Bump the prod-deps group with 13 updates

[dependabot]

Bumps the prod-deps group with 13 updates:

Package	From	To
com.fasterxml.jackson:jackson-bom	2.16.1	2.17.0
org.eclipse.jetty.ee10:jetty-ee10-bom	12.0.6	12.0.7
io.swagger.core.v3:swagger-jaxrs2-jakarta	2.2.20	2.2.21
io.swagger.core.v3:swagger-annotations-jakarta	2.2.20	2.2.21
io.swagger.core.v3:swagger-core-jakarta	2.2.20	2.2.21
io.swagger.core.v3:swagger-annotations-jakarta	2.2.20	2.2.21
io.swagger.core.v3:swagger-core-jakarta	2.2.20	2.2.21
ch.qos.logback:logback-classic	1.5.0	1.5.3
org.apache.zookeeper:zookeeper	3.9.1	3.9.2
com.graphql-java:graphql-java	21.3	21.4
com.unboundid:unboundid-ldapsdk	6.0.11	7.0.0
org.bitbucket.b_c:jose4j	0.9.5	0.9.6
org.apache.pdfbox:pdfbox	3.0.1	3.0.2
org.apache.maven.plugins:maven-compiler-plugin	3.12.1	3.13.0
org.sonarsource.scanner.maven:sonar-maven-plugin	3.10.0.2594	3.11.0.3922

Updates com.fasterxml.jackson:jackson-bom from 2.16.1 to 2.17.0

Commits

• 518dce9 [maven-release-plugin] prepare release jackson-bom-2.17.0
• 09f3f57 Prepare for 2.17.0 release
• e35f5af Update to 2.17 jackson-parent
• 8e000a1 Merge branch '2.16' into 2.17
• 78fc05f Back to snapshot deps
• 5cc2410 [maven-release-plugin] prepare for next development iteration
• c8ad938 [maven-release-plugin] prepare release jackson-bom-2.16.2
• 9f3a1c1 Prepare for 2.16.2 release
• 80aef2e Back to snapshot deps
• d465ba2 [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates org.eclipse.jetty.ee10:jetty-ee10-bom from 12.0.6 to 12.0.7

Release notes

Sourced from org.eclipse.jetty.ee10:jetty-ee10-bom's releases.

12.0.7

Special Thanks to the following Eclipse Jetty community members

• @​hboutemy (Hervé Boutemy)
• @​danishnawab (Danish Nawab)

Changelog

• #11465 - HttpURI.toURI() sets userInfo to null
• #11455 - Improve DEBUG during WebInfConfiguration.unpack
• #11448 - UriCompliance.Violation ignored despite being set
• #11443 - Fix NPE in HttpReceiverOverHTTP2.read() when the channel's stream is null
• #11435 - Add suppressed failures in Callback failed
• #11432 - Change default number of acceptor threads
• #11426 - Experiment with ArrayByteBufferPool performance
• #11424 - What is the jetty.deploy.scanInterval default? module, ini, code, and documentation do not agree.
• #11414 - When producing URI/URL strings follow spec and produce lowercase schemes and drop default ports
• #11410 - PathMappingsHandler does not start ResourceHandler properly
• #11401 - Replace StringBuffer with StringBuilder
• #11398 - WebSocket ClosedChannelException when demanding frames in onOpen
• #11397 - Jetty 12: ContextHandler.getTempDirectory() does not respect the Context.getTempDirectory() contract
• #11387 - Reintroduce MultiPartCompliance.LEGACY (not as default) too allow for parsing of non-compliant multipart/form-data
• #11386 - Making FormFields get defaults from Context, not Request
• #11383 - Added documentation about SslHandshakeListener.
• #11377 - Jetty 12 fails to start WebApp Bundle with OSGi Boot bundle (or when packaged)
• #11371 - Review ArrayByteBufferPool eviction
• #11370 - IllegalStateException when last write fails
• #11363 - ContentSourcePublisher throws from request
• #11361 - Updates to UriCompliance.checkUriCompliance
• #11360 - drop buildnumber:create already executed by jetty-util (@​hboutemy)
• #11356 - Allow ServerWebSocketContainer to be created without ContextHandler
• #11353 - The default virtual thread executor should created named threads (@​danishnawab)
• #11310 - Uploading big multipart files via jetty 12.0.5 with spring boot 3.2.1 cause problems
• #11279 - fix use of AliasCheckers with CombinedResource
• #11278 - 500 response when trying to display symlinked directory
• #11270 - Windows 11 pro - problem launching Jetty with ${jetty.home}\etc\jetty-ee10-deploy.xml
• #10432 - Fix buffer leaks in FCGI and H3 HttpClientIdleTimeoutTest
• #8979 - Jetty 12 - HttpClientTransport network "modes"
• #8887 - Jetty-12 client calls onDataAvailable with producing thread

Commits

• c89aca8 Updating to version 12.0.7
• 313def7 Issue #11463 Fix flaky session tests
• 4155e7b Add suppressed failures in Callback failed (#11435)
• 56e05a9 HttpURI toURI passes all info (#11468)
• 561b8da Changed CrossOriginHandler default to allow no origin and no credentials.
• 4aeec06 Fixing merge - removing double/nested hasViolations() check
• ee8823b Merge remote-tracking branch 'origin/jetty-11.0.x' into jetty-12.0.x
• 686dd88 Fix #10805 zero dynamic table (#11445) (#11452)
• 1bba3cd Merge pull request #11455 from jetty/fix/12.0.x/webinfconfig.unpack.protection
• 97cb50e Improve Error messages for Ambiguous URIs (#11457)
• Additional commits viewable in compare view

Updates io.swagger.core.v3:swagger-jaxrs2-jakarta from 2.2.20 to 2.2.21

Updates io.swagger.core.v3:swagger-annotations-jakarta from 2.2.20 to 2.2.21

Updates io.swagger.core.v3:swagger-core-jakarta from 2.2.20 to 2.2.21

Updates io.swagger.core.v3:swagger-annotations-jakarta from 2.2.20 to 2.2.21

Updates io.swagger.core.v3:swagger-core-jakarta from 2.2.20 to 2.2.21

Updates ch.qos.logback:logback-classic from 1.5.0 to 1.5.3

Commits

• f2d8a1a prepare release 1.5.3
• 99ccca7 fix Bump jetty-bom from 10.0.0 to 11.0.6 #785
• df7c7c5 prepare work on 1.5.3-SNAPSHOT
• baf5d70 prepare release 1.5.2
• 6998e81 add NoAutoStartUtil.shouldBeStarted method
• 40bc1c2 export tyler related packages
• 0094ba3 start work on 1.5.2-SNAPSHOT
• 88fd31c prepare release 1.5.1
• 231e9bd more internal changes and refactorings
• 8f3a304 more fine tuning of propertyModelHandler and co
• Additional commits viewable in compare view

Updates org.apache.zookeeper:zookeeper from 3.9.1 to 3.9.2

Updates com.graphql-java:graphql-java from 21.3 to 21.4

Release notes

Sourced from com.graphql-java:graphql-java's releases.

21.4

This is a special release to help control introspection queries.

This release adds a default check for introspection queries, to check that they are sensible. This feature is a backport of graphql-java/graphql-java#3526 and graphql-java/graphql-java#3527.

This release also adds an optional maximum result nodes limit, which is a backport of graphql-java/graphql-java#3525.

What's Changed

• 21.x Backport PR 3526 and PR 3527 by @​dondonz in graphql-java/graphql-java#3529
• 21.x backport 3525 max result nodes by @​dondonz in graphql-java/graphql-java#3528

Full Changelog: graphql-java/graphql-java@v21.3...v21.4

Commits

• 5876cc8 Merge pull request #3538 from graphql-java/21.x-pull-in-21.3-commits
• a79bebf Merge commit '42efd9b23ef9ae7ba862d9affefe04a03a9b99cb' into 21.x-pull-in-21....
• ddc53be Merge pull request #3528 from graphql-java/21.x-backport-3525-max-result-nodes
• 990ee73 Merge pull request #3529 from graphql-java/21.x-backport-3526-disable-introsp...
• bfd6478 Fix hanging test - must return completed ExecutionResult, not null
• 81b41b0 Fix typo
• 498f1eb Cherry pick GoodFaithIntrospection #3527
• f1c4069 Backport PR 3526 with minor adjustments
• fc5d4e5 Add cherry pick of PR 3525 and minor adjustments
• See full diff in compare view

Updates com.unboundid:unboundid-ldapsdk from 6.0.11 to 7.0.0

Release notes

Sourced from com.unboundid:unboundid-ldapsdk's releases.

UnboundID LDAP SDK for Java 7.0.0

We have just released version 7.0.0 of the UnboundID LDAP SDK for Java. It is available for download from GitHub and SourceForge, and it is available in the Maven Central Repository. You can find the release notes for this release (and all previous versions) at https://docs.ldap.com/ldap-sdk/docs/release-notes.html, but here’s a summary of the changes:

• The LDAP SDK now requires Java 8 or later. Java 7 is no longer supported.

• We improved the behavior of LDAP connection pools when they are configured to invoke a health check when checking out a connection from the pool. Previously, if a connection was found to be invalid during checkout, the LDAP SDK would create a new connection to replace it, but would continue iterating through other connections in the pool trying to find an existing valid connection. It will now return the newly created connection immediately without checking other existing connections, which can substantially reduce the time to check out a connection in a scenario where many connections have been invalidated (e.g., by a server shutdown).

• We added a new compare-ldap-schemas command-line tool that can be used to identify differences between the schemas of two LDAP servers.

• We improved the behavior that the LDAP SDK uses when authenticating with the GSSAPI SASL mechanism. Previously, if you didn’t explicitly provide a JAAS configuration file to use for the attempt, the LDAP SDK would create a new one for each bind attempt. This would create a lot of temporary files that would need to be cleaned up when the JVM exited, and they might not get cleaned up properly if they JVM exits abnormally (e.g., it’s killed or if the JVM crashes). It would also require a small amount of additional memory for each bind attempt, since it has to remember another file to be deleted. Now, the LDAP SDK will be able to reuse the same generated configuration file for all GSSAPI bind requests that use the same JAAS settings, which will slightly improve performance, reduce memory usage, and reduce disk space consumption.

• We added experimental client-side support for the relax rules support as defined in draft-zeilenga-ldap-relax-03. This draft doesn’t specify an OID for the control, but at least a couple of servers (OpenLDAP and ForgeRock OpenDJ) have implemented support for the control with an OID of 1.3.6.1.4.1.4203.666.5.12, so the LDAP SDK uses that OID for the control.

• We added client-side support for a number of proprietary controls used by the ForgeRock OpenDJ directory server. These include:

  • A transaction ID request control, which can be included in an operation request to provide a transaction ID that will appear in the access log message for that operation.
  • A replication repair request control, which can be included in a write request to indicate that the associated change should not be replicated.
  • Change sequence number request and response controls, which can be used with a write operation to obtain the replication CSN that the server assigned to that operation.
  • Affinity request control, which can be included in related requests sent through an LDAP proxy server to consistently route them to the same LDAP server instance.

• We added connection pool health checks for use in conjunction with the Ping Identity Directory Server, including:

  • One that will attempt to determine whether there are any active alerts in the server that cause it to consider itself to be either degraded or unavailable.
  • One that will assess the replication backlog and can consider a server unavailable if it has too many outstanding changes, or if the oldest outstanding change was originally processed too long ago.
  • One that will attempt to determine whether the server is in lockdown mode.

• We updated the CryptoHelper class to add convenience methods for generating SHA-256, SHA-384, and SHA-512 digests from byte arrays, strings, and files. There are also generic versions of these methods that can be used with user-specified digest algorithms.

• We added methods for normalizing JSON values and JSON object filters. This can help make it possible to compare two JSON object filters to determine whether two JSON object filters are equivalent.

• We updated the BouncyCastleFIPSHelper class to add a constant with the name of a system property that can be used to enable support for the MD5 digest algorithm, which may be needed if you’re using the 1.0.2.4 or later version of the bc-fips jar file and need to use the MD5 message digest for some reason.

• We updated the documentation to include new and updated versions of a number of LDAP-related Internet Drafts, including:

  • draft-ietf-kitten-scram-2fa-04
  • draft-melnikov-scram-bis-04
  • draft-melnikov-scram-sha-512-04
  • draft-melnikov-scram-sha3-512-04
  • draft-coretta-oiddir-radit-00
  • draft-coretta-oiddir-radsa-00
  • draft-coretta-oiddir-radua-00
  • draft-coretta-oiddir-roadmap-00
  • draft-coretta-oiddir-schema-01

Changelog

Sourced from com.unboundid:unboundid-ldapsdk's changelog.

          <div align="right">

${TARGET="offline"} LDAP SDK Home Page ${TARGET="offline"} Product Information

          <h2>Release Notes</h2>
      &lt;h3&gt;Version 7.0.1&lt;/h3&gt;
  &amp;lt;p&amp;gt;
    The following changes were made between the 7.0.0 and 7.0.1 releases:
  &amp;lt;/p&amp;gt;

  &amp;lt;ul&amp;gt;
    &amp;lt;li&amp;gt;
      Added a new LDAP connection pool health check that can be used to replace
      connections that have remained idle for longer than a specified length of time.
      This is primarily useful in cases where the associated directory servers (or
      intermediate networking equipment) may terminate connections that have remained
      idle for too long.  Note that in connection pools that may contain connections
      across multiple servers, you should probably set a maximum connection age for the
      pool rather than using this health check, as this will better allow the pool to
      return to a balanced state more quickly after a failure has caused connections to
      migrate away from one or more servers.  Also note that health checks that attempt
      to actually communicate with the associated server over LDAP may be preferred
      over this health check because not only will they do a better job of ensuring
      that connections are actually usable, but the communication that they perform
      will also prevent the connections from being seen as idle.
      &amp;lt;br&amp;gt;&amp;lt;br&amp;gt;
    &amp;lt;/li&amp;gt;
  &amp;lt;/ul&amp;gt;

  &amp;lt;p&amp;gt;&amp;lt;/p&amp;gt;



  &amp;lt;h3&amp;gt;Version 7.0.0&amp;lt;/h3&amp;gt;

  &amp;lt;p&amp;gt;
    The following changes were made between the 6.0.11 and 7.0.0 releases:
  &amp;lt;/p&amp;gt;

  &amp;lt;ul&amp;gt;
    &amp;lt;li&amp;gt;
      Updated the LDAP SDK to require Java SE 8 or later.  As of the 7.0.0 release,
      Java 7 is no longer supported.
      &amp;lt;br&amp;gt;&amp;lt;br&amp;gt;
    &amp;lt;/li&amp;gt;

... (truncated)

Commits

• 323ff4f Add JSON-related normalization methods
• 05ca9f5 Documentation updates for LDAP-related specs
• 2b2d1dc Add an OID for a new alert type
• d09a561 Add a property for enabling MD5 in BC FIPS mode
• 98ce42f Add a replication backlog health check
• faeb1a7 Update the replica monitor entry
• 8dfccb7 Add a lockdown mode health check
• 0f1893c Add an active alerts health check
• 08d3cb2 Update to getting pooled conn on HC failure
• 62aa718 Add a compare-ldap-schemas tool
• Additional commits viewable in compare view

Updates org.bitbucket.b_c:jose4j from 0.9.5 to 0.9.6

Commits

• 996b337 [maven-release-plugin] prepare for next development iteration
• a3a21a6 discontinue use wrapper class constructors that are deprecated for removal (t...
• 19a90a6 Safeguard against excessive resource utilization by restricting the size of d...
• 46f3a2a [maven-release-plugin] prepare release jose4j-0.9.6
• See full diff in compare view

Updates org.apache.pdfbox:pdfbox from 3.0.1 to 3.0.2

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.13.0

🚀 New features and improvements

• [MCOMPILER-574] - Propagate cause of exception in AbstractCompilerMojo (#232) @​slawekjaranowski
• [MCOMPILER-582] - Automatic detection of release option for JDK < 9 (#228) @​slawekjaranowski
• [MCOMPILER-583] - Require Maven 3.6.3 (#229) @​slawekjaranowski
• [MCOMPILER-577] - Rename parameter "forceJavacCompilerUse" (#225) @​kwin
• [MCOMPILER-570] - Add links to javac documentation of JDK17 (#224) @​kwin
• [MCOMPILER-576] - Deprecate parameter "compilerVersion" (#223) @​kwin

📦 Dependency updates

• [MCOMPILER-575] - Bump plexusCompilerVersion from 2.14.2 to 2.15.0 (#227) @​dependabot
• Bump apache/maven-gh-actions-shared from 3 to 4 (#226) @​dependabot

📝 Documentation updates

• [MCOMPILER-548] - JDK 21 throws annotations processing warning that can not be turned off (#200) @​hgschmie

👻 Maintenance

• [MCOMPILER-584] - Refresh page - Using Non-Javac Compilers (#231) @​slawekjaranowski
• [MCOMPILER-585] - Refresh plugins versions in ITs (#230) @​slawekjaranowski
• subject verb agreement (#221) @​elharo

Commits

• a1415aa [maven-release-plugin] prepare release maven-compiler-plugin-3.13.0
• b2b9196 [MCOMPILER-574] Propagate cause of exception in AbstractCompilerMojo
• 6d2ce5a [MCOMPILER-584] Refresh page - Using Non-Javac Compilers
• eebad60 [MCOMPILER-585] Refresh plugins versions in ITs
• ceacf68 [MCOMPILER-582] Automatic detection of release option for JDK < 9
• 110293f [MCOMPILER-583] Require Maven 3.6.3
• 90131df [MCOMPILER-575] Bump plexusCompilerVersion from 2.14.2 to 2.15.0 (#227)
• 74cfc72 [MCOMPILER-548] JDK 21 throws annotations processing warning that can not be ...
• f85aa27 Bump apache/maven-gh-actions-shared from 3 to 4
• d59ef49 extract Maven 3.3.1 specific method call
• Additional commits viewable in compare view

Updates org.sonarsource.scanner.maven:sonar-maven-plugin from 3.10.0.2594 to 3.11.0.3922

Release notes

Sourced from org.sonarsource.scanner.maven:sonar-maven-plugin's releases.

3.11.0.3922

Release notes - Sonar Scanner for Maven - 3.11

Bug

MSONAR-205 Undesired behaviour when sonar.projectKey is specified in root pom or as user property

Documentation

MSONAR-203 Update license headers

Task

MSONAR-208 Migrate tests to JUnit 5

Improvement

MSONAR-202 Improve logging : log information about Maven options, Java version and the OS

MSONAR-204 "SonarQube version" is not displayed when communicating with SonarCloud

MSONAR-207 The scanner for Maven collects files outside of conventional sonar.sources

Commits

• 250195e Upgrade release action to version 5.2.1 (#208)
• f25764d MSONAR-205 Remove sonar.projectKey for submodules
• 9059ca0 Fix quality flaw: refactor "findMavenProject" method
• bce0bd0 MSONAR-211 Remove compatibility with old SQ modules( > 7.6 ) in ITs (#205)
• 495d1c9 MSONAR-202 Improve logging with information about Maven options, Java versio...
• b637acd MSONAR-212 Fix performance regression in our ITs with [LATEST_RELEASE] & [DE...
• 4b86947 MSONAR-204 "SonarQube version" shouldn't be displayed when communicating with...
• dd4f9cd MSONAR-208 Add junit-jupiter-api to enable the execution of tests from Intell...
• 0faeade MSONAR-209 Bump maven-invoker-plugin to the latest version 3.6.0 (#198)
• f2ab7c9 MSONAR-208 Migrate tests to JUnit 5 (#197)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions