Bump com.sap.cloud.sdk:sdk-bom from 5.21.0 to 5.24.0

[dependabot]

Bumps com.sap.cloud.sdk:sdk-bom from 5.21.0 to 5.24.0.

Release notes

Sourced from com.sap.cloud.sdk:sdk-bom's releases.

Release 5.24.0

What's Changed

• chore: Archetype Java 21+ compatibility by @​CharlesDuboisSAP in SAP/cloud-sdk-java#962
• chore: [DevOps] bump net.bytebuddy:byte-buddy from 1.17.7 to 1.17.8 in the test group by @​dependabot[bot] in SAP/cloud-sdk-java#966
• chore: [DevOps] bump the production-minor-patch group with 4 updates by @​dependabot[bot] in SAP/cloud-sdk-java#963
• chore: [DevOps] bump the plugins group with 2 updates by @​dependabot[bot] in SAP/cloud-sdk-java#965
• fix: README image + deepwiki by @​CharlesDuboisSAP in SAP/cloud-sdk-java#967
• chore: [DevOps] bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.6.0 to 4.9.8.1 in the plugins group by @​dependabot[bot] in SAP/cloud-sdk-java#972
• chore: [DevOps] bump com.puppycrawl.tools:checkstyle from 11.1.0 to 12.0.1 in the production-major group by @​dependabot[bot] in SAP/cloud-sdk-java#964
• fix: Circuit breaker exception handling by @​Jonas-Isr in SAP/cloud-sdk-java#971
• chore: Remove buildpacks declaration from archetype by @​newtork in SAP/cloud-sdk-java#988
• chore: [DevOps] bump org.apache.maven.plugins:maven-plugin-plugin from 3.15.1 to 3.15.2 in the plugins group by @​dependabot[bot] in SAP/cloud-sdk-java#990
• chore: [DevOps] bump the production-minor-patch group with 4 updates by @​dependabot[bot] in SAP/cloud-sdk-java#989
• chore: Enable JavaDoc Aggregate with Delombok by @​newtork in SAP/cloud-sdk-java#969
• ZTIS Support for Kyma by @​MatKuhr in SAP/cloud-sdk-java#985
• feat: support provider:client for IAS app-to-app by @​mpern in SAP/cloud-sdk-java#986
• Transparent Proxy: Seamless handling of Cross-level consumption of destination-fragment pairs by @​panayotmarinov in SAP/cloud-sdk-java#903
• chore: [DevOps] bump the github-actions group with 6 updates by @​dependabot[bot] in SAP/cloud-sdk-java#991
• chore: [DevOps] bump the production-minor-patch group with 3 updates by @​dependabot[bot] in SAP/cloud-sdk-java#992
• Add release note for App2App by @​MatKuhr in SAP/cloud-sdk-java#993

New Contributors

• @​mpern made their first contribution in SAP/cloud-sdk-java#986
• @​panayotmarinov made their first contribution in SAP/cloud-sdk-java#903

Full Changelog: https://github.com/SAP/cloud-sdk-java/commits/rel/5.24.0

Release 5.23.0

What's Changed

🔧 Compatibility Notes

• The builder methods for TransparentProxyDestination have been renamed:
  • staticDestination() to destination()
  • dynamicDestination() to gateway()

📈 Improvements

• Circuit breaker exceptions CallNotPermittedException have been replaced in favor of the previously thrown exception to provide more context on the failure.

All Commits

• feat: [OpenAPI] oneOf with a Tensor (n-Dimensional array) by @​rpanackal in SAP/cloud-sdk-java#898
• chore: Pin the current version of maven-javadoc-plugin by @​Jonas-Isr in SAP/cloud-sdk-java#917
• chore: Add note to Release PR by @​Jonas-Isr in SAP/cloud-sdk-java#918
• chore: [DevOps] bump actions/setup-java from 4 to 5 in the github-actions group by @​dependabot[bot] in SAP/cloud-sdk-java#920

... (truncated)

Commits

• 426e201 Update to version 5.24.0
• 1cc8765 Add release note for App2App (#993)
• bf79f76 chore: [DevOps] bump the production-minor-patch group with 3 updates (#992)
• 2845679 chore: [DevOps] bump the github-actions group with 6 updates (#991)
• a6a06b5 Transparent Proxy: Seamless handling of Cross-level consumption of destinatio...
• e2643f5 feat: support provider:client for IAS app-to-app (#986)
• 9323423 ZTIS Support for Kyma (#985)
• 56d111b chore: Enable JavaDoc Aggregate with Delombok (#969)
• 2d4f0b6 chore: [DevOps] bump the production-minor-patch group with 4 updates (#989)
• bad6942 chore: [DevOps] bump org.apache.maven.plugins:maven-plugin-plugin from 3.15.1...
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[vibhutikumar07]

gemini review

[github-actions]

Gemini Automated Review
Summary of Changes
The sdk-bom-version has been updated from 5.21.0 to 5.24.0, introducing a minor version bump in the Bill of Materials.

Best Practices Review 💡

• None explicitly identified in the provided partial review as a coding style or design best practice violation. The focus is on dependency management.

Potential Bugs 🐛

• The minor version bump in sdk-bom-version (from 5.21.0 to 5.24.0) can potentially introduce:
  • Unforeseen transitive dependency changes.
  • API incompatibilities with other existing dependencies.
  • API incompatibilities with current application code, leading to runtime errors or unexpected behavior.

Recommendations & Required Changes 🛠️

1. Thorough Validation of SDK BOM Update:
   It is critical to perform comprehensive validation for the sdk-bom-version update to ensure stability and compatibility. This includes:
   • Review Release Notes: Carefully examine the release notes for sdk-bom versions between 5.21.0 and 5.24.0 to understand any breaking changes, deprecations, or important behavioral modifications.
   • Comprehensive Testing: Execute the full suite of integration, unit, and end-to-end tests to catch any regressions or unexpected behavior introduced by the dependency changes. Pay particular attention to areas interacting directly or indirectly with the SDK.
   • No specific code snippet is provided by the partial review for this recommendation, as it refers to a process rather than a code change.

Quality Rating ⭐
7/10

Overall Assessment
The code introduces a necessary dependency update but highlights significant potential risks associated with BOM version bumps. While the change itself is minimal, the implications of a sdk-bom update require robust validation. The readiness for merge hinges entirely on the successful completion of the recommended comprehensive testing and release note review. Without this, there's a high risk of introducing runtime issues.

[github-actions]

Gemini Automated Review
Summary of Changes
The sdk-bom-version has been updated from 5.21.0 to 5.24.0. This represents a significant dependency version bump for the SDK Bill of Materials.
Best Practices Review 💡

• Dependency Update Diligence: For critical dependency updates, especially Bill of Materials (BOMs), it is a best practice to thoroughly review the release notes for the new version to understand potential breaking changes, new features, and necessary migration steps.
• Comprehensive Regression Testing: Any major dependency version bump necessitates a full suite of regression testing to validate compatibility with the existing codebase and other project dependencies, ensuring no new issues are inadvertently introduced.
  Potential Bugs 🐛
• Breaking Changes & Transitive Conflicts: The sdk-bom-version update from 5.21.0 to 5.24.0 carries a significant risk of introducing breaking changes or transitive dependency conflicts that may not be immediately apparent without thorough verification.
• Runtime Instability: Unverified BOM updates can lead to unexpected runtime errors, application instability, or compatibility issues with other parts of the application's ecosystem.
  Recommendations & Required Changes 🛠️

1. Mandatory Release Note Review for SDK BOM 5.24.0: It is required to thoroughly review the official release notes for sdk-bom-version 5.24.0 from the SDK provider. This step is crucial for identifying any breaking changes, deprecated functionalities, or specific migration instructions.
   • Relevant Code Context: The updated version property that necessitates this review is:

     <!-- Example from a pom.xml properties section -->
     <properties>
         <sdk-bom-version>5.24.0</sdk-bom-version>
     </properties>

   • Action: Please document findings from the release notes, specifically noting any potential impacts on the existing codebase.
2. Comprehensive Regression Testing: Execute a full suite of regression tests across all modules and functionalities that might be impacted by this dependency update. This must include, but is not limited to, integration tests, critical functional tests, and unit tests.
   • Action: Provide evidence of successful regression testing (e.g., test reports, CI/CD pipeline results) or outline a detailed plan for its execution.
3. Cross-Dependency Compatibility Check: Verify the sdk-bom-version 5.24.0 for compatibility with other critical, explicit, and transitive project dependencies. Ensure no version conflicts arise that could lead to unexpected behavior or require further dependency adjustments.
   • Action: If conflicts are identified, propose clear solutions or provide a strong justification for proceeding.
     Quality Rating ⭐
     6/10
     Overall Assessment
     The change itself, a dependency version update, is functionally straightforward. However, due to the nature of a BOM update, the implications are significant and introduce a high level of risk without proper due diligence. The code, in its current state, is not ready for merge as critical verification steps (release note review, comprehensive regression testing, and compatibility checks) are paramount to ensure the stability and reliability of the application. These steps must be performed and their results documented before this Pull Request can be considered safe to merge.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Superseded by #399.