Bump the backend group across 1 directory with 3 updates

[dependabot]

Bumps the backend group with 3 updates in the / directory: no.nav.security:token-client-core, org.apache.kafka:kafka-clients and io.micrometer:micrometer-registry-prometheus.

Updates no.nav.security:token-client-core from 4.1.8 to 5.0.1

Release notes

Sourced from no.nav.security:token-client-core's releases.

5.0.1

What's Changed

• Update pom.xml (#909) @​jan-olaveide

⬆️ Dependency upgrades

• Bump no.nav.security:mock-oauth2-server from 2.1.6 to 2.1.7 (#908) @​dependabot
• Bump spring-boot.version from 3.3.0 to 3.3.1 (#907) @​dependabot
• Bump no.nav.security:mock-oauth2-server from 2.1.5 to 2.1.6 (#906) @​dependabot
• Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.5 to 3.3.0 (#905) @​dependabot
• Bump com.nimbusds:nimbus-jose-jwt from 9.39.3 to 9.40 (#904) @​dependabot
• Bump kotest.version from 5.9.0 to 5.9.1 (#903) @​dependabot

5.0.0

What's Changed

⬆️ Dependency upgrades

• Bump com.nimbusds:nimbus-jose-jwt from 9.39.2 to 9.39.3 (#902) @​dependabot
• Bump com.nimbusds:nimbus-jose-jwt from 9.39.1 to 9.39.2 (#901) @​dependabot
• Bump org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.13 to 1.7.0 (#900) @​dependabot
• build(deps): bump kotlin.version from 1.9.24 to 2.0.0 (#897) @​dependabot
• Bump spring-boot.version from 3.2.5 to 3.3.0 (#899) @​dependabot
• build(deps): bump org.wiremock:wiremock-standalone from 3.5.4 to 3.6.0 (#898) @​dependabot
• build(deps): bump com.nimbusds:oauth2-oidc-sdk from 11.11 to 11.12 (#896) @​dependabot
• build(deps): bump com.nimbusds:oauth2-oidc-sdk from 11.10.1 to 11.11 (#895) @​dependabot

Commits

• 5381543 Update pom.xml (#909)
• 0fe967e Bump no.nav.security:mock-oauth2-server from 2.1.6 to 2.1.7 (#908)
• c49e541 Bump spring-boot.version from 3.3.0 to 3.3.1 (#907)
• 2db2b9d Bump no.nav.security:mock-oauth2-server from 2.1.5 to 2.1.6 (#906)
• c9cf353 Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.5 to 3.3.0 (#905)
• 6ceffb6 Bump com.nimbusds:nimbus-jose-jwt from 9.39.3 to 9.40 (#904)
• 8f34c39 Bump kotest.version from 5.9.0 to 5.9.1 (#903)
• See full diff in compare view

Updates org.apache.kafka:kafka-clients from 3.7.0 to 3.7.1

Updates io.micrometer:micrometer-registry-prometheus from 1.12.5 to 1.13.1

Release notes

Sourced from io.micrometer:micrometer-registry-prometheus's releases.

1.13.1

🔨 Dependency Upgrades

• Bump me.champeau.gradle:japicmp-gradle-plugin from 0.4.2 to 0.4.3 #5219
• Bump spring-javaformat from 0.0.41 to 0.0.42 #5218
• Bump dropwizard-metrics from 4.2.25 to 4.2.26 #5215
• Bump org.apache.felix:org.apache.felix.scr from 2.2.10 to 2.2.12 #5208
• Bump software.amazon.awssdk:cloudwatch from 2.25.64 to 2.25.69 #5202
• Bump org.hdrhistogram:HdrHistogram from 2.2.1 to 2.2.2 #5190
• Bump spring from 5.3.35 to 5.3.36 #5189
• Bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 #5188
• Bump com.netflix.spectator:spectator-reg-atlas from 1.7.12 to 1.7.13 #5186
• Bump io.netty:netty-bom from 4.1.109.Final to 4.1.110.Final #5185
• Bump org.apache.maven:maven-resolver-provider from 3.9.6 to 3.9.7 #5183
• Bump com.signalfx.public:signalfx-java from 1.0.41 to 1.0.42 #5182
• Bump io.projectreactor:reactor-bom from 2022.0.18 to 2022.0.19 #5121
• Bump com.gradle.develocity from 3.17.3 to 3.17.4 #5119
• Bump spring from 5.3.34 to 5.3.35 #5118

📝 Tasks

• Update japicmp compatibleVersion to 1.12.0 for 1.13.x #5143
• Add 1.13.x and remove 1.11.x from dependabot config #5094

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​izeye

1.13.0

Micrometer 1.13.0 is the GA version of a new feature release. See our support policy for support timelines and 1.13 Migration Guide for migration details.

Please take a look at the Migration Guide if you use Prometheus since there are breaking changes in the Prometheus registry if you are using the PrometheusMeterRegistry API in your code.

Below are the combined release notes of all the pre-release milestones and release candidate preceding it.

⚠️ Noteworthy

• Deprecate Jersey server instrumentation in favour of the jersey-micrometer module in Jersey #4100
• Add support for Prometheus client 1.x #4846 (please see the Migration Guide)
• Deprecate instrumentation for Jetty 9, 10, 11 that is out of support #4779
• Deprecate Hystrix instrumentation #4587
• JvmHeapPressureMetrics have incorrect base unit #3236
• Remove v1 CloudWatch module #1473
• Make DefaultHttpClientObservationConvention#INSTANCE final #4770
• Downgrade to Mockito 4 from Mockito 5 in micrometer-observation-test module micrometer-metrics/micrometer#4968
• Remove unnecessary mockito dependency in micrometer-test #4963

⭐ New Features / Enhancements

... (truncated)

Commits

• cf9533c Update compatibleVersion to 1.12.0 for 1.13.x branch (#5143)
• 370148e Bump software.amazon.awssdk:cloudwatch from 2.25.64 to 2.25.69 (#5202)
• 3ee9e7d Merge branch '1.12.x' into 1.13.x
• 9f13912 Bump org.apache.felix:org.apache.felix.scr from 2.2.10 to 2.2.12 (#5214)
• 37a6498 Merge branch '1.9.x' into 1.12.x
• 1551089 Bump com.amazonaws:aws-java-sdk-cloudwatch from 1.12.734 to 1.12.739 (#5210)
• 23b966e Bump dropwizard-metrics from 4.2.25 to 4.2.26 (#5201)
• 6b7f628 Bump spring-javaformat from 0.0.41 to 0.0.42 (#5207)
• 2130543 Bump me.champeau.gradle:japicmp-gradle-plugin from 0.4.2 to 0.4.3 (#5212)
• 82232f2 Bump software.amazon.awssdk:cloudwatch from 2.25.55 to 2.25.64 (#5184)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions