chore: Bump jetty-server from 9.4.17.v20190418 to 9.4.38.v20210224

[dependabot[bot]]

Bumps jetty-server from 9.4.17.v20190418 to 9.4.38.v20210224.

Release notes

Sourced from jetty-server's releases.

9.4.38.v20210224

Changelog

• #6001 - Ambiguous URI legacy compliance mode
• #5999 - HttpURI ArrayIndexOutOfBounds
• #5994 - QueuedThreadPool "free" threads
• #5977 - Cache-Control header set by a filter is override by the value from DefaultServlet configuration

9.4.37.v20210219

Changelog

• This release addresses and resolves CVE-2020-27223
• #5979 - Configurable gzip Etag extension
• #5977 - Cache-Control header set by a filter is override by the value from DefaultServlet configuration
• #5976 - Adding requested Rewrite Rule to force request header values
• #5973 - Proxy client TLS authentication example
• #5963 - Improve QuotedQualityCSV
• #5950 - Deadlock due to logging inside classloaders
• #5937 - Unnecessary blocking in ResourceService
• #5909 - Cannot disable HTTP OPTIONS Method
• #5894 - Jetty 9.4.x 5859 classloader leak queuedthreadpool
• #5851 - org.eclipse.jetty.websocket.servlet.WebSocketServlet cleanup
• #5787 - Make ManagedSelector report better JMX data
• #5492 - Add ability to manage start modules by java feature
• #4275 - Path Normalization/Traversal - Context Matching

9.4.36.v20210114

Special Thanks to the following Eclipse Jetty community members

• @​joewitt (Joe Witt)
• @​rk1165 (Ravi Kumar)
• @​leonchen83 (Baoyi Chen)

Changelog

• #5870 - jetty-maven-plugin fails to run ServletContainerInitializer on Windows due to URI case comparison bug
• #5855 - HttpClient may not send queued requests
• #5845 - Use UTF-8 encoding for client basic auth if requested
• #5830 - Jetty-util contains wrong Import-Package
• #5825 - Revisit Statistics classes (@​rk1165)
• #5824 - Build up of ConstraintMappings when stopping and starting WebAppContext
• #5821 - JMX-ify Scheduler implementations (@​rk1165)
• #5820 - backport fix for ArithmeticException in Pool
• #5804 - Jetty 9.4.x spotbug issue map iteration using entrySet(), diamond list creation
• #5801 - Implement max duration of HTTP ConnectionPools
• #5794 - ServerConnector leaks closed sockets which can lead to file descriptor exhaustion (@​joewitt)
• #5785 - Reduce log level for WebSocket connections closed by clients
• #5783 - Fix ConnectionStatistics.*Rate() methods
• #5778 - fix ByteBufferPool race condition
• #5755 - Cannot configure maxDynamicTableSize on HTTP2Client

... (truncated)

Commits

• 288f3cc Updating to version 9.4.38.v20210224
• 0603b13 Merge pull request #6005 from eclipse/jetty-9.4.x-6001-default-accept-ambiguo...
• e68293e Addressing copy/paste mistakes
• f9b5974 Fix #4275 separate compliance modes for ambiguous URI segments and separators
• 49e73df Fix #4275 #6001 separate compliance modes for ambiguous URI segments and se… ...
• c9cd1e4 Merge pull request #5995 from eclipse/jetty-9.4.x-5994-qtp_free_threads
• 8bd4a9f Fix #5999 ArrayIndexOutOfBounds for unicode in HttpURI segment (#6000)
• 530c14e Issue #5994 - QueuedThreadPool "free" threads
• 16241d7 Efficiency improvements for #5977
• fdb54fa Efficiency improvements for #5977
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/OneBusAway/onebusaway-alexa/network/alerts).

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coveralls]

Coverage remained the same at 36.83% when pulling 3c87dfddc88815e063e6429367a9adf0a6063c89 on dependabot/maven/org.eclipse.jetty-jetty-server-9.4.38.v20210224 into e1bcdfeecf92e9959ee602bfc0b03b264c352373 on master.

[dependabot[bot]]

Superseded by #135.