Bump jetty-bom from 10.0.7 to 11.0.7

[dependabot]

Bumps jetty-bom from 10.0.7 to 11.0.7.

Release notes

Sourced from jetty-bom's releases.

11.0.7

Special Thanks to the following Eclipse Jetty community members

• @​frode-carlsen (Frode Carlsen)

Changelog

• #6406 - Jetty Jaspi module not compatible with Jakarta EE 9 (Jakarta Authentication) (@​frode-carlsen)

Dependency Updates

• #6788 - Bump conscrypt-openjdk-uber from 2.5.1 to 2.5.2
• #6750 - Bump openwebbeans.version from 2.0.20 to 2.0.23
• #6742 - Bump json-smart from 2.3 to 2.4.7
• #6725 - Bump gson from 2.8.6 to 2.8.8
• #6722 - Bump biz.aQute.bndlib from 5.2.0 to 5.3.0
• #6717 - Bump bouncycastle.version from 1.62 to 1.69
• #6712 - Bump jnr-unixsocket from 0.38.3 to 0.38.10
• #6711 - Bump google-cloud-datastore from 1.105.0 to 2.1.0
• #6705 - Bump hazelcast.version from 4.1 to 4.2.2
• #6679 - Update to Apache Jasper 10.0.10

11.0.6

Changelog

• This release resolves CVE-2021-34429
• #6473 - Improve alias checking in PathResource
• #6468 - Revert logic in Request.setMetaData & clear emptySegment on HttpUri.clear()
• #6464 - Wrong files/lib definitions in certain *-capture.mod files?
• #6447 - Deprecate support for UTF16 encoding in URIs
• #6426 - Update to spifly 1.3.3
• #6425 - Update to asm 9.1
• #6418 - Bad and/or missing Require-Capability for osgi.serviceloader
• #6410 - Ensure Jetty IO uses SocketAddress instead of InetSocketAddress
• #6407 - Malformed scheme logical expression check in WebSocket ClientUpgradeRequest
• #6394 - Review osgi manifests within Jetty 11
• #6376 - Cleanups for SslClientCertAuthenticator.
• #6375 - Always check XML Set elements with property attribute
• #6353 - Rename EWYK The AdaptiveExecutionStrategy

11.0.5

Changelog

• #6392 - Review accidental xml config changes
• #6379 - Reduce contention in all ByteBufferPool implementations
• #6354 - org.slfj dependency imports packages at 2.0
• #6329 - Regression on graceful shutdown default in Jetty 10
• #6302 - Treat empty path segments are ambiguous.
• #4772 - Jetty WebSocket API onMessage annotation does not support partial messages.

... (truncated)

Commits

• 389a358 Updating to version 11.0.7
• 8bcd404 Fixing release script
• abb7077 fix new module pom parent version
• e78951b Merge branch 'jetty-10.0.x' into jetty-11.0.x
• f8244fc Merged branch 'jetty-10.0.x' into 'jetty-11.0.x'.
• 4011f1e merge jetty-10.0.x (#6945)
• 0269117 Changed order of entries in module-info.java to be canonical
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[afs]

@dependabot ignore this major version

Jetty version 11 is the same as Jetty version 10 except that "javax" -> "jakarta" renaming.

Until Jena switches to "jakarta", we'll have to use version 10.

There is one dependency commons-fileupload I know that uses javax.servlet. That code does not update very often (last version 2018). But it is small and Fuseki only uses a part of it so we could adopt the code we need and change the package imports.

---

Update: Shiro has a dependency on javax.servlet.

[dependabot]

OK, I won't notify you about version 11.x.x again, unless you re-open this PR or update to a 11.x.x release yourself.

[dependabot]

OK, I won't notify you about version 11.x.x again, unless you re-open this PR or update to a 11.x.x release yourself.

[dependabot]

OK, I won't notify you about version 11.x.x again, unless you re-open this PR or update to a 11.x.x release yourself.

[dependabot]

OK, I won't notify you about version 11.x.x again, unless you re-open this PR or update to a 11.x.x release yourself.