I am trying to upgrade spring boot to the latest version 2.1.1. My java ee based web application uses spring framework, jersey and hk2 libraries too. Identifying the dependency versions from the spring boot pom.xml we could see that it depends on spring framework 5.1.3 and jersey 2.27. Jersey libraries depend on hk2 libraries - namely org.glassfish.hk2.external:javax.inject. Below are the jersey and hk2 libraries that our application uses
Jersey libraries
1. org.glassfish.jersey.core:jersey-server
2. org.glassfish.jersey.containers:jersey-container-servlet-core
3. org.glassfish.jersey.core:jersey-client
4. org.glassfish.jersey.core:jersey-common
5. org.glassfish.jersey.bundles.repackaged:jersey-guava
6. org.glassfish.jersey.ext:jersey-spring3
7. org.glassfish.jersey.containers:jersey-container-servlet
8. org.glassfish.jersey.media:jersey-media-jaxb
9. org.glassfish.jersey.media:jersey-media-json-jackson
10. org.glassfish.jersey.ext:jersey-entity-filtering
HK2 libraries
1. org.glassfish.hk2:spring-bridge
2. org.glassfish.hk2:hk2-api
3. org.glassfish.hk2:hk2-utils
4. org.glassfish.hk2:hk2-locator
5. org.glassfish.hk2.external:javax.inject
6. org.glassfish.hk2.external:aopalliance-repackaged
Most of the jersey libraries are at version 2.27 except the two libraries - org.glassfish.jersey.bundles.repackaged:jersey-guava & org.glassfish.jersey.ext:jersey-spring3. Their latest version is 2.25.1.
For hk2 (org.glassfish.hk2.external:javax.inject), the latest version is 2.4.0.
- How should we go about resolving the above dependency issues? For jersey, should we use the latest version i.e. 2.27 and for the non-existing ones we use their respective versions. Would that cause any issues?
- Are there any best practices recommended for such situations?
I understand that we could rely on tests but I am trying to see if we could identify issues upfront.
