Bump com.linecorp.armeria:armeria-bom from 1.33.4 to 1.34.1

[dependabot]

Bumps com.linecorp.armeria:armeria-bom from 1.33.4 to 1.34.1.

Release notes

Sourced from com.linecorp.armeria:armeria-bom's releases.

armeria-1.34.1

See the release notes for the complete change list.

armeria-1.34.0

See the release notes for the complete change list.

Commits

• d2a9572 Release armeria-1.34.1
• 71de41d Fix a bug where XdsBootstrap fails to fetch endpoints with secondary initia...
• 4abc7b7 Release notes for 1.34.1 (#6536)
• 6d55108 Shade pgv-java-stub and allow users to override validation behavior (#6532)
• ef267c6 Fix a bug where you cannot specify SAN when creating a self signed certificat...
• 9194843 Bump mdast-util-to-hast from 13.2.0 to 13.2.1 in /site-new (#6533)
• 77a5bc1 Bump on-headers and compression in /site (#6527)
• 817625d Bump on-headers and compression in /site-new (#6531)
• 43bd558 Run Armeria CI on Java 25 (#6506)
• 0ca3e01 Update the project version to 1.34.1-SNAPSHOT
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #6536
Resolves #6532
Resolves #6533
Resolves #6527
Resolves #6531
Resolves #6506

[github-actions]

🤖 Claude Code Review

PR Code Review - Dependency Version Bump

Overview

This PR bumps com.linecorp.armeria:armeria-bom from version 1.33.4 to 1.34.1.

---

Review Checklist Results

Code Quality

✅ Code follows style guide - N/A for dependency version bump

✅ No commented-out code - No code changes

✅ Meaningful variable names - N/A for dependency version bump

✅ DRY principle followed - N/A for dependency version bump

✅ Identify Defects - No defects introduced. This is a minor version bump (1.33.4 → 1.34.1) of the Armeria framework, which typically includes bug fixes and minor enhancements while maintaining backward compatibility.

✅ Project memory configuration - Change aligns with normal dependency maintenance. No conflicts with CLAUDE.md guidance.

Testing

⚠️ Unit tests for new functions - N/A for dependency bump, but recommend:

• Verify existing tests pass with the new version
• Run full test suite: mvn clean test
• Test gRPC server startup and shutdown
• Verify streaming operations still work correctly (export functions)

⚠️ Integration tests for new endpoints - N/A, but ensure existing integration tests pass

⚠️ Edge cases covered - Existing test coverage should validate compatibility

⚠️ Test coverage > 80% - Should remain unchanged; verify with: mvn clean install -Pjacoco

Documentation

✅ Readme updated if needed - Not required for dependency bump

✅ API docs updated - Not required; no API changes

✅ Inline comments for complex logic - N/A

❌ CHANGELOG.md updated - CHANGELOG.md should document this dependency update with:

• Version bump details
• Link to Armeria release notes for 1.34.0 and 1.34.1
• Any relevant bug fixes or improvements that affect this project

✅ Markdown formatting - No markdown changes

Security

✅ No hardcoded credentials - No changes

✅ Input validation implemented - No changes

✅ Proper error handling - No changes

✅ No sensitive data in logs - No changes

✅ No license files flagged - No .lic files or AQAAAD strings present

---

Recommendations

1. Update CHANGELOG.md - Document this dependency bump

2. Verify test suite - Run mvn clean install with all quality profiles:

   mvn clean install -Pcheckstyle,spotbugs,jacoco

3. Review Armeria release notes:

   • Check Armeria 1.34.0 release notes
   • Check Armeria 1.34.1 release notes
   • Verify no breaking changes affect gRPC server implementation in com.senzing.sdk.grpc.server.SzGrpcServer

4. Manual server testing - Start the server and verify basic operations:

   java -jar target/sz-sdk-grpc-server.jar --ini-file <config> --port 8261

---

Overall Assessment

APPROVED with minor documentation update needed

This is a low-risk dependency maintenance change. The minor version bump should be backward compatible, but testing is essential to ensure no regressions in the gRPC server functionality.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Automated Code Review

Code Quality

✅ Code follows style guide

The change is a simple dependency version bump in a Maven POM file. No code style issues apply here.

✅ No commented-out code

No commented-out code present in this change.

✅ Meaningful variable names

N/A - This is a dependency version update only.

✅ DRY principle followed

N/A - This is a dependency version update only.

✅ Identify Defects

The dependency update from armeria-bom 1.33.4 to 1.34.1 appears safe. This is a minor version bump of the Armeria BOM (Bill of Materials) dependency. Key considerations:

• pom.xml:63 - The version bump follows semantic versioning (minor version increase)
• This is a BOM dependency used for version management, not a direct runtime dependency
• The change is consistent with other recent dependency updates in the repository (per git history)
• No obvious bugs or security concerns with this dependency update

Recommendation: Review the Armeria 1.34.0 and 1.34.1 release notes to verify there are no breaking changes or important migration steps required.

Testing

⚠️ Unit tests for new functions

N/A - This is a dependency update. However, it's recommended to:

• Run the full test suite to ensure no regressions: mvn clean test
• Run with all quality profiles: mvn clean install -Pcheckstyle,spotbugs,jacoco

⚠️ Integration tests for new endpoints

N/A - No new endpoints added. Existing integration tests should be verified to pass with the new Armeria version.

⚠️ Edge cases covered

N/A - Dependency update only. Existing test coverage should validate compatibility.

❓ Test coverage > 80%

Cannot determine from this diff alone. The dependency update should not affect coverage, but tests must pass with the new version.

Documentation

✅ Readme updated if needed

N/A - A dependency version bump typically doesn't require README updates unless it changes user-facing behavior or requirements.

✅ API docs updated

N/A - BOM version updates don't affect API documentation.

✅ Inline comments for complex logic

N/A - No code logic changes.

❌ CHANGELOG.md updated

pom.xml:63 - The CHANGELOG.md should be updated to document this dependency upgrade. This helps users and developers track what versions are being used.

Recommendation: Add an entry like:

### Changed
- Bump com.linecorp.armeria:armeria-bom from 1.33.4 to 1.34.1

✅ Markdown files formatting

N/A - No markdown files modified in this PR.

Security

✅ No hardcoded credentials

No credentials in this change.

✅ Input validation implemented

N/A - Dependency update only.

✅ Proper error handling

N/A - No error handling code modified.

✅ No sensitive data in logs

N/A - No logging code modified.

✅ No checked-in license files or AQAAAD strings

No license files or suspicious strings detected in this change.

---

Summary

Overall Assessment: ✅ APPROVED with minor recommendations

This is a straightforward dependency version bump from Armeria BOM 1.33.4 to 1.34.1. The change is low-risk and follows standard dependency management practices.

Required Actions:

• CHANGELOG.md should be updated to document this dependency change

Recommended Actions:

1. Verify all tests pass: mvn clean test
2. Run quality checks: mvn clean install -Pcheckstyle,spotbugs,jacoco
3. Review Armeria release notes for versions 1.34.0 and 1.34.1 to ensure no breaking changes affect this project
4. Confirm the shaded server JAR builds successfully and runs without issues

The dependency update appears safe and aligns with the project's regular dependency maintenance pattern visible in the git history.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Code Quality

✅ Code follows style guide

Status: PASS

The change is a single-line version bump in a POM file. Maven POM formatting appears standard and follows XML conventions.

File: pom.xml:63

✅ No commented-out code

Status: PASS

No commented-out code in this diff.

✅ Meaningful variable names

Status: N/A

This is a dependency version update - no variable naming involved.

✅ DRY principle followed

Status: N/A

Not applicable to a dependency version bump.

✅ Identify Defects

Status: PASS

This is a dependency upgrade from Armeria 1.33.4 → 1.34.1. Based on the change:

• No obvious bugs introduced: This is a BOM (Bill of Materials) dependency version update
• Potential concerns:
  • Minor version bump (1.33 → 1.34) could include breaking changes or behavioral differences
  • Recommendation: Review Armeria 1.34.0 and 1.34.1 release notes to identify:
    • Breaking changes that might affect gRPC server/client implementation
    • Bug fixes that might change behavior
    • New features or deprecations

Specific areas to verify:

• gRPC streaming functionality (used in export operations)
• Server lifecycle management (SzGrpcServer.java)
• gRPC channel management (SzGrpcEnvironment.java)
• NIO transport compatibility (project explicitly uses NIO via com.linecorp.armeria.transportType=nio)

✅ Project memory configuration

Status: PASS

The change aligns with project practices:

• According to CLAUDE.md, the project uses Armeria framework for the gRPC server
• Dependency updates are standard maintenance
• No local environment-specific changes

---

Testing

⚠️ Unit tests for new functions

Status: WARNING

Issue: No test changes included in this PR.

Recommendation:

• Run the full test suite to ensure compatibility: mvn test
• Specifically verify:
  • AbstractGrpcTest and all inherited test classes
  • Server startup/shutdown in SzGrpcServer
  • Client connection in SzGrpcEnvironment
  • Streaming operations in export tests

File: All test files in src/test/java/

⚠️ Integration tests

Status: WARNING

Same concern as above - dependency updates should be validated with integration tests.

⚠️ Edge cases covered

Status: WARNING

Edge cases should be re-verified with the new Armeria version, particularly around:

• Connection failures and retries
• Concurrent request handling (--concurrency option)
• Server shutdown during active operations (state machine in SzGrpcEnvironment)

❌ Test coverage > 80%

Status: CANNOT VERIFY

No test changes or coverage report included. Should run with coverage profile:

mvn clean install -Pjacoco

---

Documentation

✅ Readme updated if needed

Status: PASS

README updates are not needed for a dependency version bump unless there are breaking changes requiring user action.

✅ API docs updated

Status: PASS

No API changes - internal dependency update only.

✅ Inline comments for complex logic

Status: N/A

Not applicable.

⚠️ CHANGELOG.md updated

Status: WARNING

Issue: No CHANGELOG.md update visible in this diff.

Recommendation: Add entry documenting the Armeria upgrade:

### Changed
- Upgraded Armeria BOM from 1.33.4 to 1.34.1

✅ Markdown formatting

Status: N/A

No markdown file changes.

---

Security

✅ No hardcoded credentials

Status: PASS

✅ Input validation implemented

Status: N/A

✅ Proper error handling

Status: PASS

Existing exception handling should be validated with new Armeria version.

✅ No sensitive data in logs

Status: PASS

✅ No license files

Status: PASS

No .lic files or AQAAAD strings detected.

---

Summary

Overall Assessment: ⚠️ APPROVED WITH RECOMMENDATIONS

This is a routine dependency maintenance update with low risk. However:

Required Actions:

1. Run full test suite to verify compatibility with Armeria 1.34.1
2. Update CHANGELOG.md with this dependency change

Recommended Actions:

1. Review Armeria release notes for relevant changes
2. Run with all quality profiles to ensure no regressions:

   mvn clean install -Pcheckstyle,spotbugs,jacoco

3. Test the standalone server JAR specifically:

   java -jar target/sz-sdk-grpc-server.jar --help

Risk Assessment:

• Low risk: Minor version bump in a well-maintained framework
• Medium impact: Armeria is core to the gRPC server implementation
• Mitigation: Existing test suite should catch any incompatibilities

---

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

PR Code Review: Bump armeria-bom from 1.33.4 to 1.34.1

Review Analysis

Code Quality

✅ Code follows our style guide - The change is a simple dependency version bump in the Maven POM file. The formatting follows standard Maven XML conventions with proper indentation and structure.

✅ No commented-out code - No commented code in this change.

✅ Meaningful variable names - N/A for dependency version updates.

✅ DRY principle followed - N/A for dependency version updates.

✅ Identify Defects - No defects detected. This is a routine dependency update from Armeria BOM 1.33.4 to 1.34.1, which is a minor version bump typical of dependency maintenance. The change is isolated to the <dependencyManagement> section at pom.xml:63, which is the correct location for BOM version management.

✅ Project memory claude configuration - The change aligns with the project guidelines in CLAUDE.md. The file indicates this is a Senzing Java gRPC SDK project using Armeria as the server framework, and dependency updates are a normal part of maintenance. The CLAUDE.md doesn't contain any environment-specific settings - it's appropriately general.

Testing

⚠️ Unit tests for new functions - N/A for dependency updates, but this deserves attention. Armeria version updates should be tested to ensure compatibility with existing gRPC server functionality.

⚠️ Integration tests for new endpoints - N/A, but existing integration tests should validate that the server still functions correctly with the updated dependency.

⚠️ Edge cases covered - N/A for dependency updates.

⚠️ Test coverage > 80% - Cannot determine from diff alone. The existing test suite should be run to validate the dependency update doesn't break functionality.

Recommendation: Ensure CI/CD pipeline runs the full test suite including:

• mvn test (all unit/integration tests)
• mvn clean install -Pcheckstyle,spotbugs,jacoco (quality checks)

Documentation

✅ Readme updated if needed - N/A for minor dependency version bumps.

✅ API docs updated - N/A, dependency version changes don't affect API documentation.

✅ Inline comments for complex logic - N/A for dependency version updates.

⚠️ CHANGELOG.md updated - Should verify if CHANGELOG.md exists and whether dependency updates are tracked there. This is a best practice for maintaining version history.

✅ Markdown files formatted with prettier - N/A, no markdown files changed in this PR.

Security

✅ No hardcoded credentials - No credentials in this change.

✅ Input validation implemented - N/A for dependency updates.

✅ Proper error handling - N/A for dependency updates.

✅ No sensitive data in logs - N/A for dependency updates.

✅ Flag checked-in license files - No .lic files or AQAAAD strings in this change.

---

Summary

Overall Assessment: ✅ APPROVED with minor recommendations

This is a clean dependency version bump from Dependabot. The change is minimal, well-scoped, and follows proper Maven practices by updating the BOM version in the <dependencyManagement> section (pom.xml:63).

Key Points:

1. Change is safe: Minor version update (1.33.4 → 1.34.1) in the Armeria framework
2. Proper location: BOM version correctly updated in dependency management
3. No code changes: Only version number changed, no logic modifications
4. Testing required: Existing test suite should validate compatibility

Recommendations:

1. Ensure CI/CD pipeline completes successfully with all tests passing
2. Check if CHANGELOG.md should be updated to track dependency versions
3. Verify the build succeeds with quality profiles: mvn clean install -Pcheckstyle,spotbugs,jacoco

---

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

⚠️ No file changes detected - skipping code review.

This PR appears to contain only metadata changes (labels, description, etc.).