basilapi / basil

Building Apis SImpLy from sparql endpoints
http://basil.kmi.open.ac.uk
24 stars 5 forks source link

Bump org.eclipse.jetty.version from 9.4.35.v20201120 to 11.0.1 in /parent #89

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 3 years ago

Bumps org.eclipse.jetty.version from 9.4.35.v20201120 to 11.0.1. Updates jetty-server from 9.4.35.v20201120 to 11.0.1

Release notes

Sourced from jetty-server's releases.

11.0.1

Changelog

  • This release addresses and resolves CVE-2020-27223
  • #5993 - Change more modules to glassfish-jstl
  • #5941 - Use jakarta.servlet.jsp.jstl version 2 implementation from Eclipse Glassfish
  • #5901 - Starting Jetty with JPMS produces warnings about Servlet resources not found
  • #5761 - Remove unneeded dependencies from apache-jsp module
  • #5759 - Update jakarta transaction, mail and injection apis
  • #5752 - Fix Servlet 5 Schema redirects

11.0.0

Eclipse Jetty 11.x Highlights

  • Jetty 11.x has a minimum Java requirement of Java 11.
  • Jetty 11.x modules are proper JPMS modules with module-info.class.
  • Jetty 11.x supports the following technology specs (from the Jakarta EE 9 effort):
    • jakarta.servlet - 5.0.0
    • jakarta.servlet.jsp - 3.0.0
    • jakarta.servlet.jsp.jstl - 2.0.0
    • jakarta.el - 4.0.0
    • jakarta.websocket - 2.0.0
  • Jetty 11.x is the first major version of Jetty to support the jakarta.servlet namespace.
    Use Jetty 10.x for the older (now outdated) javax.servlet namespace.

Important Changes

  • Classic jetty logging facade has been replaced with slf4j-api usage
  • There is no longer a jetty-distribution, use jetty-home with a proper ${jetty.base} instead.
    See: Operations Guide: Architecture
    • New demo jetty-start module exists to replace the old demo-base functionality.
  • Remove jetty-all uber artifact
  • Managing Configuration within a WebAppContext has a new API.
    (They are now self ordering and do not require knowledge of Jetty internals to use successfully)
  • Complete WebSocket refactoring, those using the Jetty APIs or embedded-jetty will need to update their code.
    • Support for WebSocket over HTTP/2 (client and server)
  • Jetty HttpClient has been improved.
    • Supports dynamic protocol upgrade (http/2 and http/1.1).
  • Session management has been refactored as well.

Changelog

  • #5715 - Fix problems caused by upgrade to jstl version.
  • #5701 - Bump jakarta.servlet.jsp-api from 3.0.0-M1 to 3.0.0
  • #5700 - Bump jakarta.servlet.jsp.jstl-api from 2.0.0-RC1 to 2.0.0
  • #5626 - Bump maven-resources-plugin from 3.1.0 to 3.2.0
  • #5608 - Bump maven-project-info-reports-plugin from 3.0.0 to 3.1.1
  • #5585 - Bump jakarta.annotation-api from 2.0.0-RC1 to 2.0.0
  • #5550 - Bump maven-source-plugin from 3.0.1 to 3.2.1
  • #5549 - Bump hazelcast.version from 4.0.1 to 4.0.3

... (truncated)

Commits


Updates jetty-webapp from 9.4.35.v20201120 to 11.0.1

Release notes

Sourced from jetty-webapp's releases.

11.0.1

Changelog

  • This release addresses and resolves CVE-2020-27223
  • #5993 - Change more modules to glassfish-jstl
  • #5941 - Use jakarta.servlet.jsp.jstl version 2 implementation from Eclipse Glassfish
  • #5901 - Starting Jetty with JPMS produces warnings about Servlet resources not found
  • #5761 - Remove unneeded dependencies from apache-jsp module
  • #5759 - Update jakarta transaction, mail and injection apis
  • #5752 - Fix Servlet 5 Schema redirects

11.0.0

Eclipse Jetty 11.x Highlights

  • Jetty 11.x has a minimum Java requirement of Java 11.
  • Jetty 11.x modules are proper JPMS modules with module-info.class.
  • Jetty 11.x supports the following technology specs (from the Jakarta EE 9 effort):
    • jakarta.servlet - 5.0.0
    • jakarta.servlet.jsp - 3.0.0
    • jakarta.servlet.jsp.jstl - 2.0.0
    • jakarta.el - 4.0.0
    • jakarta.websocket - 2.0.0
  • Jetty 11.x is the first major version of Jetty to support the jakarta.servlet namespace.
    Use Jetty 10.x for the older (now outdated) javax.servlet namespace.

Important Changes

  • Classic jetty logging facade has been replaced with slf4j-api usage
  • There is no longer a jetty-distribution, use jetty-home with a proper ${jetty.base} instead.
    See: Operations Guide: Architecture
    • New demo jetty-start module exists to replace the old demo-base functionality.
  • Remove jetty-all uber artifact
  • Managing Configuration within a WebAppContext has a new API.
    (They are now self ordering and do not require knowledge of Jetty internals to use successfully)
  • Complete WebSocket refactoring, those using the Jetty APIs or embedded-jetty will need to update their code.
    • Support for WebSocket over HTTP/2 (client and server)
  • Jetty HttpClient has been improved.
    • Supports dynamic protocol upgrade (http/2 and http/1.1).
  • Session management has been refactored as well.

Changelog

  • #5715 - Fix problems caused by upgrade to jstl version.
  • #5701 - Bump jakarta.servlet.jsp-api from 3.0.0-M1 to 3.0.0
  • #5700 - Bump jakarta.servlet.jsp.jstl-api from 2.0.0-RC1 to 2.0.0
  • #5626 - Bump maven-resources-plugin from 3.1.0 to 3.2.0
  • #5608 - Bump maven-project-info-reports-plugin from 3.0.0 to 3.1.1
  • #5585 - Bump jakarta.annotation-api from 2.0.0-RC1 to 2.0.0
  • #5550 - Bump maven-source-plugin from 3.0.1 to 3.2.1
  • #5549 - Bump hazelcast.version from 4.0.1 to 4.0.3

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/basilapi/basil/network/alerts).
dependabot[bot] commented 2 years ago

Superseded by #98.