Bump org.eclipse.jetty:jetty-bom from 9.4.51.v20230217 to 12.0.7

[dependabot]

Bumps org.eclipse.jetty:jetty-bom from 9.4.51.v20230217 to 12.0.7.

Release notes

Sourced from org.eclipse.jetty:jetty-bom's releases.

12.0.7

Special Thanks to the following Eclipse Jetty community members

• @​hboutemy (Hervé Boutemy)
• @​danishnawab (Danish Nawab)

Changelog

• #11465 - HttpURI.toURI() sets userInfo to null
• #11455 - Improve DEBUG during WebInfConfiguration.unpack
• #11448 - UriCompliance.Violation ignored despite being set
• #11443 - Fix NPE in HttpReceiverOverHTTP2.read() when the channel's stream is null
• #11435 - Add suppressed failures in Callback failed
• #11432 - Change default number of acceptor threads
• #11426 - Experiment with ArrayByteBufferPool performance
• #11424 - What is the jetty.deploy.scanInterval default? module, ini, code, and documentation do not agree.
• #11414 - When producing URI/URL strings follow spec and produce lowercase schemes and drop default ports
• #11410 - PathMappingsHandler does not start ResourceHandler properly
• #11401 - Replace StringBuffer with StringBuilder
• #11398 - WebSocket ClosedChannelException when demanding frames in onOpen
• #11397 - Jetty 12: ContextHandler.getTempDirectory() does not respect the Context.getTempDirectory() contract
• #11387 - Reintroduce MultiPartCompliance.LEGACY (not as default) too allow for parsing of non-compliant multipart/form-data
• #11386 - Making FormFields get defaults from Context, not Request
• #11383 - Added documentation about SslHandshakeListener.
• #11377 - Jetty 12 fails to start WebApp Bundle with OSGi Boot bundle (or when packaged)
• #11371 - Review ArrayByteBufferPool eviction
• #11370 - IllegalStateException when last write fails
• #11363 - ContentSourcePublisher throws from request
• #11361 - Updates to UriCompliance.checkUriCompliance
• #11360 - drop buildnumber:create already executed by jetty-util (@​hboutemy)
• #11356 - Allow ServerWebSocketContainer to be created without ContextHandler
• #11353 - The default virtual thread executor should created named threads (@​danishnawab)
• #11310 - Uploading big multipart files via jetty 12.0.5 with spring boot 3.2.1 cause problems
• #11279 - fix use of AliasCheckers with CombinedResource
• #11278 - 500 response when trying to display symlinked directory
• #11270 - Windows 11 pro - problem launching Jetty with ${jetty.home}\etc\jetty-ee10-deploy.xml
• #10432 - Fix buffer leaks in FCGI and H3 HttpClientIdleTimeoutTest
• #8979 - Jetty 12 - HttpClientTransport network "modes"
• #8887 - Jetty-12 client calls onDataAvailable with producing thread

12.0.6

Security Updates

This release addresses:

• CVE-2024-22201 - HTTP/2 connection not closed after idle timeout when TCP congested

Special Thanks to the following Eclipse Jetty community members

... (truncated)

Commits

• c89aca8 Updating to version 12.0.7
• 313def7 Issue #11463 Fix flaky session tests
• 4155e7b Add suppressed failures in Callback failed (#11435)
• 56e05a9 HttpURI toURI passes all info (#11468)
• 561b8da Changed CrossOriginHandler default to allow no origin and no credentials.
• 4aeec06 Fixing merge - removing double/nested hasViolations() check
• ee8823b Merge remote-tracking branch 'origin/jetty-11.0.x' into jetty-12.0.x
• 686dd88 Fix #10805 zero dynamic table (#11445) (#11452)
• 1bba3cd Merge pull request #11455 from jetty/fix/12.0.x/webinfconfig.unpack.protection
• 97cb50e Improve Error messages for Ambiguous URIs (#11457)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[dependabot]

Superseded by #2029.