Bump the centralized-spring-gradle-deps group across 1 directory with 4 updates

[dependabot]

Bumps the centralized-spring-gradle-deps group with 4 updates in the /centralized-sampling-tests/sample-apps/spring-boot directory: io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha, io.opentelemetry.contrib:opentelemetry-aws-xray, org.springframework.boot and io.spring.dependency-management.

Updates io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha from 1.32.0-alpha to 2.22.0-alpha

Release notes

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha's releases.

Version 2.21.0

This release targets the OpenTelemetry SDK 1.55.0.

Note that many artifacts have the -alpha suffix attached to their version number, reflecting that they are still alpha quality and will continue to have breaking changes. Please see the VERSIONING.md for more details.

⚠️ Breaking Changes

• Hadoop JMX metrics have been renamed to align with semantic conventions. If you are using Hadoop JMX metrics, you will need to update your dashboards and alerts. (#14411)
• Lettuce 5.1 instrumentation now aligns with other instrumentations and no longer sets the span status description. (#14886)

🚫 Deprecations

• The following Logback appender configuration properties have been renamed for clarity. The old property names have been deprecated and will be removed in a future release: - Java agent: otel.instrumentation.logback-appender.experimental.capture-logstash-attributes → otel.instrumentation.logback-appender.experimental.capture-logstash-marker-attributes - Spring Boot starterotel.instrumentation.logback-appender.experimental.capture-logstash-markers → otel.instrumentation.logback-appender.experimental.capture-logstash-marker-attributes - Logback appender configuration property: captureLogstashAttributes → captureLogstashMarkerAttributes - Logback appender API: setCaptureLogstashAttributes() → setCaptureLogstashMarkerAttributes() (#14959)

🌟 New javaagent instrumentation

• Add Helidon instrumentation (#13776)
• Add NATS instrumentation (#13999)
• OpenSearch Transport v3.0 Implementation (#14823)
• Add Kafka Connect API instrumentation (#14478)

🌟 New library instrumentation

• Add Helidon Instrumentation (#13776)
• Add NATS instrumentation (#13999)
• Failsafe 3.0 instrumentation introduced (#14057)

📈 Enhancements

• Add experimental sqlcommenter support for JDBC and R2DBC (#13714)
• Align Hadoop JMX metrics with semantic conventions (#14411)
• Introduce experimental API for operation attributes to be passed only to OperationListeners (#14590)
• Add span logging support for declarative configuration (#14591)
• Add span logging support for Spring Boot starter (#14594)
• Support capturing event names in logback, log4j, and jboss-logmanager appenders (#14649)
• Include contrib sampler in java agent, e.g. for filtering health check endpoints (#14677)
• Collect RPC metrics in Apache Dubbo instrumentation (#14690)
• Add experimental option to disable noisy redis.encode span events in Lettuce instrumentation (#14750)
• Support ListIterator in Kafka consumer instrumentation for Spark Structured Streaming (#14757)
• Exclude wrapper classes in JDBC instrumentation (#14760)
• Support JDBC URL parsing for OceanBase, PolarDB, and Lindorm databases (#14790)
• Support context propagation in Guava AsyncEventBus (#14791)
• Make db.statement attribute available during sampling in Lettuce instrumentation (#14856)
• Add code.namespace and code.function attributes to Vaadin controller spans (#14882)
• Add code.namespace and code.function attributes to Grails controller spans (#14885)
• Support Hibernate 7.2.0.CR1 (#14921)
• Support capturing Logstash StructuredArguments as log record attributes (#14959)
• Add gRPC request/response size metrics (#14342)

🛠️ Bug fixes

... (truncated)

Changelog

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha's changelog.

Changelog

Unreleased

Version 2.22.0 (2025-11-20)

⚠️ Breaking Changes

• AWS SDK 2.x attributes updated to align with semantic conventions (#15028)
  • The following attributes have been renamed:
    • aws.bucket.name (S3) → aws.s3.bucket
    • aws.queue.url (SQS) → aws.sqs.queue.url
    • aws.stream.name (Kinesis) → aws.kinesis.stream_name
    • aws.table.name (DynamoDB) → aws.dynamodb.table_names
    • aws.dynamodb.provisioned_throughput.read_capacity_units → aws.dynamodb.provisioned_read_capacity (type changed from long to double)
    • aws.dynamodb.provisioned_throughput.write_capacity_units → aws.dynamodb.provisioned_write_capacity (type changed from long to double)
    • aws.dynamodb.exclusive_start_table_name → aws.dynamodb.exclusive_start_table
    • aws.dynamodb.projection_expression → aws.dynamodb.projection
    • aws.dynamodb.scan_index_forward → aws.dynamodb.scan_forward
  • The following attribute types have changed:
    • aws.dynamodb.table_names: string → string[]
    • aws.dynamodb.consumed_capacity: string → string[]
    • aws.dynamodb.global_secondary_indexes: string → string[]
    • aws.dynamodb.local_secondary_indexes: string → string[]
    • aws.dynamodb.consistent_read: string → boolean
    • aws.dynamodb.table_count: string → long
    • aws.dynamodb.limit: string → long
    • aws.dynamodb.attributes_to_get: string → string[]
    • aws.dynamodb.segment: string → long
    • aws.dynamodb.total_segments: string → long
    • aws.dynamodb.count: string → long
    • aws.dynamodb.scanned_count: string → long
  • The following attributes are no longer emitted by default but can be enabled with otel.instrumentation.aws-sdk.experimental-span-attributes=true:
    • aws.queue.name (SQS)
    • aws.lambda.function.name (Lambda)
    • aws.lambda.function.arn (Lambda)
• JDBC library data source instrumentation now disabled by default (#15074)
• JMX state metrics unit changed from empty string to 1 to align with semantic conventions (#15093)
• AWS SDK 1.x attributes updated to align with semantic conventions (#15094)
  • Only affects users with otel.instrumentation.aws-sdk.experimental-span-attributes=true
  • The following attributes have been renamed and are now emitted by default (no experimental flag required):
    • aws.bucket.name (S3) → aws.s3.bucket
    • aws.queue.url (SQS) → aws.sqs.queue.url
    • aws.stream.name (Kinesis) → aws.kinesis.stream_name
    • aws.table.name (DynamoDB) → aws.dynamodb.table_names

... (truncated)

Commits

• See full diff in compare view

Updates io.opentelemetry.contrib:opentelemetry-aws-xray from 1.32.0 to 1.52.0

Release notes

Sourced from io.opentelemetry.contrib:opentelemetry-aws-xray's releases.

Version 1.52.0

This release targets the OpenTelemetry Java Instrumentation 2.22.0.

AWS X-Ray propagator

• Update xray lambda component provider name (#2423)

Inferred spans

• Add declarative config support. (#2030)
• Fix occasional/sporadic NPE. (#2443)

Span stack traces

• Fix stacktrace processor name for declarative config. (#2415)

🙇 Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

@​breedx-splk @​dol @​jack-berg @​jackshirazi @​jaydeluca @​laurit @​LikeTheSalad @​SylvainJuge @​trask @​zeitlinger

Version 1.51.0

This release targets the OpenTelemetry Java Instrumentation 2.21.0.

AWS X-Ray SDK support and propagator

• Add AWS X-Ray adaptive sampling support (#2147).

Common Expression Language sampler - New 🌟

A rule-based sampler backed by Common Expression Language (CEL) expressions for declarative sampling rules

Disk buffering

• Implement the disk buffering API (#2183).

Inferred spans

• Return the previous profiler interval from setInterval (#2354).

... (truncated)

Changelog

Sourced from io.opentelemetry.contrib:opentelemetry-aws-xray's changelog.

Version 1.52.0 (2025-11-20)

AWS X-Ray propagator

• Update xray lambda component provider name (#2423)

Inferred spans

• Add declarative config support. (#2030)
• Fix occasional/sporadic NPE. (#2443)

Span stack traces

• Fix stacktrace processor name for declarative config. (#2415)

Version 1.51.0 (2025-10-20)

AWS X-Ray SDK support and propagator

• Add AWS X-Ray adaptive sampling support (#2147).

Common Expression Language sampler - New 🌟

A rule-based sampler backed by Common Expression Language (CEL) expressions for declarative sampling rules

Disk buffering

• Implement the disk buffering API (#2183).

Inferred spans

• Return the previous profiler interval from setInterval (#2354).

OpAMP client

• Restore the client parameter to OpAMP callbacks (#2336).

Version 1.50.0 (2025-09-26)

Note: This release broadly applies some style guidelines across the repository. As a result, some classes that were visible might be package/private. Other non-final classes may now

... (truncated)

Commits

• 75ce83b Fix release workflow startup failure by declaring secrets in build-co… (#2457)
• c88165e [release/v1.52.x] Prepare release 1.52.0 (#2453)
• 10485c7 Update changelog for 1.52.0 (#2449)
• c18bee7 fix(deps): update dependency io.opentelemetry.instrumentation:opentelemetry-i...
• c2bf95c fix(deps): update errorprone packages to v2.44.0 (#2421)
• 89a7086 handle test failure (#2443)
• 6eecdc1 Remove versions from maven test resources (#2439)
• 262ad46 Remove scorecard experiment (#2440)
• 3986cba Remove misspell workflow (#2441)
• 097a7c9 Narrow renovate dependency caps to specific modules where it makes sense (#2434)
• Additional commits viewable in compare view

Updates org.springframework.boot from 2.7.18 to 4.0.0

Release notes

Sourced from org.springframework.boot's releases.

v4.0.0

Full release notes for Spring Boot 4.0 are available on the wiki. There is also a migration guide to help you upgrade from Spring Boot 3.5.

⭐ New Features

• Change tomcat and jetty runtime modules to starters #48175
• Rename spring-boot-kotlin-serialization to align with the name of the Kotlinx module that it pulls in #48076

🐞 Bug Fixes

• Error properties are a general web concern and should not be located beneath server.* #48201
• With both Jackson 2 and 3 on the classpath, @JsonTest fails due to duplicate jacksonTesterFactoryBean #48198
• Gradle war task does not exclude starter POMs from lib-provided #48197
• spring.test.webclient.mockrestserviceserver.enabled is not aligned with its module's name #48193
• SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #48182
• Properties bound in the child management context ignore the parent's environment prefix #48177
• ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #48171
• Starter for spring-boot-micrometer-metrics is missing #48161
• Elasticsearch client's sniffer functionality should not be enabled by default #48155
• spring-boot-starter-elasticsearch should depend on elasticsearch-java #48141
• Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #48132
• New arm64 macbooks fail to bootBuildImage due to incorrect platform image #48128
• Properties for configuring an isolated JsonMapper or ObjectMapper are incorrectly named #48116
• Buildpack fails with recent Docker installs due to hardcoded version in URL #48103
• Image building may fail when specifying a platform if an image has already been built with a different platform #48099
• Default values of Kotlinx Serialization JSON configuration properties are not documented #48097
• Custom XML converters should override defaults in HttpMessageConverters #48096
• Kotlin serialization is used too aggressively when other JSON libraries are available #48070
• PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #48059
• Auto-configured JCacheMetrics cannot be customized #48057
• WebSecurityCustomizer beans are excluded by WebMvcTest #48055
• Deprecated EnvironmentPostProcessor does not resolve arguments #48047
• RetryPolicySettings should refer to maxRetries, not maxAttempts #48023
• Devtools Restarter does not work with a parameterless main method #47996
• Dependency management for Kafka should not manage Scala 2.12 libraries #47991
• spring-boot-mail should depend on jakarta.mail:jakarta.mail-api and org.eclipse.angus:angus-mail instead of org.eclipse.angus:jakarta.mail #47983
• spring-boot-starter-data-mongodb-reactive has dependency on reactor-test #47982
• Support for ReactiveElasticsearchClient is in the wrong module #47848

📔 Documentation

• Removed property spring.test.webclient.register-rest-template is still documented #48199
• Mention support for detecting AWS ECS in "Deploying to the Cloud" #48170
• Revise AWS section of "Deploying to the Cloud" in reference manual #48163
• Fix typo in PortInUseException Javadoc #48134
• Correct section about required setters in "Type-safe Configuration Properties" #48131
• Use since attribute in configuration properties deprecation consistently #48122
• Document EndpointJsonMapper and management.endpoints.jackson.isolated-json-mapper #48115
• Document support for configuring servlet context init parameters using properties #48112
• Some configuration properties are not documented in the appendix #48095

... (truncated)

Commits

• 1c0e08b Release v4.0.0
• 3487928 Merge branch '3.5.x'
• 29b8e96 Switch make-default in preparation for Spring Boot 4.0.0
• 88da0dd Merge branch '3.5.x'
• 56feeaa Next development version (v3.5.9-SNAPSHOT)
• 3becdc7 Move server.error properties to spring.web.error
• 2b30632 Merge branch '3.5.x'
• 4f03b44 Merge branch '3.4.x' into 3.5.x
• 3d15c13 Next development version (v3.4.13-SNAPSHOT)
• dc140df Upgrade to Spring Framework 7.0.1
• Additional commits viewable in compare view

Updates io.spring.dependency-management from 1.1.4 to 1.1.7

Release notes

Sourced from io.spring.dependency-management's releases.

v1.1.7

🐞 Bug Fixes

• Dependency management report task produces a deprecation warning with Gradle 8.12-rc-1 #400
• ExclusionResolver makes assumptions that won't hold true with Gradle 9 #394

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​octylFractal

v1.1.6

🐞 Bug Fixes

• Applying Maven-style exclusions may cause a deprecation warning with Gradle 8.8 #384

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​quaff

v1.1.5

🐞 Bug Fixes

• When a dependency has been substituted by changing its target, its version is managed based on its original group and artifact IDs #383
• Plugin triggers a deprecation warning for LenientConfiguration#getArtifacts(Spec) with Gradle 8.8 #381
• Exclusions are calculated unnecessarily for non-transitive configurations #372

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​fp7

Commits

• 99c6a87 Release v1.1.7
• e870ef7 Address another deprecation warning in report take
• fc43f90 Stop report task from triggering a deprecation warning
• 0d1b43d Merge pull request #394 from octylFractal
• 09853a2 Check for ModuleComponentIdentifier explicitly
• e85cd28 Next development version (v1.1.7-SNAPSHOT)
• caad92a Apply exclusions earlier to avoid deprecation warning
• 68f86ea Merge pull request #387 from quaff
• 4d44a45 Remove stray backtick
• 90d9e1a Rename property to address naming clash
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
org.springframework.boot	[>= 3.a, < 4]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions