Bump jetty-io from 9.4.19.v20190610 to 10.0.2 in /backend

[dependabot[bot]]

Bumps jetty-io from 9.4.19.v20190610 to 10.0.2.

Release notes

Sourced from jetty-io's releases.

10.0.2

Changelog

:warning: Important Security related Changes

• CVE-2021-28165 - #6072 - jetty server high CPU when client send data length > 17408
• CVE-2021-28164 - #6101 - Normalize ambiguous URIs
• CVE-2021-28163 - #6102 - Exclude webapps directory from deployment scan

Other Changes

• #4275 - Path Normalization/Traversal - Context Matching
• #5828 - Allow to create a WebSocketContainer passing HttpClient
• #5832 - Ctrl-C after jetty:run produces NoClassDefFoundError
• #5977 - Cache-Control header set by a filter is override by the value from DefaultServlet configuration
• #5994 - QueuedThreadPool "free" threads
• #5996 - ERROR : No module found to provide logback-impl for logback-access{enabled}
• #5999 - HttpURI ArrayIndexOutOfBounds
• #6001 - Ambiguous URI legacy compliance mode
• #6008 - Allow absolute paths to be provided in start.ini for request log directory.
• #6011 - OSGi Cannot start Jetty with osgi.boot - Configurations add wrong method taken
• #6020 - Review Jetty Maven Plugin scanning defaults
• #6021 - Standardize Path resolution in XmlConfiguration
• #6024 - Error starting jetty-10: Provider org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not found
• #6026 - the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG
• #6034 - SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present
• #6037 - Review logging modules for j.u.l.
• #6050 - Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer
• #6063 - Allow override of hazelcast version when using module
• #6076 - Embedded Jetty throws null pointer exception
• #6082 - SslConnection compacting
• #6085 - Jetty keeps Sessions in use after "Duplicate valid session cookies" Message

10.0.1

Special Thanks to the following Eclipse Jetty community members

• @​mmadoo (Nicolas)

Changelog

• This release addresses and resolves CVE-2020-27223
• #5966 - jetty-home should not have a webapps/ directory
• #5962 - Fix SampleStatistic.toString: mean dispay the max (@​mmadoo)
• #5959 - Unify the handling of ServletContainerInitializers
• #5939 - Use unwrapped exception as exception type for error handling
• #5937 - Unnecessary blocking in ResourceService
• #5933 - ClientCertAuthenticator is not taking account SslContext configuration
• #5926 - Implementation of HttpServletRequest.upgrade
• #5902 - Grab Jetty startup output in documentation
• #5901 - Starting Jetty with JPMS produces warnings about Servlet resources not found

... (truncated)

Commits

• 7bd207b Updating to version 10.0.2
• d27363f back to 10.0.2-SNAPSHOT
• 2d360b1 Reverted VERSION.txt changes for dropped release.
• b68a5fe Merge pull request #6107 from eclipse/jetty-10.0.x-JavaxWebSocketContainerPro...
• 47ec9b1 Modify SecureClientContainerExample to use the new getContainer(HttpClient) m...
• a86a0c2 Add static utility methods on container to add and remove beans.
• 57779c6 Make the HttpClient getContainer method static on JavaxWebSocketClientContain...
• 7a9e01a Updating to version 10.0.3-SNAPSHOT
• aac6bfb Updating to version 10.0.2
• bd030c7 Reverted VERSION.txt changes for dropped release.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.