Update dropwizard monorepo to v2 (major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
io.dropwizard:dropwizard-views-freemarker	0.9.3 -> 2.0.25
io.dropwizard:dropwizard-views	0.9.3 -> 2.0.25
io.dropwizard:dropwizard-assets	0.9.3 -> 2.0.25
io.dropwizard:dropwizard-lifecycle	0.9.3 -> 2.0.25
io.dropwizard:dropwizard-jersey	0.9.3 -> 2.0.25
io.dropwizard:dropwizard-jetty	0.9.3 -> 2.0.25
io.dropwizard:dropwizard-testing	0.9.3 -> 2.0.25
io.dropwizard:dropwizard-validation	0.9.3 -> 2.0.25
io.dropwizard:dropwizard-util	0.9.3 -> 2.0.25
io.dropwizard:dropwizard-servlets	0.9.3 -> 2.0.25
io.dropwizard:dropwizard-jackson	0.9.3 -> 2.0.25
io.dropwizard:dropwizard-logging	0.9.3 -> 2.0.25
io.dropwizard:dropwizard-core	0.9.3 -> 2.0.25

---

Release Notes

dropwizard/dropwizard

v2.0.25

Compare Source

Dependency updates

• Update dependency org.glassfish:jakarta.el to v3.0.4 (#​4222)
• Update dependency org.hibernate:hibernate-core to v5.5.7.Final (#​4179, #​4223)
• Update dependency org.apache.tomcat:tomcat-jdbc to v9.0.52 (#​4221)
• Update dependency io.dropwizard.logback:logback-throttling-appender to v1.1.3 (#​4219)
• Update dependency net.bytebuddy:byte-buddy to v1.11.14 (#​4220)
• Update dependency net.java.dev.jna:jna to v5.9.0 (#​4225)
• Update dependency org.checkerframework:checker-qual to v3.17.0 (#​4226)
• Update error_prone.version to v2.9.0 (#​4227)
• Update jmh.version to v1.33 (#​4228)
• Update mockito.version to v3.12.4 (#​4230)
• Update joschi/setup-jdk action to v2.4.0 (#​4229)

Documentation

• Add anchor to note on config overrides to allow direct links (#​4193)

Assorted

• Bump Maven version to 3.8.2 (#​4191)
• Consolidate versions of maven-enforcer-plugin

v2.0.24

Compare Source

Dependency updates

• Update jetty.version to v9.4.43.v20210629 (#​4113)
• Upgrade to Dropwizard Metrics 4.1.25 (#​4084, #​4143)
• Update dependency com.github.ben-manes.caffeine:caffeine to v2.9.2 (release/2.0.x) (#​4101)
• Update dependency net.bytebuddy:byte-buddy to v1.11.9 (#​4102, #​4133, #​4175)
• Update dependency org.apache.tomcat:tomcat-jdbc to v9.0.50 (#​4103)
• Update dependency org.checkerframework:checker-qual to v3.16.0 (#​4123)
• Update dependency org.hibernate:hibernate-core to v5.5.3.Final (#​4087)
• Update dependency org.jdbi:jdbi3-bom to v3.21.0 (#​4136)
• Update logback.version to v1.2.5 (#​4151, #​4160)
• Update dependency io.dropwizard.logback:logback-throttling-appender to v1.1.2 (#​4174)
• Update slf4j.version to v1.7.32 (#​4152)
• Update error_prone.version to v2.8.0 (#​4161)
• Update dependency com.uber.nullaway:nullaway to v0.9.2 (#​4173)
• Update dependency mysql:mysql-connector-java to v8.0.26 (#​4147)
• Update dependency org.testcontainers:testcontainers-bom to v1.16.0 (#​4153)
• Update mockito.version to v3.11.2 (#​4081)
• Update dependency org.simplify4u.plugins:pgpverify-maven-plugin to v1.14.1 (#​4093, #​4134)
• Update actions/stale action to v4 (#​4137)
• Update dependency Sphinx to v4.1.2 (#​4109, #​4120, #​4131, #​4170)
• Bump addressable from 2.7.0 to 2.8.0 in /docs (#​4121)
• Update dependency lesscpy to v0.15.0 (#​4135)

v2.0.23

Compare Source

Improvements

• Add @JsonProperty for layout in AbstractAppenderFactory (#​4018)
• Add support for HTTP/2 over TLSv1.3 (#​4067)

Dependency updates

• Bump jetty.version from 9.4.41.v20210516 to 9.4.42.v20210604 (#​4033)
• Upgrade to Dropwizard Metrics 4.1.23 (#​4077)
• Update slf4j.version to v1.7.31 (#​4074)
• Update dependency net.bytebuddy:byte-buddy to v1.11.5 (#​4016, #​4041, #​4045, #​4076)
• Bump checker-qual from 3.13.0 to 3.15.0 (#​4015, #​4075)
• Bump hibernate-core from 5.4.32.Final to 5.5.2.Final (#​4017, #​4058)
• Bump jdbi3-bom from 3.20.0 to 3.20.1 (#​4034)
• Bump Mustache compiler from 0.9.7 to 0.9.10 (#​4009)
• Update dependency org.apache.tomcat:tomcat-jdbc to v9.0.48 (#​4062)
• Update dependency org.bouncycastle:bcprov-jdk15on to v1.69
• Update dependency org.assertj:assertj-core to v3.20.2 (#​4063, #​4070, #​4079)
• Update mockito.version to v3.11.1 (#​4023, #​4022)
• Update jmh.version to v1.32 (#​4004)
• Bump pgpverify-maven-plugin from 1.12.0 to 1.13.0 (#​4028)
• Bump actions/cache from 2.1.5 to 2.1.6 (#​4010)

Assorted

• Add link to https://github.com/xvik/dropwizard-guicey (#​4024)
• Added clarifying note on Singleton annotation (#​4030)
• Add test cases for deferred EL expressions

v2.0.22

Compare Source

Upgrade notes for dropwizard-jdbi3 users

Starting with Jdbi 3.19.0, the Jdbi project started pulling in Caffeine 3.x as a transitive dependency which only works with Java 11 or later:

Java 8 support is considered deprecated and will be maintained best-effort for now, but will be going away soon! In order to run on 8, you might need to dependency-manage your caffeine version back to 2.x. 3.x is required to run on newer JDKs, but will not run on 8.

Source: http://jdbi.org/#\_java_compatibility

If you're still on Java 8, you'll have to exclude the com.github.ben-manes.caffeine:caffeine dependency or force the version to a Caffeine release which still works with Java 8.

See also https://github.com/jdbi/jdbi/issues/1853.

Improvements

• Add method to AbstractDAO to get NamedQuery in a type-safe manner (#​3978)
• Implement expandChildren() in ContextRoutingHandler (#​3997)

Dependency updates

• Bump Dropwizard Metrics from 4.1.19 to 4.1.22 (#​3893, #​3990, #​3939)
• Bump byte-buddy from 1.10.22 to 1.11.0 (#​3883)
• Bump checker-qual from 3.12.0 to 3.13.0 (#​3928)
• Bump error_prone_annotations from 2.6.0 to 2.7.1 (#​3966)
• Bump hibernate-core from 5.4.30.Final to 5.4.31.Final (#​3916)
• Bump jdbi3-bom from 3.18.1 to 3.20.0 (#​3855, #​3892)
• Bump jetty.version from 9.4.39.v20210325 to 9.4.41.v20210516 (#​3879, #​3976)
• Force commons-codec 1.15 to address WS-2019-0379 (#​3856)
• Update dependency com.github.ben-manes.caffeine:caffeine to v2.9.1 (#​3937)
• Update dependency com.uber.nullaway:nullaway to v0.9.1 (#​3848)
• Update dependency org.apache.tomcat:tomcat-jdbc to v9.0.46 (#​3965)
• Bump awaitility from 4.0.3 to 4.1.0 (#​3943)
• Bump javassist from 3.27.0-GA to 3.28.0-GA (#​3944)
• Bump jmh.version from 1.29 to 1.31 (#​3934, #​3960)
• Bump junit-jupiter from 5.7.1 to 5.7.2 (#​3970, #​3971)
• Bump mockito.version from 3.8.0 to 3.10.0 (#​3845, #​3961)
• Bump mysql-connector-java from 8.0.23 to 8.0.25 (#​3886, #​3954)
• Bump testcontainers-bom from 1.15.2 to 1.15.3 (#​3880)
• Bump jacoco-maven-plugin from 0.8.6 to 0.8.7 (#​3930)
• Bump pgpverify-maven-plugin from 1.11.0 to 1.12.0 (#​3862)
• Bump maven-gpg-plugin from 1.6 to 3.0.1 (#​3945)
• Bump maven-javadoc-plugin from 3.2.0 to 3.3.0 (#​3993, #​3995)
• Bump maven-project-info-reports-plugin from 3.1.1 to 3.1.2 (#​3920, #​3940)
• Bump sonar-maven-plugin from 3.8.0.2131 to 3.9.0.2155 (#​3915)
• Bump octokit from 4.20.0 to 4.21.0 in /docs (#​3906)
• Bump sphinx from 3.5.3 to 4.0.2 in /docs (#​3867, #​3953, #​3986)
• Update actions/cache action to v2.1.5 (#​3874)
• Bump actions/checkout from 2 to 2.3.4 (#​3958)
• Update actions/stale action to v3.0.19

Documentation

• Add example for using HK2 for DI in your project (#​3177)

Assorted

• Exclude TLSv1.1 in HttpsConnectorFactoryTest (#​3894)
• Make ResourceExtensionRandomPortsTest less flaky (#​3897)
• Use maven-surefire-plugin in archetype compatible with JUnit 5 (#​3936)

v2.0.21

Compare Source

⚠️ Security fixes

• Bump jetty.version from 9.4.37.v20210219 to 9.4.39.v20210325 (#​3726, #​3821)
  • This is addressing various security issues (Jetty 9.4.39.v20210325 release notes).
  • GHSA-j6qj-j888-vvgq
  • GHSA-26vr-8j45-3r4w
  • GHSA-v7ff-8wcx-gmc5

Bug fixes

• Ensure correct TreeTraversingParser initialization in BaseConfigurationFactory (#​3800)
• Properly support HTTP/1.1 in Http2ConnectorFactory (#​3786)

Dependency updates

• Bump byte-buddy from 1.10.21 to 1.10.22 (#​3768)
• Bump checker-qual from 3.10.0 to 3.12.0 (#​3740, #​3832)
• Bump commons-lang3 from 3.11 to 3.12.0 (#​3742)
• Bump conscrypt-openjdk-uber from 2.5.1 to 2.5.2 (#​3826)
• Bump error_prone_annotations from 2.5.1 to 2.6.0 (#​3829)
• Bump guava from 30.1-jre to 30.1.1-jre (#​3799)
• Bump hibernate-core from 5.4.28.Final to 5.4.30.Final (#​3752, #​3795)
• Bump jdbi3-bom from 3.18.0 to 3.18.1 (#​3820)
• Bump metrics-bom from 4.1.18 to 4.1.19 (#​3842)
• Update dependency com.uber.nullaway:nullaway to v0.9.0 (master) (#​3728)
• Update dependency org.apache.tomcat:tomcat-jdbc to v9.0.45 (#​3771, #​3838)
• Update dependency org.liquibase:liquibase-core to v3.10.3 (release/2.0.x) (#​3764)
• Bump jmh.version from 1.27 to 1.29 (#​3741, #​3817)
• Bump jna from 5.7.0 to 5.8.0 (#​3811)
• Update dependency org.apache.maven.plugins:maven-project-info-reports-plugin to v3.1.1 (master) (#​3729)
• Bump sphinx from 3.5.2 to 3.5.3 in /docs (#​3804)
• Bump sphinx-autobuild from 2020.9.1 to 2021.3.14 in /docs (#​3781)
• Bump sphinx-rtd-theme from 0.5.1 to 0.5.2 in /docs (#​3836)
• Update actions/stale action to v3.0.18
• Update dependency Sphinx to v3.5.2
• Bump Maven to version 3.8.1

Assorted

• Add assertions for json-logging start() and stop() methods (#​3689)
• Add assertions to some tests which lacked them (#​3730)
• Address some Sonar issues (#​3737)
• Appease Sonar in dropwizard-benchmarks (#​3703)
• Improve dropwizard-example integration test logging assertions
• Make jUnit 4 test methods public (#​3727)
• Remove Apache HttpClient from dropwizard-e2e (#​3713)
• Remove public modifiers from tests (#​3691)
• Update list of keyservers to validate dependency signatures
• Skip POM signature verification (#​3789)
• Support clearing the GitHub workflow cache (#​3787)

v2.0.20

Compare Source

Dependency updates

• Bump byte-buddy from 1.10.19 to 1.10.21 (#​3681, #​3716)
• Bump caffeine from 2.8.8 to 2.9.0 (#​3710)
• Bump checker-qual from 3.9.1 to 3.10.0 (#​3679)
• Bump freemarker from 2.3.30 to 2.3.31 (#​3711)
• Bump hibernate-core from 5.4.24.Final to 5.4.28.Final (#​3698)
• Bump jetty.version from 9.4.36.v20210114 to 9.4.37.v20210219 (#​3721)
• Bump jna from 5.6.0 to 5.7.0 (#​3696)
• Bump joda-time from 2.10.9 to 2.10.10 (#​3694)
• Bump metrics-bom from 4.1.17 to 4.1.18 (#​3722)
• Bump tomcat-jdbc from 9.0.41 to 9.0.43 (#​3723)
• Bump junit from 4.13.1 to 4.13.2 (#​3706)
• Bump junit-jupiter from 5.7.0 to 5.7.1 (#​3683)
• Bump junit5.version from 5.7.0 to 5.7.1 (#​3682)
• Bump mockito.version from 3.7.7 to 3.8.0 (#​3719)
• Bump testcontainers-bom from 1.15.1 to 1.15.2 (#​3700)
• Bump maven-invoker-plugin from 3.2.1 to 3.2.2 (#​3715)
• Bump sphinx-maven-plugin from 2.9.0 to 2.10.0 (#​3699)
• Bump actions/cache from v2.1.3 to v2.1.4 (#​3684)
• Bump actions/stale from v3.0.15 to v3.0.17 (#​3695, #​3712)
• Bump sphinx from 3.4.3 to 3.5.1 in /docs (#​3705, #​3709)

Assorted

• Address SonarCloud concerns in dropwizard-auth (#​3688)
• Ensure FileAppenderFactoryTest works within its temporary directories (#​3692)
• Refactor testing of thrown exceptions (#​3676)
• Refactor testing of thrown exceptions in dropwizard-client (#​3686)
• Remove public modifiers from dropwizard-assets tests (#​3687)

v2.0.19

Compare Source

Upgrade notes

• Jersey 2.33 no longer pulls in org.glassfish.jersey.media:jersey-media-jaxb by default (see https://github.com/eclipse-ee4j/jersey/pull/4634). If you're using XML-based payloads, you'll have to explicitly include the dependency to org.glassfish.jersey.media:jersey-media-jaxb in your projects. (Thanks to @​maffe for pointing this out)

Improvements

• Add support for testing plain Command classes (#​3673)

Dependency updates

• Upgrade to Jersey 2.33 (#​3671)
• Bump jetty.version from 9.4.35.v20201120 to 9.4.36.v20210114 (#​3662)
• Bump checker-qual from 3.9.0 to 3.9.1 (#​3653)
• Bump error_prone_annotations from 2.4.0 to 2.5.1 (#​3656)
• Bump assertj-core from 3.18.1 to 3.19.0 (#​3665)
• Bump mockito.version from 3.7.0 to 3.7.7 (#​3659)
• Bump mysql-connector-java from 8.0.22 to 8.0.23 (#​3660)
• Bump sonar-maven-plugin from 3.7.0.1746 to 3.8.0.2131 (#​3655)
• Bump actions/stale from v3.0.14 to v3.0.15 (#​3668)

Documentation

• Update contributors list
• Clarify how to override ConfiguredCommand#configure (#​3675)

Assorted

• Address SonarCloud issues (#​3666)
• Move DropwizardSSLConnectionSocketFactoryTest to io.dropwizard.client (#​3657)
• Reduce use of reflection in dropwizard-jetty tests (#​3658)
• Remove apache commons-lang3 from tests (#​3625)
• Use assertThatExceptionOfType in dropwizard-auth (#​3667)
• Fix GitHub release workflow

v2.0.18

Compare Source

Improvements

• Support custom StatsCounter in CachingAuthenticator/CachingAuthorization (#​3642)
• DropwizardAppExtension support for RegisterExtension (#​3549, #​3649)
• Do not print error message about class not found (#​3616)

Dependency updates

• Bump bcprov-jdk15on from 1.67 to 1.68 (#​3614)
• Bump byte-buddy from 1.10.18 to 1.10.19 (#​3611)
• Bump checker-qual from 3.8.0 to 3.9.0 (#​3638)
• Bump guava from 30.0-jre to 30.1-jre (#​3606)
• Bump hibernate-validator from 6.1.6.Final to 6.1.7.Final (#​3608)
• Bump joda-time from 2.10.8 to 2.10.9 (#​3628)
• Bump metrics-bom from 4.1.16 to 4.1.17 (#​3648)
• Bump mockito.version from 3.6.28 to 3.7.0 (#​3637)
• Bump octokit from 4.19.0 to 4.20.0 in /docs (#​3626)
• Bump pgpverify-maven-plugin from 1.10.1 to 1.11.0 (#​3640)
• Bump sphinx from 3.3.1 to 3.4.3 in /docs (#​3610, #​3618, #​3635, #​3643)
• Bump sphinx-rtd-theme from 0.5.0 to 0.5.1 in /docs (#​3636)

Documentation

• Add missing parentheses in example docs #​3624
• Fix typo in HttpClientBuilder Javadoc (#​3632)
• Fix the AssertJ documentation URL (#​3620)
• Remove unused import from Getting Started docs #​3619
• Rename jdbi3 to db packages in example docs (#​3623)

Assorted

• Add GitHub release workflow
• Remove Travis CI configuration
• Add checks for logging statements via errorprone-slf4j (#​3607)
• Remove commons-lang3 from dropwizard-benchmarks (#​3627)
• Remove usage of deprecated Mockito#initMocks() (#​3630)
• Replace Mockito#verifyZeroInteractions with verifyNoInteractions (#​3631)
• Replace Streams usage with String#join (#​3646)
• Replace deprecated AssertJ assertions (#​3645)
• Small cleanups (#​3621)
• Stop ignoring exceptions in dropwizard-logging tests (#​3633)
• Use System.lineSeparator() instead of String.format(%n") (#​3644)

v2.0.17

Compare Source

Dependency updates

• Upgrade to Jackson 2.10.5.20201202 (#​3587)
  • This is addressing CVE-2020-25649
• Bump caffeine from 2.8.6 to 2.8.8 (#​3593, #​3597)
• Bump checker-qual from 3.7.1 to 3.8.0 (#​3586)
• Bump httpcore from 4.4.13 to 4.4.14 (#​3584)
• Bump jdbi3-bom from 3.17.0 to 3.18.0 (#​3589)
• Bump tomcat-jdbc from 9.0.40 to 9.0.41 (#​3600)
• Bump jmh.version from 1.26 to 1.27 (#​3598)
• Bump pgpverify-maven-plugin from 1.10.0 to 1.10.1 (#​3596)
• Bump testcontainers-bom from 1.15.0 to 1.15.1 (#​3602)

Documentation

• Fixed syntax in Testing Database Interactions example (#​3601)
• Update FreeMarker links in documentation (#​3591)

v2.0.16

Compare Source

Improvements

• Add ConfigOverride for random application ports during tests (#​3561)

Bug fixes

• Skip errors when visiting default implementations in ConfigurationMetadata (#​3577)

Dependency updates

• Bump hibernate-core from 5.4.23.Final to 5.4.24.Final (#​3571)
• Bump jetty.version from 9.4.33.v20201020 to 9.4.35.v20201120 (#​3552, #​3574)
  • This addresses GHSA-86wm-rrjm-8wh8
• Bump metrics-bom from 4.1.14 to 4.1.16 (#​3566, #​3578)
• Bump tomcat-jdbc from 9.0.39 to 9.0.40 (#​3570)
• Bump assertj-core from 3.18.0 to 3.18.1 (#​3564)
• Bump jna from 5.5.0 to 5.6.0 (#​3562)
• Bump mockito.version from 3.5.15 to 3.6.28 (#​3529, #​3575)
• Bump testcontainers-bom from 1.14.3 to 1.15.0 (#​3559)
• Bump pgpverify-maven-plugin from 1.9.0 to 1.10.0 (#​3568)
• Bump sphinx from 3.3.0 to 3.3.1 in /docs (#​3565)
• Bump actions/cache from v2.1.2 to v2.1.3 (#​3560)
• Bump actions/stale from v3.0.13 to v3.0.14 (#​3573)

Assorted

• Tighten up commons-lang3 dependencies (#​3567)
• Revert "Replace invalid default excludedProtocols in HttpsConnectorFactory" (#​3579)

v2.0.15

Compare Source

Improvements

• Fix logFormat configuration inconsistencies (#​3530)

Bug fixes

• Prevent deep recursion in ConfigurationMetadata (#​3536)

Security

• Replace invalid default excludedProtocols in HttpsConnectorFactory (#​3533)
  • If you're using regular expressions in the excludedProtocols configuration setting, make sure change these to specific protocols, for example ["TLSv1", "TLSv1.1", "TLSv1.2"] instead of ["TLSv1(\.[12])?"].
• Bump jetty.version from 9.4.32.v20200930 to 9.4.33.v20201020 (#​3522)
  • This is addressing GHSA-g3wg-6mcf-8jj6 (CVE-2020-27216)

Dependency updates

• Bump byte-buddy from 1.10.17 to 1.10.18 (#​3539)
• Bump checker-qual from 3.7.0 to 3.7.1 (#​3544)
• Bump hibernate-core from 5.4.22.Final to 5.4.23.Final (#​3538)
• Bump joda-time from 2.10.7 to 2.10.8 (#​3525)
• Bump assertj-core from 3.17.2 to 3.18.0 (#​3524)
• Bump bcprov-jdk15on from 1.66 to 1.67 (#​3540)
• Bump actions/stale from v3.0.12 to v3.0.13 (#​3545)
• Bump sphinx from 3.2.1 to 3.3.0 in /docs (#​3543)

Assorted

• Remove obsolete NonblockingServletHolder (#​3527)
• Reduce flakiness of LayoutIntegrationTests (#​3537)
• Move SonarQube settings to GitHub workflow (#​3534)

v2.0.14

Compare Source

Bug fixes

• Support parsing system property configuration values as arrays when the field does not exist (#​3442)
• Add null-checks to AnnotationSensitivePropertyNamingStrategy (#​3515)

Dependency updates

• Bump byte-buddy from 1.10.14 to 1.10.17 (#​3460, #​3462, #​3492)
• Bump caffeine from 2.8.5 to 2.8.6 (#​3503)
• Bump checker-qual from 3.6.0 to 3.7.0 (#​3445, #​3479)
• Bump Mustache Java compiler from 0.9.6 to 0.9.7 (#​3508)
• Bump conscrypt-openjdk-uber from 2.5.0 to 2.5.1 (#​3452)
• Bump guava from 29.0-jre to 30.0-jre (#​3509)
• Bump hibernate-core from 5.4.21.Final to 5.4.22.Final (#​3474)
• Bump hibernate-validator from 6.1.5.Final to 6.1.6.Final (#​3473)
• Bump httpclient from 4.5.12 to 4.5.13 (#​3490)
• Bump jdbi3-bom from 3.14.4 to 3.17.0 (#​3484, #​3491, #​3497, #​3510)
• Bump jersey-bom from 2.31 to 2.32 (#​3465)
• Bump jetty.version from 9.4.31.v20200723 to 9.4.32.v20200930 (#​3478)
• Bump joda-time from 2.10.6 to 2.10.7 (#​3519)
• Bump metrics-bom from 4.1.12.1 to 4.1.14 (#​3496, #​3520)
• Bump mysql-connector-java from 8.0.21 to 8.0.22 (#​3507)
• Bump tomcat-jdbc from 9.0.37 to 9.0.39 (#​3456, #​3495)
• Bump assertj-core from 3.17.1 to 3.17.2 (#​3448)
• Bump jmh.version from 1.25.1 to 1.26 (#​3444, #​3494)
• Bump junit from 4.13 to 4.13.1 (#​3500)
• Bump junit5.version from 5.6.2 to 5.7.0 (#​3454, #​3455)
• Bump mockito.version from 3.5.7 to 3.5.15 (#​3439, #​3446, #​3459, #​3464, #​3513)
• Bump maven-project-info-reports-plugin from 3.1.0 to 3.1.1 (#​3449)
• Bump jacoco-maven-plugin from 0.8.5 to 0.8.6 (#​3457)
• Upgrade to NullAway 0.8.0 (#​3504)
• Bump octokit from 4.18.0 to 4.19.0 in /docs (#​3518)
• Bump sphinx-autobuild from 0.7.1 to 2020.9.1 in /docs (#​3438)
• Bump joschi/setup-jdk from v1 to v2.3.0 (#​3486)
• Bump actions/cache from v1 to v2.1.2 (#​3487, #​3498)
• Bump actions/stale from v1 to v3.0.12 (#​3488, #​3499)

Assorted

• Add analysis with SonarCloud (#​3493)
• Build Dropwizard with Java 15 (#​3458)
• Hacktoberfest: Simplify conditional experession (#​3482)
• Fix typos in documentation (#​3483)

v2.0.13

Compare Source

Bug fixes

• Handle null values in Optional* ParamConverters (#​3431)

Dependency updates

• Bump Maven plugins in java-simple Maven archetype template (#​3389)
• Bump assertj-core from 3.16.1 to 3.17.1 (#​3423, #​3437)
• Bump byte-buddy from 1.10.13 to 1.10.14 (#​3396)
• Bump checker-qual from 3.5.0 to 3.6.0 (#​3398)
• Bump commons-text from 1.8 to 1.9 (#​3387)
• Bump conscrypt-openjdk-uber from 2.4.0 to 2.5.0 (#​3420)
• Bump guava from 28.2-jre to 29.0-jre (#​3251)
• Bump hibernate-core from 5.4.18.Final to 5.4.21.Final (#​3388, #​3405, #​3436)
• Bump jdbi3-bom from 3.14.1 to 3.14.4 (#​3413, #​3425)
• Bump jetty.version from 9.4.30.v20200611 to 9.4.31.v20200723 (#​3394)
• Bump jmh.version from 1.23 to 1.25.1 (#​3399, #​3412, #​3434)
• Bump maven-archetype-plugin.version from 3.1.2 to 3.2.0 (#​3383)
• Bump maven-filtering from 3.1.1 to 3.2.0 (#​3409)
• Bump maven-resources-plugin from 3.1.0 to 3.2.0 (#​3410)
• Bump metrics-bom from 4.1.11 to 4.1.12.1 (#​3401)
• Bump mockito.version from 3.4.4 to 3.5.7 (#​3395, #​3417, #​3419, #​3424, #​3428, #​3429)
• Bump sphinx from 3.1.2 to 3.2.1 in /docs (#​3402, #​3416)
• Upgrade to Liquibase 3.10.2 (#​3392)

Assorted

• Add Jersey bean validation end-to-end test (#​3391)
• Less noisy CI output: mvn --no-transfer-progress (#​3400)

v2.0.12

Compare Source

Improvements

• Swallow EofException when response was incomplete (#​3372)
• Don't specify scope in dependencyManagement of BOM (#​3373)

Dependency updates

• Upgrade to Jackson 2.10.5 (#​3381)
• Bump bcprov-jdk15on from 1.65.01 to 1.66 (#​3364)
• Bump commons-lang3 from 3.10 to 3.11 (#​3371)
• Bump metrics-bom from 4.1.10.1 to 4.1.11 (#​3374)
• Bump mockito.version from 3.3.3 to 3.4.0 (#​3367)
• Bump mockito.version from 3.4.0 to 3.4.2 (#​3370)
• Bump mockito.version from 3.4.2 to 3.4.3 (#​3375)
• Bump mockito.version from 3.4.3 to 3.4.4 (#​3380)
• Bump mysql-connector-java from 8.0.20 to 8.0.21 (#​3368)
• Bump pgpverify-maven-plugin from 1.8.0 to 1.9.0 (#​3365)

Assorted

• Add CodeQL analysis for security scans (#​3298)
• Update wrapper to Maven 3.6.3
• Try making App1Test#earlyEofTest() less flaky (#​3378)
• Removed some conditional tests (test smell) (#​3379)

v2.0.11

Compare Source

Improvements

• Export cache stats in CachingAuthorizer and CachingAuthenticator (#​3360)

Dependency updates

• Bump bcprov-jdk15on from 1.65 to 1.65.01 (#​3312)
• Bump byte-buddy from 1.10.10 to 1.10.11 (#​3324)
• Bump byte-buddy from 1.10.11 to 1.10.12 ([#​3339

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[renovate]

Renovate Ignore Notification

As this PR has been closed unmerged, Renovate will ignore this upgrade and you will not receive PRs for any future 2.x releases. However, if you upgrade to 2.x manually then Renovate will reenable minor and patch updates automatically.

If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.