Bump jetty-io from 9.4.11.v20180605 to 9.4.40.v20210413 in /webdriver-tests

[dependabot]

Bumps jetty-io from 9.4.11.v20180605 to 9.4.40.v20210413.

Release notes

Sourced from jetty-io's releases.

9.4.40.v20210413

Notable Bug Fixes

Users of GzipHandler should upgrade. (#6168) Users of SSL/TLS on the jetty-server or jetty-client should upgrade. (#6082)

Changelog

• #6168 - Improve handling of unconsumed content
• #6148 - Jetty start.jar always reports jetty.tag.version as master
• #6105 - HttpConnection.getBytesIn() incorrect for requests with chunked content
• #6082 - SslConnection compacting

9.4.39.v20210325

Changelog

⚠️ Important Security related Changes

• CVE-2021-28165 - #6072 - jetty server high CPU when client send data length > 17408
• CVE-2021-28164 - #6101 - Normalize ambiguous URIs
• CVE-2021-28163 - #6102 - Exclude webapps directory from deployment scan

Other Changes

• #6034 - SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present
• #6050 - Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer
• #6052 - Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to work on Android
• #6063 - Allow override of hazelcast version when using module
• #6085 - Jetty keeps Sessions in use after "Duplicate valid session cookies" Message

9.4.38.v20210224

Changelog

• #6001 - Ambiguous URI legacy compliance mode
• #5999 - HttpURI ArrayIndexOutOfBounds
• #5994 - QueuedThreadPool "free" threads
• #5977 - Cache-Control header set by a filter is override by the value from DefaultServlet configuration

9.4.37.v20210219

Changelog

• This release addresses and resolves CVE-2020-27223
• #5979 - Configurable gzip Etag extension
• #5977 - Cache-Control header set by a filter is override by the value from DefaultServlet configuration
• #5976 - Adding requested Rewrite Rule to force request header values
• #5973 - Proxy client TLS authentication example
• #5963 - Improve QuotedQualityCSV
• #5950 - Deadlock due to logging inside classloaders
• #5937 - Unnecessary blocking in ResourceService

... (truncated)

Commits

• b881a57 Updating to version 9.4.40.v20210413
• fe359ac Fixes #6168 - Improve handling of unconsumed content
• 57d0bae Issue #5684 Reduce intensity and rename SameNodeLoadTest (#6143)
• 23c45c0 Merge pull request #6149 from eclipse/jetty-9.4.x-start-tag-name
• 19a1b0c Issue #6148 - introduce jetty.build to show git sha for build
• 8715600 Issue #6148 - update jetty.tag.version behavior
• aed20ab Fixes #6105 - HttpConnection.getBytesIn() incorrect for requests with… (#6108)
• 58538c9 Fix #6082 Reduce SSL buffer compaction (#6083)
• 941d7fb Improve testing for temp directories (#5483)
• 45c6599 Merge pull request #6134 from eclipse/jetty-9.4.x-version-cve-update
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.