build(deps): bump dropwizard.version from 2.0.21 to 4.0.1

[dependabot]

Bumps dropwizard.version from 2.0.21 to 4.0.1.
Updates dropwizard-bom from 2.0.21 to 4.0.1

Release notes

Sourced from dropwizard-bom's releases.

v4.0.0

Dropwizard 4.0.0

It's finally here, the next major release of Dropwizard! This one has been developed and released in tandem with Dropwizard 3.0.0.

If you're wondering what the differences are: Not much!

3️⃣ Dropwizard 3.0.0 is still based on and is using dependencies for Java EE and the javax.* package namespace. The effort to migrate from Dropwizard 2.x to Dropwizard 3.0.0 should be minimal for many projects.

4️⃣ Dropwizard 4.0.0 is based on and is using dependencies for Jakarta EE and the jakarta.* package namespace. The effort to migrate from Dropwizard 2.x to Dropwizard 4.0.0 might be bigger due to more package changes and more breaking changes in our dependencies.

📣 In any case, let us know how the migration went and if you were missing anything important in the upgrade notes in our GitHub Discussions!

⚠️ Breaking changes

For a full list of relevant changes please refer to the Upgrade Notes for Dropwizard 4.0.x.

Java 11 baseline

Dropwizard 4.0.0 and later require Java 11 as a baseline. Later versions of Java are also working.

Dropwizard Package Structure and JPMS

In order to properly support the Java Platform Module System (JPMS), the Java packages in modules must not overlap, or put differently, the packages may not be split into multiple modules.

Dropwizard 4.0.0 won’t enable full support for the JPMS. Instead, as a transition step, automatic modules are introduced.

Affected packages:

Maven module	Old package	New package
dropwizard-core	io.dropwizard	io.drowizard.core
dropwizard-logging	io.dropwizard.logging	io.dropwizard.logging.common
dropwizard-metrics	io.dropwizard.metrics	io.dropwizard.metrics.common
dropwizard-views	io.dropwizard.views	io.dropwizard.views.common

Transition to Jakarta EE

Previously released Dropwizard versions used Java/Jakarta EE dependencies under the javax namespace. Dropwizard 4.0.x transitioned to Jakarta EE 9 components and therefore utilize the new jakarta namespace for many components.

This means that most of the imports of existing applications using Dropwizard 2.x or 3.x will have to be changed from the javax to the jakarta namespace. However, other components still use the javax namespace, so a simple search and replace could break other imports.

Jakarta EE 9 compatibility

As stated above, Dropwizard 4.0.x will transition to Jakarta EE 9 components. This means, Dropwizard will now try to be consistent with one specific EE version.

Therefore Dropwizard 4.0.x will stay on components of Jakarta EE 9 and the transition to components of Jakarta EE 10 will be postponed to an other release series.

Since the EE version bump will probably introduce breaking changes, the Jakarta EE 10 components will be most likely integrated in Dropwizard 5.0.x and not in a 4.1.x release.

... (truncated)

Commits

• cfd9586 [maven-release-plugin] prepare release v4.0.1
• d37aa8d Update mockito monorepo to v5.4.0 (#7252)
• 45853bf Update dependency org.apache.maven.plugins:maven-shade-plugin to v3.5.0 (#7248)
• 7e16f3f Update dependency org.jdbi:jdbi3-bom to v3.39.1 (#7249)
• 86a57ca Update error_prone.version to v2.20.0 (#7250)
• fcf5b2f Update dependency org.apache.maven.plugins:maven-invoker-plugin to v3.6.0 (#7...
• c2bd96c Update github/codeql-action digest to 6c089f5 (#7238)
• 4135f69 Update Security Policy
• 96e2771 Update logback.version to v1.4.8
• fddfdc6 Update dependency org.apache.tomcat:tomcat-jdbc to v10.1.10
• Additional commits viewable in compare view

Updates dropwizard-dependencies from 2.0.21 to 4.0.1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)