Bump the all group with 11 updates

[dependabot]

Bumps the all group with 11 updates:

Package	From	To
org.http4k:http4k-server-netty	5.38.0.0	5.41.0.0
org.flywaydb:flyway-database-postgresql	11.0.1	11.1.0
org.jooq:jooq-codegen	3.19.15	3.19.16
org.jooq:jooq	3.19.15	3.19.16
org.junit.jupiter:junit-jupiter	5.11.3	5.11.4
org.junit.platform:junit-platform-launcher	1.11.3	1.11.4
io.micrometer:micrometer-registry-prometheus	1.14.1	1.14.2
io.netty:netty-all	4.2.0.Beta1	4.2.0.RC1
io.netty:netty-transport-native-kqueue	4.2.0.Beta1	4.2.0.RC1
io.netty:netty-transport-native-epoll	4.2.0.Beta1	4.2.0.RC1
io.netty:netty-transport-native-io_uring	4.2.0.Beta1	4.2.0.RC1

Updates org.http4k:http4k-server-netty from 5.38.0.0 to 5.41.0.0

Release notes

Sourced from org.http4k:http4k-server-netty's releases.

5.41.0.0

Changelog:

• http4k-format-xml : [Fix CVE-2024-55875: Possible Break] Fixed XML processing by disabling entity expansion in DocumentBuilderFactory configuration. Note: This change affects how XML entity references are handled. If your code relies on XML entity expansion (like replacing &entity; references with their defined content), it will need to be updated to provide the correct configuration when deserialising the XML body. Entity references will now remain as unexpanded text in the document.

Full details at: https://www.http4k.org/security/cve-2024-12345/ H/T to @@​JAckLosingHeart for the report

5.40.0.0

Changelog:

• http4k-core : Allow invalidation of cookie with a path. H/T @​ollieabbey
• http4k-core : Allow setting cookie value without quotes. H/T @​ollieabbey
• http4k-core : Fix cookie format for cookie with no attributes. H/T @​ollieabbey
• http4k-testing-webdriver : Remove usages of deprecated getAttribute API. Now use getDomAttribute instead.
• http4k-cloudnative : Deprecation of various functions and re-homing into http4k-platform-k8s module.
• http4k-* : [PRE RELEASE PREPARATION] As a part of the upcoming V6, several modules are being rehoused to new Maven coordinates. In preparation, we have introduced these modules to give users the time to migrate without taking on-board other breaking changes from v6 - essentially allowing the upgrade cycle to be:

1. Upgrade to latest v5 release. Deal with deprecations and module changes.
2. Upgrade to v6 when it is released. Deal with other breaking changes. We expect these to be mainly imports and will be detailed in the v6 release note when we have the chance. In the meantime, this is the list of modules that are being rehoused:

SOURCE MODULE - v5.X.X.X	DESTINATION MODULE(S) - v6.X.X.X
http4k-aws	http4k-platform-aws
http4k-azure	http4k-platform-azure
http4k-cloudevents	http4k-api-cloudevents
http4k-cloudnative	Split into http4k-config, http4k-platform-core, http4k-platform-k8s
http4k-contract	http4k-api-openapi
http4k-contract-jsonschema	http4k-api-jsonschema
http4k-contract-ui-redoc	http4k-api-ui-redoc
http4k-contract-ui-swagger	http4k-api-ui-swagger
http4k-failsafe	http4k-ops-failsafe
http4k-gcp	http4k-platform-gcp
http4k-graphql	http4k-api-graphql
http4k-htmx	http4k-web-htmx
http4k-jsonrpc	http4k-api-jsonrpc
http4k-metrics-micrometer	http4k-ops-micrometer
http4k-opentelemetry	http4k-ops-opentelemetry
http4k-resilience4j	http4k-ops-resilience4j

5.39.0.0

Changelog:

• http4k-* : Upgrade some dependency versions.
• http4k-amazon-*-fake : [Unlikely break] Rename AmazonRestfulFake to AmazonRestJsonFake
• http4k-amazon-evidently-fake : Fixed Project status value to be a valid value instead of an empty string

Changelog

Sourced from org.http4k:http4k-server-netty's changelog.

v5.41.0.0

• http4k-format-xml : [Fix CVE-2024-55875: Possible Break] Fixed XML processing by disabling entity expansion in DocumentBuilderFactory configuration. Note: This change affects how XML entity references are handled. If your code relies on XML entity expansion (like replacing &entity; references with their defined content), it will need to be updated to provide the correct configuration when deserialising the XML body. Entity references will now remain as unexpanded text in the document.

Full details at: https://www.http4k.org/security/cve-2024-12345/

H/T to @@​JAckLosingHeart for the report.

v5.40.0.0

• http4k-core : Allow invalidation of cookie with a path. H/T @​ollieabbey
• http4k-core : Allow setting cookie value without quotes. H/T @​ollieabbey
• http4k-core : Fix cookie format for cookie with no attributes. H/T @​ollieabbey
• http4k-testing-webdriver : Remove usages of deprecated getAttribute API. Now use getDomAttribute instead.
• http4k-cloudnative : [Breaking] Deprecation of various functions and re-homing into http4k-platform-k8s module. Some classes and functions have been repackaged.
• http4k-* : [PRE RELEASE PREPARATION] As a part of the upcoming V6, several modules are being rehoused to new Maven coordinates within http4k Community edition (and retaining the Apache2 license). In preparation, we have introduced these modules to give users the time to migrate without taking on-board other breaking changes from v6 - essentially allowing the upgrade cycle to be:

1. Upgrade to latest v5 release. Deal with deprecations and module changes.
2. Upgrade to v6 when it is released. Deal with other breaking changes. We expect these to be mainly imports and will be detailed in the v6 release note when we have the chance. In the meantime, this is the list of modules that are being rehoused:

SOURCE MODULE - v5.X.X.X	DESTINATION MODULE(S) - v6.X.X.X
http4k-aws	http4k-platform-aws
http4k-azure	http4k-platform-azure
http4k-cloudevents	http4k-api-cloudevents
http4k-cloudnative	Split into http4k-config, http4k-platform-core, http4k-platform-k8s
http4k-contract	http4k-api-openapi
http4k-contract-jsonschema	http4k-api-jsonschema
http4k-contract-ui-redoc	http4k-api-ui-redoc
http4k-contract-ui-swagger	http4k-api-ui-swagger
http4k-failsafe	http4k-ops-failsafe
http4k-gcp	http4k-platform-gcp
http4k-graphql	http4k-api-graphql
http4k-htmx	http4k-web-htmx
http4k-jsonrpc	http4k-api-jsonrpc
http4k-metrics-micrometer	http4k-ops-micrometer
http4k-opentelemetry	http4k-ops-opentelemetry
http4k-resilience4j	http4k-ops-resilience4j

v5.39.0.0

• http4k-* : Upgrade some dependency versions.
• http4k-amazon-*-fake : [Unlikely break] Rename AmazonRestfulFake to AmazonRestJsonFake
• http4k-amazon-evidently-fake : Fixed Project status value to be a valid value instead of an empty string

Commits

• 42baae8 Release 5.41.0.0
• 013f82f Rename CVE test
• f7d01b2 Don't need Request class in AwsQueryAction
• 93dfe47 Adding some routers to queries
• 35297ad Merge commit from fork
• 25696df update docs
• ab005df update docs
• fe0d599 update docs
• 897271d Removed hardcoded version numbers
• 25616b5 Remove hardcoded version
• Additional commits viewable in compare view

Updates org.flywaydb:flyway-database-postgresql from 11.0.1 to 11.1.0

Updates org.jooq:jooq-codegen from 3.19.15 to 3.19.16

Updates org.jooq:jooq from 3.19.15 to 3.19.16

Updates org.jooq:jooq from 3.19.15 to 3.19.16

Updates org.junit.jupiter:junit-jupiter from 5.11.3 to 5.11.4

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 5.11.4 = Platform 1.11.4 + Jupiter 5.11.4 + Vintage 5.11.4

See Release Notes.

Full Changelog: junit-team/junit5@r5.11.3...r5.11.4

Commits

• 6430ba4 Release 5.11.4
• d093121 Finalize 5.11.4 release notes
• 0444353 Fix Maven integration tests on JDK 24
• b5c7f4e Move #4153 to 5.11.4 release notes
• b20c4e2 Ensure the XMLStreamWriter is closed after use
• 6376f0a Configure Git username and email
• 2b485c4 Set reference repo URI
• 500b5a0 Inject username and password via new DSL
• d671961 Update plugin gitPublish to v5
• 3d11279 Add JAVA_25 to JRE enum
• Additional commits viewable in compare view

Updates org.junit.platform:junit-platform-launcher from 1.11.3 to 1.11.4

Commits

• See full diff in compare view

Updates io.micrometer:micrometer-registry-prometheus from 1.14.1 to 1.14.2

Release notes

Sourced from io.micrometer:micrometer-registry-prometheus's releases.

1.14.2

🐞 Bug Fixes

• Protect against concurrent reads/writes to Context keyvalues #5739
• Null stacktrace in InvalidObservationException using Virtual Threads #5702
• Deprecate AggregationTemporality#toOtlpAggregationTemporality #5733
• Warn about gauge re-registration #5688
• executor.queued metrics of ForkJoinPool does not include queued submissions #5650
• Default ObservationConventions for Grpc do not always use a consistent set of keyvalues #5609

🔨 Dependency Upgrades

• Bump software.amazon.awssdk:cloudwatch from 2.29.14 to 2.29.23 #5724
• Bump io.prometheus:prometheus-metrics-bom from 1.3.3 to 1.3.4 #5723
• Bump dropwizard-metrics from 4.2.28 to 4.2.29 #5721

📔 Documentation

• Remove duplicated contextpropagation.adoc #5693
• Polish "Grafana Dashboard" section #5662
• Use BOM for Micrometer dependency examples in reference docs #5652

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​izeye

Commits

• 4f534a7 Protect against concurrent reads/writes to Context keyvalues (#5739)
• 4a44430 Merge branch '1.13.x' into 1.14.x
• 157a7e5 Merge branch '1.12.x' into 1.13.x
• 23cd63b Configure context at right place
• 877d5ca Use shared context for deploy secrets
• a7d7488 Merge branch '1.13.x' into 1.14.x
• 8cd92d9 Merge branch '1.12.x' into 1.13.x
• c5514c1 Include queued submissions in executor.queued
• c95db08 Bump com.fasterxml.jackson.core:jackson-databind from 2.18.1 to 2.18.2 (#5722)
• de00aa3 Bump testcontainers from 1.20.3 to 1.20.4 (#5720)
• Additional commits viewable in compare view

Updates io.netty:netty-all from 4.2.0.Beta1 to 4.2.0.RC1

Commits

• c05cc42 [maven-release-plugin] prepare release netty-4.2.0.RC1
• a123af9 Update release version
• a034a01 Fix bugs in BoundedInputStream (#14479) (#14480)
• 7caf55f Bump dawidd6/action-download-artifact from 3.0.0 to 6 in /.github/workflows (...
• 0140f42 IoUring: Make static methods of IoUringIoOps package-private (#14551)
• cd98d55 IoUring: Share POLLADD code (#14545)
• 0afc9de IoUring: Release memory directly on submission failure (#14546)
• 50ffe5b Implement 'inEventLoop' for UnorderedThreadPoolEventExecutor and deprecate it...
• 19fa293 IoUring: Correctly handle accept submit failures (#14547)
• ed3566c IoUring: Remove delayed close logic as its not needed (#14540)
• Additional commits viewable in compare view

Updates io.netty:netty-transport-native-kqueue from 4.2.0.Beta1 to 4.2.0.RC1

Commits

• c05cc42 [maven-release-plugin] prepare release netty-4.2.0.RC1
• a123af9 Update release version
• a034a01 Fix bugs in BoundedInputStream (#14479) (#14480)
• 7caf55f Bump dawidd6/action-download-artifact from 3.0.0 to 6 in /.github/workflows (...
• 0140f42 IoUring: Make static methods of IoUringIoOps package-private (#14551)
• cd98d55 IoUring: Share POLLADD code (#14545)
• 0afc9de IoUring: Release memory directly on submission failure (#14546)
• 50ffe5b Implement 'inEventLoop' for UnorderedThreadPoolEventExecutor and deprecate it...
• 19fa293 IoUring: Correctly handle accept submit failures (#14547)
• ed3566c IoUring: Remove delayed close logic as its not needed (#14540)
• Additional commits viewable in compare view

Updates io.netty:netty-transport-native-epoll from 4.2.0.Beta1 to 4.2.0.RC1

Commits

• c05cc42 [maven-release-plugin] prepare release netty-4.2.0.RC1
• a123af9 Update release version
• a034a01 Fix bugs in BoundedInputStream (#14479) (#14480)
• 7caf55f Bump dawidd6/action-download-artifact from 3.0.0 to 6 in /.github/workflows (...
• 0140f42 IoUring: Make static methods of IoUringIoOps package-private (#14551)
• cd98d55 IoUring: Share POLLADD code (#14545)
• 0afc9de IoUring: Release memory directly on submission failure (#14546)
• 50ffe5b Implement 'inEventLoop' for UnorderedThreadPoolEventExecutor and deprecate it...
• 19fa293 IoUring: Correctly handle accept submit failures (#14547)
• ed3566c IoUring: Remove delayed close logic as its not needed (#14540)
• Additional commits viewable in compare view

Updates io.netty:netty-transport-native-io_uring from 4.2.0.Beta1 to 4.2.0.RC1

Updates io.netty:netty-transport-native-epoll from 4.2.0.Beta1 to 4.2.0.RC1

Commits

• c05cc42 [maven-release-plugin] prepare release netty-4.2.0.RC1
• a123af9 Update release version
• a034a01 Fix bugs in BoundedInputStream (#14479) (#14480)
• 7caf55f Bump dawidd6/action-download-artifact from 3.0.0 to 6 in /.github/workflows (...
• 0140f42 IoUring: Make static methods of IoUringIoOps package-private (#14551)
• cd98d55 IoUring: Share POLLADD code (#14545)
• 0afc9de IoUring: Release memory directly on submission failure (#14546)
• 50ffe5b Implement 'inEventLoop' for UnorderedThreadPoolEventExecutor and deprecate it...
• 19fa293 IoUring: Correctly handle accept submit failures (#14547)
• ed3566c IoUring: Remove delayed close logic as its not needed (#14540)
• Additional commits viewable in compare view

Updates io.netty:netty-transport-native-io_uring from 4.2.0.Beta1 to 4.2.0.RC1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions