[bot] Merge 23.10 to develop (Conflicts)

build.gradle

@@ -157,7 +157,7 @@ allprojects {
                     maven {
                         // Mondrian dependencies are available via this repository. It's a direct dependency of the Query
                         // module but is declared here as many modules depend on Query and therefore need it as well.
-                    	url "https://repo.orl.eng.hitachivantara.com/artifactory/pnt-mvn"
+                        url "https://repo.orl.eng.hitachivantara.com/artifactory/pnt-mvn"
                         content {
                             includeGroup "pentaho"
                             includeGroup "org.pentaho"

gradle.properties

@@ -103,7 +103,7 @@ apacheDirectoryVersion=2.1.3
 apacheMinaVersion=2.2.1
 
 # Keep in sync with springBootTomcatVersion below
-apacheTomcatVersion=9.0.80
+apacheTomcatVersion=9.0.82
 
 # (mothership) -> json-path -> json-smart -> accessor-smart
 # (core) -> graalvm
@@ -222,7 +222,7 @@ jodaTimeVersion=2.8.1
 # brought in transitively from guava and other google packages. Need to resolve consistently
 jsr305Version=3.0.2
 
-orgJsonVersion=20230618
+orgJsonVersion=20231013
 
 jsoupVersion=1.16.1
 
@@ -243,7 +243,7 @@ mysqlDriverVersion=8.1.0
 mssqlJdbcVersion=12.4.1.jre11
 
 # forced compatibility between docker and UserReg-WS
-nettyVersion=4.1.94.Final
+nettyVersion=4.1.100.Final
 
 objenesisVersion=1.0
 
@@ -285,7 +285,7 @@ snappyJavaVersion=1.1.10.5
 springBootVersion=2.7.16
 # This MUST match the Tomcat version dictated by springBootVersion
 # Also, keep this in sync with apacheTomcatVersion above
-springBootTomcatVersion=9.0.80
+springBootTomcatVersion=9.0.82
 
 springVersion=5.3.30
 

server/embedded/build.gradle

@@ -31,7 +31,34 @@ dependencies {
     implementation "org.springframework.boot:spring-boot-starter-web:${springBootVersion}"
     implementation "org.springframework.boot:spring-boot-starter-actuator:${springBootVersion}"
     implementation "org.springframework.boot:spring-boot-starter-validation:${springBootVersion}"
-
+
+    // Force to the latest Tomcat version until Spring Boot 2.7.17 is released and we can adopt it
+    implementation('org.apache.tomcat.embed:tomcat-embed-core') {
+        version {
+            strictly "${springBootTomcatVersion}"
+        }
+    }
+    implementation('org.apache.tomcat.embed:tomcat-embed-el') {
+        version {
+            strictly "${springBootTomcatVersion}"
+        }
+    }
+    implementation('org.apache.tomcat.embed:tomcat-embed-websocket') {
+        version {
+            strictly "${springBootTomcatVersion}"
+        }
+    }
+    implementation('org.apache.tomcat:tomcat-annotations-api') {
+        version {
+            strictly "${springBootTomcatVersion}"
+        }
+    }
+    implementation('org.apache.tomcat:tomcat-jsp-api') {
+        version {
+            strictly "${springBootTomcatVersion}"
+        }
+    }
+
     // This is a transitive dependency from spring-boot-starter that we're forcing to pick up CVE hotfixes. We're not
     // vulnerable since we're not accepting untrusted Spring Boot config files, but this cleans up the reporting.
     // At some point Spring Boot should update its preferred version and we can yank this