Closed nscuro closed 4 months ago
Some additional notes:
mvn -U org.openrewrite.maven:rewrite-maven-plugin:run \
-Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-migrate-java:LATEST \
-Drewrite.activeRecipes=org.openrewrite.java.migrate.jakarta.JavaxMigrationToJakarta
swagger-core
1.x does not support Jakarta. We have to upgrade to 2.x, which also changes the OpenAPI spec from 2.x to 3.x. This means we have an implicit dependency on #1. Lots of annotations have changed, causing increased manual refactoring effort, especially on the Dependency-Track side. @stevespringett What is your current opinion on how to deal with Alpine's OpenAPI integration?
swagger-core
will cause significant refactoring efforts in DT due to all the annotation changesShould we upgrade swagger-core
, or should we drop it completely from Alpine?
I propose to:
swagger.json
in DT via static file servletIn a next step, we can start working on https://github.com/DependencyTrack/dependency-track/issues/840:
/api/swagger.json
and /api/openapi-v3.yaml
swagger.json
Thoughts?
That sounds like a solid approach. We will eventually need to determine, possibly through a PR check, of modifications made to a resource which do not include modifications to the api docs. Keeping the api docs in sync with the code may be a challenge, but at least we'll have accurate docs at some point.
Alpine v3 sounds good to me.
The current stack is based on:
javax.servlet.*
namespace)Community support for Jetty 9.x has ended as of June 1st 2022. There will still be security patches, but it's a good indicator that we should look into updating it. Jetty 11, the latest major release of Jetty, does not support legacy Java EE APIs anymore and is based on the new Jakarta EE APIs instead.
The move to Jakarta requires an upgrade of Jersey to 3.x (migration guide here).
I'm sure there are more dependencies and breaking changes that will pop up once work on this is started.