Sourced from metrics-core's releases.

v4.1.4

Security

• Upgrade to jackson-databind 2.9.10.3 (#1545, #1546)
  • This addresses CVE-2019-20330 and CVE-2020-8840

Features

• Add support for Apache HttpClient 5.x (#1543)

v4.1.3

Dependency updates

• Bump assertj-core from 3.14.0 to 3.15.0 (#1534)
• Bump httpclient from 4.5.10 to 4.5.11 (#1532)
• Bump jdbi3-core from 3.11.1 to 3.12.0 (#1521)
• Bump jdbi3-core from 3.12.0 to 3.12.2 (#1537)
• Bump jersey-bom from 2.29.1 to 2.30 (#1530)
• Bump jersey-bom from 2.30 to 2.30.1 (#1540)
• Bump jetty9.version from 9.4.24.v20191120 to 9.4.25.v20191220 (#1527)
• Bump jetty9.version from 9.4.25.v20191220 to 9.4.26.v20200117 (#1531)
• Bump jmh.version from 1.22 to 1.23 (#1533)
• Bump log4j2.version from 2.12.1 to 2.13.0 (#1520)
• Bump maven-checkstyle-plugin from 3.1.0 to 3.1.1 (#1539)
• Bump maven-shade-plugin from 3.2.1 to 3.2.2 (#1536)
• Bump maven-source-plugin from 3.2.0 to 3.2.1 (#1526)
• Bump mockito-core from 3.2.0 to 3.2.4 (#1523)
• Bump mockito-core from 3.2.4 to 3.3.0 (#1541)
• Bump plexus-compiler-javac-errorprone from 2.8.5 to 2.8.6 (#1538)
• Bump slf4j.version from 1.7.29 to 1.7.30 (#1522)
• Upgrade to Maven 3.6.3

Assorted

• Use HTTPS in POM
• Tweak GitHub build workflow (#1542)
• Use proper logger in ScheduledReporter (#1504)

• 8716613 [maven-release-plugin] prepare release v4.1.5
• 7cb6185 Bump httpclient from 4.5.11 to 4.5.12 (#1549)
• b58b350 Bump jetty9.version from 9.4.26.v20200117 to 9.4.27.v20200227 (#1547)
• bcc1a9d Bump log4j2.version from 2.13.0 to 2.13.1 (#1548)
• 9e85a6e [maven-release-plugin] prepare for next development iteration
• 6da446d [maven-release-plugin] prepare release v4.1.4
• 2415b63 Upgrade to jackson-databind 2.9.10.3 (#1546)
• 292279d Add support for Apache HttpClient 5.x (#1543)
• c48ec0f [maven-release-plugin] prepare for next development iteration
• 95f0483 [maven-release-plugin] prepare release v4.1.3
• Additional commits viewable in compare view

Sourced from metrics-servlets's releases.

v4.1.4

Security

• Upgrade to jackson-databind 2.9.10.3 (#1545, #1546)
  • This addresses CVE-2019-20330 and CVE-2020-8840

Features

• Add support for Apache HttpClient 5.x (#1543)

v4.1.3

Dependency updates

• Bump assertj-core from 3.14.0 to 3.15.0 (#1534)
• Bump httpclient from 4.5.10 to 4.5.11 (#1532)
• Bump jdbi3-core from 3.11.1 to 3.12.0 (#1521)
• Bump jdbi3-core from 3.12.0 to 3.12.2 (#1537)
• Bump jersey-bom from 2.29.1 to 2.30 (#1530)
• Bump jersey-bom from 2.30 to 2.30.1 (#1540)
• Bump jetty9.version from 9.4.24.v20191120 to 9.4.25.v20191220 (#1527)
• Bump jetty9.version from 9.4.25.v20191220 to 9.4.26.v20200117 (#1531)
• Bump jmh.version from 1.22 to 1.23 (#1533)
• Bump log4j2.version from 2.12.1 to 2.13.0 (#1520)
• Bump maven-checkstyle-plugin from 3.1.0 to 3.1.1 (#1539)
• Bump maven-shade-plugin from 3.2.1 to 3.2.2 (#1536)
• Bump maven-source-plugin from 3.2.0 to 3.2.1 (#1526)
• Bump mockito-core from 3.2.0 to 3.2.4 (#1523)
• Bump mockito-core from 3.2.4 to 3.3.0 (#1541)
• Bump plexus-compiler-javac-errorprone from 2.8.5 to 2.8.6 (#1538)
• Bump slf4j.version from 1.7.29 to 1.7.30 (#1522)
• Upgrade to Maven 3.6.3

Assorted

• Use HTTPS in POM
• Tweak GitHub build workflow (#1542)
• Use proper logger in ScheduledReporter (#1504)

• 8716613 [maven-release-plugin] prepare release v4.1.5
• 7cb6185 Bump httpclient from 4.5.11 to 4.5.12 (#1549)
• b58b350 Bump jetty9.version from 9.4.26.v20200117 to 9.4.27.v20200227 (#1547)
• bcc1a9d Bump log4j2.version from 2.13.0 to 2.13.1 (#1548)
• 9e85a6e [maven-release-plugin] prepare for next development iteration
• 6da446d [maven-release-plugin] prepare release v4.1.4
• 2415b63 Upgrade to jackson-databind 2.9.10.3 (#1546)
• 292279d Add support for Apache HttpClient 5.x (#1543)
• c48ec0f [maven-release-plugin] prepare for next development iteration
• 95f0483 [maven-release-plugin] prepare release v4.1.3
• Additional commits viewable in compare view

Sourced from metrics-servlet's releases.

v4.1.4

Security

• Upgrade to jackson-databind 2.9.10.3 (#1545, #1546)
  • This addresses CVE-2019-20330 and CVE-2020-8840

Features

• Add support for Apache HttpClient 5.x (#1543)

v4.1.3

Dependency updates

• Bump assertj-core from 3.14.0 to 3.15.0 (#1534)
• Bump httpclient from 4.5.10 to 4.5.11 (#1532)
• Bump jdbi3-core from 3.11.1 to 3.12.0 (#1521)
• Bump jdbi3-core from 3.12.0 to 3.12.2 (#1537)
• Bump jersey-bom from 2.29.1 to 2.30 (#1530)
• Bump jersey-bom from 2.30 to 2.30.1 (#1540)
• Bump jetty9.version from 9.4.24.v20191120 to 9.4.25.v20191220 (#1527)
• Bump jetty9.version from 9.4.25.v20191220 to 9.4.26.v20200117 (#1531)
• Bump jmh.version from 1.22 to 1.23 (#1533)
• Bump log4j2.version from 2.12.1 to 2.13.0 (#1520)
• Bump maven-checkstyle-plugin from 3.1.0 to 3.1.1 (#1539)
• Bump maven-shade-plugin from 3.2.1 to 3.2.2 (#1536)
• Bump maven-source-plugin from 3.2.0 to 3.2.1 (#1526)
• Bump mockito-core from 3.2.0 to 3.2.4 (#1523)
• Bump mockito-core from 3.2.4 to 3.3.0 (#1541)
• Bump plexus-compiler-javac-errorprone from 2.8.5 to 2.8.6 (#1538)
• Bump slf4j.version from 1.7.29 to 1.7.30 (#1522)
• Upgrade to Maven 3.6.3

Assorted

• Use HTTPS in POM
• Tweak GitHub build workflow (#1542)
• Use proper logger in ScheduledReporter (#1504)

• 8716613 [maven-release-plugin] prepare release v4.1.5
• 7cb6185 Bump httpclient from 4.5.11 to 4.5.12 (#1549)
• b58b350 Bump jetty9.version from 9.4.26.v20200117 to 9.4.27.v20200227 (#1547)
• bcc1a9d Bump log4j2.version from 2.13.0 to 2.13.1 (#1548)
• 9e85a6e [maven-release-plugin] prepare for next development iteration
• 6da446d [maven-release-plugin] prepare release v4.1.4
• 2415b63 Upgrade to jackson-databind 2.9.10.3 (#1546)
• 292279d Add support for Apache HttpClient 5.x (#1543)
• c48ec0f [maven-release-plugin] prepare for next development iteration
• 95f0483 [maven-release-plugin] prepare release v4.1.3
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)