Bump com.dynatrace.metric.util:dynatrace-metric-utils-java from 2.3.0 to 2.4.0

[dependabot]

Bumps com.dynatrace.metric.util:dynatrace-metric-utils-java from 2.3.0 to 2.4.0.

Release notes

Sourced from com.dynatrace.metric.util:dynatrace-metric-utils-java's releases.

v2.4.0

What's Changed

• fix metadata normalization by @​pirgeo in dynatrace-oss/dynatrace-metric-utils-java#43

Full Changelog: dynatrace-oss/dynatrace-metric-utils-java@v2.3.0...v2.4.0

Commits

• 6bdac98 fix metadata normalization (#43)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[jonatan-ivanov]

@pirgeo Could you please confirm that the changed metadata serialization in dynatrace-oss/dynatrace-metric-utils-java#43 will not cause issues for users who send the data in the new format to an older Dynatrace component?

[pirgeo]

@jonatan-ivanov Confirmed. This bug exclusively affected display name and description for new metrics. No dashboards, alerts, or other stored queries will be impacted (the metric names or attributes won't change).
Thanks for taking care of the version bump. Since 1.16.0 is still two months away, would it be possible to backport it to 1.15.x as well, or is that reserved for "functional" bugs (with this being more of a "cosmetic" bug).

[jonatan-ivanov]

We try to follow semver so in minor versions (1.15 -> 1.16) we usually introduce minor version bumps of dependencies (2.3 -> 2.4) and keep patch versions (1.15.1 -> 1.15.2) for patch version bumps and bugfixes.

Though, based on what you are saying, the normalization change was a bugfix(?) and it seems 2.4.0 did not contain any other changes. We can consider it for back-porting but could you please tell why wasn't this released as 2.3.1? Also, if you would consider it releasing as 2.3.1?

[jonatan-ivanov]

Oh, sorry, correction: Micrometer 1.15.4 is on dynatrace-metric-utils 2.2.1. So that would mean jumping two minor versions and the following changes: v2.2.1...v2.4.0. Which as far as I can see effectively means these as user-facing changes:

• Swap MD5 hash to CRC32 for checksum calculation dynatrace-oss/dynatrace-metric-utils-java#39
• fix metadata normalization dynatrace-oss/dynatrace-metric-utils-java#43

I'm not sure about these changes, if they can be back-ported to Micrometer 1.15.x, why were not they released in 2.2.2 and 2.2.3 respectively?
So I think if they can be back-ported to Micrometer 1.15.x, I think they should be back-ported to dynatrace-metric-utils-java 2.2.x which we would automatically pick up. But if the changes are "risky" enough, to be in dynatrace-metric-utils-java 2.3 and 2.4, I would only introduce them in Micrometer 1.16.0.

[pirgeo]

Oh, I got it. The MD5 change was neither a bug nor a feature, we changed it because the use of MD5 was flagged as a security vulnerability, and that is true if we used it for encryption, but we just use it to see if a file changed. That's why CRC32 is fine in that application. It didn't feel like a bugfix, and it isn't urgent, so we released it as minor version.

The change in dynatrace-oss/dynatrace-metric-utils-java#43 is definitely closer to a bugfix but it's unrelated to the previous change. I'll look into releasing that as a patch version instead, maybe 2.2.2. Thanks for explaining the way you use versioning, it makes total sense!