Skip to content

EOL DEPENDENCY UPGRADE: minor upgrades — 10 packages (minor: 4 · patch: 6) [src/inventory-service]#596

Open
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/maven/inventory-service/1-1770982426
Open

EOL DEPENDENCY UPGRADE: minor upgrades — 10 packages (minor: 4 · patch: 6) [src/inventory-service]#596
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/maven/inventory-service/1-1770982426

Conversation

@campaigner-prod
Copy link
Contributor

@campaigner-prod campaigner-prod bot commented Feb 13, 2026

Summary: Security update — 25 packages upgraded (MINOR changes included)

Manifests changed:

  • src/inventory-service (maven)

Updates

Package From To Type Vulnerabilities Fixed
com.datadoghq:dd-trace-api 1.58.2 1.59.0 minor -
com.datadoghq:dd-trace-api 1.58.2 1.59.0 minor -
com.datadoghq:dd-trace-api 1.58.2 1.59.0 minor -
com.datadoghq:dd-trace-api 1.58.2 1.59.0 minor -
com.datadoghq:dd-trace-api 1.58.2 1.59.0 minor -
com.datadoghq:dd-trace-ot 1.58.2 1.59.0 minor -
com.datadoghq:dd-trace-ot 1.58.2 1.59.0 minor -
io.opentelemetry:opentelemetry-api 1.58.0 1.59.0 minor -
io.opentelemetry:opentelemetry-api 1.58.0 1.59.0 minor -
io.opentelemetry:opentelemetry-api 1.58.0 1.59.0 minor -
software.amazon.awscdk:aws-cdk-lib 2.236.0 2.237.1 minor -
software.amazon.awscdk:aws-cdk-lib 2.236.0 2.237.1 minor -
ch.qos.logback:logback-classic 1.5.27 1.5.28 patch -
ch.qos.logback:logback-classic 1.5.27 1.5.28 patch -
ch.qos.logback:logback-classic 1.5.27 1.5.28 patch -
software.amazon.awssdk:apache-client 2.41.19 2.41.24 patch -
software.amazon.awssdk:apache-client 2.41.19 2.41.24 patch -
software.amazon.awssdk:dynamodb 2.41.19 2.41.24 patch -
software.amazon.awssdk:dynamodb 2.41.19 2.41.24 patch -
software.amazon.awssdk:eventbridge 2.41.19 2.41.24 patch -
software.amazon.awssdk:eventbridge 2.41.19 2.41.24 patch -
software.amazon.awssdk:sfn 2.41.19 2.41.24 patch -
software.amazon.awssdk:sfn 2.41.19 2.41.24 patch -
software.amazon.awssdk:sns 2.41.19 2.41.24 patch -
software.amazon.awssdk:sns 2.41.19 2.41.24 patch -

Packages marked with "-" are updated due to dependency constraints.

Security Details

⚠️ Dependencies that have Reached EOL (16)
Dependency Unsafe Version EOL Date New Version Path
ch.qos.logback:logback-classic 1.5.27 - 1.5.28 src/inventory-service/inventory-acl/pom.xml
ch.qos.logback:logback-classic 1.5.27 - 1.5.28 src/inventory-service/inventory-ordering-service/pom.xml
ch.qos.logback:logback-classic 1.5.27 - 1.5.28 src/inventory-service/pom.xml
io.opentelemetry:opentelemetry-api 1.58.0 - 1.59.0 src/inventory-service/inventory-acl/pom.xml
io.opentelemetry:opentelemetry-api 1.58.0 - 1.59.0 src/inventory-service/inventory-core/pom.xml
io.opentelemetry:opentelemetry-api 1.58.0 - 1.59.0 src/inventory-service/pom.xml
software.amazon.awssdk:apache-client 2.41.19 - 2.41.24 src/inventory-service/inventory-core/pom.xml
software.amazon.awssdk:apache-client 2.41.19 - 2.41.24 src/inventory-service/pom.xml
software.amazon.awssdk:dynamodb 2.41.19 - 2.41.24 src/inventory-service/inventory-core/pom.xml
software.amazon.awssdk:dynamodb 2.41.19 - 2.41.24 src/inventory-service/pom.xml
software.amazon.awssdk:eventbridge 2.41.19 - 2.41.24 src/inventory-service/inventory-core/pom.xml
software.amazon.awssdk:eventbridge 2.41.19 - 2.41.24 src/inventory-service/pom.xml
software.amazon.awssdk:sfn 2.41.19 - 2.41.24 src/inventory-service/inventory-ordering-service/pom.xml
software.amazon.awssdk:sfn 2.41.19 - 2.41.24 src/inventory-service/pom.xml
software.amazon.awssdk:sns 2.41.19 - 2.41.24 src/inventory-service/inventory-core/pom.xml
software.amazon.awssdk:sns 2.41.19 - 2.41.24 src/inventory-service/pom.xml

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI

Update Mode: EOL Remediation

🤖 Generated by DataDog Automated Dependency Management System

@dd-prapprover
Copy link

dd-prapprover bot commented Feb 13, 2026
edited
Loading

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

🔗 Workflow Link

  • ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-02-13T11:34:05Z
  • ✅ CI tests passed - 2026-02-13T13:01:24Z
  • ✅ Approved (commit: 3212a66) - 2026-02-13T13:01:26Z
  • ✅ Merge Started
  • ⬜ Merged

➡️ Current phase: merge in progress...

dd-prapprover[bot]
dd-prapprover bot approved these changes Feb 13, 2026
View reviewed changes
Copy link

@dd-prapprover dd-prapprover bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR has been automatically approved by the DD PR Approver bot.

@dd-prapprover
Copy link

dd-prapprover bot commented Feb 13, 2026

/merge

@gh-worker-devflow-routing-ef8351
Copy link

gh-worker-devflow-routing-ef8351 bot commented Feb 13, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-02-13 13:01:32 UTC ℹ️ Start processing command /merge

2026-02-13 13:01:37 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in main is approximately 0s (p90).

2026-02-13 13:53:38 UTC ℹ️ MergeQueue: Readding this merge request to the queue because another merge request processed with yours failed. No action is needed from your side.

2026-02-13 15:53:54 UTC ℹ️ MergeQueue: Readding this merge request to the queue because another merge request processed with yours failed. No action is needed from your side.

2026-02-13 17:54:06 UTCMergeQueue: The build pipeline has timeout

The merge request has been interrupted because the build 0 took longer than expected. The current limit for the base branch 'main' is 120 minutes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dd-prapprover dd-prapprover[bot] dd-prapprover[bot] approved these changes

@jeastham1993 jeastham1993 Awaiting requested review from jeastham1993 jeastham1993 is a code owner

Assignees

No one assigned

Labels

adms-dependency-update campaigner-automated-change mergequeue-status: rejected

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants