build(deps): bump jetty-servlet from 9.4.27.v20200227 to 9.4.49.v20220914

[dependabot[bot]]

Bumps jetty-servlet from 9.4.27.v20200227 to 9.4.49.v20220914.

Release notes

Sourced from jetty-servlet's releases.

9.4.49.v20220914

Changelog

• #8578 - getRequestURL can append "null" if getRequestURI is unspecified in an authority-form request-target
• #8493 - Review HTTP client feature setRemoveIdleDestinations

Dependencies

• #8253 - Bump google-cloud-datastore to 2.9.1
• #8233 - Bump jna to 5.12.1
• #8242 - Bump mariadb-java-client to 3.0.6
• #8238 - Bump maven-enforcer-plugin to 3.1.0
• #8230 - Bump maven.version to 3.8.6
• #8246 - Bump org.eclipse.osgi to 3.18.0
• #8245 - Bump testcontainers.version to 1.17.3

9.4.48.v20220622

End of Life Notice

• eclipse/jetty.project#7958 - Jetty 9.4.x is now at End of Community Support. (See issue for details)

Critical Fix

• #8184 - All suffix globs except first fail to match if path has . character in prefix section

9.4.47.v20220610

Fixed Security Advisories

• (CVE-2022-2047) - https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q - Invalid URI parsing may produce invalid HttpURI.authority
• (CVE-2022-2048) - https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j - Invalid HTTP/2 requests can lead to denial of service

Important

• eclipse/jetty.project#7958 - Jetty 9.4.x is now at End of Community Support. (See issue for details)

Changelog

• #8145 - RegexPathSpec backport of optional group name/info lookup if regex fails
• #8088 - Add option to configure exitVm on ShutdownMonitor from System properties
• #8067 - Wall time usage in DoSFilter RateTracker results in false positive alert
• #8014 - Review HttpRequest URI construction (Resolves CVE-2022-2047)
• #7976 - Add TRANSFER_ENCODING violation for MultiPart RFC7578 parser.
• #7947 - Improved PathSpec handling for servletName & pathInfo
• #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048)
• #7918 - PathMappings.asPathSpec does not allow root ServletPathSpec
• #7863 - Default servlet drops first accept-encoding header if there is more than one.
• #7858 - GZipHandler does not play nice with other handlers in HandlerCollection
• #7837 - Fix StatisticsHandler in the case a Handler throws exception.
• #7809 - Jetty 9.4.x 7801 duplicate set session cookies
• #7748 - Allow overriding of url-pattern mapping in ServletContextHandler to allow for regex or uri-template matching

... (truncated)

Commits

• 4231a3b Updating to version 9.4.49.v20220914
• b32d739 Merge pull request #8579 from eclipse/fix/jetty-9.4.x-abstractproxy-null-requ...
• 5944ff4 Issue #8578 - Changes from review
• 48c16de Issue #8578 - test both request URL/URI results
• d3c7ee3 Issue #8578 - restore backward compat of getRequestURL and getRequestURI when...
• 06f2fa4 Jetty 9.4.x : fix client remove idle destinations (#8495)
• 940455b #8414: fix drainTo when head == tail but the queue isn't empty
• a846f4f Updating for published CVES (#8273)
• 064682b Merge pull request #8253 from eclipse/dependabot/maven/jetty-9.4.x/com.google...
• 7b40571 Merge pull request #8245 from eclipse/dependabot/maven/jetty-9.4.x/testcontai...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #52.