Skip to content

Bump io.opentelemetry.instrumentation:gradle-plugins from 2.19.0-alpha to 2.26.1-alpha#4652

Open
dependabot[bot] wants to merge 5 commits intomainfrom
dependabot/gradle/io.opentelemetry.instrumentation-gradle-plugins-2.26.1-alpha
Open

Bump io.opentelemetry.instrumentation:gradle-plugins from 2.19.0-alpha to 2.26.1-alpha#4652
dependabot[bot] wants to merge 5 commits intomainfrom
dependabot/gradle/io.opentelemetry.instrumentation-gradle-plugins-2.26.1-alpha

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 24, 2026

Bumps io.opentelemetry.instrumentation:gradle-plugins from 2.19.0-alpha to 2.26.1-alpha.

Release notes

Sourced from io.opentelemetry.instrumentation:gradle-plugins's releases.

Version 2.26.0

This release targets the OpenTelemetry SDK 1.60.1.

Note that many artifacts have the -alpha suffix attached to their version number, reflecting that they are still alpha quality and will continue to have breaking changes. Please see the VERSIONING.md for more details.

⚠️ Breaking changes to non-stable APIs

  • Remove deprecated AWS Lambda v2.2 wrappers and forceFlush(int, TimeUnit) overload (#16170)
  • Remove deprecated HTTP client/server methods (#16167)
  • Remove deprecated database instrumentation methods and classes (#16164)
  • Remove deprecated peer-service mapping APIs (#16165)
  • Make runtime-telemetry deprecated classes now internal (#16173)
  • Remove AttributesExtractorUtil (#16152)
  • Remove marker interface from SqlClientAttributesGetter (#16205)
  • Merge network/server getter methods into DB attribute getters (#16264, #16268)
  • Rename SQL sanitizer classes to SQL analyzer (#16269)
  • Rename internal common module packages to follow new naming convention (#16284, #16308, #16327, #16341, #16373)

🚫 Deprecations

  • Deprecated individual runtime-telemetry module classes in favor of unified module (#16087)
  • Deprecated old HTTP server query parameter methods in favor of sensitive query param handling (#16097)
  • Deprecated old RPC attributes getter methods in favor of new ones supporting stable semantic conventions (#16130)
  • Deprecated old ClickHouse instrumentation methods as part of simplification (#16206)
  • Deprecated old R2DBC methods in favor of ones supporting db.system.name (#16251)
  • Deprecated old DbClientAttributesGetter methods; added getErrorType() with implementations (#16276)
  • Deprecated old RPC metrics methods in favor of ones supporting stable semantic conventions (#16298)
  • Deprecated old DbClientAttributesGetter methods; added getDbName() to better support old/stable semconv split (#16318)

📈 Enhancements

  • Add server address and port attributes for Spymemcached (#15242)
  • Add Kafka Connect as a built-in JMX metrics target (#15561)
  • Convert Lettuce instrumentation to use Instrumenter (#15838)
  • OpenSearch Java client: capture sanitized search query bodies (#15634)
  • Apply stable semantic conventions to Camel JMX metrics (#16088)
  • Add jvm.file_descriptor.limit metric (#16174)
  • Run gRPC client callbacks with parent context (#16175)
  • SQL summary: handle EXPLAIN statements (#16184)
  • Simplify InfluxDB instrumentation (#16207)
  • Update histogram buckets for db.client.operation.duration (#16222)
  • SQL summary: support Oracle dblink syntax (#16230)
  • Add instrumentation for ZIO HTTP server route (#16232)
  • Remove network attributes under database stable semconv flag (#16257)
  • Support Javalin 7 (#16261)
  • gRPC: initial stable semconv support (#16304)
  • Populate os.version resource attribute (#16311)
  • Camel: don't emit db spans under stable semconv (#16275)
  • Dubbo: stable semconv support (#16352)
  • Update the OpenTelemetry SDK version to 1.60.0 (#16407)

... (truncated)

Changelog

Sourced from io.opentelemetry.instrumentation:gradle-plugins's changelog.

Changelog

Unreleased

Version 2.26.1 (2026-03-23)

🔒 Security fixes

  • Fix unsafe deserialization in RMI instrumentation that could lead to remote code execution (CVE-2026-33701, #16979)

Version 2.26.0 (2026-03-14)

⚠️ Breaking changes to non-stable APIs

  • Remove deprecated AWS Lambda v2.2 wrappers and forceFlush(int, TimeUnit) overload (#16170)
  • Remove deprecated HTTP client/server methods (#16167)
  • Remove deprecated database instrumentation methods and classes (#16164)
  • Remove deprecated peer-service mapping APIs (#16165)
  • Make runtime-telemetry deprecated classes now internal (#16173)
  • Remove AttributesExtractorUtil (#16152)
  • Remove marker interface from SqlClientAttributesGetter (#16205)
  • Merge network/server getter methods into DB attribute getters (#16264, #16268)
  • Rename SQL sanitizer classes to SQL analyzer (#16269)
  • Rename internal common module packages to follow new naming convention (#16284, #16308, #16327, #16341, #16373)

🚫 Deprecations

  • Deprecated individual runtime-telemetry module classes in favor of unified module (#16087)
  • Deprecated old HTTP server query parameter methods in favor of sensitive query param handling (#16097)
  • Deprecated old RPC attributes getter methods in favor of new ones supporting stable semantic conventions

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump io.opentelemetry.instrumentation:gradle-plugins
4b3e9f9 
Bumps [io.opentelemetry.instrumentation:gradle-plugins](https://github.com/open-telemetry/opentelemetry-java-instrumentation) from 2.19.0-alpha to 2.26.1-alpha.
- [Release notes](https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-java-instrumentation/commits)

---
updated-dependencies:
- dependency-name: io.opentelemetry.instrumentation:gradle-plugins
  dependency-version: 2.26.1-alpha
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Mar 24, 2026
@dependabot dependabot bot requested a review from harsimar as a code owner March 24, 2026 03:13
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 24, 2026
@dependabot dependabot bot added the java Pull requests that update Java code label Mar 24, 2026
@dependabot dependabot bot requested review from ramthi, trask and xiang17 as code owners March 24, 2026 03:13
@dependabot dependabot bot mentioned this pull request Mar 24, 2026
Closed
xiang17 added 4 commits March 24, 2026 00:24
@xiang17
chore(build): fix Shadow 9 migration by aligning plugin versions and …
46aa655 
…centralizing META-INF duplicate policy

Upgraded com.gradleup.shadow:shadow-gradle-plugin version to 9.3.2 to be in sync with io.opentelemetry.instrumentation:gradle-plugins:2.26.1-alpha.
@xiang17
fix(buildSrc): restore agent SPI service discovery after gradle-plugi…
4d1f6b2 
…ns upgrade

Shadow service-file merging was incomplete for isolated agent classes, so metric exporter providers were not discoverable from the inst service path during instrumentation tests. That caused Javaagent startup failures (otel.metrics.exporter=otlp “exporter not found”) and cascaded test failures across methods, micrometer, azure-functions, and applicationinsights-web modules.

Update shadow conventions to merge service descriptors into both META-INF/services and inst/META-INF/services, restoring provider loading for the agent classloader and passing unit tests.
@xiang17
fix(buildSrc): merge spring.factories safely in smoke test fat jars
f4874ab 
Use Shadow AppendingTransformer with an explicit newline separator and include duplicate spring.factories inputs so all Spring Boot auto-configuration entries are preserved and properly delimited during merge. This prevents malformed merged META-INF/spring.factories content that broke smoke test app startup (e.g., missing servlet web server auto-config).
@xiang17
ix(smoke-tests): restore spring.factories key-aware merge for Shadow …
8e7fcd9 
…fat jars

SpringCloudStream smoke was failing because META-INF/spring.factories entries were appended as plain text, causing auto-configuration keys to be effectively overwritten.
Switch back to PropertiesFileTransformer merge behavior for spring.factories (with duplicate resources included), so Spring Cloud Stream binder auto-config is preserved.
Validated by passing SpringCloudStream Java21 smoke and focused regression checks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@harsimar harsimar Awaiting requested review from harsimar harsimar is a code owner

@jeanbisutti jeanbisutti Awaiting requested review from jeanbisutti jeanbisutti is a code owner

@rajkumar-rangaraj rajkumar-rangaraj Awaiting requested review from rajkumar-rangaraj rajkumar-rangaraj is a code owner

@ramthi ramthi Awaiting requested review from ramthi ramthi is a code owner

@trask trask Awaiting requested review from trask trask is a code owner

@xiang17 xiang17 Awaiting requested review from xiang17 xiang17 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xiang17