search

arquillian / arquillian-container-jetty

Arquillian Jetty Containers
7 stars 14 forks source link

build(deps): Bump org.eclipse.jetty:jetty-bom from 9.4.49.v20220914 to 9.4.54.v20240208, 10.0.18 to 10.0.20 and 11.0.18 to 11.0.20 #184

Closed dependabot[bot] closed 8 months ago

dependabot[bot] commented 8 months ago

Bumps org.eclipse.jetty:jetty-bom from 9.4.49.v20220914 to 12.0.7.

Release notes

Sourced from org.eclipse.jetty:jetty-bom's releases.

12.0.7

Special Thanks to the following Eclipse Jetty community members

Changelog

  • #11465 - HttpURI.toURI() sets userInfo to null
  • #11455 - Improve DEBUG during WebInfConfiguration.unpack
  • #11448 - UriCompliance.Violation ignored despite being set
  • #11443 - Fix NPE in HttpReceiverOverHTTP2.read() when the channel's stream is null
  • #11435 - Add suppressed failures in Callback failed
  • #11432 - Change default number of acceptor threads
  • #11426 - Experiment with ArrayByteBufferPool performance
  • #11424 - What is the jetty.deploy.scanInterval default? module, ini, code, and documentation do not agree.
  • #11414 - When producing URI/URL strings follow spec and produce lowercase schemes and drop default ports
  • #11410 - PathMappingsHandler does not start ResourceHandler properly
  • #11401 - Replace StringBuffer with StringBuilder
  • #11398 - WebSocket ClosedChannelException when demanding frames in onOpen
  • #11397 - Jetty 12: ContextHandler.getTempDirectory() does not respect the Context.getTempDirectory() contract
  • #11387 - Reintroduce MultiPartCompliance.LEGACY (not as default) too allow for parsing of non-compliant multipart/form-data
  • #11386 - Making FormFields get defaults from Context, not Request
  • #11383 - Added documentation about SslHandshakeListener.
  • #11377 - Jetty 12 fails to start WebApp Bundle with OSGi Boot bundle (or when packaged)
  • #11371 - Review ArrayByteBufferPool eviction
  • #11370 - IllegalStateException when last write fails
  • #11363 - ContentSourcePublisher throws from request
  • #11361 - Updates to UriCompliance.checkUriCompliance
  • #11360 - drop buildnumber:create already executed by jetty-util (@​hboutemy)
  • #11356 - Allow ServerWebSocketContainer to be created without ContextHandler
  • #11353 - The default virtual thread executor should created named threads (@​danishnawab)
  • #11310 - Uploading big multipart files via jetty 12.0.5 with spring boot 3.2.1 cause problems
  • #11279 - fix use of AliasCheckers with CombinedResource
  • #11278 - 500 response when trying to display symlinked directory
  • #11270 - Windows 11 pro - problem launching Jetty with ${jetty.home}\etc\jetty-ee10-deploy.xml
  • #10432 - Fix buffer leaks in FCGI and H3 HttpClientIdleTimeoutTest
  • #8979 - Jetty 12 - HttpClientTransport network "modes"
  • #8887 - Jetty-12 client calls onDataAvailable with producing thread

12.0.6

Security Updates

This release addresses:

  • CVE-2024-22201 - HTTP/2 connection not closed after idle timeout when TCP congested

Special Thanks to the following Eclipse Jetty community members

... (truncated)

Commits
  • c89aca8 Updating to version 12.0.7
  • 313def7 Issue #11463 Fix flaky session tests
  • 4155e7b Add suppressed failures in Callback failed (#11435)
  • 56e05a9 HttpURI toURI passes all info (#11468)
  • 561b8da Changed CrossOriginHandler default to allow no origin and no credentials.
  • 4aeec06 Fixing merge - removing double/nested hasViolations() check
  • ee8823b Merge remote-tracking branch 'origin/jetty-11.0.x' into jetty-12.0.x
  • 686dd88 Fix #10805 zero dynamic table (#11445) (#11452)
  • 1bba3cd Merge pull request #11455 from jetty/fix/12.0.x/webinfconfig.unpack.protection
  • 97cb50e Improve Error messages for Ambiguous URIs (#11457)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
olamy commented 8 months ago

@dependabot rebase