dependabot[bot] opened a new pull request, #443: URL: https://github.com/apache/maven-resolver/pull/443
Bumps [org.eclipse.jetty:jetty-bom](https://github.com/jetty/jetty.project) from 10.0.20 to 12.0.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jetty/jetty.project/releases">org.eclipse.jetty:jetty-bom's releases</a>.</em></p> <blockquote> <h2>12.0.7</h2> <h1>Special Thanks to the following Eclipse Jetty community members</h1> <ul> <li><a href="https://github.com/hboutemy"><code>@hboutemy</code></a> (Hervé Boutemy)</li> <li><a href="https://github.com/danishnawab"><code>@danishnawab</code></a> (Danish Nawab)</li> </ul> <h1>Changelog</h1> <ul> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11465">#11465</a> - HttpURI.toURI() sets userInfo to null</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11455">#11455</a> - Improve DEBUG during WebInfConfiguration.unpack</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11448">#11448</a> - UriCompliance.Violation ignored despite being set</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11443">#11443</a> - Fix NPE in HttpReceiverOverHTTP2.read() when the channel's stream is null</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11435">#11435</a> - Add suppressed failures in Callback failed</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11432">#11432</a> - Change default number of acceptor threads</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11426">#11426</a> - Experiment with ArrayByteBufferPool performance</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11424">#11424</a> - What is the <code>jetty.deploy.scanInterval</code> default? module, ini, code, and documentation do not agree.</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11414">#11414</a> - When producing URI/URL strings follow spec and produce lowercase schemes and drop default ports</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11410">#11410</a> - PathMappingsHandler does not start ResourceHandler properly</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11401">#11401</a> - Replace StringBuffer with StringBuilder</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11398">#11398</a> - WebSocket ClosedChannelException when demanding frames in onOpen</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11397">#11397</a> - Jetty 12: <code>ContextHandler.getTempDirectory()</code> does not respect the <code>Context.getTempDirectory()</code> contract</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11387">#11387</a> - Reintroduce MultiPartCompliance.LEGACY (not as default) too allow for parsing of non-compliant <code>multipart/form-data</code></li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11386">#11386</a> - Making FormFields get defaults from Context, not Request</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11383">#11383</a> - Added documentation about <code>SslHandshakeListener</code>.</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11377">#11377</a> - Jetty 12 fails to start WebApp Bundle with OSGi Boot bundle (or when packaged)</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11371">#11371</a> - Review ArrayByteBufferPool eviction</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11370">#11370</a> - IllegalStateException when last write fails</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11363">#11363</a> - ContentSourcePublisher throws from request</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11361">#11361</a> - Updates to UriCompliance.checkUriCompliance</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11360">#11360</a> - drop buildnumber:create already executed by jetty-util (<a href="https://github.com/hboutemy"><code>@hboutemy</code></a>)</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11356">#11356</a> - Allow ServerWebSocketContainer to be created without ContextHandler</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11353">#11353</a> - The default virtual thread executor should created named threads (<a href="https://github.com/danishnawab"><code>@danishnawab</code></a>)</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11310">#11310</a> - Uploading big multipart files via jetty 12.0.5 with spring boot 3.2.1 cause problems</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11279">#11279</a> - fix use of AliasCheckers with CombinedResource</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11278">#11278</a> - 500 response when trying to display symlinked directory</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/11270">#11270</a> - Windows 11 pro - problem launching Jetty with ${jetty.home}\etc\jetty-ee10-deploy.xml <!-- raw HTML omitted --></li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/10432">#10432</a> - Fix buffer leaks in FCGI and H3 <code>HttpClientIdleTimeoutTest</code></li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/8979">#8979</a> - Jetty 12 - HttpClientTransport network "modes"</li> <li><a href="https://redirect.github.com/jetty/jetty.project/issues/8887">#8887</a> - Jetty-12 client calls onDataAvailable with producing thread</li> </ul> <h2>12.0.6</h2> <h1>Security Updates</h1> <p>This release addresses:</p> <ul> <li>CVE-2024-22201 - HTTP/2 connection not closed after idle timeout when TCP congested</li> </ul> <h1>Special Thanks to the following Eclipse Jetty community members</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jetty/jetty.project/commit/c89aca8fd34083befd79f328a3b8b6ffff04347e"><code>c89aca8</code></a> Updating to version 12.0.7</li> <li><a href="https://github.com/jetty/jetty.project/commit/313def717c4c3f77311d209f1070a14723b0e690"><code>313def7</code></a> Issue <a href="https://redirect.github.com/jetty/jetty.project/issues/11463">#11463</a> Fix flaky session tests</li> <li><a href="https://github.com/jetty/jetty.project/commit/4155e7bc25f7d8f3cb0fee1294af1edf22d8c199"><code>4155e7b</code></a> Add suppressed failures in Callback failed (<a href="https://redirect.github.com/jetty/jetty.project/issues/11435">#11435</a>)</li> <li><a href="https://github.com/jetty/jetty.project/commit/56e05a973ffcb9af8247690d1195585892d2f876"><code>56e05a9</code></a> HttpURI toURI passes all info (<a href="https://redirect.github.com/jetty/jetty.project/issues/11468">#11468</a>)</li> <li><a href="https://github.com/jetty/jetty.project/commit/561b8da4dd961d5da82e508514946fc2b75f2c16"><code>561b8da</code></a> Changed CrossOriginHandler default to allow no origin and no credentials.</li> <li><a href="https://github.com/jetty/jetty.project/commit/4aeec060acbf2d654ea3d5f20ea1a8ad97dd7de3"><code>4aeec06</code></a> Fixing merge - removing double/nested hasViolations() check</li> <li><a href="https://github.com/jetty/jetty.project/commit/ee8823bd57a8fb4a876cccdefdba92c310b49ea6"><code>ee8823b</code></a> Merge remote-tracking branch 'origin/jetty-11.0.x' into jetty-12.0.x</li> <li><a href="https://github.com/jetty/jetty.project/commit/686dd88c3a03780641ed026207e86828c1c8f847"><code>686dd88</code></a> Fix <a href="https://redirect.github.com/jetty/jetty.project/issues/10805">#10805</a> zero dynamic table (<a href="https://redirect.github.com/jetty/jetty.project/issues/11445">#11445</a>) (<a href="https://redirect.github.com/jetty/jetty.project/issues/11452">#11452</a>)</li> <li><a href="https://github.com/jetty/jetty.project/commit/1bba3cd41ee8de6046526e5d5b5af4e51bc5e619"><code>1bba3cd</code></a> Merge pull request <a href="https://redirect.github.com/jetty/jetty.project/issues/11455">#11455</a> from jetty/fix/12.0.x/webinfconfig.unpack.protection</li> <li><a href="https://github.com/jetty/jetty.project/commit/97cb50ead9a8fff370ca21a7d948a3ea29068d68"><code>97cb50e</code></a> Improve Error messages for Ambiguous URIs (<a href="https://redirect.github.com/jetty/jetty.project/issues/11457">#11457</a>)</li> <li>Additional commits viewable in <a href="https://github.com/jetty/jetty.project/compare/jetty-10.0.20...jetty-12.0.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.eclipse.jetty:jetty-bom&package-manager=maven&previous-version=10.0.20&new-version=12.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org