Bump jakarta.ws.rs:jakarta.ws.rs-api from 3.1.0 to 4.0.0#660
Bump jakarta.ws.rs:jakarta.ws.rs-api from 3.1.0 to 4.0.0#660dependabot[bot] wants to merge 1 commit into
Conversation
Bumps jakarta.ws.rs:jakarta.ws.rs-api from 3.1.0 to 4.0.0. --- updated-dependencies: - dependency-name: jakarta.ws.rs:jakarta.ws.rs-api dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
|
Do we use this dependency in any projects? If so, can we push it downstream? |
|
It is used in OpenAPI and Telemetry. We are managing all versions of Jakarta Core here. Are you proposing to drop this and have each individual project manage its own versions? |
|
Not "proposing", more just wondering if it is appropriate to do so at this point. We have more non-spec projects than spec projects now, I suspect. |
|
We could introduce a new BOM module with the Jakarta Core deps |
|
But then the Jakarta dep versions would still be bound to the parent version, right? Are we getting sufficient value out of that, if it's just two projects? |
|
Not necessarily. The BOM module can be a separate project. In this case, I'm not talking only about this dependency, but all Jakarta dependencies. We also reference CDI here, which is used in most projects. |
|
I guess that brings us back to the basic question. How do we know when it's OK to bump these versions in the parent? |
|
Usually, a minor or major bump means it also requires a new Jakarta platform version. We can configure dependabot just for hotfix updates and update manually when we are ready to update the Jakarta platform version. |
Bumps jakarta.ws.rs:jakarta.ws.rs-api from 3.1.0 to 4.0.0.
Most Recent Ignore Conditions Applied to This Pull Request
You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)