From f64d3fa263d0d205711f706b6c376db4a254c6d0 Mon Sep 17 00:00:00 2001
From: d-t-w <derek@troywest.com>
Date: Tue, 4 Jun 2024 16:36:46 +1000
Subject: [PATCH 1/6] update jetty9 deps

---
 slipway-jetty9/project.clj | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/slipway-jetty9/project.clj b/slipway-jetty9/project.clj
index 2c1d380c..7915fd5a 100644
--- a/slipway-jetty9/project.clj
+++ b/slipway-jetty9/project.clj
@@ -1,4 +1,4 @@
-(defproject io.factorhouse/slipway-jetty9 "1.1.13"
+(defproject io.factorhouse/slipway-jetty9 "1.1.14"
 
   :description "A Clojure Companion for Jetty"
 
@@ -7,12 +7,12 @@
   :license {:name "MIT License"
             :url  "https://github.com/factorhosue/slipway/blob/main/LICENSE"}
 
-  :profiles {:dev   {:dependencies   [[com.fasterxml.jackson.core/jackson-core "2.16.1"] ;; required for internal inconsistency within clj-kondo, kept at latest for CVE avoidance
+  :profiles {:dev   {:dependencies   [[com.fasterxml.jackson.core/jackson-core "2.16.2"] ;; required for internal inconsistency within clj-kondo, kept at latest for CVE avoidance
                                       [clj-kondo "2023.12.15"] ;; https://github.com/clj-kondo/clj-kondo/issues/2277 leave at this version until we move to Clojure 1.12.x and can fix
-                                      [clj-http "3.12.3" :exclusions [commons-io commons-codec]]
+                                      [clj-http "3.13.0" :exclusions [commons-io commons-codec]]
                                       [ch.qos.logback/logback-classic "1.3.14"] ;; 1.3 branch is for Java EE / Java 8 so we will keep aligned here.
-                                      [ring/ring-anti-forgery "1.3.0" :exclusions [crypto-random crypto-equality]]
-                                      [metosin/reitit-ring "0.6.0"]]
+                                      [ring/ring-anti-forgery "1.3.1" :exclusions [crypto-random crypto-equality]]
+                                      [metosin/reitit-ring "0.7.0" :exclusions [ring/ring-core]]]
                      :resource-paths ["dev-resources" "common/dev-resources"]
                      :plugins        [[lein-cljfmt "0.9.2"]]}
              :smoke {:pedantic? :abort}}
@@ -21,7 +21,7 @@
             "kondo" ["with-profile" "+smoke" "run" "-m" "clj-kondo.main" "--lint" "src:common/src:test:common/test" "--parallel"]
             "fmt"   ["with-profile" "+smoke" "cljfmt" "check"]}
 
-  :dependencies [[org.clojure/clojure "1.11.2"]
+  :dependencies [[org.clojure/clojure "1.11.3"]
                  [org.clojure/tools.logging "1.3.0"]
                  [ring/ring-servlet "1.9.6"]
                  [com.taoensso/sente "1.17.0"]
@@ -29,7 +29,7 @@
                  [org.eclipse.jetty.websocket/websocket-server "9.4.54.v20240208"]
                  [org.eclipse.jetty.websocket/websocket-servlet "9.4.54.v20240208"]
                  [org.eclipse.jetty/jetty-jaas "9.4.54.v20240208"]
-                 [org.slf4j/slf4j-api "2.0.12"]]
+                 [org.slf4j/slf4j-api "2.0.13"]]
 
   :source-paths ["src" "common/src" "common-javax/src"]
   :test-paths ["test" "common/test"]

From 938bdbe759963b0c7d7332c1eedf8b4bcbaf838c Mon Sep 17 00:00:00 2001
From: d-t-w <derek@troywest.com>
Date: Tue, 4 Jun 2024 16:45:15 +1000
Subject: [PATCH 2/6] rm redundant jetty9 exclusions

---
 slipway-jetty9/project.clj | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/slipway-jetty9/project.clj b/slipway-jetty9/project.clj
index 7915fd5a..95d1eeb3 100644
--- a/slipway-jetty9/project.clj
+++ b/slipway-jetty9/project.clj
@@ -9,9 +9,9 @@
 
   :profiles {:dev   {:dependencies   [[com.fasterxml.jackson.core/jackson-core "2.16.2"] ;; required for internal inconsistency within clj-kondo, kept at latest for CVE avoidance
                                       [clj-kondo "2023.12.15"] ;; https://github.com/clj-kondo/clj-kondo/issues/2277 leave at this version until we move to Clojure 1.12.x and can fix
-                                      [clj-http "3.13.0" :exclusions [commons-io commons-codec]]
-                                      [ch.qos.logback/logback-classic "1.3.14"] ;; 1.3 branch is for Java EE / Java 8 so we will keep aligned here.
-                                      [ring/ring-anti-forgery "1.3.1" :exclusions [crypto-random crypto-equality]]
+                                      [clj-http "3.13.0"]
+                                      [ch.qos.logback/logback-classic "1.3.14"] ;; Logback 1.3.x supports the Java EE edition whereas logback 1.4.x supports Jakarta EE, otherwise the two versions are feature identical. The 1.5.x continues the 1.4.x series but with logback-access relocated to its own repository.
+                                      [ring/ring-anti-forgery "1.3.1"]
                                       [metosin/reitit-ring "0.7.0" :exclusions [ring/ring-core]]]
                      :resource-paths ["dev-resources" "common/dev-resources"]
                      :plugins        [[lein-cljfmt "0.9.2"]]}

From 0366f889beb809c9baebb5b4fc24aa8305d2b7af Mon Sep 17 00:00:00 2001
From: d-t-w <derek@troywest.com>
Date: Tue, 4 Jun 2024 16:52:50 +1000
Subject: [PATCH 3/6] update jetty10 deps

---
 slipway-jetty10/project.clj | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/slipway-jetty10/project.clj b/slipway-jetty10/project.clj
index dadd1533..b6d814a3 100644
--- a/slipway-jetty10/project.clj
+++ b/slipway-jetty10/project.clj
@@ -1,4 +1,4 @@
-(defproject io.factorhouse/slipway-jetty10 "1.1.13"
+(defproject io.factorhouse/slipway-jetty10 "1.1.14"
 
   :description "A Clojure Companion for Jetty"
 
@@ -7,30 +7,30 @@
   :license {:name "MIT License"
             :url  "https://github.com/factorhouse/slipway/blob/main/LICENSE"}
 
-  :profiles {:dev   {:dependencies   [[com.fasterxml.jackson.core/jackson-core "2.16.1"] ;; required for internal inconsistency within clj-kondo, kept at latest for CVE avoidance
+  :profiles {:dev   {:dependencies   [[com.fasterxml.jackson.core/jackson-core "2.16.2"] ;; required for internal inconsistency within clj-kondo, kept at latest for CVE avoidance
                                       [clj-kondo "2023.12.15"]
-                                      [clj-http "3.12.3" :exclusions [commons-io commons-codec]]
-                                      [ch.qos.logback/logback-classic "1.3.14"]
-                                      [ring/ring-anti-forgery "1.3.0" :exclusions [crypto-random crypto-equality]]
-                                      [metosin/reitit-ring "0.6.0"]]
+                                      [clj-http "3.13.0"]
+                                      [ch.qos.logback/logback-classic "1.3.14"] ;; Logback 1.3.x supports the Java EE edition whereas logback 1.4.x supports Jakarta EE, otherwise the two versions are feature identical. The 1.5.x continues the 1.4.x series but with logback-access relocated to its own repository.
+                                      [ring/ring-anti-forgery "1.3.1"]
+                                      [metosin/reitit-ring "0.7.0" :exclusions [ring/ring-core]]]
                      :resource-paths ["dev-resources" "common/dev-resources"]
-                     :plugins        [[lein-cljfmt "0.8.2"]]}
+                     :plugins        [[lein-cljfmt "0.9.2"]]}
              :smoke {:pedantic? :abort}}
 
   :aliases {"check" ["with-profile" "+smoke" "check"]
             "kondo" ["with-profile" "+smoke" "run" "-m" "clj-kondo.main" "--lint" "common/src:common-jetty1x/src:test:common/test" "--parallel"]
             "fmt"   ["with-profile" "+smoke" "cljfmt" "check"]}
 
-  :dependencies [[org.clojure/clojure "1.11.2"]
+  :dependencies [[org.clojure/clojure "1.11.3"]
                  [org.clojure/tools.logging "1.3.0"]
                  [ring/ring-servlet "1.9.6"]
                  [com.taoensso/sente "1.17.0"]
-                 [org.eclipse.jetty.websocket/websocket-jetty-api "10.0.20"]
-                 [org.eclipse.jetty.websocket/websocket-jetty-server "10.0.20" :exclusions [org.slf4j/slf4j-api]]
-                 [org.eclipse.jetty.websocket/websocket-servlet "10.0.20" :exclusions [org.slf4j/slf4j-api]]
-                 [org.eclipse.jetty/jetty-server "10.0.20" :exclusions [org.slf4j/slf4j-api]]
-                 [org.eclipse.jetty/jetty-jaas "10.0.20" :exclusions [org.slf4j/slf4j-api]]
-                 [org.slf4j/slf4j-api "2.0.12"]]
+                 [org.eclipse.jetty.websocket/websocket-jetty-api "10.0.21"]
+                 [org.eclipse.jetty.websocket/websocket-jetty-server "10.0.21" :exclusions [org.slf4j/slf4j-api]]
+                 [org.eclipse.jetty.websocket/websocket-servlet "10.0.21" :exclusions [org.slf4j/slf4j-api]]
+                 [org.eclipse.jetty/jetty-server "10.0.21" :exclusions [org.slf4j/slf4j-api]]
+                 [org.eclipse.jetty/jetty-jaas "10.0.21" :exclusions [org.slf4j/slf4j-api]]
+                 [org.slf4j/slf4j-api "2.0.13"]]
 
   :source-paths ["common/src" "common-jetty1x/src" "common-javax/src"]
   :test-paths ["test" "common/test"])

From 0ebcb69195e68ce89921644f9d306f8a1c5aab65 Mon Sep 17 00:00:00 2001
From: d-t-w <derek@troywest.com>
Date: Tue, 4 Jun 2024 16:56:42 +1000
Subject: [PATCH 4/6] update jetty11 deps

---
 slipway-jetty11/project.clj | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/slipway-jetty11/project.clj b/slipway-jetty11/project.clj
index 24b88587..1243f3cf 100644
--- a/slipway-jetty11/project.clj
+++ b/slipway-jetty11/project.clj
@@ -1,4 +1,4 @@
-(defproject io.factorhouse/slipway-jetty11 "1.1.13"
+(defproject io.factorhouse/slipway-jetty11 "1.1.14"
 
   :description "A Clojure Companion for Jetty"
 
@@ -7,30 +7,30 @@
   :license {:name "MIT License"
             :url  "https://github.com/factorhouse/slipway/blob/main/LICENSE"}
 
-  :profiles {:dev   {:dependencies   [[com.fasterxml.jackson.core/jackson-core "2.16.1"] ;; required for internal inconsistency within clj-kondo, kept at latest for CVE avoidance
+  :profiles {:dev   {:dependencies   [[com.fasterxml.jackson.core/jackson-core "2.16.2"] ;; required for internal inconsistency within clj-kondo, kept at latest for CVE avoidance
                                       [clj-kondo "2023.12.15"]
-                                      [clj-http "3.12.3" :exclusions [commons-io commons-codec]]
-                                      [ch.qos.logback/logback-classic "1.3.14"]
-                                      [ring/ring-anti-forgery "1.3.0" :exclusions [crypto-random crypto-equality]]
-                                      [metosin/reitit-ring "0.6.0"]]
+                                      [clj-http "3.13.0"]
+                                      [ch.qos.logback/logback-classic "1.3.14"] ;; Logback 1.3.x supports the Java EE edition whereas logback 1.4.x supports Jakarta EE, otherwise the two versions are feature identical. The 1.5.x continues the 1.4.x series but with logback-access relocated to its own repository.
+                                      [ring/ring-anti-forgery "1.3.1"]
+                                      [metosin/reitit-ring "0.7.0" :exclusions [ring/ring-core]]]
                      :resource-paths ["dev-resources" "common/dev-resources"]
-                     :plugins        [[lein-cljfmt "0.8.2"]]}
+                     :plugins        [[lein-cljfmt "0.9.2"]]}
              :smoke {:pedantic? :abort}}
 
   :aliases {"check" ["with-profile" "+smoke" "check"]
             "kondo" ["with-profile" "+smoke" "run" "-m" "clj-kondo.main" "--lint" "common/src:common-jetty1x/src:test:common/test" "--parallel"]
             "fmt"   ["with-profile" "+smoke" "cljfmt" "check"]}
 
-  :dependencies [[org.clojure/clojure "1.11.2"]
+  :dependencies [[org.clojure/clojure "1.11.3"]
                  [org.clojure/tools.logging "1.3.0"]
                  [ring/ring-servlet "1.9.6"]
                  [com.taoensso/sente "1.17.0"]
-                 [org.eclipse.jetty.websocket/websocket-jetty-api "11.0.20"]
-                 [org.eclipse.jetty.websocket/websocket-jetty-server "11.0.20" :exclusions [org.slf4j/slf4j-api]]
-                 [org.eclipse.jetty.websocket/websocket-servlet "11.0.20" :exclusions [org.slf4j/slf4j-api]]
-                 [org.eclipse.jetty/jetty-server "11.0.20" :exclusions [org.slf4j/slf4j-api]]
-                 [org.eclipse.jetty/jetty-jaas "11.0.20" :exclusions [org.slf4j/slf4j-api]]
-                 [org.slf4j/slf4j-api "2.0.12"]]
+                 [org.eclipse.jetty.websocket/websocket-jetty-api "11.0.21"]
+                 [org.eclipse.jetty.websocket/websocket-jetty-server "11.0.21" :exclusions [org.slf4j/slf4j-api]]
+                 [org.eclipse.jetty.websocket/websocket-servlet "11.0.21" :exclusions [org.slf4j/slf4j-api]]
+                 [org.eclipse.jetty/jetty-server "11.0.21" :exclusions [org.slf4j/slf4j-api]]
+                 [org.eclipse.jetty/jetty-jaas "11.0.21" :exclusions [org.slf4j/slf4j-api]]
+                 [org.slf4j/slf4j-api "2.0.13"]]
 
   :source-paths ["common/src" "common-jetty1x/src" "common-jakarta/src"]
   :test-paths ["test" "common/test"])

From c4994c1adb457e1ef45c714e674683a2cb55c4b0 Mon Sep 17 00:00:00 2001
From: d-t-w <derek@troywest.com>
Date: Tue, 4 Jun 2024 21:05:52 +1000
Subject: [PATCH 5/6] remove redundany supressions

---
 slipway-jetty10/dependency-check-suppressions.xml | 10 ----------
 slipway-jetty11/dependency-check-suppressions.xml | 10 ----------
 slipway-jetty9/dependency-check-suppressions.xml  | 10 ----------
 3 files changed, 30 deletions(-)

diff --git a/slipway-jetty10/dependency-check-suppressions.xml b/slipway-jetty10/dependency-check-suppressions.xml
index d6451854..a0e2af1c 100644
--- a/slipway-jetty10/dependency-check-suppressions.xml
+++ b/slipway-jetty10/dependency-check-suppressions.xml
@@ -7,14 +7,4 @@
         <packageUrl regex="true">^pkg:maven/commons\-fileupload/commons\-fileupload@.*$</packageUrl>
         <cve>CVE-2023-24998</cve>
     </suppress>
-    <suppress>
-        <notes>Clojure false positive</notes>
-        <packageUrl regex="true">^pkg:maven/org\.clojure/.*$</packageUrl>
-        <cve>CVE-2017-20189</cve>
-    </suppress>
-    <suppress>
-        <notes>Clojure false positive</notes>
-        <packageUrl regex="true">^pkg:maven/ring/ring\-codec@.*$</packageUrl>
-        <cve>CVE-2017-20189</cve>
-    </suppress>
 </suppressions>
diff --git a/slipway-jetty11/dependency-check-suppressions.xml b/slipway-jetty11/dependency-check-suppressions.xml
index 4759505e..a0d9218c 100644
--- a/slipway-jetty11/dependency-check-suppressions.xml
+++ b/slipway-jetty11/dependency-check-suppressions.xml
@@ -7,14 +7,4 @@
         <packageUrl regex="true">^pkg:maven/commons\-fileupload/commons\-fileupload@.*$</packageUrl>
         <cve>CVE-2023-24998</cve>
     </suppress>
-    <suppress>
-        <notes>Clojure false positive</notes>
-        <packageUrl regex="true">^pkg:maven/org\.clojure/.*$</packageUrl>
-        <cve>CVE-2017-20189</cve>
-    </suppress>
-    <suppress>
-        <notes>Clojure false positive</notes>
-        <packageUrl regex="true">^pkg:maven/ring/ring\-codec@.*$</packageUrl>
-        <cve>CVE-2017-20189</cve>
-    </suppress>
 </suppressions>
diff --git a/slipway-jetty9/dependency-check-suppressions.xml b/slipway-jetty9/dependency-check-suppressions.xml
index 4d64ab46..b955669d 100644
--- a/slipway-jetty9/dependency-check-suppressions.xml
+++ b/slipway-jetty9/dependency-check-suppressions.xml
@@ -7,14 +7,4 @@
         <packageUrl regex="true">^pkg:maven/commons\-fileupload/commons\-fileupload@.*$</packageUrl>
         <cve>CVE-2023-24998</cve>
     </suppress>
-    <suppress>
-        <notes>Clojure false positive</notes>
-        <packageUrl regex="true">^pkg:maven/org\.clojure/.*$</packageUrl>
-        <cve>CVE-2017-20189</cve>
-    </suppress>
-    <suppress>
-        <notes>Clojure false positive</notes>
-        <packageUrl regex="true">^pkg:maven/ring/ring\-codec@.*$</packageUrl>
-        <cve>CVE-2017-20189</cve>
-    </suppress>
 </suppressions>

From 8aecd27dc3831d1c1990552c4ba284fe40a55268 Mon Sep 17 00:00:00 2001
From: d-t-w <derek@troywest.com>
Date: Tue, 4 Jun 2024 21:09:18 +1000
Subject: [PATCH 6/6] update changelog and readme

---
 CHANGELOG.md | 4 ++++
 README.md    | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1dd03e34..b5daf480 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,10 @@
 # Change Log
 All notable changes to this project will be documented in this file. This change log follows the conventions of [keepachangelog.com](http://keepachangelog.com/)
 
+## [1.1.12] - 2024-06-04
+
+Bump to latest Jetty version (11.0.21 or equivalent)
+
 ## [1.1.13] - 2024-02-23
 
 Bump to latest Jetty9 sponsored support version (9.4.54.v20240208) other Jetty versions remain the same at 11.0.20 or equivalent.
diff --git a/README.md b/README.md
index 1e18722b..233f24b8 100644
--- a/README.md
+++ b/README.md
@@ -7,8 +7,8 @@
 | Jetty Version | Current Jetty Dependency | Clojars Project |
 | ------------- | ------------------------ | --------------- |
 | Jetty 9 | 9.4.54.v20240208 | [![Clojars Project](https://img.shields.io/clojars/v/io.factorhouse/slipway-jetty9.svg)](https://clojars.org/io.factorhouse/slipway-jetty9) |
-| Jetty 10 | 10.0.20 | [![Clojars Project](https://img.shields.io/clojars/v/io.factorhouse/slipway-jetty10.svg)](https://clojars.org/io.factorhouse/slipway-jetty10) |
-| Jetty 11 | 11.0.20 | [![Clojars Project](https://img.shields.io/clojars/v/io.factorhouse/slipway-jetty11.svg)](https://clojars.org/io.factorhouse/slipway-jetty11) |
+| Jetty 10 | 10.0.21 | [![Clojars Project](https://img.shields.io/clojars/v/io.factorhouse/slipway-jetty10.svg)](https://clojars.org/io.factorhouse/slipway-jetty10) |
+| Jetty 11 | 11.0.21 | [![Clojars Project](https://img.shields.io/clojars/v/io.factorhouse/slipway-jetty11.svg)](https://clojars.org/io.factorhouse/slipway-jetty11) |
 | Jetty 12 | - | Available once Jetty 12 stabilises. |
 
 ----