Update dropwizard monorepo to v2.0.23

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
io.dropwizard:dropwizard-views	2.0.16 -> 2.0.23
io.dropwizard:dropwizard-dependencies	2.0.19 -> 2.0.23

---

Release Notes

dropwizard/dropwizard

v2.0.23

Compare Source

Improvements

• Add @JsonProperty for layout in AbstractAppenderFactory (#​4018)
• Add support for HTTP/2 over TLSv1.3 (#​4067)

Dependency updates

• Bump jetty.version from 9.4.41.v20210516 to 9.4.42.v20210604 (#​4033)
• Upgrade to Dropwizard Metrics 4.1.23 (#​4077)
• Update slf4j.version to v1.7.31 (#​4074)
• Update dependency net.bytebuddy:byte-buddy to v1.11.5 (#​4016, #​4041, #​4045, #​4076)
• Bump checker-qual from 3.13.0 to 3.15.0 (#​4015, #​4075)
• Bump hibernate-core from 5.4.32.Final to 5.5.2.Final (#​4017, #​4058)
• Bump jdbi3-bom from 3.20.0 to 3.20.1 (#​4034)
• Bump Mustache compiler from 0.9.7 to 0.9.10 (#​4009)
• Update dependency org.apache.tomcat:tomcat-jdbc to v9.0.48 (#​4062)
• Update dependency org.bouncycastle:bcprov-jdk15on to v1.69
• Update dependency org.assertj:assertj-core to v3.20.2 (#​4063, #​4070, #​4079)
• Update mockito.version to v3.11.1 (#​4023, #​4022)
• Update jmh.version to v1.32 (#​4004)
• Bump pgpverify-maven-plugin from 1.12.0 to 1.13.0 (#​4028)
• Bump actions/cache from 2.1.5 to 2.1.6 (#​4010)

Assorted

• Add link to https://github.com/xvik/dropwizard-guicey (#​4024)
• Added clarifying note on Singleton annotation (#​4030)
• Add test cases for deferred EL expressions

v2.0.22

Compare Source

Upgrade notes for dropwizard-jdbi3 users

Starting with Jdbi 3.19.0, the Jdbi project started pulling in Caffeine 3.x as a transitive dependency which only works with Java 11 or later:

Java 8 support is considered deprecated and will be maintained best-effort for now, but will be going away soon! In order to run on 8, you might need to dependency-manage your caffeine version back to 2.x. 3.x is required to run on newer JDKs, but will not run on 8.

Source: http://jdbi.org/#\_java_compatibility

If you're still on Java 8, you'll have to exclude the com.github.ben-manes.caffeine:caffeine dependency or force the version to a Caffeine release which still works with Java 8.

See also jdbi/jdbi#1853.

Improvements

• Add method to AbstractDAO to get NamedQuery in a type-safe manner (#​3978)
• Implement expandChildren() in ContextRoutingHandler (#​3997)

Dependency updates

• Bump Dropwizard Metrics from 4.1.19 to 4.1.22 (#​3893, #​3990, #​3939)
• Bump byte-buddy from 1.10.22 to 1.11.0 (#​3883)
• Bump checker-qual from 3.12.0 to 3.13.0 (#​3928)
• Bump error_prone_annotations from 2.6.0 to 2.7.1 (#​3966)
• Bump hibernate-core from 5.4.30.Final to 5.4.31.Final (#​3916)
• Bump jdbi3-bom from 3.18.1 to 3.20.0 (#​3855, #​3892)
• Bump jetty.version from 9.4.39.v20210325 to 9.4.41.v20210516 (#​3879, #​3976)
• Force commons-codec 1.15 to address WS-2019-0379 (#​3856)
• Update dependency com.github.ben-manes.caffeine:caffeine to v2.9.1 (#​3937)
• Update dependency com.uber.nullaway:nullaway to v0.9.1 (#​3848)
• Update dependency org.apache.tomcat:tomcat-jdbc to v9.0.46 (#​3965)
• Bump awaitility from 4.0.3 to 4.1.0 (#​3943)
• Bump javassist from 3.27.0-GA to 3.28.0-GA (#​3944)
• Bump jmh.version from 1.29 to 1.31 (#​3934, #​3960)
• Bump junit-jupiter from 5.7.1 to 5.7.2 (#​3970, #​3971)
• Bump mockito.version from 3.8.0 to 3.10.0 (#​3845, #​3961)
• Bump mysql-connector-java from 8.0.23 to 8.0.25 (#​3886, #​3954)
• Bump testcontainers-bom from 1.15.2 to 1.15.3 (#​3880)
• Bump jacoco-maven-plugin from 0.8.6 to 0.8.7 (#​3930)
• Bump pgpverify-maven-plugin from 1.11.0 to 1.12.0 (#​3862)
• Bump maven-gpg-plugin from 1.6 to 3.0.1 (#​3945)
• Bump maven-javadoc-plugin from 3.2.0 to 3.3.0 (#​3993, #​3995)
• Bump maven-project-info-reports-plugin from 3.1.1 to 3.1.2 (#​3920, #​3940)
• Bump sonar-maven-plugin from 3.8.0.2131 to 3.9.0.2155 (#​3915)
• Bump octokit from 4.20.0 to 4.21.0 in /docs (#​3906)
• Bump sphinx from 3.5.3 to 4.0.2 in /docs (#​3867, #​3953, #​3986)
• Update actions/cache action to v2.1.5 (#​3874)
• Bump actions/checkout from 2 to 2.3.4 (#​3958)
• Update actions/stale action to v3.0.19

Documentation

• Add example for using HK2 for DI in your project (#​3177)

Assorted

• Exclude TLSv1.1 in HttpsConnectorFactoryTest (#​3894)
• Make ResourceExtensionRandomPortsTest less flaky (#​3897)
• Use maven-surefire-plugin in archetype compatible with JUnit 5 (#​3936)

v2.0.21

Compare Source

⚠️ Security fixes

• Bump jetty.version from 9.4.37.v20210219 to 9.4.39.v20210325 (#​3726, #​3821)
  • This is addressing various security issues (Jetty 9.4.39.v20210325 release notes).
  • GHSA-j6qj-j888-vvgq
  • GHSA-26vr-8j45-3r4w
  • GHSA-v7ff-8wcx-gmc5

Bug fixes

• Ensure correct TreeTraversingParser initialization in BaseConfigurationFactory (#​3800)
• Properly support HTTP/1.1 in Http2ConnectorFactory (#​3786)

Dependency updates

• Bump byte-buddy from 1.10.21 to 1.10.22 (#​3768)
• Bump checker-qual from 3.10.0 to 3.12.0 (#​3740, #​3832)
• Bump commons-lang3 from 3.11 to 3.12.0 (#​3742)
• Bump conscrypt-openjdk-uber from 2.5.1 to 2.5.2 (#​3826)
• Bump error_prone_annotations from 2.5.1 to 2.6.0 (#​3829)
• Bump guava from 30.1-jre to 30.1.1-jre (#​3799)
• Bump hibernate-core from 5.4.28.Final to 5.4.30.Final (#​3752, #​3795)
• Bump jdbi3-bom from 3.18.0 to 3.18.1 (#​3820)
• Bump metrics-bom from 4.1.18 to 4.1.19 (#​3842)
• Update dependency com.uber.nullaway:nullaway to v0.9.0 (master) (#​3728)
• Update dependency org.apache.tomcat:tomcat-jdbc to v9.0.45 (#​3771, #​3838)
• Update dependency org.liquibase:liquibase-core to v3.10.3 (release/2.0.x) (#​3764)
• Bump jmh.version from 1.27 to 1.29 (#​3741, #​3817)
• Bump jna from 5.7.0 to 5.8.0 (#​3811)
• Update dependency org.apache.maven.plugins:maven-project-info-reports-plugin to v3.1.1 (master) (#​3729)
• Bump sphinx from 3.5.2 to 3.5.3 in /docs (#​3804)
• Bump sphinx-autobuild from 2020.9.1 to 2021.3.14 in /docs (#​3781)
• Bump sphinx-rtd-theme from 0.5.1 to 0.5.2 in /docs (#​3836)
• Update actions/stale action to v3.0.18
• Update dependency Sphinx to v3.5.2
• Bump Maven to version 3.8.1

Assorted

• Add assertions for json-logging start() and stop() methods (#​3689)
• Add assertions to some tests which lacked them (#​3730)
• Address some Sonar issues (#​3737)
• Appease Sonar in dropwizard-benchmarks (#​3703)
• Improve dropwizard-example integration test logging assertions
• Make jUnit 4 test methods public (#​3727)
• Remove Apache HttpClient from dropwizard-e2e (#​3713)
• Remove public modifiers from tests (#​3691)
• Update list of keyservers to validate dependency signatures
• Skip POM signature verification (#​3789)
• Support clearing the GitHub workflow cache (#​3787)

v2.0.20

Compare Source

Dependency updates

• Bump byte-buddy from 1.10.19 to 1.10.21 (#​3681, #​3716)
• Bump caffeine from 2.8.8 to 2.9.0 (#​3710)
• Bump checker-qual from 3.9.1 to 3.10.0 (#​3679)
• Bump freemarker from 2.3.30 to 2.3.31 (#​3711)
• Bump hibernate-core from 5.4.24.Final to 5.4.28.Final (#​3698)
• Bump jetty.version from 9.4.36.v20210114 to 9.4.37.v20210219 (#​3721)
• Bump jna from 5.6.0 to 5.7.0 (#​3696)
• Bump joda-time from 2.10.9 to 2.10.10 (#​3694)
• Bump metrics-bom from 4.1.17 to 4.1.18 (#​3722)
• Bump tomcat-jdbc from 9.0.41 to 9.0.43 (#​3723)
• Bump junit from 4.13.1 to 4.13.2 (#​3706)
• Bump junit-jupiter from 5.7.0 to 5.7.1 (#​3683)
• Bump junit5.version from 5.7.0 to 5.7.1 (#​3682)
• Bump mockito.version from 3.7.7 to 3.8.0 (#​3719)
• Bump testcontainers-bom from 1.15.1 to 1.15.2 (#​3700)
• Bump maven-invoker-plugin from 3.2.1 to 3.2.2 (#​3715)
• Bump sphinx-maven-plugin from 2.9.0 to 2.10.0 (#​3699)
• Bump actions/cache from v2.1.3 to v2.1.4 (#​3684)
• Bump actions/stale from v3.0.15 to v3.0.17 (#​3695, #​3712)
• Bump sphinx from 3.4.3 to 3.5.1 in /docs (#​3705, #​3709)

Assorted

• Address SonarCloud concerns in dropwizard-auth (#​3688)
• Ensure FileAppenderFactoryTest works within its temporary directories (#​3692)
• Refactor testing of thrown exceptions (#​3676)
• Refactor testing of thrown exceptions in dropwizard-client (#​3686)
• Remove public modifiers from dropwizard-assets tests (#​3687)

v2.0.19

Compare Source

Upgrade notes

• Jersey 2.33 no longer pulls in org.glassfish.jersey.media:jersey-media-jaxb by default (see Make JAX-B API optional eclipse-ee4j/jersey#4634). If you're using XML-based payloads, you'll have to explicitly include the dependency to org.glassfish.jersey.media:jersey-media-jaxb in your projects. (Thanks to @​maffe for pointing this out)

Improvements

• Add support for testing plain Command classes (#​3673)

Dependency updates

• Upgrade to Jersey 2.33 (#​3671)
• Bump jetty.version from 9.4.35.v20201120 to 9.4.36.v20210114 (#​3662)
• Bump checker-qual from 3.9.0 to 3.9.1 (#​3653)
• Bump error_prone_annotations from 2.4.0 to 2.5.1 (#​3656)
• Bump assertj-core from 3.18.1 to 3.19.0 (#​3665)
• Bump mockito.version from 3.7.0 to 3.7.7 (#​3659)
• Bump mysql-connector-java from 8.0.22 to 8.0.23 (#​3660)
• Bump sonar-maven-plugin from 3.7.0.1746 to 3.8.0.2131 (#​3655)
• Bump actions/stale from v3.0.14 to v3.0.15 (#​3668)

Documentation

• Update contributors list
• Clarify how to override ConfiguredCommand#configure (#​3675)

Assorted

• Address SonarCloud issues (#​3666)
• Move DropwizardSSLConnectionSocketFactoryTest to io.dropwizard.client (#​3657)
• Reduce use of reflection in dropwizard-jetty tests (#​3658)
• Remove apache commons-lang3 from tests (#​3625)
• Use assertThatExceptionOfType in dropwizard-auth (#​3667)
• Fix GitHub release workflow

v2.0.18

Compare Source

Improvements

• Support custom StatsCounter in CachingAuthenticator/CachingAuthorization (#​3642)
• DropwizardAppExtension support for RegisterExtension (#​3549, #​3649)
• Do not print error message about class not found (#​3616)

Dependency updates

• Bump bcprov-jdk15on from 1.67 to 1.68 (#​3614)
• Bump byte-buddy from 1.10.18 to 1.10.19 (#​3611)
• Bump checker-qual from 3.8.0 to 3.9.0 (#​3638)
• Bump guava from 30.0-jre to 30.1-jre (#​3606)
• Bump hibernate-validator from 6.1.6.Final to 6.1.7.Final (#​3608)
• Bump joda-time from 2.10.8 to 2.10.9 (#​3628)
• Bump metrics-bom from 4.1.16 to 4.1.17 (#​3648)
• Bump mockito.version from 3.6.28 to 3.7.0 (#​3637)
• Bump octokit from 4.19.0 to 4.20.0 in /docs (#​3626)
• Bump pgpverify-maven-plugin from 1.10.1 to 1.11.0 (#​3640)
• Bump sphinx from 3.3.1 to 3.4.3 in /docs (#​3610, #​3618, #​3635, #​3643)
• Bump sphinx-rtd-theme from 0.5.0 to 0.5.1 in /docs (#​3636)

Documentation

• Add missing parentheses in example docs #​3624
• Fix typo in HttpClientBuilder Javadoc (#​3632)
• Fix the AssertJ documentation URL (#​3620)
• Remove unused import from Getting Started docs #​3619
• Rename jdbi3 to db packages in example docs (#​3623)

Assorted

• Add GitHub release workflow
• Remove Travis CI configuration
• Add checks for logging statements via errorprone-slf4j (#​3607)
• Remove commons-lang3 from dropwizard-benchmarks (#​3627)
• Remove usage of deprecated Mockito#initMocks() (#​3630)
• Replace Mockito#verifyZeroInteractions with verifyNoInteractions (#​3631)
• Replace Streams usage with String#join (#​3646)
• Replace deprecated AssertJ assertions (#​3645)
• Small cleanups (#​3621)
• Stop ignoring exceptions in dropwizard-logging tests (#​3633)
• Use System.lineSeparator() instead of String.format(%n") (#​3644)

v2.0.17

Compare Source

Dependency updates

• Upgrade to Jackson 2.10.5.20201202 (#​3587)
  • This is addressing CVE-2020-25649
• Bump caffeine from 2.8.6 to 2.8.8 (#​3593, #​3597)
• Bump checker-qual from 3.7.1 to 3.8.0 (#​3586)
• Bump httpcore from 4.4.13 to 4.4.14 (#​3584)
• Bump jdbi3-bom from 3.17.0 to 3.18.0 (#​3589)
• Bump tomcat-jdbc from 9.0.40 to 9.0.41 (#​3600)
• Bump jmh.version from 1.26 to 1.27 (#​3598)
• Bump pgpverify-maven-plugin from 1.10.0 to 1.10.1 (#​3596)
• Bump testcontainers-bom from 1.15.0 to 1.15.1 (#​3602)

Documentation

• Fixed syntax in Testing Database Interactions example (#​3601)
• Update FreeMarker links in documentation (#​3591)

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.