READLY-124 Add BOMs and clean up all dependencies #78

MatthewRyanRead · 2023-09-29T22:34:23Z

Move all third-party dependency pins to alchemy-dependencies
Create alchemy-bom so other projects can just import it instead of pinning each Alchemy library
Remove Maven shading because it is increasing the artifact size and prevents appropriately overriding the dependency versions
Bump Dropwizard to the latest 1.3.x
Bump Jetty to the latest 9.4.x
Bump HK2 to the latest 2.5.x
Bump Guice to 5.1.0
Bump Guava to the latest version
Bump several minor dependencies
Use the BOMs provided by major dependencies, where available
Run dependency:analyze-only during the build and dependency-analyze on the PR check to ensure all dependencies are explicit
Replaced Findbugs/Checkstyle with Spotbugs
- Not being enforced yet, since it has caught a lot more — it's just logging
Fix issues found by the newer EqualsVerifier
Replace Codahale (DW Metrics v3) with DW Metrics v4
Add Dependabot config

This was tested via a regression on our internal Alchemy service, with no issues found.

rdlf0

Cool!

.github/workflows/release.yml

MatthewRyanRead added 5 commits September 29, 2023 17:06

READLY-124 Add BOMs and clean up all dependencies

d54f626

bump up a minor version

d0cf4fb

pin Jetty and remove shading

1735ed1

add dependabot config

bc18596

missed pin for alchemy-dependencies

caf6efe

MatthewRyanRead added enhancement dependencies Pull requests that update a dependency file labels Sep 29, 2023

fix pr workflow

df2eebc

MatthewRyanRead force-pushed the dependency-bumps branch from 25431ec to df2eebc Compare September 29, 2023 22:55

rdlf0 approved these changes Oct 2, 2023

View reviewed changes

.github/workflows/release.yml Show resolved Hide resolved

noeldevenney approved these changes Oct 4, 2023

View reviewed changes

MatthewRyanRead merged commit e4fa762 into master Oct 4, 2023

MatthewRyanRead deleted the dependency-bumps branch October 4, 2023 15:44

Provide feedback