[BUG] Java Dependencies have incorrect versions

[adamretter]

Just to mention that it is not safe to just update the Java libraries whenever Dependabot asks. In fact Dependabot should be disabled for the Java libraries in Monex. The versions of the Java libraries in Monex should exactly match the versions in the minimum release version of eXist-db that Monex targets.

Monex currently targets the Java API of eXist-db version 5.4.0 (see: https://github.com/eXist-db/monex/blob/master/pom.xml#L51) therefore, the Java dependencies of Monex (as they are provided scope) should exactly match the versions in the eXist-db 5.4.0 release.

I saw that a newer Jackson version was recently merged. This should be reverted as version 2.13.1 of Jackson should be used in Monex, because that is what was available in eXist-db release 5.4.0 (see: https://github.com/eXist-db/exist/blob/eXist-5.4.0/exist-core/pom.xml#L62)

All provided scope dependency versions (which should be all of them) should be checked and made identical to the version in the release of eXist-db Java API that Monex targets (currently 5.4.0).

[dizzzz]

I think it is better to remove a few jar files (Jackson, web socket) from monex and put it in the eXist-db distribution.

[adamretter]

@dizzzz That doesn't really make too much sense to me as they are not dependencies of eXist-db. The problems you would encounter if you did that:

1. You would have to mark those new dependencies in eXist-db as ignored by the dependency plugin because they are not real dependencies of eXist-db.

2. It does not change anything here, you still have to mention them and their versions in the pom.xml here; as the code here depends on them at compile time. Otherwise you would either (a) not be able to compile this code anymore, and/or (b) go down into transient dependency hell.