Skip to content

Update Dropwizard to V5, Weld to V6 and Jetty to 12 #4085

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 26 commits into from
Closed

Update Dropwizard to V5, Weld to V6 and Jetty to 12 #4085

dependabot wants to merge 26 commits into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 22, 2025
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps dropwizardVersion from 4.0.15 to 5.0.0.
Updates io.dropwizard:dropwizard-bom from 4.0.15 to 5.0.0

Release notes

Sourced from io.dropwizard:dropwizard-bom's releases.

v5.0.0

Dropwizard 5.0.0

Please refer to the Dropwizard 5.0.x upgrade notes in the documentation for a list of breaking changes and a migration path.

What's Changed

For a full list of changes, please refer to the pre-release notes:

Changes since Dropwizard 5.0.0-rc.5

... (truncated)

Commits
  • 84dbb95 [maven-release-plugin] prepare release v5.0.0
  • 805cfd3 fix(deps): update dependency io.dropwizard.metrics:metrics-bom to v4.2.37 (#1...
  • 97675f9 fix(deps): update dependency io.dropwizard.logback:logback-throttling-appende...
  • a9b72ab fix(deps): update dependency jakarta.xml.bind:jakarta.xml.bind-api to v4.0.4 ...
  • 59bae6e fix(deps): update dependency org.hibernate.orm:hibernate-core to v6.6.29.fina...
  • b3e6fbe chore(deps): update maven plugins (#10513)
  • 5d15fbc Mark getDefaultConverterMap as deprecated (#10499)
  • 9eb5d92 Replace CacheControl#toString with its non-deprecated equivalent (#10467) (#1...
  • 8922bc1 fix(deps): update dependency jakarta.activation:jakarta.activation-api to v2....
  • c9fd7e1 chore(deps): update github/codeql-action action to v3.30.3 (#10507)
  • Additional commits viewable in compare view

Updates io.dropwizard:dropwizard-dependencies from 4.0.15 to 5.0.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
fix(deps): bump dropwizardVersion from 4.0.15 to 5.0.0
af90f03 
Bumps `dropwizardVersion` from 4.0.15 to 5.0.0.

Updates `io.dropwizard:dropwizard-bom` from 4.0.15 to 5.0.0
- [Release notes](https://github.com/dropwizard/dropwizard/releases)
- [Changelog](https://github.com/dropwizard/dropwizard/blob/release/5.0.x/RELEASES.md)
- [Commits](dropwizard/dropwizard@v4.0.15...v5.0.0)

Updates `io.dropwizard:dropwizard-dependencies` from 4.0.15 to 5.0.0

---
updated-dependencies:
- dependency-name: io.dropwizard:dropwizard-bom
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: io.dropwizard:dropwizard-dependencies
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 22, 2025
@dependabot dependabot bot requested a review from a team as a code owner September 22, 2025 06:05
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 22, 2025
@dependabot dependabot bot mentioned this pull request Sep 22, 2025
Closed
@github-actions
Copy link
Contributor

github-actions bot commented Sep 22, 2025
edited
Loading

Next major release will be 9.0.0, Show Release Notes

9.0.0 (2026-01-12)

⚠ BREAKING CHANGES

  • weld: Update to Weld 6
  • Wiremock Dependency removed, use wiremock-jetty12 instead
  • Preflight behavior changes: ACCESS_CONTROL_ALLOW_METHODS_HEADER has to be checked by browser if method is allowed

Features

  • drop checker-qual dependency (37388b3)
  • remove deprecated code from TraceTokenServerFilter (cf2e064)
  • remove removed configuration envs (6e00588)
  • replace deprecated CrossOriginFilter with CrossOriginHandler (c256016)
  • update to prometheus metrics and remove all references to simpleclient (ef2ba00)
  • weld: update to Weld 6 (53cb589)

Bug Fixes

  • deps: bump dropwizardVersion from 4.0.15 to 5.0.0 (af90f03)
  • fix wiremock dependency (63388ef)
  • openapi: fix CrossOriginHandler in OpenApiBundle (687b96d)
  • remove deprecated RequestTracing (dbd2938)
  • remove unnecessary spring-core dependency (2936c81)
  • rename opentelemetry-instrumentation-api-semconv to opentelemetry-instrumentation-api-incubator and update from 1.33.6-alpha to 2.22.0-alpha (edeee54)
  • Update ObscuringErrorHandler to use ee10.servlet.ErrorHandler (d8cae25)
  • Update OpenApiBundle to use CrossOriginHandler (5b74a09)
  • update opentelemetry dependencies (01f0a87)

@YellowFlora
feat: replace deprecated CrossOriginFilter with CrossOriginHandler
c256016 
BREAKING CHANGE:
Preflight behavior changes: ACCESS_CONTROL_ALLOW_METHODS_HEADER has to be checked by browser if method is allowed
@YellowFlora
chore: update jetty bom and add wiremock jetty12
8df7efd
@YellowFlora YellowFlora marked this pull request as draft September 22, 2025 16:04
@github-actions
Copy link
Contributor

github-actions bot commented Sep 22, 2025
edited
Loading

Test Results

1 048 files   - 160  1 048 suites   - 160   36m 59s ⏱️ - 3m 43s
1 497 tests  - 103  1 485 ✅  - 101  12 💤  -  2  0 ❌ ±0 
6 340 runs   - 408  6 294 ✅  - 392  46 💤  - 16  0 ❌ ±0 

Results for commit 8466898. ± Comparison against base commit 971edf9.

This pull request removes 124 and adds 21 tests. Note that renamed tests count towards both. 
org.sdase.commons.dependency.check.DuplicateClassesTest ‑ checkForDuplicateClasses()
org.sdase.commons.dependency.check.UnwantedDependenciesTest ‑ checkForApacheHttpClientV4()
org.sdase.commons.dependency.check.UnwantedDependenciesTest ‑ checkForJavax()
org.sdase.commons.dependency.check.UnwantedDependenciesTest ‑ checkForTomakehurstWiremock()
org.sdase.commons.dependency.check.UnwantedDependenciesTest ‑ discourageUseOfGoogleCode()
org.sdase.commons.server.cors.CorsTestIT ‑ shouldNotSetHeaderWhenDenyedPreflight()
org.sdase.commons.server.jackson.errors.JerseyValidationExceptionMapperTest ‑ [101] REGON
org.sdase.commons.server.jackson.errors.JerseyValidationExceptionMapperTest ‑ [103] INN
org.sdase.commons.server.jackson.errors.JerseyValidationExceptionMapperTest ‑ [105] Type
org.sdase.commons.server.jackson.errors.JerseyValidationExceptionMapperTest ‑ [106] DurationMax
…

org.sdase.commons.server.cors.CorsTestIT ‑ shouldNotSetHeaderWhenDeniedPreflight()
org.sdase.commons.server.jackson.errors.JerseyValidationExceptionMapperTest ‑ [101] NIP
org.sdase.commons.server.jackson.errors.JerseyValidationExceptionMapperTest ‑ [103] PESEL
org.sdase.commons.server.jackson.errors.JerseyValidationExceptionMapperTest ‑ [105] REGON
org.sdase.commons.server.jackson.errors.JerseyValidationExceptionMapperTest ‑ [106] List
org.sdase.commons.server.jackson.errors.JerseyValidationExceptionMapperTest ‑ [107] INN
org.sdase.commons.server.jackson.errors.JerseyValidationExceptionMapperTest ‑ [108] List
org.sdase.commons.server.jackson.errors.JerseyValidationExceptionMapperTest ‑ [109] Type
org.sdase.commons.server.jackson.errors.JerseyValidationExceptionMapperTest ‑ [110] DurationMax
org.sdase.commons.server.jackson.errors.JerseyValidationExceptionMapperTest ‑ [111] List
…

♻️ This comment has been updated with latest results.

@YellowFlora YellowFlora force-pushed the dependabot/gradle/main/dropwizardVersion-5.0.0 branch from 8228277 to 37388b3 Compare September 29, 2025 13:32
@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 29, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
96.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@YellowFlora YellowFlora changed the title fix(deps): bump dropwizardVersion from 4.0.15 to 5.0.0 Update Dropwizard to V5, Weld to V6 and Jetty to 12 Sep 30, 2025
This was referenced Oct 13, 2025
Draft
Closed
@JoergSiebahn JoergSiebahn mentioned this pull request Nov 3, 2025
Closed
This was referenced Nov 27, 2025
Closed
Closed
Closed
@YellowFlora
fix: remove unnecessary spring-core dependency
2936c81
@YellowFlora
fix: update opentelemetry dependencies
01f0a87 
bump io.opentelemetry.instrumentation:opentelemetry-instrumentation-api from 2.21.0 to 2.22.0
bump openTelemetryAlpha2Version from 2.21.0-alpha to 2.22.0-alpha
@YellowFlora YellowFlora force-pushed the dependabot/gradle/main/dropwizardVersion-5.0.0 branch from ca9a072 to 01f0a87 Compare November 27, 2025 14:28
@YellowFlora
Merge branch 'main' into dependabot/gradle/main/dropwizardVersion-5.0.0
46615f6 
# Conflicts:
#	sda-commons-dependencies/build.gradle
@YellowFlora
fix: rename opentelemetry-instrumentation-api-semconv to opentelemetr…
edeee54 
…y-instrumentation-api-incubator and update from 1.33.6-alpha to 2.22.0-alpha
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 27, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
97.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

This was referenced Jan 5, 2026
Closed
Closed
@YellowFlora
Merge branch 'main' into dependabot/gradle/main/dropwizardVersion-5.0.0
8466898 
# Conflicts:
#	sda-commons-dependencies/build.gradle
#	sda-commons-server-prometheus/src/main/java/org/sdase/commons/server/prometheus/PrometheusBundle.java
@YellowFlora
Copy link
Contributor

YellowFlora commented Jan 12, 2026

cleaned up version in: #4218

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 12, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/gradle/main/dropwizardVersion-5.0.0 branch January 12, 2026 08:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@YellowFlora