Bump the dependencies group with 10 updates

[dependabot]

Bumps the dependencies group with 10 updates:

Package	From	To
org.apache.commons:commons-dbcp2	2.9.0	2.10.0
org.eclipse.jetty:jetty-servlet	10.0.15	10.0.16
org.keycloak:keycloak-servlet-filter-adapter	22.0.1	22.0.3
org.liquibase:liquibase-core	4.23.1	4.23.2
org.slf4j:jul-to-slf4j	2.0.7	2.0.9
org.slf4j:slf4j-api	2.0.7	2.0.9
org.testcontainers:junit-jupiter	1.18.3	1.19.0
org.testcontainers:postgresql	1.18.3	1.19.0
com.diffplug.spotless:spotless-maven-plugin	2.38.0	2.39.0
org.apache.maven.plugins:maven-javadoc-plugin	3.5.0	3.6.0

Updates org.apache.commons:commons-dbcp2 from 2.9.0 to 2.10.0

Updates org.eclipse.jetty:jetty-servlet from 10.0.15 to 10.0.16

Release notes

Sourced from org.eclipse.jetty:jetty-servlet's releases.

10.0.16

Security Updates

This release addresses:

• GHSA-58qw-p7qm-5rvh - provides a workaround for direct users of XmlParser
• CVE-2023-40167
• CVE-2023-36479
• CVE-2023-41900

Special Thanks to the following Eclipse Jetty community members

• @​strogiyotec (Almas Abdrazak)
• @​huisongma (huisongma)
• @​garydgregory (Gary Gregory)

Changelog

• #10397 - Iso88591StringBuilder.append seems to have a logic error
• #10388 - Jetty10 inetaccess mod started error
• #10352 - Jetty accepts "+" prefixed value in Content-Length (CVE-2023-40167)
• #10329 - Various cleanups in HttpParser
• #10271 - jetty.sh does not stop jetty anymore
• #10211 - NPE in ArrayByteBufferPool.findOldestEntry()
• #10176 - cleanups of DateCache
• #10160 - Verify PROXY_AUTHENTICATION is sent to forward proxies
• #10145 - WritePendingException over HTTP/2 tunnel
• #10143 - Startup fails due to IllegalArgumentException: Comparison method violates its general contract
• #10135 - Websocket: Using PerMessageDeflateExtension and flush in batchMode send FLUSH_FRAME to client.
• #10105 - Document that Request objects are not reusable
• #10086 - Revisiting ProxyConfiguration.getProxies()
• #10066 - Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - Allows for GHSA-58qw-p7qm-5rvh workaround
• #9997 - No progress during Gzip Request Inflation results in bogus error
• #9947 - Cannot invoke "org.eclipse.jetty.io.ManagedSelector.getTotalKeys()" because "selector" is null (@​strogiyotec)
• #9938 - Bulletproof AbstractProxyServlet#destory() to make it easier to write (@​garydgregory)
• #9895 - A MessageTooLargeException doesn't close a WebSocket connection
• #9887 - Deprecate CGI Servlet (CVE-2023-36479)
• #9798 - review and cleanup of HTTP/3 QPACK Integer and String encoding
• #9777 - CrossOriginFilter does not return Vary header on no-cors mode
• #9761 - H3: Fix racy read from stream-less channel
• #9749 - HTTP/2 improvements.
• #9741 - Review of websocket parser, improve testing & comments.
• #9728 - Fixes to QPACK configuration from SETTINGS frames.
• #9715 - deprecate PushSessionCacheFilter
• #9685 - Jetty doesn't set the date header on error responses
• #9682 - RetainableByteBuffer buffer release bug in WebSocket
• #9554 - Move (qpack/hpack) HuffmanDecoder / HuffmanEncoder / NBitInteger* to common location
• #9476 - onCompleteFailure called multiple times
• #8926 - HttpClient GZIPContentDecoder should remove Content-Length and Content-Encoding: gzip
• #8556 - ServletContext.getSessionTimeout() incorrectly throws IllegalStateException

... (truncated)

Commits

• a2735a9 Updating to version 10.0.16
• 3a21a6f Fixing release-jetty.sh script
• 900f50f Issue #10271 - new jetty-home pid module (#10272)
• 38cea26 Merge pull request #10400 from eclipse/jetty-10.0.x-inetaccessHandler
• d6320c4 fix checkstyle violation
• 3aaf39d Fix #10397 CharsetStringBuilder end vs length (#10399)
• b89398d Issue #10388 - add DistributionTest for InetAccessHandler
• 764c817 Issue #10388 - fix InetAccessHandler module
• 0411e1f Removed unnecessary stale dependency on the javadoc artifact.
• 2ea646b Issue #10312 Remove cyclic dependencies between jetty-home and jetty-document...
• Additional commits viewable in compare view

Updates org.keycloak:keycloak-servlet-filter-adapter from 22.0.1 to 22.0.3

Updates org.liquibase:liquibase-core from 4.23.1 to 4.23.2

Release notes

Sourced from org.liquibase:liquibase-core's releases.

Liquibase v4.23.2

Liquibase 4.23.2 is a patch release.

🐛 Bug Fixes 🛠

• (#4870) Tweaked exception message for invalid formatted SQL file @​wwillard7800
• (#4874) DAT-15857 - Fix for checksum upgrade in runWith change sets @​wwillard7800

Changelog

Sourced from org.liquibase:liquibase-core's changelog.

Liquibase 4.23.2 is a patch release

Bug Fixes

• (#4870) Tweaked exception message for invalid formatted SQL file @​wwillard7800
• (#4874) DAT-15857 - Fix for checksum upgrade in runWith change sets @​wwillard7800

Changes in version 4.23.1 (2023.08.09)

Commits

• ae4f651 Merge pull request #4887 from liquibase/4-23-2-release_notes
• 843f116 Release notes for 4.23.2
• b3fb003 Tweaked exception message for invalid formatted SQL file (#4870)
• 727c540 DAT-15857 - Fix for checksum upgrade in runWith change sets (#4874)
• acfe8ed reset master to 4.23.1 (d9a4a92750653a4dacafbabe41a004a3188717b5) (#4873)
• ad6517d Implement showSummaryOutput parameter (#4574)
• 4e3a2d6 Improve update summary usability (#4395)
• cb05bea Handle XML data types for DB2 DAT-12878 (#4827)
• c294bcf More consistent message when included file is empty DAT-15551 (#4812)
• 95ee61d Remove duplicated arguments (DAT-15461) (#4713)
• Additional commits viewable in compare view

Updates org.slf4j:jul-to-slf4j from 2.0.7 to 2.0.9

Updates org.slf4j:slf4j-api from 2.0.7 to 2.0.9

Updates org.testcontainers:junit-jupiter from 1.18.3 to 1.19.0

Release notes

Sourced from org.testcontainers:junit-jupiter's releases.

1.19.0

Testcontainers for Java 1.19.0

Core

• Add support for compose v2 with ComposeContainer (#5608) @​eddumelendez
• Allow command execution with custom user (#7311) @​megglos
• Add Wait.forListeningPorts(ports) (#7402) @​eddumelendez
• Enable Ryuk as a privileged container by default (#7319) @​eddumelendez
• Use SelinuxContext.SHARED by default (#7187) @​jeroen-vd-nl
• Add interface to customize CreateContainerCmd (#7421) @​eddumelendez

Modules

ClickHouse

• Add new ClickHouseContainer implementation (#7403) @​eddumelendez

Elasticsearch

• Disable default geoip database downloading (#7247) @​lhotari
• Disable default disk threshold check (#7245) @​lhotari

DB2

• Support icr.io/db2_community/db2 as a compatible image (#7397) @​eddumelendez

GCloud

• Add BigQueryEmulatorContainer (#7324) @​eddumelendez
• Expose getProjectId in DatastoreEmulatorContainer (#7328) @​eddumelendez
• Support String image in Bigtable, Firestore, PubSub, Spanner (#7327) @​eddumelendez

JUnit Jupiter

• Fix call to stop containers when using @Testcontainers(parallel = true) (#7394) @​eddumelendez

Kafka

• Allow to register additional listeners (#7333) @​eddumelendez

See https://java.testcontainers.org/modules/kafka/

MS SQL Server

• Fix MSSQL's default username (#7238) @​Eng-Fouad

QuestDB

• Add questdb as a database provider (#7244) @​eddumelendez

... (truncated)

Commits

• 15dcb62 Fix test
• d9519f9 Add interface to customize CreateContainerCmd (#7421)
• 6e81732 Replace R2DBC Host by docker host ip address (#7431)
• 06b9155 Add "new badge" in header (#7426)
• 7b69ca0 Update docker-java version to 3.3.3 (#7423)
• f4856a0 Rename forListeningPort(int... port) to forListeningPorts(int... ports) (#7425)
• f1b0b07 Add javadoc for supported images (#7422)
• 7fe978e Cleanup CODEOWNERS
• 5e88c3d Add tests using TCC (#7415)
• f5471c8 Improve RedpandaContainer (#7320)
• Additional commits viewable in compare view

Updates org.testcontainers:postgresql from 1.18.3 to 1.19.0

Release notes

Sourced from org.testcontainers:postgresql's releases.

1.19.0

Testcontainers for Java 1.19.0

Core

• Add support for compose v2 with ComposeContainer (#5608) @​eddumelendez
• Allow command execution with custom user (#7311) @​megglos
• Add Wait.forListeningPorts(ports) (#7402) @​eddumelendez
• Enable Ryuk as a privileged container by default (#7319) @​eddumelendez
• Use SelinuxContext.SHARED by default (#7187) @​jeroen-vd-nl
• Add interface to customize CreateContainerCmd (#7421) @​eddumelendez

Modules

ClickHouse

• Add new ClickHouseContainer implementation (#7403) @​eddumelendez

Elasticsearch

• Disable default geoip database downloading (#7247) @​lhotari
• Disable default disk threshold check (#7245) @​lhotari

DB2

• Support icr.io/db2_community/db2 as a compatible image (#7397) @​eddumelendez

GCloud

• Add BigQueryEmulatorContainer (#7324) @​eddumelendez
• Expose getProjectId in DatastoreEmulatorContainer (#7328) @​eddumelendez
• Support String image in Bigtable, Firestore, PubSub, Spanner (#7327) @​eddumelendez

JUnit Jupiter

• Fix call to stop containers when using @Testcontainers(parallel = true) (#7394) @​eddumelendez

Kafka

• Allow to register additional listeners (#7333) @​eddumelendez

See https://java.testcontainers.org/modules/kafka/

MS SQL Server

• Fix MSSQL's default username (#7238) @​Eng-Fouad

QuestDB

• Add questdb as a database provider (#7244) @​eddumelendez

... (truncated)

Commits

• 15dcb62 Fix test
• d9519f9 Add interface to customize CreateContainerCmd (#7421)
• 6e81732 Replace R2DBC Host by docker host ip address (#7431)
• 06b9155 Add "new badge" in header (#7426)
• 7b69ca0 Update docker-java version to 3.3.3 (#7423)
• f4856a0 Rename forListeningPort(int... port) to forListeningPorts(int... ports) (#7425)
• f1b0b07 Add javadoc for supported images (#7422)
• 7fe978e Cleanup CODEOWNERS
• 5e88c3d Add tests using TCC (#7415)
• f5471c8 Improve RedpandaContainer (#7320)
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 2.38.0 to 2.39.0

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

[2.39.0] - 2023-05-24

Added

• Jvm.Support now accepts -SNAPSHOT versions, treated as the non-SNAPSHOT. (#1583)
• Support Rome as a formatter for JavaScript and TypeScript code. Adds a new rome step to javascript and typescript formatter configurations. (#1663)
• Add semantics-aware Java import ordering (i.e. sort by package, then class, then member). (#522)

Fixed

• Fixed a regression which changed the import sorting order in googleJavaFormat introduced in 2.38.0. (#1680)
• Equo-based formatters now work on platforms unsupported by Eclipse such as PowerPC (fixes durian-swt#20)
• When P2 download fails, indicate the responsible formatter. (#1698)

Changes

• Equo-based formatters now download metadata to ~/.m2/repository/dev/equo/p2-data rather than ~/.equo, and for CI machines without a home directory the p2 data goes to $GRADLE_USER_HOME/caches/p2-data. (#1714)
• Bump default googleJavaFormat version to latest 1.16.0 -> 1.17.0. (#1710)
• Bump default ktfmt version to latest 0.43 -> 0.44. (#1691)
• Bump default ktlint version to latest 0.48.2 -> 0.49.1. (#1696)
  • Dropped support for ktlint 0.46.x following our policy of supporting two breaking changes at a time.
• Bump default sortpom version to latest 3.0.0 -> 3.2.1. (#1675)

Commits

• 0d19de7 Published lib/2.39.0
• 6e058a2 Bump solstice and durian-swt to latest (#1714)
• d4c55ac Bump changelogs.
• 2574fb6 Merge branch 'main' into feat/bump-solstice
• 357274a Bump default ktfmt 0.43 -> 0.44 (#1691)
• a9fde3e Fix the broken parts of the test.
• 973f285 Why is KtfmtStepTest disabled?
• d88928a Update changelogs.
• 38a6d6f Merge branch 'main' into renovate/com.facebook-ktfmt-0.x
• 152c937 Bump default gjf 1.16.0 -> 1.17.0 (#1710)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.5.0 to 3.6.0

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.6.0

🚀 New features and improvements

• [MJAVADOC-642] - Make offline mode configurable (#238) @​hgschmie
• [MJAVADOC-642] - Make offline mode configurable (#232) @​hgschmie
• [MJAVADOC-770] - Implement legacy mode for Java 9+ (#228) @​hgschmie
• [MJAVADOC-743] - Drop deprecated mojo parameter (#185) @​cstamas

🐛 Bug Fixes

• [MJAVADOC-742] - Fix resolution of docletArtifacts (#186) @​cstamas
• [MJAVADOC-758] - correct exception in JavadocUtil (#230) @​hgschmie
• [MJAVADOC-769] - fix for transitive filename based modules (#227) @​hgschmie
• [MJAVADOC-767] - javadoc creates invalid --patch-module statements (#225) @​hgschmie
• [MJAVADOC-763] - remove test that doesn't test what it claims (#219) @​elharo
• [MJAVADOC-757] - fix Javadoc warnings (#212) @​elharo
• Fix UmlGraph link in site example (#198) @​ParkerM

📦 Dependency updates

• [JAVADOC-771] - Upgrade Parent to 40 (#234) @​hgschmie
• Bump org.apache.maven:maven-core from 3.6.0 to 3.8.1 in /src/it/projects/MJAVADOC-568_manifest-splitpackage/mojo (#226) @​dependabot
• Bump com.google.guava:guava from 31.1-jre to 32.0.0-jre in /src/it/projects/MJAVADOC-769 (#229) @​dependabot
• [MJAVADOC-766] - Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0 (#222) @​dependabot
• Bump hamcrest-core from 1.3 to 2.2 (#221) @​dependabot
• Bump guava from 27.0.1-jre to 32.0.0-jre in /src/it/projects/MJAVADOC-555_link-automatic-modules (#207) @​dependabot
• Bump javax.servlet-api from 3.1.0 to 4.0.1 (test dependency) (#220) @​dependabot
• [MJAVADOC-761] - commons-io 2.13.0 (#215) @​elharo
• Bump plexus-utils from 3.5.0 to 3.5.1 (#201) @​dependabot
• Bump mockito-core from 4.4.0 to 4.11.0 (#196) @​dependabot

👻 Maintenance

• fix jenkins link (#237) @​hgschmie
• Fix build on jenkins (#236) @​slawekjaranowski
• [MJAVADOC-772] - Refresh download page (#235) @​slawekjaranowski
• Use 3.6.0 as release version (#233) @​hgschmie
• Remove superflous whitespace from PR template (#231) @​hgschmie
• Bump jetty from 9.4.50.v20221201 to 9.4.51.v20230217 (#224) @​slachiewicz
• [MJAVADOC-765] - Fix build with Java 20 (#223) @​slachiewicz
• [MJAVADOC-760] - declare test dependencies (#217) @​elharo
• [MJAVADOC-760] - explicitly declare shared utility dependencies (#216) @​elharo
• remove unused private method (#213) @​elharo
• replace plexus with maven shared utils (#211) @​elharo
• [MJAVADOC-755] - replace IOUtil.close with try with resources (#209) @​elharo
• [MJAVADOC-755] - Use java.lang.String instead of StringUtils (#208) @​elharo
• [MNG-6829] - Replace StringUtils#isEmpty(String) and #isNotEmpty(String) (#205) @​timtebeek
• Bump mockito-core from 4.4.0 to 4.11.0 (#196) @​dependabot
• [MNG-6825] - Replace Maven shared StringUtils with Commons Lang3 (#199) @​timtebeek

... (truncated)

Commits

• 7548066 [maven-release-plugin] prepare release maven-javadoc-plugin-3.6.0
• 77adc47 [MJAVADOC-642] Make offline mode configurable (#238)
• 24362d2 [MJAVADOC-742] Fix resolution of docletArtifacts (#186)
• bee4197 fix jenkins link (#237)
• 9830bdc Fix build on jenkins
• 6f30bed [MJAVADOC-642] Make offline mode configurable (#232)
• e4023d0 [JAVADOC-771] Upgrade Parent to 40 (#234)
• 7904e45 [MJAVADOC-772] Refresh download page
• 87c2424 Bump org.apache.maven:maven-core (#226)
• 83ab01b Use 3.6.0 as release version (#233)
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
org.eclipse.jetty:jetty-servlet	[>= 11.a, < 12]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.