Bump subversion from 2.8 to 2.15.4

[dependabot[bot]]

Bumps subversion from 2.8 to 2.15.4.

Release notes

Sourced from subversion's releases.

2.15.4

⚡ Security fix

• SECURITY-2617 - Stored XSS vulnerability
• SECURITY-2075 - CSRF vulnerability

2.15.3

No changes. Released due to broken subversion-2.15.2-tests.jar and missing subversion-2.15.2-tests.jar in the previous release.

2.15.2

👻 Maintenance

• Drop dependency on Commons Codec (#266) @​basil
• EOL JSR 305 (#269) @​basil
• chore: Prepare for sunset icon removal from core (#268) @​NotMyFault

2.15.1

⚡ Security fix

• SECURITY-2506 - Path traversal vulnerability in Subversion Plugin allows reading arbitrary files

2.15.0

🚀 New features and improvements

• JENKINS-66777 - Add SubversionSCMSource repository browser support (#263) @​didiez
• JENKINS-41850 - Add SubversionSCMSource workspaceUpdater support (#265) @​didiez

📝 Documentation updates

• JENKINS-65132 - Fix example script for notifyCommit in README.md (#253) @​mhuijgen

👻 Maintenance

• Stop using deprecated Util#join (#261) @​basil
• Simplify tests with "config round-trip" pattern (#264) @​didiez

2.14.5

🐛 Bug fixes

• JENKINS-38204 - Fixes repeated same "Tag this build" links added to builds (also JENKINS-35176). (#262) @​didiez

👻 Maintenance

• Stop setting useAntClassLoader which nothing consumes (#260) @​basil

2.14.4

🚀 New features and improvements

• Remove Digester dep (#259) @​jglick

... (truncated)

Changelog

Sourced from subversion's changelog.

Old Changelog

For newer versions, see GitHub releases.

Version 2.12.1 (Sep 20, 2018)

• JENKINS-48420 Allow disabling lightweight checkout capability for Subversion with the property -Djenkins.scm.impl.subversion.SubversionSCMFileSystem.disable=<true/false>

Version 2.12.0 (Sep 17, 2018)

• JENKINS-48420 Provide lightweight checkout capability for Subversion
• JENKINS-53325 Use trilead classes from Jenkins core
• JENKINS-53615 Attempt to (de-)serialize anonymous class hudson.scm.SubversionWorkspaceSelector$1

Version 2.11.1 (Jul 11, 2018)

• svnkit to 1.9.3
• JENKINS-50327 Update to 2.10.4 causes NullPointerException in HTTPDigestAuthentication.createDigest

Version 2.11 (Jun 11, 2018)

• JENKINS-51817 NPE throw in RemotableSVNErrorMessage due to wrong usage of C'tors

Version 2.10.6 (May 17, 2018)

• JENKINS-45801 Fetching changes fails with SVNAuthenticationException due many svn:externals
• JENKINS-49219 Get 'credentials <none> in realm' after svn update
• JENKINS-36451 Repository Browser URL not saved in Project Pipeline Configuration
•  JENKINS-50287 Make as-it-is checkout only files initally
•  java 8 required for presence of lambdas 
•  svnkit to 1.9.2
•  JENKINS-30176 Add

... (truncated)

Commits

• d980b18 [maven-release-plugin] prepare release subversion-2.15.4
• 882a7d3 [SECURITY-2075] [SECURITY-2076] [SECURITY-2698]
• eeae3e7 [maven-release-plugin] prepare for next development iteration
• b4cb33a [maven-release-plugin] prepare release subversion-2.15.3
• b916dac [maven-release-plugin] prepare for next development iteration
• dbee31a [maven-release-plugin] prepare release subversion-2.15.2
• 716bce5 Merge pull request #266 from basil/commons-codec
• bbe3633 Merge pull request #269 from basil/jsr305
• 181704e Merge pull request #268 from NotMyFault/chore/master/prep-for-icon-removal-fr...
• 63b28a6 EOL JSR 305
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jenkinsci/cucumber-living-documentation-plugin/network/alerts).