antville/helma
antville/helma
1
1
Fork 0
Code Issues 5 Pull requests 5 Projects Releases 5 Activity Actions

build(deps): bump jetty-servlet from 9.4.27.v20200227 to 9.4.50.v20221201 #52

Merged
dependabot[bot] merged 1 commit from dependabot/gradle/org.eclipse.jetty-jetty-servlet-9.4.50.v20221201 into helma-🐜 2023-05-19 13:29:31 +00:00
Conversation 0 Commits 1 Files changed 1 +1 -1
dependabot[bot] commented 2022-12-08 09:04:44 +00:00 (Migrated from github.com)
Copy link

Bumps jetty-servlet from 9.4.27.v20200227 to 9.4.50.v20221201.

Release notes

Sourced from jetty-servlet's releases.

9.4.49.v20220914

End of Life Notice

Changelog

  • #8578 - getRequestURL can append "null" if getRequestURI is unspecified in an authority-form request-target
  • #8493 - Review HTTP client feature setRemoveIdleDestinations

Dependencies

  • #8253 - Bump google-cloud-datastore to 2.9.1
  • #8233 - Bump jna to 5.12.1
  • #8242 - Bump mariadb-java-client to 3.0.6
  • #8238 - Bump maven-enforcer-plugin to 3.1.0
  • #8230 - Bump maven.version to 3.8.6
  • #8246 - Bump org.eclipse.osgi to 3.18.0
  • #8245 - Bump testcontainers.version to 1.17.3

9.4.48.v20220622

End of Life Notice

Critical Fix

  • #8184 - All suffix globs except first fail to match if path has . character in prefix section

9.4.47.v20220610

Fixed Security Advisories

Important

Changelog

  • #8145 - RegexPathSpec backport of optional group name/info lookup if regex fails
  • #8088 - Add option to configure exitVm on ShutdownMonitor from System properties
  • #8067 - Wall time usage in DoSFilter RateTracker results in false positive alert
  • #8014 - Review HttpRequest URI construction (Resolves CVE-2022-2047)
  • #7976 - Add TRANSFER_ENCODING violation for MultiPart RFC7578 parser.
  • #7947 - Improved PathSpec handling for servletName & pathInfo
  • #7935 - Review HTTP/2 error handling (Resolves CVE-2022-2048)
  • #7918 - PathMappings.asPathSpec does not allow root ServletPathSpec
  • #7863 - Default servlet drops first accept-encoding header if there is more than one.

... (truncated)

Commits
  • da9a0b3 Updating to version 9.4.50.v20221201
  • f9914c8 Merge pull request #8987 from eclipse/dependabot/maven/jetty-9.4.x/org.apache...
  • 13319cb Merge pull request #8989 from eclipse/dependabot/maven/jetty-9.4.x/org.spring...
  • 5617585 Bump spring-beans from 5.3.23 to 5.3.24
  • d16613b Bump maven-dependency-plugin from 3.3.0 to 3.4.0
  • 20facec Merge pull request #8961 from eclipse/dependabot/maven/jetty-9.4.x/com.github...
  • f7acd13 Merge pull request #8971 from eclipse/fix/jetty-9.4.x/dependabot-rollup-nov28
  • c70016d Merge pull request #8951 from eclipse/dependabot/maven/jetty-9.4.x/org.infini...
  • 2e9c715 Merge pull request #8949 from eclipse/dependabot/maven/jetty-9.4.x/testcontai...
  • bc48eb2 Merge remote-tracking branch 'origin/dependabot/maven/jetty-9.4.x/org.apache....
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
Bumps [jetty-servlet](https://github.com/eclipse/jetty.project) from 9.4.27.v20200227 to 9.4.50.v20221201. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/eclipse/jetty.project/releases">jetty-servlet's releases</a>.</em></p> <blockquote> <h2>9.4.49.v20220914</h2> <h1>End of Life Notice</h1> <ul> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/7958">eclipse/jetty.project#7958</a> - Jetty 9.4.x is now at End of Community Support. (See issue for details)</li> </ul> <h1>Changelog</h1> <ul> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8578">#8578</a> - <code>getRequestURL</code> can append &quot;null&quot; if <code>getRequestURI</code> is unspecified in an authority-form request-target</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8493">#8493</a> - Review HTTP client feature <code>setRemoveIdleDestinations</code></li> </ul> <h1>Dependencies</h1> <ul> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8253">#8253</a> - Bump google-cloud-datastore to 2.9.1</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8233">#8233</a> - Bump jna to 5.12.1</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8242">#8242</a> - Bump mariadb-java-client to 3.0.6</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8238">#8238</a> - Bump maven-enforcer-plugin to 3.1.0</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8230">#8230</a> - Bump maven.version to 3.8.6</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8246">#8246</a> - Bump org.eclipse.osgi to 3.18.0</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8245">#8245</a> - Bump testcontainers.version to 1.17.3</li> </ul> <h2>9.4.48.v20220622</h2> <h1>End of Life Notice</h1> <ul> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/7958">eclipse/jetty.project#7958</a> - Jetty 9.4.x is now at End of Community Support. (See issue for details)</li> </ul> <h1>Critical Fix</h1> <ul> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8184">#8184</a> - All suffix globs except first fail to match if path has <code>.</code> character in prefix section</li> </ul> <h2>9.4.47.v20220610</h2> <h1>Fixed Security Advisories</h1> <ul> <li>(CVE-2022-2047) - <a href="https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q">https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q</a> - Invalid URI parsing may produce invalid HttpURI.authority</li> <li>(CVE-2022-2048) - <a href="https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j">https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j</a> - Invalid HTTP/2 requests can lead to denial of service</li> </ul> <h1>Important</h1> <ul> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/7958">eclipse/jetty.project#7958</a> - Jetty 9.4.x is now at End of Community Support. (See issue for details)</li> </ul> <h1>Changelog</h1> <ul> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8145">#8145</a> - RegexPathSpec backport of optional group name/info lookup if regex fails</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8088">#8088</a> - Add option to configure exitVm on ShutdownMonitor from System properties</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8067">#8067</a> - Wall time usage in DoSFilter RateTracker results in false positive alert</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8014">#8014</a> - Review HttpRequest URI construction (Resolves CVE-2022-2047)</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/7976">#7976</a> - Add TRANSFER_ENCODING violation for MultiPart RFC7578 parser.</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/7947">#7947</a> - Improved PathSpec handling for servletName &amp; pathInfo</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/7935">#7935</a> - Review HTTP/2 error handling (Resolves CVE-2022-2048)</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/7918">#7918</a> - PathMappings.asPathSpec does not allow root ServletPathSpec</li> <li><a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/7863">#7863</a> - Default servlet drops first accept-encoding header if there is more than one.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/eclipse/jetty.project/commit/da9a0b30691a45daf90a9f17b5defa2f1434f882"><code>da9a0b3</code></a> Updating to version 9.4.50.v20221201</li> <li><a href="https://github.com/eclipse/jetty.project/commit/f9914c8c56d0688bd38cdee35413378921340fdd"><code>f9914c8</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8987">#8987</a> from eclipse/dependabot/maven/jetty-9.4.x/org.apache...</li> <li><a href="https://github.com/eclipse/jetty.project/commit/13319cb64b624de5d140682dccc54f2d24f95453"><code>13319cb</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8989">#8989</a> from eclipse/dependabot/maven/jetty-9.4.x/org.spring...</li> <li><a href="https://github.com/eclipse/jetty.project/commit/5617585133a4a0778408dab3a6565e065b3ae5bc"><code>5617585</code></a> Bump spring-beans from 5.3.23 to 5.3.24</li> <li><a href="https://github.com/eclipse/jetty.project/commit/d16613b6ca224a29c4eded43ac3c3e16dc90b950"><code>d16613b</code></a> Bump maven-dependency-plugin from 3.3.0 to 3.4.0</li> <li><a href="https://github.com/eclipse/jetty.project/commit/20facec5e26c550788af6eef6326284aae24a285"><code>20facec</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8961">#8961</a> from eclipse/dependabot/maven/jetty-9.4.x/com.github...</li> <li><a href="https://github.com/eclipse/jetty.project/commit/f7acd137826c5447e236507fc799d149394e62ca"><code>f7acd13</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8971">#8971</a> from eclipse/fix/jetty-9.4.x/dependabot-rollup-nov28</li> <li><a href="https://github.com/eclipse/jetty.project/commit/c70016d68951f2edba4cc7afdf9839c1fe12a49b"><code>c70016d</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8951">#8951</a> from eclipse/dependabot/maven/jetty-9.4.x/org.infini...</li> <li><a href="https://github.com/eclipse/jetty.project/commit/2e9c7152e080b1422eb31b61f591df9a8667d6c5"><code>2e9c715</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/eclipse/jetty.project/issues/8949">#8949</a> from eclipse/dependabot/maven/jetty-9.4.x/testcontai...</li> <li><a href="https://github.com/eclipse/jetty.project/commit/bc48eb224fd69d93d4d0ff8da65d42ed147b60e4"><code>bc48eb2</code></a> Merge remote-tracking branch 'origin/dependabot/maven/jetty-9.4.x/org.apache....</li> <li>Additional commits viewable in <a href="https://github.com/eclipse/jetty.project/compare/jetty-9.4.27.v20200227...jetty-9.4.50.v20221201">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.eclipse.jetty:jetty-servlet&package-manager=gradle&previous-version=9.4.27.v20200227&new-version=9.4.50.v20221201)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
blocker

   
core

   
dependency

Pull request that updates a dependency file

  
major

   
needs-work

   
runtime

   
security

   
urgent
No labels
blocker
core
dependency
major
needs-work
runtime
security
urgent
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: antville/helma#52
No description provided.
Delete branch "dependabot/gradle/org.eclipse.jetty-jetty-servlet-9.4.50.v20221201"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?