Bump org.eclipse.jetty:jetty-bom from 10.0.0 to 12.0.3 in /tools/deploy/module3

[dependabot[bot]]

Bumps org.eclipse.jetty:jetty-bom from 10.0.0 to 12.0.3.

Release notes

Sourced from org.eclipse.jetty:jetty-bom's releases.

12.0.3

Changelog

• #10794 - 301 Moved Permanently produces query with ; instead of ?
• #10779 - Upgrade to xhtml-schemas 1.3 which add one more entity systemid
• #10771 - EE10 ServletRequest.isSecure() not set by ForwardedRequestCustomizer
• #10762 - Better handling of Objects in JMX MetaData
• #10760 - Fix Overlay of Combined Resources
• #10759 - Fix HTTP/3 Client handling of MAX_FIELD_SECTION_SIZE setting
• #10747 - Add ability to compress and skip unserializable session attributes
• #10734 - jakarta.websocket.Session.getRequestParameterMap() contains the value as key
• #10731 - org.eclipse.jetty.server.Request uses wrong context attribute name javax.servlet instead of jakarta.servlet
• #10727 - Fix EE10 removeAttributes
• #10726 - NPE in ResponseListeners content notification
• #10716 - Incorrect setting of content type with charset encoding before and after PrintWriter obtained
• #10703 - Fix race condition in ArrayByteBufferPool.clear()
• #10699 - Jetty HTTP SPI redirects SOAP POST requests to GET requests if URL does not end with /
• #10688 - Introduce Jetty 12 ee8 osgi layer
• #10685 - fix infinite recursion in server dump with Path
• #10661 - Ensure jetty api servlets/filters take precedence over webdefault.xml declarations.
• #10656 - EE10 ServletRequest.getProtocolRequestId() impl not spec compliant when protocol is H1
• #10651 - MutableHttpFields.asImmutable avoids copy
• #10612 - Fix surefire display name in surefire report and restore TestTrackerExtension in output"
• #10582 - NPE when including a directory that should be resolved with servlet-mapped welcome file
• #10578 - Jetty 12.0.x use automatic formatter for poms to have same style for every poms
• #10555 - Re-introduce a more complete set of stats in StatisticsHandler
• #10477 - Jetty 12: Review MBeans for Handlers

12.0.2

Security Updates

This release addresses:

• CVE-2023-44487 - (in case github/advisory-database#2869 isn't fixed, use top level link https://nvd.nist.gov/vuln/detail/CVE-2023-44487)

Changelog

• #10679 - Review HTTP/2 rate control
• #10672 - Changed default implementation of Session.Listener.onNewStream() and …
• #10618 - Reduced mildly expensive HttpMethod.is calls by reordering boolean logic
• #10613 - Fix incorrect call to super in BufferedResponseHandler
• #10563 - An omnibus PR for changes needed to support webfunctions
• #10558 - NPE when forwarding a request to default servlet which should redirect to a subdirectory with trailing slash
• #10553 - Reintroduce an Exception type for invalid UTF-8
• #10547 - Cannot customize Executor on WebSocketClient
• #10542 - Added WebSocket migration documentation, pointing to existing WebSock…
• #10526 - do not run this in parallel as some conflicted jdni entries with ServerWithJNDITest
• #10513 - Lockup processing POST request body with Jetty 12.0.1 using http/2
• #10508 - Jetty 12 IllegalArgumentExeption when setting a HTTP header to null
• #10502 - Introduced CompletableResponseListener

... (truncated)

Commits

• a873259 Updating to version 12.0.3
• 7be6c4b Merge pull request #10800 from jetty/fix/12.0.x/dependency-updates
• 6a70a93 Bump weld to 5.1.2.Final
• 65d53b3 Bump log4j2 to 2.21.1
• 054d350 Bump netty to 4.1.100.Final
• 2de0140 Bump grpc to 1.59.0
• 3121211 Bump hazelcast to 5.3.5
• 10ce6fd Bump google-guava to 32.1.3-jre
• e57da58 Bump google-errorprone to 2.23.0
• 4b35c73 Bump com.fasterxml.jackson to 2.15.3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)