Skip to content

Bump jakarta.ws.rs:jakarta.ws.rs-api from 3.1.0 to 4.0.0#660

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/jakarta.ws.rs-jakarta.ws.rs-api-4.0.0
Open

Bump jakarta.ws.rs:jakarta.ws.rs-api from 3.1.0 to 4.0.0#660
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/jakarta.ws.rs-jakarta.ws.rs-api-4.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 4, 2026

Copy link
Copy Markdown
Contributor

Bumps jakarta.ws.rs:jakarta.ws.rs-api from 3.1.0 to 4.0.0.

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
jakarta.ws.rs:jakarta.ws.rs-api [>= 4.a, < 5]

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps jakarta.ws.rs:jakarta.ws.rs-api from 3.1.0 to 4.0.0.

---
updated-dependencies:
- dependency-name: jakarta.ws.rs:jakarta.ws.rs-api
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels May 4, 2026
@dmlloyd

dmlloyd commented May 4, 2026

Copy link
Copy Markdown
Contributor

Do we use this dependency in any projects? If so, can we push it downstream?

@radcortez

Copy link
Copy Markdown
Member

It is used in OpenAPI and Telemetry.

We are managing all versions of Jakarta Core here. Are you proposing to drop this and have each individual project manage its own versions?

@dmlloyd

dmlloyd commented May 5, 2026

Copy link
Copy Markdown
Contributor

Not "proposing", more just wondering if it is appropriate to do so at this point. We have more non-spec projects than spec projects now, I suspect.

@radcortez

Copy link
Copy Markdown
Member

We could introduce a new BOM module with the Jakarta Core deps

@dmlloyd

dmlloyd commented May 5, 2026

Copy link
Copy Markdown
Contributor

But then the Jakarta dep versions would still be bound to the parent version, right? Are we getting sufficient value out of that, if it's just two projects?

@radcortez

Copy link
Copy Markdown
Member

Not necessarily. The BOM module can be a separate project.

In this case, I'm not talking only about this dependency, but all Jakarta dependencies. We also reference CDI here, which is used in most projects.

@dmlloyd

dmlloyd commented May 5, 2026

Copy link
Copy Markdown
Contributor

I guess that brings us back to the basic question. How do we know when it's OK to bump these versions in the parent?

@radcortez

Copy link
Copy Markdown
Member

Usually, a minor or major bump means it also requires a new Jakarta platform version.

We can configure dependabot just for hotfix updates and update manually when we are ready to update the Jakarta platform version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants