e805 deps: update dependency com.google.cloud:google-cloud-bigtable-bom to v2.53.0...
• 599bec2 deps: update dependency com.google.cloud:gapic-libraries-bom to v1.53.0 (#6970)
• e56bfb4 deps: update dependency com.google.cloud:google-cloud-spanner-bom to v6.88.0 ...
• 6e2c575 deps: update dependency com.google.cloud:google-cloud-spanner-jdbc to v2.27.1...
• 0174952 deps: update dependency com.google.cloud:google-cloud-datastore-bom to v2.26....
• d810cc6 deps: update dependency com.google.cloud:google-cloud-bigquery to v2.48.1 (#6...
• 130b2be deps: update dependency com.google.cloud:google-cloud-nio to v0.127.32 (#6966)
• 1c9287f deps: update dependency com.google.cloud:google-cloud-storage-bom to v2.49.0 ...
• Additional commits viewable in compare view

Updates bio.terra:stairway-gcp from 1.1.18-SNAPSHOT to 1.1.21-SNAPSHOT

Updates bio.terra:stairway-azure from 1.1.18-SNAPSHOT to 1.1.21-SNAPSHOT

Updates bio.terra:stairway-azure from 1.1.18-SNAPSHOT to 1.1.21-SNAPSHOT

Updates io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha from 2.12.0-alpha to 2.13.3-alpha

Release notes

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha's releases.

Version 2.13.2

This is a patch release on the previous 2.13.1 release, fixing the issue(s) below.

🛠️ Bug fixes

• Backport: Fix Spring boot starter dependency resolution failure with Gradle and Java 11 (#13402)

Version 2.13.1

This is a patch release on the previous 2.13.0 release, fixing the issue(s) below.

🛠️ Bug fixes

• Backport: Fix double instrumentation of Java runtime metrics (#13339)

Version 2.13.0

This release targets the OpenTelemetry SDK 1.47.0.

Note that many artifacts have the -alpha suffix attached to their version number, reflecting that they are still alpha quality and will continue to have breaking changes. Please see the VERSIONING.md for more details.

Migration notes

• io.opentelemetry.instrumentation.api.incubator.semconv.util.SpanNames has been deprecated, replaced by the stable io.opentelemetry.instrumentation.api.semconv.util.SpanNames
• In preparation for stabilizing HTTP library instrumentation, the classes and methods that were deprecated in the prior two releases have now been removed (#13135, #13150)
• Deprecated Dubbo instrumentation method was removed (#13076)

🌟 New javaagent instrumentation

• jdk.httpserver instrumentation (#13243)

🌟 New library instrumentation

• jdk.httpserver instrumentation (#13243)

📈 Enhancements

• Add database client metrics to Lettuce instrumentation (#13032)
• Stabilize io.opentelemetry.instrumentation.api.semconv.util.SpanNames (#12487)
• Implement ExtendedTextMapGetter in http server instrumentations (#13053)
• Implement ExtendedTextMapGetter in kafka-clients instrumentation (#13068)
• Scrub system property secrets from process resource attribute values (#13225)
• Add database client metrics to AWS SDK 2.x DynamoDB instrumentation (#13283)
• Add runtime metrics to Spring boot starter (#13173)

🛠️ Bug fixes

• Fix akka shutdown hanging (#13073)
• Fix MalformedInputException on z/OS (#13042)
• Fix scope leak in aws sdk instrumentation (#13129)
• Fix MapConverter does not get initialized when OTEL_SDK_DISABLED is set to true (#13224)
• Fix logback appender on android (#13234)

... (truncated)

Changelog

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha's changelog.

Changelog

Unreleased

Migration notes

• The java.net.http.HttpClient instrumentation package io.opentelemetry.instrumentation.httpclient was deprecated in favor of the new package name io.opentelemetry.instrumentation.javahttpclient

Version 2.13.3 (2025-02-28)

🛠️ Bug fixes

• Backport: Fix failure to start when AWS Resource Provider is enabled (#13420)

Version 2.13.2 (2025-02-27)

🛠️ Bug fixes

• Backport: Fix Spring boot starter dependency resolution failure with Gradle and Java 11 (#13402)

Version 2.13.1 (2025-02-18)

🛠️ Bug fixes

• Backport: Fix double instrumentation of Java runtime metrics (#13339)

Version 2.13.0 (2025-02-17)

Migration notes

• io.opentelemetry.instrumentation.api.incubator.semconv.util.SpanNames has been deprecated, replaced by the stable io.opentelemetry.instrumentation.api.semconv.util.SpanNames
• In preparation for stabilizing HTTP library instrumentation, the classes and methods that were deprecated in the prior two releases have now been removed (#13135, #13150)
• Deprecated Dubbo instrumentation method was removed (#13076)

🌟 New javaagent instrumentation

• jdk.httpserver instrumentation (#13243)

🌟 New library instrumentation

... (truncated)

Commits

• See full diff in compare view

Updates org.springframework.boot from 3.4.2 to 3.4.3

Release notes

Sourced from org.springframework.boot's releases.

v3.4.3

⭐ New Features

• Add TWENTY_FOUR to JavaVersion enum #44209

🐞 Bug Fixes

• Console output may be lost when using Log4j2 with something that replaces System.out #44380
• Maven plugin does not consistently use ArgFile for classpath argument on Windows #44328
• Reactive Jetty web server does not fail fast when configured to use a server name bundle which Jetty does not support #44319
• When web server application context refresh fails, the original failure is lost if stopping or destroying the web server throws an exception #44317
• View resolver for Thymeleaf should back off if spring-webmvc is not present #44296
• WebServer is not destroyed when ReactiveWebServerApplicationContext refresh fails #44294
• Non-default DataSource candidates are not considered in H2ConsoleAutoConfiguration #44293
• Banner placeholder and defaults do not work during development #44255
• Mustache templates return with ISO-8859-1 charset rather than UTF-8 in Content-Type response header #44193
• Servlet EndpointRequest doesn't match web server namespace correctly #44188
• java.lang.ClassCastException when using default management security with WebFlux and health probes enabled #44052
• Logback configuration that relies on inner-classes does not work in a native image #44025
• IllegalStateException: Unable to register SSL bundle after 3.3.8 or 3.4.2 #43989
• Metrics and health do not include non-default candidate beans #43481

📔 Documentation

• Document that auto-configuration classes should be identified using their binary names #44303
• Correct typo in MVC security when explaining when UserDetailsService auto-configuration will back off #44301
• Link to JarLauncher's javadoc #44170
• When using observability annotations, recommend that care is taken to avoid double instrumentation #44145
• Fix typo in Running Your Application #44035
• Document Kubernetes preStop handler when using a Docker image without a shell #44022
• Source snippet in Developing Your First Spring Boot Application section uses the root package #43983
• Correct the location of MyApplication.java in "Developing Your First Spring Boot Application" #43975
• Add links to Jackson Javadoc #43971
• Warn that some Quartz database schema scripts must be modified before use #43958

🔨 Dependency Upgrades

• Upgrade to Commons Pool2 2.12.1 #44173
• Upgrade to Couchbase Client 3.7.8 #44269
• Upgrade to Groovy 4.0.25 #44174
• Upgrade to Hibernate 6.6.8.Final #44332
• Upgrade to HttpClient5 5.4.2 #44176
• Upgrade to HttpCore5 5.3.3 #44177
• Upgrade to Infinispan 15.0.13.Final #44178
• Upgrade to jOOQ 3.19.19 #44368
• Upgrade to Json-smart 2.5.2 #44264
• Upgrade to Maven Clean Plugin 3.4.1 #44349
• Upgrade to Micrometer 1.14.4 #44115
• Upgrade to Micrometer Tracing 1.4.3 #44116
• Upgrade to Native Build Tools Plugin 0.10.5 #44179

... (truncated)

Commits

• 2f53c0a Release v3.4.3
• f99171f Merge branch '3.3.x' into 3.4.x
• 70e0744 Next development version (v3.3.10-SNAPSHOT)
• 07d9db3 Merge pull request #44380 from nosan
• 2295809 Register Log42J StatusListener
• 575655c Upgrade Tomcat 11 smoke tests to Tomcat 11.0.4
• c74397a Merge branch '3.3.x' into 3.4.x
• c718461 Protect against NoSuchMethodException on setReadOnly
• 7dc9bf2 Upgrade to Testcontainers Redis Module 2.2.4
• 7d1fc06 Upgrade to Testcontainers 1.20.5
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha	[>= 2.10.a, < 2.11]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[LizBaldo]

Ah, this is annoying, I had a fix in #224, but let me move it here now that will teach me to hop on dependabot PRs too quickly

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[jsotobroad]

Ah, this is annoying, I had a fix in #224, but let me move it here now that will teach me to hop on dependabot PRs too quickly

Thank you!

[LizBaldo]

left a comment about why we cannot upgrade opentelemetry quite yet, things should be good to merge now

[jsotobroad]

who knew java dependencu management could be annoying 🙄