Update dropwizard monorepo to v1.3.29 #26

renovate · 2022-03-15T14:27:42Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
io.dropwizard:dropwizard-testing	`1.0.2` -> `1.3.29`
io.dropwizard:dropwizard-views-freemarker	`1.0.2` -> `1.3.29`
io.dropwizard:dropwizard-views	`1.0.2` -> `1.3.29`
io.dropwizard:dropwizard-assets	`1.0.2` -> `1.3.29`
io.dropwizard:dropwizard-servlets	`1.0.2` -> `1.3.29`
io.dropwizard:dropwizard-jetty	`1.0.2` -> `1.3.29`
io.dropwizard:dropwizard-lifecycle	`1.0.2` -> `1.3.29`
io.dropwizard:dropwizard-jackson	`1.0.2` -> `1.3.29`
io.dropwizard:dropwizard-jersey	`1.0.2` -> `1.3.29`
io.dropwizard:dropwizard-validation	`1.0.2` -> `1.3.29`
io.dropwizard:dropwizard-core	`1.0.2` -> `1.3.29`

Release Notes

dropwizard/dropwizard

`v1.3.29`

Compare Source

❗ Important note

This is the final release of Dropwizard 1.3.x. Please consider migrating to Dropwizard 2.0.x.

➡️ Upgrade Notes for Dropwizard 2.0.x

Dependency updates

Bump checker-qual from 3.8.0 to 3.9.0 (joschi/dropwizard-1.3#73)
Bump guava from 30.0-jre to 30.1-jre (joschi/dropwizard-1.3#69)
Bump jackson-bom from 2.9.10.20201202 to 2.9.10.20210106 (#3641, joschi/dropwizard-1.3#75)
Bump joda-time from 2.10.8 to 2.10.9 (joschi/dropwizard-1.3#72)
Bump snakeyaml from 1.26 to 1.27 (joschi/dropwizard-1.3#48)
Bump tomcat-jdbc from 9.0.40 to 9.0.41 (joschi/dropwizard-1.3#67)
Bump mockito-core from 3.6.28 to 3.7.0 (joschi/dropwizard-1.3#74)
Bump octokit from 4.19.0 to 4.20.0 in /docs (joschi/dropwizard-1.3#71)

`v1.3.28`

Compare Source

Dependency updates

Bump checker-qual from 3.7.0 to 3.8.0 (joschi/dropwizard-1.3#47, joschi/dropwizard-1.3#64)
Bump jackson-bom from 2.9.10.20200824 to 2.9.10.20201202 (joschi/dropwizard-1.3#63)
Bump jdbi3-bom from 3.17.0 to 3.18.0 (joschi/dropwizard-1.3#65)
Bump jetty.version from 9.4.33.v20201020 to 9.4.35.v20201120 (joschi/dropwizard-1.3#41, joschi/dropwizard-1.3#59)
- This addresses GHSA-86wm-rrjm-8wh8
Bump maven-shade-plugin from 3.2.0 to 3.2.4 (joschi/dropwizard-1.3#54)
Bump metrics4.version from 4.1.14 to 4.1.16 (joschi/dropwizard-1.3#43, joschi/dropwizard-1.3#61)
Bump tomcat-jdbc from 9.0.39 to 9.0.40 (joschi/dropwizard-1.3#56)
Bump junit-jupiter-engine from 5.6.2 to 5.7.0 (joschi/dropwizard-1.3#53)
Bump assertj-core from 3.17.2 to 3.18.1 (joschi/dropwizard-1.3#40)
Bump mockito-core from 3.5.15 to 3.6.28 (joschi/dropwizard-1.3#52, joschi/dropwizard-1.3#60)
Bump slf4j-simple from 1.7.25 to 1.7.30 (joschi/dropwizard-1.3#50)
Bump jacoco-maven-plugin from 0.8.5 to 0.8.6 (joschi/dropwizard-1.3#39)
Bump actions/cache from v1 to v2.1.3 (joschi/dropwizard-1.3#58)
Bump joschi/setup-jdk from v1 to v2.3.0 (joschi/dropwizard-1.3#57)

`v1.3.27`

Compare Source

Improvements

Remove obsolete NonblockingServletHolder (#3527)
- NonblockingServletHolder is now deprecated and will be removed in Dropwizard 2.1.x.

Security

Bump jetty.version from 9.4.32.v20200930 to 9.4.33.v20201020 (#3522)
- This is addressing GHSA-g3wg-6mcf-8jj6 (CVE-2020-27216)

Dependency updates

Bump joda-time from 2.10.7 to 2.10.8 (#3525)
Bump jetty.version from 9.4.32.v20200930 to 9.4.33.v20201020 (#3522)
Bump assertj-core from 3.17.2 to 3.18.0 (#3524)

`v1.3.26`

Compare Source

Improvements

Swallow EofException when response was incomplete (#3382)

Bug fixes

Reset Jersey client in tests (#3453)

Dependency updates

Bump Mustache Java compiler from 0.9.6 to 0.9.7 (#3508)
Bump guava from 24.1.1-jre to 30.0-jre (#3509)
Bump httpclient from 4.5.12 to 4.5.13 (#3516)
Bump jdbi3-bom from 3.14.3 to 3.17.0 (#3510)
Bump jetty.version from 9.4.31.v20200723 to 9.4.32.v20200930 (#3478)
Bump joda-time from 2.10.6 to 2.10.7 (#3519)
Bump metrics-bom from 4.1.12.1 to 4.1.14 (#3520)
Bump tomcat-jdbc from 9.0.37 to 9.0.39 (#3495)
Upgrade to Liquibase 3.10.3
Bump assertj-core from 3.16.1 to 3.17.2 (#3448)
Bump junit from 4.12 to 4.13.1 (joschi/dropwizard-1.3#24, joschi/dropwizard-1.3#25)
Bump mockito.version from 3.4.6 to 3.5.15 (#3513)
Bump maven-project-info-reports-plugin from 3.1.0 to 3.1.1 (joschi/dropwizard-1.3#29)
Bump octokit from 4.18.0 to 4.19.0 in /docs (#3518)
Enforce checker-qual 3.7.0 for dependency convergence

`v1.3.25`

Compare Source

Changes since Dropwizard 1.3.25-beta.2

Dependency updates

Upgrade to Jackson 2.9.10.20200824 (#3433)

Changes since Dropwizard 1.3.24

Improvements

Remove alpn-boot dependency in dropwizard-http2 for Java 8u252 (#3256)
Extend from AbstractHandlerContainer instead of AbstractHandler (#2460)
Add JAXB API to dropwizard-jersey (Java 11)
Use SslContextFactory.Server over deprecated SslContextFactory (#3411)

Dependency updates

Upgrade to Jetty 9.4.31.v20200723
Upgrade to jetty-setuid-java 1.0.4
Upgrade to Liquibase 3.10.2
Upgrade to Joda-Time 2.10.6
Upgrade to Jdbi 3.14.3
Upgrade to SLF4J 1.7.30
Upgrade to Apache Tomcat JDBC Pool 9.0.37
Upgrade to Apache HttpClient 4.5.12
Upgrade to commons-text 1.9
Upgrade to commons-lang3 3.11
Upgrade to Metrics 4.1.12.1
Upgrade to Freemarker 2.3.30
Upgrade to Objenesis 3.1
Upgrade to Javassist 3.27.0-GA
Upgrade to Classmate 1.5.1

Test dependencies

Upgrade to HSQLDB 2.5.1
Upgrade to JUnit 5.6.2
Upgrade to Mockito 3.4.6
Upgrade to AssertJ 3.16.1
Upgrade to Error Prone 2.3.4
Upgrade to NullAway 0.7.10

Build dependencies

Update wrapper to Maven 3.6.3
Bump octokit from 4.8.0 to 4.18.0 in /docs (#23)
Upgrade to sphinx-maven-plugin 2.9.0
Upgrade to maven-source-plugin 3.2.1
Upgrade to maven-site-plugin 3.9.1
Upgrade to maven-resources-plugin 3.2.0
Upgrade to maven-project-info-reports-plugin 3.1.0
Upgrade to maven-javadoc-plugin 3.2.0
Upgrade to maven-jar-plugin 3.2.0
Upgrade to maven-clean-plugin 3.1.0
Upgrade to maven-checkstyle-plugin 3.1.1
Upgrade to jacoco-maven-plugin 0.8.5
Upgrade to build-helper-maven-plugin 3.2.0
Update Maven plugins in java-simple archetype POM template
Update Maven plugins in dropwizard-example
Update Maven plugins in dropwizard-archetypes

Assorted

Fix build of dropwizard-example with Java 11

`v1.3.24`

Compare Source

Dependency updates

Upgrade to Jackson 2.9.10.20200621 (#3344)

`v1.3.23`

Compare Source

Dependency updates

Upgrade to Jackson 2.9.10.20200411 (#3246)

Security

Disable message interpolation in ConstraintViolations by default (#3209)

`v1.3.20`

Compare Source

Security

Upgrade to Jackson 2.9.10.20200223 to address CVE-2020-8840 (#3168)

`v1.3.19`

Compare Source

Security

Escape EL expressions in ViolationCollector to address CVE-2020-5245 (#3160)
- Security Advisory: Remote Code Execution (RCE) vulnerability in dropwizard-validation <2.0.2
- Thanks to Alvaro Muñoz (@pwntester) and the GitHub Security Lab for the responsible disclosure!

`v1.3.18`

Compare Source

Update Jackson version to 2.9.10.20200103 to address CVE-2019-20330 (#3100)

Thanks to @msymons!

`v1.3.17`

Compare Source

Add SLF4J marker to dropwizard-json-logging (#3005)
Enable Jackson Afterburner only on Java 8 (backport) (#3028)
Upgrade Apache HttpClient to 4.5.10 to fix URI rewriting (#3029)

`v1.3.16`

Compare Source

Upgrade to Jackson 2.9.10.20191020 to address CVE-2019-16942, CVE-2019-16943, and CVE-2019-17531 (#2988, thanks to @msymons)

`v1.3.15`

Compare Source

Upgrade to Jackson 2.9.10 to address multiple security issues (#2939)

`v1.3.14`

Compare Source

Upgrade to Jackson 2.9.9.20190807 to address multiple security issues (#2871)

`v1.3.13`

Compare Source

Upgrade to Jackson Databind 2.9.9.1 to address CVE-2019-12086 (#2825)
Add a JSONUnauthorizedHandler (#2841)

`v1.3.12`

Compare Source

Upgrade to Jackson 2.9.9 to address CVE-2019-12086 (#2779)

`v1.3.11`

Compare Source

Upgrade Jetty to 9.4.18.v20190429

`v1.3.10`

Compare Source

Upgrade Jetty to 9.4.17.v20190418
Upgrade commons-lang3 to 3.8.1 to make BOM compatible with Java 11 (#2679)

`v1.3.9`

Compare Source

Fix NPE when requesting /admin/tasks (#2626, #2627)
Remove prerequisites from archetype-generated POM (#2320)
Upgrade to Jackson 2.9.8, addressing various CVEs (#2591)
Upgrade JDBI3 to 3.5.1 (#2593)
Upgrade Dropwizard Metrics to 4.0.5 (#2594)
Upgrade Jetty to 9.4.14.v20181114 (#2592)
Update dependencies to latest patch versions (#2628)
- Joda-Time 2.10.1
- Apache HttpClient 4.5.7
- Apache Tomcat JDBC Pool: 9.0.14
- Hibernate ORM 5.2.18.Final
- Liquibase 3.6.3
- Freemarker 2.3.28
- Mustache 0.9.6
- Javassist 3.24.1-GA
- Classmate 1.4.0
- HSQLDB 2.4.1
- Mockito 2.24.0
Upgrade to SLF4J 1.7.26 (CVE-2018-8088)
Upgrade to Tomcat JDBC Connection Pool 9.0.16
Upgrade to Hibernate Validator 5.4.3.Final

`v1.3.8`

Compare Source

Fix CVE-2018-10237 by upgrading Guava to 24.1.1 #2587

`v1.3.7`

Compare Source

Fix incorrect reading of somaxconn for TCP backlog on Linux (#2430)

`v1.3.6`

Compare Source

Fixes a DoS attack vulnerability in Jackson: https://github.com/FasterXML/jackson-databind/issues/2141 #2511

`v1.3.5`

Compare Source

Upgrade to Jetty 9.4.11.v20180605: http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00123.html

`v1.3.4`

Compare Source

Upgrade to Jackson 2.9.6 to fix CVE-2018-12022 and CVE-2018-12023 (#2392, #2393)
Upgrade to Liquibase 3.6.1 (#2385, #2386)

`v1.3.3`

Compare Source

Fix jersey attempting to resolve auth filter fields (#2324)
Upgrade to JUnit5 5.2.0 (#2347)
Upgrade to Jdbi3 3.2.1 (#2369)
Upgrade Liquibase from 3.5.5 to 3.6.0 (#2325)

`v1.3.2`

Compare Source

Upgrade Jetty to 9.4.10.v20180503 #2346
Add possibility to disable logging bootstrap for ResourceTestRule #2333

`v1.3.1`

Compare Source

Upgraded to Jackson 2.9.5 (including a fix for CVE-2018-7489)

`v1.3.0`

Compare Source

Add dropwizard-jdbi3 module #2243, #2247
Add Dropwizard testing module for JUnit 5 #2166
Support for building and running Dropwizard on JDK9 #2197
Support for running Dropwizard with native SSL via Conscrypt #2230
Add support for JSON logs in Dropwizard #2232
Add a TCP and UDP log appenders to Dropwizard #2291
Add support for providing a custom logging layout during logging bootstrap #2260
Add context path to logged endpoints #2254
Support multiple extensions for views (breaking change) #2213
Enable auto escaping of strings in Freemarker templates #2251
Allow dynamic constraint validation messages #2246
Add the @SelfValidation annotation as a powerful alternative to @ValidationMethod #2150
Set a minimal duration for DatasourceFactory.maxWaitForConnection() #2130
Migrate deprecated classes from commons-lang to commons-text #2208
Support for setting the immediateFlush option for file logging #2193
Use InstrumentedQueuedThreadPool for admin endpoint #2186
Add support for configuring ServiceUnavailableRetryStrategy for HTTP clients #2185
Add possibility to configure Jetty's minRequestDataRate #2184
Add exclusive mode to @MinDuration and @MaxDuration annotations #2167
Strip the Content-Length header after decompressing HTTP requests #2271
Add support for providing a custom layout during logging bootstrap #2260
Add support for PATCH request to Jersey test client #2288
Add configuration option to EventJsonLayoutBaseFactory to flatten MDC #2293
Allow to use custom security provider in HTTP client #2299
Make ignoreExceptionOnPreLoad on database pool properties configurable #2300
Allow lazy initialization of resources in ResourceTestRule #2304
Make sure Jersey test client uses Dropwizard's ObjectMapper #2277
Allow customizing Hibernate Configuration in DAOTest #2301
Upgrade to Apache Commons Lang3 3.7
Upgrade to Apache Commons Text 1.2
Upgrade to Apache HttpClient 4.5.5
Upgrade to Apache Tomcat JDBC 9.0.5
Upgrade to Argparse4j 0.8.1
Upgrade to AssertJ 3.9.1
Upgrade to Dropwizard Metrics 4.0.2
Upgrade to Error Prone 2.2.0
Upgrade to Guava 24.0-jre
Upgrade to Hibernate 5.2.15.Final
Upgrade to Jackson 2.9.4
Upgrade Jadira to 7.0.0-rc1 #2272
Upgrade to Jdbi 3.1.0 #2289
Upgrade to JUnit 5.0.3
Upgrade to Mockito 2.15.0
Upgrade to NullAway 0.3.2

`v1.2.9`

Compare Source

Fixes a DoS attack vulnerability in Jackson https://github.com/FasterXML/jackson-databind/issues/2141 #2511

`v1.2.8`

Compare Source

Upgrade to Jetty 9.4.11.v20180605: http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00123.html

`v1.2.7`

Compare Source

Upgrade to Jackson 2.9.6 to fix CVE-2018-12022 and CVE-2018-12023 (#2392, #2393)

`v1.2.6`

Compare Source

Upgrade Jetty to 9.4.10.v20180503 #2346
Add possibility to disable logging bootstrap for ResourceTestRule #2333

`v1.2.5`

Compare Source

Upgraded to Jackson 2.9.5 (including a fix for CVE-2018-7489)

`v1.2.4`

Compare Source

Upgrade Jackson to 2.9.4 in 1.2.* to address a CVE #2269

`v1.2.3`

Compare Source

Enable auto escaping of strings in Freemarker templates (#2251)

`v1.2.2`

Compare Source

Don't shut down asynchronous executor in Jersey #2221
Add possibility to possibility to extend DropwizardApacheConnector #2220

`v1.2.1`

Compare Source

Correctly set up SO_LINGER for the HTTP connector #2176
Support fromString in FuzzyEnumParamConverter #2161
Upgrade to Hibernate 5.2.12.Final to address https://hibernate.atlassian.net/browse/HHH-11996, #2206
Upgrade to Freemaker 2.3.27-incubating

`v1.2.0`

Compare Source

Complete changelog on GitHub

Support configuring FileAppender#bufferSize #1951
Improve error handling of @FormParam resources #1982
Add JDBC interceptors through configuration #2030
Support Dropwizard applications without logback #1900
Replace deprecated SizeAndTimeBasedFNATPSizeAndTimeBasedRollingPolicy #2010
Decrease allowable tomcat jdbc validation interval to 50ms #2051
Add support for setting several cipher suites for HTTP/2 #2119
Remove Dropwizard's Jackson dependency on Logback #2112
Handle badly formed "Accept-Language" headers #2103
Use LoadingCache in CachingAuthorizer #2096
Client NTLM Authentication #2091
Add optional Jersey filters #1948
Upgrade to Apache commons-lang3 3.6
Upgrade to AssertJ 3.8.0
Upgrade to classmate 1.3.4
Upgrade to Guava 23.1
Upgrade to H2 1.4.196
Upgrade to Hibernate 5.2.11.Final
Upgrade to Hibernate Validator 5.4.1.Final
Upgrade to HSQLDB 2.4.0
Upgrade to Jackson 2.9.1
Upgrade to Jetty 9.4.7.v20170914
Upgrade to JMH 1.19
Upgrade to Joda-Time 2.9.9
Upgrade to Logback 1.2.3
Upgrade to Metrics 3.2.5
Upgrade to Mockito 2.10.0
Upgrade to Mustache.java 0.9.5
Upgrade to Objenesis 2.6
Upgrade to SLF4J 1.7.25
Upgrade to tomcat-jdbc 8.5.23

`v1.1.8`

Compare Source

Upgrade to Jetty 9.4.11.v20180605: http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00123.html

`v1.1.7`

Compare Source

Upgrade Jackson to 2.8.11 in 1.1.* to address a CVE #2270

`v1.1.6`

Compare Source

Support fromString in FuzzyEnumParamConverter #2161

`v1.1.5`

Compare Source

Correctly set up SO_LINGER for the HTTP connector (#2176)

`v1.1.4`

Compare Source

`v1.1.3`

Compare Source

Update Jetty to 9.4.6.v20170531 to address CVE-2017-9735 #2117

`v1.1.2`

Compare Source

Updated Jackson to 2.8.9. Fixes a security vulnerability https://github.com/FasterXML/jackson-databind/issues/1599 with default typing #2086
Use the correct JsonFactory in JSON configuration parsing #2046
Support of extending of DBIFactory #2067
Add time zone to Java 8 datetime mappers #2069

`v1.1.1`

Compare Source

Set the console logging context after a reset #1973
Set logging context for file appenders before setting the buffer size #1975
Remove javax.el from jersey-bean-validation #1976
Exclude duplicated JTA 1.1 from dropwizard-hibernate dependencies #1977
Add missing @UnwrapValidatedValue annotations #1993
Fix HttpSessionListener.sessionDestroyed is not being called #2032
Add flag to make ThreadNameFilter optional #2014

`v1.1.0`

Compare Source

http://www.dropwizard.io/1.1.0/docs

Upgraded to Hibernate ORM 5.2.7 #1871
Add runtime certificate reload via admin task #1799
List available tasks lexically via admin task #1939
Add support for optional resource protection #1931
Invalid enum request parameters result in 400 response with possible choices #1734
Enum request parameters are deserialized in the same fuzzy manner, as the request body #1734
Request parameter name displayed in response to parse failure #1734
Add DurationParam as a possible request parameter #1734
Add SizeParam as a possible request parameter #1751
Allow overriding of a default ExceptionMapper without re-registering all other defaults #1768
Allow overriding of default JsonProvider #1788
Finer-grain control of exception behaviour in view renderers #1820
Default WebApplicationException handler preserves exception HTTP headers #1912
JerseyClientBuilder can create rx-capable client #1721
Configurable response for empty Optional return values #1784
Add web test container agnostic way of invoking requests in ResourceTestRule #1778
Remove OptionalValidatedValueUnwrapper #1583
Allow constraints to be applied to type #1586
Use LoadingCache in CachingAuthenticator #1615
Switch cert and peer validation to false by default #1855
Introduce CachingAuthorizer #1639
Enhance logging of registered endpoints #1804
Flush loggers on command exit instead of destroying logging #1947
Add support for neverBlock on AsyncAppenders #1917
Allow to disable caching of Mustache views #1289
Add the httpCompliance option to the HTTP configuration #1825
Add the blockingTimeout option to the HTTP configuration #1795
Make GZipHandler sync-flush configurable #1685
Add min and mins as valid Duration abbreviations #1833
Register Jackson parameter-names modules #1908
Native Jackson deserialization of enums when Jackson annotations are present #1909
Add JsonConfigurationFactory for first-class support of the JSON configuration #1897
Support disabled and enabled attributes for metrics #1957
Support @UnitOfWork in sub-resources #1959
Upgraded to Jackson 2.8.6
Upgraded to Hibernate Validator 5.3.4.Final
Upgraded to Jetty 9.4.2.v20170220 #1901
Upgraded to tomcat-jdbc 8.5.9
Upgraded to Objenesis 2.5.1 #1654
Upgraded to AssertJ 3.6.2
Upgraded to classmate 1.3.3
Upgraded to Metrics 3.2.2 #1970
Upgraded to Mustache 0.9.4 #1766
Upgraded to Mockito 2.7.12
Upgraded to Liquibase 3.5.3
Upgraded to Logback 1.2.1 #1918
Upgraded to JDBI 2.78
Upgraded to Jersey 2.25.1
Upgraded to javassist 3.21.0-GA
Upgraded to Guava 21.0
Upgraded to SLF4J 1.7.24
Upgraded to H2 1.4.193
Upgraded to Joda-Time 2.9.7
Upgraded to commons-lang3 3.5
Upgraded to Apache HTTP Client 4.5.3