Update dependency io.dropwizard:dropwizard-core to v1.3.27 - autoclosed

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
io.dropwizard:dropwizard-core	compile	patch	1.3.13 -> 1.3.27

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
Critical	9.8	CVE-2022-1471	#362
High	7.5	CVE-2017-18640	#85
High	7.5	CVE-2021-28165	#296
High	7.5	CVE-2022-25857	#348

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	7.0	CVE-2020-27216	#187

---

Release Notes

dropwizard/dropwizard

v1.3.27

Compare Source

Improvements

• Remove obsolete NonblockingServletHolder (#​3527)
  • NonblockingServletHolder is now deprecated and will be removed in Dropwizard 2.1.x.

Security

• Bump jetty.version from 9.4.32.v20200930 to 9.4.33.v20201020 (#​3522)
  • This is addressing GHSA-g3wg-6mcf-8jj6 (CVE-2020-27216)

Dependency updates

• Bump joda-time from 2.10.7 to 2.10.8 (#​3525)
• Bump jetty.version from 9.4.32.v20200930 to 9.4.33.v20201020 (#​3522)
• Bump assertj-core from 3.17.2 to 3.18.0 (#​3524)

v1.3.26

Compare Source

Improvements

• Swallow EofException when response was incomplete (#​3382)

Bug fixes

• Reset Jersey client in tests (#​3453)

Dependency updates

• Bump Mustache Java compiler from 0.9.6 to 0.9.7 (#​3508)
• Bump guava from 24.1.1-jre to 30.0-jre (#​3509)
• Bump httpclient from 4.5.12 to 4.5.13 (#​3516)
• Bump jdbi3-bom from 3.14.3 to 3.17.0 (#​3510)
• Bump jetty.version from 9.4.31.v20200723 to 9.4.32.v20200930 (#​3478)
• Bump joda-time from 2.10.6 to 2.10.7 (#​3519)
• Bump metrics-bom from 4.1.12.1 to 4.1.14 (#​3520)
• Bump tomcat-jdbc from 9.0.37 to 9.0.39 (#​3495)
• Upgrade to Liquibase 3.10.3
• Bump assertj-core from 3.16.1 to 3.17.2 (#​3448)
• Bump junit from 4.12 to 4.13.1 (joschi/dropwizard-1.3#​24, joschi/dropwizard-1.3#​25)
• Bump mockito.version from 3.4.6 to 3.5.15 (#​3513)
• Bump maven-project-info-reports-plugin from 3.1.0 to 3.1.1 (joschi/dropwizard-1.3#​29)
• Bump octokit from 4.18.0 to 4.19.0 in /docs (#​3518)
• Enforce checker-qual 3.7.0 for dependency convergence

v1.3.25

Compare Source

Changes since Dropwizard 1.3.25-beta.2

Dependency updates

• Upgrade to Jackson 2.9.10.20200824 (#​3433)

Changes since Dropwizard 1.3.24

Improvements

• Remove alpn-boot dependency in dropwizard-http2 for Java 8u252 (#​3256)
• Extend from AbstractHandlerContainer instead of AbstractHandler (#​2460)
• Add JAXB API to dropwizard-jersey (Java 11)
• Use SslContextFactory.Server over deprecated SslContextFactory (#​3411)

Dependency updates

• Upgrade to Jetty 9.4.31.v20200723
• Upgrade to jetty-setuid-java 1.0.4
• Upgrade to Liquibase 3.10.2
• Upgrade to Joda-Time 2.10.6
• Upgrade to Jdbi 3.14.3
• Upgrade to SLF4J 1.7.30
• Upgrade to Apache Tomcat JDBC Pool 9.0.37
• Upgrade to Apache HttpClient 4.5.12
• Upgrade to commons-text 1.9
• Upgrade to commons-lang3 3.11
• Upgrade to Metrics 4.1.12.1
• Upgrade to Freemarker 2.3.30
• Upgrade to Objenesis 3.1
• Upgrade to Javassist 3.27.0-GA
• Upgrade to Classmate 1.5.1

Test dependencies

• Upgrade to HSQLDB 2.5.1
• Upgrade to JUnit 5.6.2
• Upgrade to Mockito 3.4.6
• Upgrade to AssertJ 3.16.1
• Upgrade to Error Prone 2.3.4
• Upgrade to NullAway 0.7.10

Build dependencies

• Update wrapper to Maven 3.6.3
• Bump octokit from 4.8.0 to 4.18.0 in /docs (#​23)
• Upgrade to sphinx-maven-plugin 2.9.0
• Upgrade to maven-source-plugin 3.2.1
• Upgrade to maven-site-plugin 3.9.1
• Upgrade to maven-resources-plugin 3.2.0
• Upgrade to maven-project-info-reports-plugin 3.1.0
• Upgrade to maven-javadoc-plugin 3.2.0
• Upgrade to maven-jar-plugin 3.2.0
• Upgrade to maven-clean-plugin 3.1.0
• Upgrade to maven-checkstyle-plugin 3.1.1
• Upgrade to jacoco-maven-plugin 0.8.5
• Upgrade to build-helper-maven-plugin 3.2.0
• Update Maven plugins in java-simple archetype POM template
• Update Maven plugins in dropwizard-example
• Update Maven plugins in dropwizard-archetypes

Assorted

• Fix build of dropwizard-example with Java 11

v1.3.24

Compare Source

Dependency updates

• Upgrade to Jackson 2.9.10.20200621 (#​3344)

v1.3.23

Compare Source

Dependency updates

• Upgrade to Jackson 2.9.10.20200411 (#​3246)

v1.3.22

Compare Source

Security

• Upgrade to SnakeYAML to address CVE-2017-18640 (#​3223, #​3227, FasterXML/jackson-dataformats-text#​187)

v1.3.21

Compare Source

Security

• Disable message interpolation in ConstraintViolations by default (#​3209)

v1.3.20

Compare Source

Security

• Upgrade to Jackson 2.9.10.20200223 to address CVE-2020-8840 (#​3168)

v1.3.19

Compare Source

Security

• Escape EL expressions in ViolationCollector to address CVE-2020-5245 (#​3160)
  • Security Advisory: Remote Code Execution (RCE) vulnerability in dropwizard-validation <2.0.2
  • Thanks to Alvaro Muñoz (@​pwntester) and the GitHub Security Lab for the responsible disclosure!

v1.3.18

Compare Source

• Update Jackson version to 2.9.10.20200103 to address CVE-2019-20330 (#​3100)

Thanks to @​msymons!

v1.3.17

Compare Source

• Add SLF4J marker to dropwizard-json-logging (#​3005)
• Enable Jackson Afterburner only on Java 8 (backport) (#​3028)
• Upgrade Apache HttpClient to 4.5.10 to fix URI rewriting (#​3029)

v1.3.16

Compare Source

• Upgrade to Jackson 2.9.10.20191020 to address CVE-2019-16942, CVE-2019-16943, and CVE-2019-17531 (#​2988, thanks to @​msymons)

v1.3.15

Compare Source

• Upgrade to Jackson 2.9.10 to address multiple security issues (#​2939)

v1.3.14

Compare Source

• Upgrade to Jackson 2.9.9.20190807 to address multiple security issues (#​2871)

---

• If you want to rebase/retry this PR, check this box