feat: Implement X509 certificate provider #1722
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit introduces the foundational components for workload identity mTLS authentication. It includes classes to load the certificate and private key file paths from a JSON configuration and to provide these credentials as a KeyStore. This lays the groundwork for future implementation of trust chain handling and subject token generation.
|
Would you be able to take a look at the Sonar report: https://sonarcloud.io/project/issues?issueStatuses=OPEN%2CCONFIRMED&pullRequest=1721&id=googleapis_google-auth-library-java and address some of the easier to fix issue? Sonar can't run from forks so it wasn't something that came up in the previous review. Some of these look to be quick wins for code quality and we can leave the harder stuff as action items in the future. |
lqiu96
approved these changes
Mar 28, 2025
lsirac
approved these changes
Mar 28, 2025
svc-squareup-copybara
pushed a commit
to cashapp/misk
that referenced
this pull request
May 5, 2025
| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | org.flywaydb.flyway | plugin | misk/gradle/libs.versions.toml | gradle | minor | `11.7.1` -> `11.8.0` | | [app.cash.tempest:tempest-bom](https://github.com/cashapp/tempest) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2025.03.17.133301-6c83654` -> `2025.05.02.195945-d393c44` | | [com.mysql:mysql-connector-j](http://dev.mysql.com/doc/connector-j/en/) ([source](https://github.com/mysql/mysql-connector-j)) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `8.3.0` -> `8.4.0` | | [com.google.guava:guava-bom](https://github.com/google/guava) ([source](http://svn.sonatype.org/spice/trunk/oss/oss-parent-9)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `33.4.0-jre` -> `33.4.8-jre` | | [com.google.api.grpc:proto-google-common-protos](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.54.1` -> `2.55.3` | | [com.google.cloud:google-cloud-core-http](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.53.1` -> `2.54.3` | | [com.google.apis:google-api-services-storage](http://nexus.sonatype.org/oss-repository-hosting.html) ([source](http://svn.sonatype.org/spice/tags/oss-parent-7)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `v1-rev20250312-2.0.0` -> `v1-rev20250424-2.0.0` | | [com.google.cloud:google-cloud-spanner](https://github.com/googleapis/java-spanner) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `6.90.0` -> `6.92.0` | | [com.google.cloud:google-cloud-logging](https://github.com/googleapis/java-logging) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `3.22.0` -> `3.22.2` | | [com.google.apis:google-api-services-cloudkms](http://nexus.sonatype.org/oss-repository-hosting.html) ([source](http://svn.sonatype.org/spice/tags/oss-parent-7)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `v1-rev20250227-2.0.0` -> `v1-rev20250414-2.0.0` | | [com.google.cloud:google-cloud-datastore](https://github.com/googleapis/java-datastore) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.27.1` -> `2.28.0` | | [com.google.cloud:google-cloud-core](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.53.1` -> `2.54.3` | | [com.google.api:gax](https://github.com/googleapis/sdk-platform-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.63.1` -> `2.64.3` | | [com.google.errorprone:error_prone_annotations](https://errorprone.info) ([source](https://github.com/google/error-prone)) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.37.0` -> `2.38.0` | | [com.google.protobuf:protoc](https://developers.google.com/protocol-buffers/) ([source](https://github.com/protocolbuffers/protobuf)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `3.25.6` -> `3.25.7` | | [com.google.protobuf:protobuf-java](https://developers.google.com/protocol-buffers/) ([source](https://github.com/protocolbuffers/protobuf)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `3.25.6` -> `3.25.7` | | [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `2.18.3` -> `2.19.0` | | [com.google.http-client:google-http-client-jackson2](https://github.com/googleapis/google-http-java-client) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.46.3` -> `1.47.0` | | [com.google.http-client:google-http-client](https://github.com/googleapis/google-http-java-client) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.46.3` -> `1.47.0` | | [com.google.auth:google-auth-library-oauth2-http](https://github.com/googleapis/google-auth-library-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.33.1` -> `1.34.0` | | [com.google.auth:google-auth-library-credentials](https://github.com/googleapis/google-auth-library-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.33.1` -> `1.34.0` | | [com.github.docker-java:docker-java-transport-httpclient5](https://github.com/docker-java/docker-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.4.2` -> `3.5.0` | | [com.github.docker-java:docker-java-transport](https://github.com/docker-java/docker-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.4.2` -> `3.5.0` | | [com.github.docker-java:docker-java-core](https://github.com/docker-java/docker-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.4.2` -> `3.5.0` | | [com.github.docker-java:docker-java-api](https://github.com/docker-java/docker-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.4.2` -> `3.5.0` | | [com.github.docker-java:docker-java](https://github.com/docker-java/docker-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.4.2` -> `3.5.0` | | [com.autonomousapps.dependency-analysis](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin) | plugin | misk/gradle/libs.versions.toml | gradle | minor | `2.16.0` -> `2.17.0` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.48.1` -> `1.48.2` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.48.1` -> `1.48.2` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.22` -> `2.31.34` | | [software.amazon.awssdk:sqs](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.22` -> `2.31.34` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.22` -> `2.31.34` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.22` -> `2.31.34` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.22` -> `2.31.35` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.22` -> `2.31.35` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.22` -> `2.31.35` | | [com.amazonaws:aws-java-sdk-sqs](https://aws.amazon.com/sdkforjava) ([source](https://github.com/aws/aws-sdk-java)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.12.782` -> `1.12.783` | | [com.amazonaws:aws-java-sdk-s3](https://aws.amazon.com/sdkforjava) ([source](https://github.com/aws/aws-sdk-java)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.12.782` -> `1.12.783` | | [com.amazonaws:aws-java-sdk-dynamodb](https://aws.amazon.com/sdkforjava) ([source](https://github.com/aws/aws-sdk-java)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.12.782` -> `1.12.783` | | [com.amazonaws:aws-java-sdk-core](https://aws.amazon.com/sdkforjava) ([source](https://github.com/aws/aws-sdk-java)) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `1.12.782` -> `1.12.783` | --- ### Release Notes <details> <summary>mysql/mysql-connector-j (com.mysql:mysql-connector-j)</summary> ### [`v8.4.0`](mysql/mysql-connector-j@8.3.0...8.4.0) [Compare Source](mysql/mysql-connector-j@8.3.0...8.4.0) </details> <details> <summary>googleapis/sdk-platform-java (com.google.api.grpc:proto-google-common-protos)</summary> ### [`v2.55.1`](https://github.com/googleapis/sdk-platform-java/blob/HEAD/CHANGELOG.md#2551-2025-03-12) ##### Dependencies - revert "deps: update arrow.version to v18.2.0" ([#​3694](googleapis/sdk-platform-java#3694)) ([2725744](googleapis/sdk-platform-java@2725744)) ### [`v2.55.0`](https://github.com/googleapis/sdk-platform-java/blob/HEAD/CHANGELOG.md#2550-2025-03-12) ##### Features - generate showcase using docker image ([#​3568](googleapis/sdk-platform-java#3568)) ([3857e3f](googleapis/sdk-platform-java@3857e3f)) - next release from main branch is 2.55.0 ([#​3668](googleapis/sdk-platform-java#3668)) ([1eda55f](googleapis/sdk-platform-java@1eda55f)) ##### Bug Fixes - remove call credentials from call options if DirectPath ([#​3670](googleapis/sdk-platform-java#3670)) ([5ede29c](googleapis/sdk-platform-java@5ede29c)) ##### Dependencies - update arrow.version to v18.2.0 ([#​3675](googleapis/sdk-platform-java#3675)) ([5a555e5](googleapis/sdk-platform-java@5a555e5)) </details> <details> <summary>googleapis/java-spanner (com.google.cloud:google-cloud-spanner)</summary> ### [`v6.92.0`](https://github.com/googleapis/java-spanner/blob/HEAD/CHANGELOG.md#6920-2025-04-29) ##### Features - \[Internal] client-side metrics for afe latency and connectivity error ([#​3819](googleapis/java-spanner#3819)) ([a8dba0a](googleapis/java-spanner@a8dba0a)) - Support begin with AbortedException for manager interface ([#​3835](googleapis/java-spanner#3835)) ([5783116](googleapis/java-spanner@5783116)) ##### Bug Fixes - **deps:** Update the Java code generator (gapic-generator-java) to 2.56.2 ([11bfd90](googleapis/java-spanner@11bfd90)) ##### Dependencies - Update dependency com.google.cloud:sdk-platform-java-config to v3.46.2 ([#​3836](googleapis/java-spanner#3836)) ([2ee7f97](googleapis/java-spanner@2ee7f97)) ### [`v6.91.1`](https://github.com/googleapis/java-spanner/blob/HEAD/CHANGELOG.md#6911-2025-04-21) ##### Bug Fixes - SkipHint in the internal parser skipped too much ([#​3827](googleapis/java-spanner#3827)) ([fbf7b4c](googleapis/java-spanner@fbf7b4c)) ### [`v6.91.0`](https://github.com/googleapis/java-spanner/blob/HEAD/CHANGELOG.md#6910-2025-04-17) ##### Features - \[Internal] open telemetry built in metrics for GRPC ([#​3709](googleapis/java-spanner#3709)) ([cd76c73](googleapis/java-spanner@cd76c73)) - Add java sample for the pre-splitting feature ([#​3713](googleapis/java-spanner#3713)) ([e97b92e](googleapis/java-spanner@e97b92e)) - Add TransactionMutationLimitExceededException as cause to SpannerBatchUpdateException ([#​3723](googleapis/java-spanner#3723)) ([4cf5261](googleapis/java-spanner@4cf5261)) - Built in metrics for afe latency and connectivity error ([#​3724](googleapis/java-spanner#3724)) ([e13a2f9](googleapis/java-spanner@e13a2f9)) - Support unnamed parameters ([#​3820](googleapis/java-spanner#3820)) ([1afd815](googleapis/java-spanner@1afd815)) ##### Bug Fixes - Add default implementations for Interval methods in AbstractStructReader ([#​3722](googleapis/java-spanner#3722)) ([97f4544](googleapis/java-spanner@97f4544)) - Set transaction isolation level had no effect ([#​3718](googleapis/java-spanner#3718)) ([b382999](googleapis/java-spanner@b382999)) ##### Performance Improvements - Cache the key used for OTEL traces and metrics ([#​3814](googleapis/java-spanner#3814)) ([c5a2045](googleapis/java-spanner@c5a2045)) - Optimize parsing in Connection API ([#​3800](googleapis/java-spanner#3800)) ([a2780ed](googleapis/java-spanner@a2780ed)) - Qualify statements without removing comments ([#​3810](googleapis/java-spanner#3810)) ([d358cb9](googleapis/java-spanner@d358cb9)) - Remove all calls to getSqlWithoutComments ([#​3822](googleapis/java-spanner#3822)) ([0e1e14c](googleapis/java-spanner@0e1e14c)) </details> <details> <summary>googleapis/java-logging (com.google.cloud:google-cloud-logging)</summary> ### [`v3.22.2`](https://github.com/googleapis/java-logging/blob/HEAD/CHANGELOG.md#3222-2025-04-25) ##### Dependencies - Update dependency com.google.cloud:sdk-platform-java-config to v3.46.2 ([#​1796](googleapis/java-logging#1796)) ([1f88271](googleapis/java-logging@1f88271)) ### [`v3.22.1`](https://github.com/googleapis/java-logging/blob/HEAD/CHANGELOG.md#3221-2025-04-25) ##### Bug Fixes - **deps:** Update the Java code generator (gapic-generator-java) to 2.56.2 ([7cce5b5](googleapis/java-logging@7cce5b5)) </details> <details> <summary>googleapis/java-datastore (com.google.cloud:google-cloud-datastore)</summary> ### [`v2.28.0`](https://github.com/googleapis/java-datastore/blob/HEAD/CHANGELOG.md#2280-2025-04-29) ##### Features - Java datastore gapic upgrade ([#​1824](googleapis/java-datastore#1824)) ([a296d43](googleapis/java-datastore@a296d43)) ### [`v2.27.2`](https://github.com/googleapis/java-datastore/blob/HEAD/CHANGELOG.md#2272-2025-04-25) ##### Bug Fixes - **deps:** Update the Java code generator (gapic-generator-java) to 2.56.2 ([1210f32](googleapis/java-datastore@1210f32)) ##### Dependencies - Update dependency com.google.cloud:sdk-platform-java-config to v3.46.2 ([#​1823](googleapis/java-datastore#1823)) ([4d2026c](googleapis/java-datastore@4d2026c)) </details> <details> <summary>google/error-prone (com.google.errorprone:error_prone_annotations)</summary> ### [`v2.38.0`](https://github.com/google/error-prone/releases/tag/v2.38.0): Error Prone 2.38.0 New checks: - [`AddNullMarkedToPackageInfo`](https://errorprone.info/bugpattern/AddNullMarkedToPackageInfo): adds [`@org.jspecify.annotations.NullMarked`](https://jspecify.dev/docs/api/org/jspecify/annotations/NullMarked.html) annotation to package-info files - [`IntLiteralCast`](https://errorprone.info/bugpattern/IntLiteralCast): Suggests a literal of the desired type instead of casting an int literal to a long, float, or double - [`MisleadingEmptyVarargs`](https://errorprone.info/bugpattern/MisleadingEmptyVarargs): Discourages calling varargs methods that expect at least one argument with no arguments, like Mockito's `thenThrow` - [`PreconditionsExpensiveString`](https://errorprone.info/bugpattern/PreconditionsExpensiveString): Discourages expensive string formatting in Guava `Preconditions` checks - [`SelfSet`](https://errorprone.info/bugpattern/SelfSet): Detects mistakes like `proto.setFoo(proto.getFoo())` - [`UnnecessaryCopy`](https://errorprone.info/bugpattern/UnnecessaryCopy): detect unnecessary copies of proto Lists and Maps. Closed issues: [#​4924](google/error-prone#4924), [#​4897](google/error-prone#4897), [#​4995](google/error-prone#4995) Full changelog: google/error-prone@v2.37.0...v2.38.0 </details> <details> <summary>googleapis/google-http-java-client (com.google.http-client:google-http-client-jackson2)</summary> ### [`v1.47.0`](https://github.com/googleapis/google-http-java-client/blob/HEAD/CHANGELOG.md#1470-2025-04-28) ##### Features - Next release from main branch is 1.47.0 ([#​2087](googleapis/google-http-java-client#2087)) ([f89cc4c](googleapis/google-http-java-client@f89cc4c)) ##### Bug Fixes - Encode + sign in url with %2B ([#​2094](googleapis/google-http-java-client#2094)) ([1f8aca7](googleapis/google-http-java-client@1f8aca7)) ##### Dependencies - Update github/codeql-action action to v3.28.16 ([#​2057](googleapis/google-http-java-client#2057)) ([4fc3e3a](googleapis/google-http-java-client@4fc3e3a)) </details> <details> <summary>googleapis/google-auth-library-java (com.google.auth:google-auth-library-oauth2-http)</summary> ### [`v1.34.0`](https://github.com/googleapis/google-auth-library-java/blob/HEAD/CHANGELOG.md#1340-2025-04-29) ##### Features - Implement X509 certificate provider ([#​1722](googleapis/google-auth-library-java#1722)) ([4340684](googleapis/google-auth-library-java@4340684)) - Next release from main branch is 1.34.0 ([#​1698](googleapis/google-auth-library-java#1698)) ([fe43815](googleapis/google-auth-library-java@fe43815)) - Next release from main branch is 1.34.0 ([#​1702](googleapis/google-auth-library-java#1702)) ([4507cf9](googleapis/google-auth-library-java@4507cf9)) ##### Bug Fixes - Do not add padding in Client-Side CAB tokens. ([#​1728](googleapis/google-auth-library-java#1728)) ([8a75ccd](googleapis/google-auth-library-java@8a75ccd)) </details> <details> <summary>docker-java/docker-java (com.github.docker-java:docker-java-transport-httpclient5)</summary> ### [`v3.5.0`](https://github.com/docker-java/docker-java/releases/tag/3.5.0) [Compare Source](docker-java/docker-java@3.4.2...3.5.0) ##### Breaking changes - Fix InspectContainerResponse data types to be able to hold an int64 [@​eddumelendez](https://github.com/eddumelendez) ([#​2392](docker-java/docker-java#2392)) - Add some missed options to UpdateContainerCmd [@​MillQK](https://github.com/MillQK) ([#​2389](docker-java/docker-java#2389)) ##### 📈 Enhancements - Add setters for security options and runtimes [@​LarsSven](https://github.com/LarsSven) ([#​2384](docker-java/docker-java#2384)) ##### 🐛 Bug Fixes - Fix possible CME while replacing properties [@​eddumelendez](https://github.com/eddumelendez) ([#​2416](docker-java/docker-java#2416)) ##### Dependencies - Bump com.google.guava:guava from 19.0 to 33.4.6-jre [@​artragis](https://github.com/artragis) ([#​2300](docker-java/docker-java#2300)) - Bump org.awaitility:awaitility from 4.0.1 to 4.3.0 [@​dependabot](https://github.com/dependabot) ([#​2408](docker-java/docker-java#2408)) - Bump org.immutables:value from 2.8.2 to 2.10.1 [@​dependabot](https://github.com/dependabot) ([#​2220](docker-java/docker-java#2220)) - Bump org.apache.commons:commons-compress from 1.21 to 1.27.1 [@​dependabot](https://github.com/dependabot) ([#​2256](docker-java/docker-java#2256)) - Bump org.projectlombok:lombok from 1.18.22 to 1.18.38 [@​dependabot](https://github.com/dependabot) ([#​2210](docker-java/docker-java#2210)) - Bump com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider from 2.10.3 to 2.18.3 [@​dependabot](https://github.com/dependabot) ([#​2281](docker-java/docker-java#2281)) - Bump jackson.version from 2.8.8 to 2.18.3 [@​dependabot](https://github.com/dependabot) ([#​2283](docker-java/docker-java#2283)) - Bump netty.version from 4.1.46.Final to 4.1.119.Final [@​dependabot](https://github.com/dependabot) ([#​2302](docker-java/docker-java#2302)) - Bump org.bouncycastle:bcpkix-jdk18on from 1.76 to 1.80 [@​dependabot](https://github.com/dependabot) ([#​2254](docker-java/docker-java#2254)) - Bump commons-io:commons-io from 2.13.0 to 2.18.0 [@​dependabot](https://github.com/dependabot) ([#​2263](docker-java/docker-java#2263)) - Bump net.java.dev.jna:jna from 5.13.0 to 5.17.0 [@​dependabot](https://github.com/dependabot) ([#​2273](docker-java/docker-java#2273)) - Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.17.0 [@​dependabot](https://github.com/dependabot) ([#​2259](docker-java/docker-java#2259)) - Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.18.2 to 0.23.1 [@​dependabot](https://github.com/dependabot) ([#​2238](docker-java/docker-java#2238)) - Bump org.junit.jupiter:junit-jupiter from 5.10.0 to 5.12.1 [@​dependabot](https://github.com/dependabot) ([#​2241](docker-java/docker-java#2241)) - Bump junixsocket.version from 2.6.1 to 2.10.1 [@​dependabot](https://github.com/dependabot) ([#​2249](docker-java/docker-java#2249)) - Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.2 to 5.4.3 [@​dependabot](https://github.com/dependabot) ([#​2272](docker-java/docker-java#2272)) - Bump org.assertj:assertj-core from 3.24.2 to 3.27.3 [@​dependabot](https://github.com/dependabot) ([#​2291](docker-java/docker-java#2291)) - Upgrade Apache HttpClient to version 5.4 [@​ok2c](https://github.com/ok2c) ([#​2364](docker-java/docker-java#2364)) </details> <details> <summary>autonomousapps/dependency-analysis-android-gradle-plugin (com.autonomousapps.dependency-analysis)</summary> ### [`v2.17.0`](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin/blob/HEAD/CHANGELOG.md#Version-2170) - \[Fix]: duplicate class warning doesn't warn about multiple dependencies with same GAV. - \[Fix]: ensure all capabilities are internally sorted; also synthesized dependencies. - \[Fix]: ensure all dependencies are internally sorted. - \[Fix]: ensure output of GraphViewTask is fully sorted (therefore deterministic). - \[Fix]: intermediate android res classes must have meaningful hashCode() functions. - \[Fix]: improve sorting of various build outputs to ensure determinism. </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.48.2`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.48.2): 1.48.2 ##### Components ##### Profiling - 🐛 Bump ddprof-java to 1.24.0 ([#​8717](DataDog/dd-trace-java#8717) - [@​jbachorik](https://github.com/jbachorik)) - Add diagnostic counters for some failed unwinds by [@​jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#202 - Add profiler counters for time spent in stack unwinding by [@​bric3](https://github.com/bric3) in DataDog/java-profiler#195 - Increase number of reserved frames (cherry-pick [`6c0aff4`](DataDog/dd-trace-java@6c0aff4)) by [@​MattAlp](https://github.com/MattAlp) in DataDog/java-profiler#206 - Dwarf and JVMFlag related downports by [@​jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#204 ##### Tracer core - 🐛 Turn off JDK socket support by default ([#​8716](DataDog/dd-trace-java#8716) - [@​mcculls](https://github.com/mcculls)) ##### Instrumentations ##### Akka instrumentation - 🐛 Handle reentrant scope cleanup in Akka/Pekko actor instrumentations ([#​8723](DataDog/dd-trace-java#8723) - [@​mcculls](https://github.com/mcculls)) </details> <details> <summary>aws/aws-sdk-java (com.amazonaws:aws-java-sdk-sqs)</summary> ### [`v1.12.783`](https://github.com/aws/aws-sdk-java/blob/HEAD/CHANGELOG.md#112783-2025-04-29) [Compare Source](aws/aws-sdk-java@1.12.782...1.12.783) #### **Amazon S3** - ### Features - Abort multipart download if object is modified during download. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 91d7374bcdee536ba58a6cd5ea2b1710688db2c0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit introduces the foundational components for workload identity mTLS authentication. It includes classes to load the certificate and private key file paths from a JSON configuration and to provide these credentials as a KeyStore.
This lays the groundwork for future implementation of trust chain handling and subject token generation.