chore: upgrade jetty version to 11.0.26 to fix CVE-2025-5115 (#138)

varkey98 · web-flow · commit 5a4296184ce9 · 2026-02-26T22:43:52.000+05:30
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -1,16 +1,11 @@
 [versions]
-hypertrace-grpcutils = "0.13.14"
-jetty = "11.0.24"
-guice = "7.0.0"
 dropwizard-metrics = "4.2.25"
 micrometer = "1.14.4"
 prometheus-simpleclient = "0.16.0"
 caffeine = "3.1.8"
 
 [libraries]
 awaitility = { module = "org.awaitility:awaitility", version = "4.0.3" }
-hypertrace-grpcutils-server = { module = "org.hypertrace.core.grpcutils:grpc-server-utils", version.ref = "hypertrace-grpcutils" }
-grpc-services = { module = "io.grpc:grpc-services" }
 jakarta-servlet-api = { module = "jakarta.servlet:jakarta.servlet-api", version = "6.0.0" }
 dropwizard-metrics-jakarta-servlet = { module = "io.dropwizard.metrics:metrics-jakarta-servlet", version.ref = "dropwizard-metrics" }
 dropwizard-metrics-jakarta-servlets = { module = "io.dropwizard.metrics:metrics-jakarta-servlets", version.ref = "dropwizard-metrics" }
@@ -21,11 +16,7 @@ micrometer-jvm-extras = { module = "io.github.mweirauch:micrometer-jvm-extras",
 prometheus-simpleclient-dropwizard = { module = "io.prometheus:simpleclient_dropwizard", version.ref = "prometheus-simpleclient" }
 prometheus-simpleclient-servlet-jakarta = { module = "io.prometheus:simpleclient_servlet_jakarta", version.ref = "prometheus-simpleclient" }
 prometheus-simpleclient-pushgateway = { module = "io.prometheus:simpleclient_pushgateway", version.ref = "prometheus-simpleclient" }
-jetty-servlet = { module = "org.eclipse.jetty:jetty-servlet", version.ref = "jetty" }
-jetty-server = { module = "org.eclipse.jetty:jetty-server", version.ref = "jetty" }
-jetty-servlets = { module = "org.eclipse.jetty:jetty-servlets", version.ref = "jetty" }
 caffeine = { module = "com.github.ben-manes.caffeine:caffeine", version.ref = "caffeine" }
-guice-servlet = { module = "com.google.inject.extensions:guice-servlet", version.ref = "guice" }
 apache-httpcomponents-httpclient = { module = "org.apache.httpcomponents:httpclient", version = "4.5.13" }
 
 [plugins]
diff --git a/platform-grpc-service-framework/build.gradle.kts b/platform-grpc-service-framework/build.gradle.kts
@@ -8,7 +8,7 @@ plugins {
 dependencies {
   api(projects.platformServiceFramework)
   api(commonLibs.grpc.api)
-  api(localLibs.grpc.services)
+  api(commonLibs.grpc.services)
   api(commonLibs.hypertrace.grpcutils.client)
   api(commonLibs.typesafe.config)
   api(commonLibs.protobuf.java)
@@ -21,5 +21,5 @@ dependencies {
   implementation(commonLibs.grpc.inprocess)
   implementation(commonLibs.grpc.netty)
   implementation(commonLibs.slf4j2.api)
-  implementation(localLibs.hypertrace.grpcutils.server)
+  implementation(commonLibs.hypertrace.grpcutils.server)
 }
diff --git a/platform-http-service-framework/build.gradle.kts b/platform-http-service-framework/build.gradle.kts
@@ -13,11 +13,11 @@ dependencies {
 
   implementation(projects.platformMetrics)
   implementation(commonLibs.slf4j2.api)
-  implementation(localLibs.guice.servlet)
+  implementation(commonLibs.guice.servlet)
   implementation(commonLibs.guava)
-  implementation(localLibs.jetty.servlet)
-  implementation(localLibs.jetty.server)
-  implementation(localLibs.jetty.servlets)
+  implementation(commonLibs.jetty.servlet)
+  implementation(commonLibs.jetty.server)
+  implementation(commonLibs.jetty.servlets)
   annotationProcessor(commonLibs.lombok)
   compileOnly(commonLibs.lombok)
 }
diff --git a/platform-metrics/build.gradle.kts b/platform-metrics/build.gradle.kts
@@ -22,7 +22,7 @@ dependencies {
   implementation(localLibs.prometheus.simpleclient.dropwizard)
   implementation(localLibs.prometheus.simpleclient.servlet.jakarta)
   implementation(localLibs.prometheus.simpleclient.pushgateway)
-  implementation(localLibs.jetty.servlet)
+  implementation(commonLibs.jetty.servlet)
   implementation(commonLibs.guava)
 
   compileOnly(localLibs.caffeine)
diff --git a/platform-service-framework/build.gradle.kts b/platform-service-framework/build.gradle.kts
@@ -18,7 +18,7 @@ dependencies {
 
   // Use for thread dump servlet
   implementation(localLibs.dropwizard.metrics.jakarta.servlets)
-  implementation(localLibs.jetty.servlet)
+  implementation(commonLibs.jetty.servlet)
 
   // Use for metrics servlet
   implementation(localLibs.prometheus.simpleclient.servlet.jakarta)
diff --git a/settings.gradle.kts b/settings.gradle.kts
@@ -16,7 +16,7 @@ plugins {
 }
 
 configure<DependencyPluginSettingExtension> {
-  catalogVersion.set("0.3.51")
+  catalogVersion.set("0.3.72")
 }
 
 enableFeaturePreview("TYPESAFE_PROJECT_ACCESSORS")

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ plugins {`
`16`	`16`	`}`
`17`	`17`
`18`	`18`	`configure<DependencyPluginSettingExtension> {`
`19`		`- catalogVersion.set("0.3.51")`
	`19`	`+ catalogVersion.set("0.3.72")`
`20`	`20`	`}`
`21`	`21`
`22`	`22`	`enableFeaturePreview("TYPESAFE_PROJECT_ACCESSORS")`