Bump jetty.version from 10.0.15 to 10.0.16

[dependabot]

Bumps jetty.version from 10.0.15 to 10.0.16.
Updates org.eclipse.jetty:jetty-server from 10.0.15 to 10.0.16

Release notes

Sourced from org.eclipse.jetty:jetty-server's releases.

10.0.16

Security Updates

• This release provides a workaround for Security Advisory GHSA-58qw-p7qm-5rvh

Special Thanks to the following Eclipse Jetty community members

• @​strogiyotec (Almas Abdrazak)
• @​huisongma (huisongma)
• @​garydgregory (Gary Gregory)

Changelog

• #10397 - Iso88591StringBuilder.append seems to have a logic error
• #10388 - Jetty10 inetaccess mod started error
• #10329 - Various cleanups in HttpParser
• #10271 - jetty.sh does not stop jetty anymore
• #10211 - NPE in ArrayByteBufferPool.findOldestEntry()
• #10176 - cleanups of DateCache
• #10160 - Verify PROXY_AUTHENTICATION is sent to forward proxies
• #10145 - WritePendingException over HTTP/2 tunnel
• #10143 - Startup fails due to IllegalArgumentException: Comparison method violates its general contract
• #10135 - Websocket: Using PerMessageDeflateExtension and flush in batchMode send FLUSH_FRAME to client.
• #10105 - Document that Request objects are not reusable
• #10086 - Revisiting ProxyConfiguration.getProxies()
• #10066 - Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh workaround
• #9997 - No progress during Gzip Request Inflation results in bogus error
• #9947 - Cannot invoke "org.eclipse.jetty.io.ManagedSelector.getTotalKeys()" because "selector" is null (@​strogiyotec)
• #9938 - Bulletproof AbstractProxyServlet#destory() to make it easier to write (@​garydgregory)
• #9895 - A MessageTooLargeException doesn't close a WebSocket connection
• #9887 - Deprecate CGI Servlet
• #9798 - review and cleanup of HTTP/3 QPACK Integer and String encoding
• #9777 - CrossOriginFilter does not return Vary header on no-cors mode
• #9761 - H3: Fix racy read from stream-less channel
• #9749 - HTTP/2 improvements.
• #9741 - Review of websocket parser, improve testing & comments.
• #9728 - Fixes to QPACK configuration from SETTINGS frames.
• #9715 - deprecate PushSessionCacheFilter
• #9685 - Jetty doesn't set the date header on error responses
• #9682 - RetainableByteBuffer buffer release bug in WebSocket
• #9554 - Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to common location
• #9476 - onCompleteFailure called multiple times
• #8926 - HttpClient GZIPContentDecoder should remove Content-Length and Content-Encoding: gzip
• #8556 - ServletContext.getSessionTimeout() incorrectly throws IllegalStateException
• #8405 - Servlet 3.1 ReadListener.onAllDataRead() is called twice under h2 or h2c if the server doesn't respond within 30s
• #7091 - Add SOCKS5 support (@​huisongma)

Commits

• a2735a9 Updating to version 10.0.16
• 3a21a6f Fixing release-jetty.sh script
• 900f50f Issue #10271 - new jetty-home pid module (#10272)
• 38cea26 Merge pull request #10400 from eclipse/jetty-10.0.x-inetaccessHandler
• d6320c4 fix checkstyle violation
• 3aaf39d Fix #10397 CharsetStringBuilder end vs length (#10399)
• b89398d Issue #10388 - add DistributionTest for InetAccessHandler
• 764c817 Issue #10388 - fix InetAccessHandler module
• 0411e1f Removed unnecessary stale dependency on the javadoc artifact.
• 2ea646b Issue #10312 Remove cyclic dependencies between jetty-home and jetty-document...
• Additional commits viewable in compare view

Updates org.eclipse.jetty:jetty-webapp from 10.0.15 to 10.0.16

Release notes

Sourced from org.eclipse.jetty:jetty-webapp's releases.

10.0.16

Security Updates

• This release provides a workaround for Security Advisory GHSA-58qw-p7qm-5rvh

Special Thanks to the following Eclipse Jetty community members

• @​strogiyotec (Almas Abdrazak)
• @​huisongma (huisongma)
• @​garydgregory (Gary Gregory)

Changelog

• #10397 - Iso88591StringBuilder.append seems to have a logic error
• #10388 - Jetty10 inetaccess mod started error
• #10329 - Various cleanups in HttpParser
• #10271 - jetty.sh does not stop jetty anymore
• #10211 - NPE in ArrayByteBufferPool.findOldestEntry()
• #10176 - cleanups of DateCache
• #10160 - Verify PROXY_AUTHENTICATION is sent to forward proxies
• #10145 - WritePendingException over HTTP/2 tunnel
• #10143 - Startup fails due to IllegalArgumentException: Comparison method violates its general contract
• #10135 - Websocket: Using PerMessageDeflateExtension and flush in batchMode send FLUSH_FRAME to client.
• #10105 - Document that Request objects are not reusable
• #10086 - Revisiting ProxyConfiguration.getProxies()
• #10066 - Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh workaround
• #9997 - No progress during Gzip Request Inflation results in bogus error
• #9947 - Cannot invoke "org.eclipse.jetty.io.ManagedSelector.getTotalKeys()" because "selector" is null (@​strogiyotec)
• #9938 - Bulletproof AbstractProxyServlet#destory() to make it easier to write (@​garydgregory)
• #9895 - A MessageTooLargeException doesn't close a WebSocket connection
• #9887 - Deprecate CGI Servlet
• #9798 - review and cleanup of HTTP/3 QPACK Integer and String encoding
• #9777 - CrossOriginFilter does not return Vary header on no-cors mode
• #9761 - H3: Fix racy read from stream-less channel
• #9749 - HTTP/2 improvements.
• #9741 - Review of websocket parser, improve testing & comments.
• #9728 - Fixes to QPACK configuration from SETTINGS frames.
• #9715 - deprecate PushSessionCacheFilter
• #9685 - Jetty doesn't set the date header on error responses
• #9682 - RetainableByteBuffer buffer release bug in WebSocket
• #9554 - Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to common location
• #9476 - onCompleteFailure called multiple times
• #8926 - HttpClient GZIPContentDecoder should remove Content-Length and Content-Encoding: gzip
• #8556 - ServletContext.getSessionTimeout() incorrectly throws IllegalStateException
• #8405 - Servlet 3.1 ReadListener.onAllDataRead() is called twice under h2 or h2c if the server doesn't respond within 30s
• #7091 - Add SOCKS5 support (@​huisongma)

Commits

• a2735a9 Updating to version 10.0.16
• 3a21a6f Fixing release-jetty.sh script
• 900f50f Issue #10271 - new jetty-home pid module (#10272)
• 38cea26 Merge pull request #10400 from eclipse/jetty-10.0.x-inetaccessHandler
• d6320c4 fix checkstyle violation
• 3aaf39d Fix #10397 CharsetStringBuilder end vs length (#10399)
• b89398d Issue #10388 - add DistributionTest for InetAccessHandler
• 764c817 Issue #10388 - fix InetAccessHandler module
• 0411e1f Removed unnecessary stale dependency on the javadoc artifact.
• 2ea646b Issue #10312 Remove cyclic dependencies between jetty-home and jetty-document...
• Additional commits viewable in compare view

Updates org.eclipse.jetty:jetty-maven-plugin from 10.0.15 to 10.0.16

Release notes

Sourced from org.eclipse.jetty:jetty-maven-plugin's releases.

10.0.16

Security Updates

• This release provides a workaround for Security Advisory GHSA-58qw-p7qm-5rvh

Special Thanks to the following Eclipse Jetty community members

• @​strogiyotec (Almas Abdrazak)
• @​huisongma (huisongma)
• @​garydgregory (Gary Gregory)

Changelog

• #10397 - Iso88591StringBuilder.append seems to have a logic error
• #10388 - Jetty10 inetaccess mod started error
• #10329 - Various cleanups in HttpParser
• #10271 - jetty.sh does not stop jetty anymore
• #10211 - NPE in ArrayByteBufferPool.findOldestEntry()
• #10176 - cleanups of DateCache
• #10160 - Verify PROXY_AUTHENTICATION is sent to forward proxies
• #10145 - WritePendingException over HTTP/2 tunnel
• #10143 - Startup fails due to IllegalArgumentException: Comparison method violates its general contract
• #10135 - Websocket: Using PerMessageDeflateExtension and flush in batchMode send FLUSH_FRAME to client.
• #10105 - Document that Request objects are not reusable
• #10086 - Revisiting ProxyConfiguration.getProxies()
• #10066 - Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh workaround
• #9997 - No progress during Gzip Request Inflation results in bogus error
• #9947 - Cannot invoke "org.eclipse.jetty.io.ManagedSelector.getTotalKeys()" because "selector" is null (@​strogiyotec)
• #9938 - Bulletproof AbstractProxyServlet#destory() to make it easier to write (@​garydgregory)
• #9895 - A MessageTooLargeException doesn't close a WebSocket connection
• #9887 - Deprecate CGI Servlet
• #9798 - review and cleanup of HTTP/3 QPACK Integer and String encoding
• #9777 - CrossOriginFilter does not return Vary header on no-cors mode
• #9761 - H3: Fix racy read from stream-less channel
• #9749 - HTTP/2 improvements.
• #9741 - Review of websocket parser, improve testing & comments.
• #9728 - Fixes to QPACK configuration from SETTINGS frames.
• #9715 - deprecate PushSessionCacheFilter
• #9685 - Jetty doesn't set the date header on error responses
• #9682 - RetainableByteBuffer buffer release bug in WebSocket
• #9554 - Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to common location
• #9476 - onCompleteFailure called multiple times
• #8926 - HttpClient GZIPContentDecoder should remove Content-Length and Content-Encoding: gzip
• #8556 - ServletContext.getSessionTimeout() incorrectly throws IllegalStateException
• #8405 - Servlet 3.1 ReadListener.onAllDataRead() is called twice under h2 or h2c if the server doesn't respond within 30s
• #7091 - Add SOCKS5 support (@​huisongma)

Commits

• a2735a9 Updating to version 10.0.16
• 3a21a6f Fixing release-jetty.sh script
• 900f50f Issue #10271 - new jetty-home pid module (#10272)
• 38cea26 Merge pull request #10400 from eclipse/jetty-10.0.x-inetaccessHandler
• d6320c4 fix checkstyle violation
• 3aaf39d Fix #10397 CharsetStringBuilder end vs length (#10399)
• b89398d Issue #10388 - add DistributionTest for InetAccessHandler
• 764c817 Issue #10388 - fix InetAccessHandler module
• 0411e1f Removed unnecessary stale dependency on the javadoc artifact.
• 2ea646b Issue #10312 Remove cyclic dependencies between jetty-home and jetty-document...
• Additional commits viewable in compare view

Updates org.eclipse.jetty:jetty-jspc-maven-plugin from 10.0.15 to 10.0.16

Release notes

Sourced from org.eclipse.jetty:jetty-jspc-maven-plugin's releases.

10.0.16

Security Updates

• This release provides a workaround for Security Advisory GHSA-58qw-p7qm-5rvh

Special Thanks to the following Eclipse Jetty community members

• @​strogiyotec (Almas Abdrazak)
• @​huisongma (huisongma)
• @​garydgregory (Gary Gregory)

Changelog

• #10397 - Iso88591StringBuilder.append seems to have a logic error
• #10388 - Jetty10 inetaccess mod started error
• #10329 - Various cleanups in HttpParser
• #10271 - jetty.sh does not stop jetty anymore
• #10211 - NPE in ArrayByteBufferPool.findOldestEntry()
• #10176 - cleanups of DateCache
• #10160 - Verify PROXY_AUTHENTICATION is sent to forward proxies
• #10145 - WritePendingException over HTTP/2 tunnel
• #10143 - Startup fails due to IllegalArgumentException: Comparison method violates its general contract
• #10135 - Websocket: Using PerMessageDeflateExtension and flush in batchMode send FLUSH_FRAME to client.
• #10105 - Document that Request objects are not reusable
• #10086 - Revisiting ProxyConfiguration.getProxies()
• #10066 - Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh workaround
• #9997 - No progress during Gzip Request Inflation results in bogus error
• #9947 - Cannot invoke "org.eclipse.jetty.io.ManagedSelector.getTotalKeys()" because "selector" is null (@​strogiyotec)
• #9938 - Bulletproof AbstractProxyServlet#destory() to make it easier to write (@​garydgregory)
• #9895 - A MessageTooLargeException doesn't close a WebSocket connection
• #9887 - Deprecate CGI Servlet
• #9798 - review and cleanup of HTTP/3 QPACK Integer and String encoding
• #9777 - CrossOriginFilter does not return Vary header on no-cors mode
• #9761 - H3: Fix racy read from stream-less channel
• #9749 - HTTP/2 improvements.
• #9741 - Review of websocket parser, improve testing & comments.
• #9728 - Fixes to QPACK configuration from SETTINGS frames.
• #9715 - deprecate PushSessionCacheFilter
• #9685 - Jetty doesn't set the date header on error responses
• #9682 - RetainableByteBuffer buffer release bug in WebSocket
• #9554 - Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to common location
• #9476 - onCompleteFailure called multiple times
• #8926 - HttpClient GZIPContentDecoder should remove Content-Length and Content-Encoding: gzip
• #8556 - ServletContext.getSessionTimeout() incorrectly throws IllegalStateException
• #8405 - Servlet 3.1 ReadListener.onAllDataRead() is called twice under h2 or h2c if the server doesn't respond within 30s
• #7091 - Add SOCKS5 support (@​huisongma)

Commits

• a2735a9 Updating to version 10.0.16
• 3a21a6f Fixing release-jetty.sh script
• 900f50f Issue #10271 - new jetty-home pid module (#10272)
• 38cea26 Merge pull request #10400 from eclipse/jetty-10.0.x-inetaccessHandler
• d6320c4 fix checkstyle violation
• 3aaf39d Fix #10397 CharsetStringBuilder end vs length (#10399)
• b89398d Issue #10388 - add DistributionTest for InetAccessHandler
• 764c817 Issue #10388 - fix InetAccessHandler module
• 0411e1f Removed unnecessary stale dependency on the javadoc artifact.
• 2ea646b Issue #10312 Remove cyclic dependencies between jetty-home and jetty-document...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Merging #491 (4a84e8a) into master (78bd42e) will increase coverage by 0.00%.
The diff coverage is n/a.

❗ Current head 4a84e8a differs from pull request most recent head 2d8534d. Consider uploading reports for the commit 2d8534d to get more accurate results

@@           Coverage Diff           @@
##           master     #491   +/-   ##
=======================================
  Coverage   37.88%   37.89%           
=======================================
  Files        1501     1501           
  Lines      115027   115027           
  Branches    22584    22584           
=======================================
+ Hits        43574    43584   +10     
+ Misses      64304    64296    -8     
+ Partials     7149     7147    -2     

see 5 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more