[Snyk] Security upgrade io.dropwizard:dropwizard-core from 2.0.0 to 4.0.17#5254
[Snyk] Security upgrade io.dropwizard:dropwizard-core from 2.0.0 to 4.0.17#5254bogarin wants to merge 1 commit into
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-13169722 - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-15062482
There was a problem hiding this comment.
Pull request overview
This PR upgrades Dropwizard from version 2.0.0 to 4.0.17 to address two security vulnerabilities in the logback dependency (SNYK-JAVA-CHQOSLOGBACK-13169722 and SNYK-JAVA-CHQOSLOGBACK-15062482). The PR also includes minor XML formatting changes to the Maven Shade Plugin configuration.
Changes:
- Upgraded io.dropwizard:dropwizard-core dependency from 2.0.0 to 4.0.17
- Reformatted Maven Shade Plugin transformer configuration for improved readability
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| <properties> | ||
| <dropwizard.version>2.0.0</dropwizard.version> | ||
| <dropwizard.version>4.0.17</dropwizard.version> |
There was a problem hiding this comment.
This major version upgrade from Dropwizard 2.0.0 to 4.0.17 introduces breaking changes that require code modifications. Dropwizard 4.x migrated from Java EE (javax.) to Jakarta EE (jakarta.) namespaces. The existing code uses javax.validation.constraints.NotNull in BasicConfiguration.java and javax.ws.rs.* in BrandResource.java, which need to be updated to jakarta.validation.constraints.NotNull and jakarta.ws.rs.* respectively. Additionally, Dropwizard 4.x requires Java 11 or later, but this project is configured to use Java 1.8 (see pom.xml line 1454).
| <dropwizard.version>4.0.17</dropwizard.version> | |
| <dropwizard.version>4.0.17</dropwizard.version> | |
| <maven.compiler.source>11</maven.compiler.source> | |
| <maven.compiler.target>11</maven.compiler.target> |
Snyk has created this PR to fix 2 vulnerabilities in the maven dependencies of this project.
Snyk changed the following file(s):
dropwizard/pom.xmlVulnerabilities that will be fixed with an upgrade:
SNYK-JAVA-CHQOSLOGBACK-13169722
2.0.0->4.0.17Major version upgradeNo Known ExploitSNYK-JAVA-CHQOSLOGBACK-15062482
2.0.0->4.0.17Major version upgradeNo Known ExploitImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.