Bump the java-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the java-dependencies group with 5 updates in the /cloud-run-functions/java directory:

Package	From	To
com.google.cloud.functions:functions-framework-api	1.1.4	2.0.0
org.apache.logging.log4j:log4j-core	2.25.2	2.25.3
org.apache.logging.log4j:log4j-layout-template-json	2.25.2	2.25.3
com.fasterxml.jackson.core:jackson-databind	2.20.0	2.20.1
com.datadoghq:dd-trace-api	1.53.0	1.57.0

Updates com.google.cloud.functions:functions-framework-api from 1.1.4 to 2.0.0

Release notes

Sourced from com.google.cloud.functions:functions-framework-api's releases.

functions-framework-api: v2.0.0

2.0.0 (2025-11-05)

⚠ BREAKING CHANGES

• remove java11 support and expand java21 test coverage (#356)

Features

• remove java11 support and expand java21 test coverage (#356) (c1f27d2)

java-function-invoker: v2.0.0

2.0.0 (2025-11-06)

⚠ BREAKING CHANGES

• update functions-framework-api dependency to 2.0.0 (#365)
• implementation: use Java 17 or above, as required by Eclipse Jetty-12.
• remove java11 support and expand java21 test coverage (#356)

Features

• remove java11 support and expand java21 test coverage (#356) (c1f27d2)

Miscellaneous Chores

• implementation: use Jetty-12.1 core without servlets (#333) (e23f98f)
• update functions-framework-api dependency to 2.0.0 (#365) (f351c1a)

java-function-invoker: v1.4.3

1.4.3 (2025-10-20)

Bug Fixes

• add autovalue plugin config to invoker/core/pom.xml to fix local development (#339) (4203279)

java-function-invoker: v1.4.2

1.4.2 (2025-10-20)

Bug Fixes

• add autovalue plugin config to invoker/core/pom.xml to fix local development (#339) (4203279)

java-function-invoker: v1.4.1

1.4.1 (2025-03-07)

... (truncated)

Commits

• b536258 chore(main): release java-function-invoker 2.0.0 (#359)
• f351c1a chore!: update functions-framework-api dependency to 2.0.0 (#365)
• daa0cc5 chore: fix project metadata in poms (#366)
• a868a62 chore(main): release functions-framework-api 2.0.0 (#357)
• 1ff16ba chore(deps): update all non-major dependencies (#362)
• 3fb1c02 chore(deps): update actions/setup-java action to v5 (#363)
• e23f98f chore(implementation): use Jetty-12.1 core without servlets (#333)
• 2297f3e chore: fix kokoro java17 setup (#360)
• c1f27d2 feat!: remove java11 support and expand java21 test coverage (#356)
• b6d37e5 chore(main): release function-maven-plugin 0.11.3-SNAPSHOT (#355)
• Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-core from 2.25.2 to 2.25.3

Updates org.apache.logging.log4j:log4j-layout-template-json from 2.25.2 to 2.25.3

Updates com.fasterxml.jackson.core:jackson-databind from 2.20.0 to 2.20.1

Commits

• See full diff in compare view

Updates com.datadoghq:dd-trace-api from 1.53.0 to 1.57.0

Release notes

Sourced from com.datadoghq:dd-trace-api's releases.

1.57.0

Components

Application Security Management (IAST)

• 🐛 Fix IllegalFormatConversionException StringModuleImpl#onStringFormat (#9907 - @​jandro996)

Application Security Management (WAF)

• 🐛 Fix API Security sampling in standalone mode (#10165 - @​jandro996)
• ✨ AI Guard - Ensure messages are not modified before span serialization (#10116 - @​manuel-alvarez-alvarez)

Build & Tooling

• ✨ Remove native libraries for unsupported environment (#10079 - @​PerfectSlayer)

Configuration

• 🐛 Using stable config when a security manager is enabled should not prevent tracer startup (#10006 - @​amarziali)

Continuous Integration Visibility

• ✨ Add support for Weaver Framework v0.11 (#10012 - @​daniel-mohedano)

Crash Tracking

• 🐛 Don't send crash-ping to error tracking if not enabled (#10170 - @​amarziali)
• ✨ Improve OOM parsing for Zulu8 (#10038 - @​amarziali)
• ✨ Store some crashtracking options on initialisation (#10036 - @​amarziali)
• ✨ Dual ship to error tracking (#10000 - @​amarziali)

Data Streams Monitoring

• 🐛 Fix Kafka consumer instrumentation (#10100 - @​piochelepiotr)

Dynamic Instrumentation

• 🐛 Fix metric expressions with @return (#10178 - @​jpbempel)
• 🧹 fix method reference in comment (#10101 - @​andreimatei)
• ✨ Make SymbolDB stand alone (#10064 - @​jpbempel)
• 🐛 Make Code Origin fingerprint map concurrent (#10043 - @​jpbempel)
• 🐛 Disable CodeOrigin by default (#10027 - @​jpbempel)
• 🐛⚡ Avoid expensive Class.getMethod call in code-origin advice (#10019 - @​mcculls)

Metrics

• ✨⚡ Avoid getTag overhead in ConflatingMetricsAggregator (#10070 - @​amarziali)
• 🐛 Only enable client side stats if the host agent is at least 7.65.0 (#10041 - @​bric3)

Platform

... (truncated)

Commits

• 7f969ea Show container, processes dashboard links (#10232)
• f5c3f20 Refactor multiple modules (#10230)
• a9499fa add DSM integrations to codeowners (#10219)
• eb94b8f Flaky flare test (#10221)
• cebe04f chore: Mitigate user prefs lock (#10231)
• dda618e replace method used in muzzlecheck (#10229)
• a847d94 Support Spark 4.1 by removing mention to StreamExecution class (#10228)
• 0204feb Temporary fix to unblock GitLab CI. (#10227)
• 5477fa0 Adjusted check for akka token to validate that it is not blank. (#10220)
• f94343d Disabling Strictness of Config Inversion Validation Job (#10225)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[apiarian-datadog]

This PR has been combined into #121 and merged there.

🤖 Automatically closed by combine-dependabot-prs.sh

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml