From 3a92445c2bc80a4c9e7c6fdf87731be109851405 Mon Sep 17 00:00:00 2001
From: Markus Winter <m.winter@sap.com>
Date: Thu, 28 Dec 2023 10:59:43 +0100
Subject: [PATCH 01/20] [JENKINS-72370][JENKINS-11889] fix
 SimpleScheduledRetentionStrategy with inbound agents (#8717)

by implementing `isAcceptingTasks` the availability strategy ensures
that no builds can start when the agent should not do anything.
The current behaviour with an inbound agent is that the strategy
disconnects the agent, just to get connected again by the agents java
process followed by a disconnection a minute later and so on.
After it is connected, the agent is actually accepting tasks.

Additionally the change will only disconnect the agent when the controller
the controller can itself launch the agent, this means inbound agents
are not connected, to avoid playing jojo. The agent will just not accept
new tasks for execution.

The change also avoids the problem in [JENKINS-11889] for outbound
agents where the accepting tasks of an agents seems to be not reset when
changing the availability strategy to always on.
---
 .../SimpleScheduledRetentionStrategy.java     | 77 ++++++++++---------
 1 file changed, 40 insertions(+), 37 deletions(-)

diff --git a/core/src/main/java/hudson/slaves/SimpleScheduledRetentionStrategy.java b/core/src/main/java/hudson/slaves/SimpleScheduledRetentionStrategy.java
index 6f09e8109973..ef6e3d0c8658 100644
--- a/core/src/main/java/hudson/slaves/SimpleScheduledRetentionStrategy.java
+++ b/core/src/main/java/hudson/slaves/SimpleScheduledRetentionStrategy.java
@@ -169,6 +169,11 @@ public boolean isManualLaunchAllowed(final SlaveComputer c) {
         return isOnlineScheduled();
     }
 
+    @Override
+    public boolean isAcceptingTasks(SlaveComputer c) {
+        return isOnlineScheduled();
+    }
+
     @Override
     @GuardedBy("hudson.model.Queue.lock")
     public synchronized long check(final SlaveComputer c) {
@@ -191,7 +196,6 @@ public void run() {
                                 LOGGER.log(INFO,
                                         "Enabling new jobs for computer {0} as it has started its scheduled uptime",
                                         new Object[]{c.getName()});
-                                c.setAcceptingTasks(true);
                             }
                         } catch (InterruptedException | ExecutionException e) {
                         }
@@ -199,45 +203,44 @@ public void run() {
                 });
             }
         } else if (!shouldBeOnline && c.isOnline()) {
-            if (keepUpWhenActive) {
-                if (!c.isIdle() && c.isAcceptingTasks()) {
-                    c.setAcceptingTasks(false);
-                    LOGGER.log(INFO,
-                            "Disabling new jobs for computer {0} as it has finished its scheduled uptime",
-                            new Object[]{c.getName()});
-                    return 1;
-                } else if (c.isIdle() && c.isAcceptingTasks()) {
-                    Queue.withLock(new Runnable() {
-                        @Override
-                        public void run() {
-                            if (c.isIdle()) {
-                                LOGGER.log(INFO, "Disconnecting computer {0} as it has finished its scheduled uptime",
-                                        new Object[]{c.getName()});
-                                c.disconnect(OfflineCause
-                                        .create(Messages._SimpleScheduledRetentionStrategy_FinishedUpTime()));
-                            } else {
-                                c.setAcceptingTasks(false);
+            if (c.isLaunchSupported()) {
+                if (keepUpWhenActive) {
+                    if (!c.isIdle() && c.isAcceptingTasks()) {
+                        LOGGER.log(INFO,
+                                "Disabling new jobs for computer {0} as it has finished its scheduled uptime",
+                                new Object[]{c.getName()});
+                        return 1;
+                    } else if (c.isIdle() && c.isAcceptingTasks()) {
+                        Queue.withLock(new Runnable() {
+                            @Override
+                            public void run() {
+                                if (c.isIdle()) {
+                                    LOGGER.log(INFO, "Disconnecting computer {0} as it has finished its scheduled uptime",
+                                            new Object[]{c.getName()});
+                                    c.disconnect(OfflineCause
+                                            .create(Messages._SimpleScheduledRetentionStrategy_FinishedUpTime()));
+                                }
                             }
-                        }
-                    });
-                } else if (c.isIdle() && !c.isAcceptingTasks()) {
-                    Queue.withLock(new Runnable() {
-                        @Override
-                        public void run() {
-                            if (c.isIdle()) {
-                                LOGGER.log(INFO, "Disconnecting computer {0} as it has finished all jobs running when "
-                                        + "it completed its scheduled uptime", new Object[]{c.getName()});
-                                c.disconnect(OfflineCause
-                                        .create(Messages._SimpleScheduledRetentionStrategy_FinishedUpTime()));
+                        });
+                    } else if (c.isIdle() && !c.isAcceptingTasks()) {
+                        Queue.withLock(new Runnable() {
+                            @Override
+                            public void run() {
+                                if (c.isIdle()) {
+                                    LOGGER.log(INFO, "Disconnecting computer {0} as it has finished all jobs running when "
+                                            + "it completed its scheduled uptime", new Object[]{c.getName()});
+                                    c.disconnect(OfflineCause
+                                            .create(Messages._SimpleScheduledRetentionStrategy_FinishedUpTime()));
+                                }
                             }
-                        }
-                    });
+                        });
+                    }
+                } else {
+                    // no need to get the queue lock as the user has selected the break builds option!
+                    LOGGER.log(INFO, "Disconnecting computer {0} as it has finished its scheduled uptime",
+                            new Object[]{c.getName()});
+                    c.disconnect(OfflineCause.create(Messages._SimpleScheduledRetentionStrategy_FinishedUpTime()));
                 }
-            } else {
-                // no need to get the queue lock as the user has selected the break builds option!
-                LOGGER.log(INFO, "Disconnecting computer {0} as it has finished its scheduled uptime",
-                        new Object[]{c.getName()});
-                c.disconnect(OfflineCause.create(Messages._SimpleScheduledRetentionStrategy_FinishedUpTime()));
             }
         }
         return 1;

From ee7ec9f430f778a9a0447e55c2119f6a961d8170 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 29 Dec 2023 01:21:45 +0100
Subject: [PATCH 02/20] Update dependency sass-loader to v13.3.3 (#8808)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 war/package.json |  2 +-
 war/yarn.lock    | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/war/package.json b/war/package.json
index 55779ca60538..b374e39b3b00 100644
--- a/war/package.json
+++ b/war/package.json
@@ -40,7 +40,7 @@
     "postcss-scss": "4.0.9",
     "prettier": "3.1.1",
     "sass": "1.69.5",
-    "sass-loader": "13.3.2",
+    "sass-loader": "13.3.3",
     "style-loader": "3.3.3",
     "stylelint": "16.0.2",
     "stylelint-checkstyle-reporter": "0.2.0",
diff --git a/war/yarn.lock b/war/yarn.lock
index 3ff87095816c..6d8a87b199cc 100644
--- a/war/yarn.lock
+++ b/war/yarn.lock
@@ -4361,7 +4361,7 @@ __metadata:
     postcss-scss: "npm:4.0.9"
     prettier: "npm:3.1.1"
     sass: "npm:1.69.5"
-    sass-loader: "npm:13.3.2"
+    sass-loader: "npm:13.3.3"
     sortablejs: "npm:1.15.1"
     style-loader: "npm:3.3.3"
     stylelint: "npm:16.0.2"
@@ -6285,9 +6285,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"sass-loader@npm:13.3.2":
-  version: 13.3.2
-  resolution: "sass-loader@npm:13.3.2"
+"sass-loader@npm:13.3.3":
+  version: 13.3.3
+  resolution: "sass-loader@npm:13.3.3"
   dependencies:
     neo-async: "npm:^2.6.2"
   peerDependencies:
@@ -6305,7 +6305,7 @@ __metadata:
       optional: true
     sass-embedded:
       optional: true
-  checksum: 7db8132101ed663f3cf936ce765b9b960a48b14f13f17d367a4e0c2ae259e91b6c401e33ab0f27ee88c98c8b5893c778848fc8366f1f387ac788ebef244e000a
+  checksum: 5e955a4ffce35ee0a46fce677ce51eaa69587fb5371978588c83af00f49e7edc36dcf3bb559cbae27681c5e24a71284463ebe03a1fb65e6ecafa1db0620e3fc8
   languageName: node
   linkType: hard
 

From 69e20dbbaf70c92c8daabf0327144483a936a667 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 29 Dec 2023 01:23:31 +0100
Subject: [PATCH 03/20] Update dependency stylelint to v16.1.0 (#8804)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 war/package.json |   2 +-
 war/yarn.lock    | 259 +++++++++++++++++++++++++++++++++++++++--------
 2 files changed, 219 insertions(+), 42 deletions(-)

diff --git a/war/package.json b/war/package.json
index b374e39b3b00..2c91ee9ba42a 100644
--- a/war/package.json
+++ b/war/package.json
@@ -42,7 +42,7 @@
     "sass": "1.69.5",
     "sass-loader": "13.3.3",
     "style-loader": "3.3.3",
-    "stylelint": "16.0.2",
+    "stylelint": "16.1.0",
     "stylelint-checkstyle-reporter": "0.2.0",
     "stylelint-config-standard": "33.0.0",
     "webpack": "5.89.0",
diff --git a/war/yarn.lock b/war/yarn.lock
index 6d8a87b199cc..7aa8317d793e 100644
--- a/war/yarn.lock
+++ b/war/yarn.lock
@@ -1394,7 +1394,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@csstools/css-parser-algorithms@npm:2.3.2, @csstools/css-parser-algorithms@npm:^2.3.2":
+"@csstools/css-parser-algorithms@npm:2.3.2":
   version: 2.3.2
   resolution: "@csstools/css-parser-algorithms@npm:2.3.2"
   peerDependencies:
@@ -1403,20 +1403,29 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@csstools/css-tokenizer@npm:^2.2.1":
-  version: 2.2.1
-  resolution: "@csstools/css-tokenizer@npm:2.2.1"
-  checksum: 0c6901d291e99c567893846a47068057c2a28b3edc4219b6da589a530f55f51ddd4675f906f707b393bfe7a508ab2604bf3f75708f064db857bb277636bd5a44
+"@csstools/css-parser-algorithms@npm:^2.3.2, @csstools/css-parser-algorithms@npm:^2.4.0":
+  version: 2.4.0
+  resolution: "@csstools/css-parser-algorithms@npm:2.4.0"
+  peerDependencies:
+    "@csstools/css-tokenizer": ^2.2.2
+  checksum: bcfc067b9d1bd5e0bc6044bfbf6450a4a6837d88c5ffd081e2159d4e442c28f018b58c7c2b3ce176ba0bf76cbbce0fd3c65468a40b9867ad9b3e3ef90b9b2655
   languageName: node
   linkType: hard
 
-"@csstools/media-query-list-parser@npm:^2.1.5":
-  version: 2.1.5
-  resolution: "@csstools/media-query-list-parser@npm:2.1.5"
+"@csstools/css-tokenizer@npm:^2.2.1, @csstools/css-tokenizer@npm:^2.2.2":
+  version: 2.2.2
+  resolution: "@csstools/css-tokenizer@npm:2.2.2"
+  checksum: 9e7374aab06a811f868a85127af1ff07ad7a56e22e8c46930e789a907098bdd4e6eec82e0cb0d4b8ac1cd5cd054c1f0e329ec50d8548f57d660aeee7cf9b3167
+  languageName: node
+  linkType: hard
+
+"@csstools/media-query-list-parser@npm:^2.1.5, @csstools/media-query-list-parser@npm:^2.1.6":
+  version: 2.1.6
+  resolution: "@csstools/media-query-list-parser@npm:2.1.6"
   peerDependencies:
-    "@csstools/css-parser-algorithms": ^2.3.2
-    "@csstools/css-tokenizer": ^2.2.1
-  checksum: ae0692c6f92cdc82053291c7a50028b692094dfed795f0259571c5eb40f4b3fa580182ac3701e56c2834e40a62a122ea6639299e43ae88b3a835ae4c869a1a12
+    "@csstools/css-parser-algorithms": ^2.4.0
+    "@csstools/css-tokenizer": ^2.2.2
+  checksum: 06da3e5c01e4785963b821ee2eb31f4fcec622f3b0e4e0748113f287c876f241be211ba11d435d0cc1f0e9f2e26baf5fbf6f8563dc88a49709c3d49e79490b76
   languageName: node
   linkType: hard
 
@@ -1752,12 +1761,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@csstools/selector-specificity@npm:^3.0.0":
-  version: 3.0.0
-  resolution: "@csstools/selector-specificity@npm:3.0.0"
+"@csstools/selector-specificity@npm:^3.0.0, @csstools/selector-specificity@npm:^3.0.1":
+  version: 3.0.1
+  resolution: "@csstools/selector-specificity@npm:3.0.1"
   peerDependencies:
     postcss-selector-parser: ^6.0.13
-  checksum: 6f0e2fa9a3c5dcbc7a446fd827d3eb85ca775cc884f73f0bbb119ab49b4f5f0af8763dd23a37d423f4e7989069c09bb977e7e5f017db296e1417abb1fba75c30
+  checksum: 4280f494726d5e38de74e28dee2ff74ec86244560dff4edeec3ddff3ac73c774c19535bd1bb70cad77949bfb359cf87e977d0ec3264591e3b7260342a20dd84f
   languageName: node
   linkType: hard
 
@@ -1842,6 +1851,20 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@isaacs/cliui@npm:^8.0.2":
+  version: 8.0.2
+  resolution: "@isaacs/cliui@npm:8.0.2"
+  dependencies:
+    string-width: "npm:^5.1.2"
+    string-width-cjs: "npm:string-width@^4.2.0"
+    strip-ansi: "npm:^7.0.1"
+    strip-ansi-cjs: "npm:strip-ansi@^6.0.1"
+    wrap-ansi: "npm:^8.1.0"
+    wrap-ansi-cjs: "npm:wrap-ansi@^7.0.0"
+  checksum: b1bf42535d49f11dc137f18d5e4e63a28c5569de438a221c369483731e9dac9fb797af554e8bf02b6192d1e5eba6e6402cf93900c3d0ac86391d00d04876789e
+  languageName: node
+  linkType: hard
+
 "@jest/schemas@npm:^29.4.3":
   version: 29.4.3
   resolution: "@jest/schemas@npm:29.4.3"
@@ -2018,6 +2041,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@pkgjs/parseargs@npm:^0.11.0":
+  version: 0.11.0
+  resolution: "@pkgjs/parseargs@npm:0.11.0"
+  checksum: 5bd7576bb1b38a47a7fc7b51ac9f38748e772beebc56200450c4a817d712232b8f1d3ef70532c80840243c657d491cf6a6be1e3a214cff907645819fdc34aadd
+  languageName: node
+  linkType: hard
+
 "@popperjs/core@npm:^2.9.0":
   version: 2.11.6
   resolution: "@popperjs/core@npm:2.11.6"
@@ -2504,6 +2534,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"ansi-styles@npm:^6.1.0":
+  version: 6.2.1
+  resolution: "ansi-styles@npm:6.2.1"
+  checksum: 5d1ec38c123984bcedd996eac680d548f31828bd679a66db2bdf11844634dde55fec3efa9c6bb1d89056a5e79c1ac540c4c784d592ea1d25028a92227d2f2d5c
+  languageName: node
+  linkType: hard
+
 "ansis@npm:1.5.2":
   version: 1.5.2
   resolution: "ansis@npm:1.5.2"
@@ -3033,7 +3070,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"cross-spawn@npm:^7.0.2, cross-spawn@npm:^7.0.3":
+"cross-spawn@npm:^7.0.0, cross-spawn@npm:^7.0.2, cross-spawn@npm:^7.0.3":
   version: 7.0.3
   resolution: "cross-spawn@npm:7.0.3"
   dependencies:
@@ -3369,6 +3406,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"eastasianwidth@npm:^0.2.0":
+  version: 0.2.0
+  resolution: "eastasianwidth@npm:0.2.0"
+  checksum: 26f364ebcdb6395f95124fda411f63137a4bfb5d3a06453f7f23dfe52502905bd84e0488172e0f9ec295fdc45f05c23d5d91baf16bd26f0fe9acd777a188dc39
+  languageName: node
+  linkType: hard
+
 "electron-to-chromium@npm:^1.4.601":
   version: 1.4.612
   resolution: "electron-to-chromium@npm:1.4.612"
@@ -3383,6 +3427,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"emoji-regex@npm:^9.2.2":
+  version: 9.2.2
+  resolution: "emoji-regex@npm:9.2.2"
+  checksum: af014e759a72064cf66e6e694a7fc6b0ed3d8db680427b021a89727689671cefe9d04151b2cad51dbaf85d5ba790d061cd167f1cf32eb7b281f6368b3c181639
+  languageName: node
+  linkType: hard
+
 "emojis-list@npm:^3.0.0":
   version: 3.0.0
   resolution: "emojis-list@npm:3.0.0"
@@ -3695,12 +3746,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"file-entry-cache@npm:^7.0.2":
-  version: 7.0.2
-  resolution: "file-entry-cache@npm:7.0.2"
+"file-entry-cache@npm:^8.0.0":
+  version: 8.0.0
+  resolution: "file-entry-cache@npm:8.0.0"
   dependencies:
-    flat-cache: "npm:^3.2.0"
-  checksum: 822664e35c3e295e6a8ca7ec490d8d8077017607f41f94b29922f1f49c6dd07025048e3ed528e2909a1439eba66d60f802c0774aa612cf6ee053ee4ecc16c8c5
+    flat-cache: "npm:^4.0.0"
+  checksum: 9e2b5938b1cd9b6d7e3612bdc533afd4ac17b2fc646569e9a8abbf2eb48e5eb8e316bc38815a3ef6a1b456f4107f0d0f055a614ca613e75db6bf9ff4d72c1638
   languageName: node
   linkType: hard
 
@@ -3753,7 +3804,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"flat-cache@npm:^3.0.4, flat-cache@npm:^3.2.0":
+"flat-cache@npm:^3.0.4":
   version: 3.2.0
   resolution: "flat-cache@npm:3.2.0"
   dependencies:
@@ -3764,6 +3815,17 @@ __metadata:
   languageName: node
   linkType: hard
 
+"flat-cache@npm:^4.0.0":
+  version: 4.0.0
+  resolution: "flat-cache@npm:4.0.0"
+  dependencies:
+    flatted: "npm:^3.2.9"
+    keyv: "npm:^4.5.4"
+    rimraf: "npm:^5.0.5"
+  checksum: 8f99e27bb3de94e91e7b4ca5120488cdc2b7f8cd952a538f1a566101963057eb42ca318e9fac0d36987dcca34316ff04b61c1dc3dcc8084f6f5e801a52a8e547
+  languageName: node
+  linkType: hard
+
 "flatted@npm:^3.2.9":
   version: 3.2.9
   resolution: "flatted@npm:3.2.9"
@@ -3771,6 +3833,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"foreground-child@npm:^3.1.0":
+  version: 3.1.1
+  resolution: "foreground-child@npm:3.1.1"
+  dependencies:
+    cross-spawn: "npm:^7.0.0"
+    signal-exit: "npm:^4.0.1"
+  checksum: 9700a0285628abaeb37007c9a4d92bd49f67210f09067638774338e146c8e9c825c5c877f072b2f75f41dc6a2d0be8664f79ffc03f6576649f54a84fb9b47de0
+  languageName: node
+  linkType: hard
+
 "fraction.js@npm:^4.3.6":
   version: 4.3.7
   resolution: "fraction.js@npm:4.3.7"
@@ -3875,6 +3947,21 @@ __metadata:
   languageName: node
   linkType: hard
 
+"glob@npm:^10.3.7":
+  version: 10.3.10
+  resolution: "glob@npm:10.3.10"
+  dependencies:
+    foreground-child: "npm:^3.1.0"
+    jackspeak: "npm:^2.3.5"
+    minimatch: "npm:^9.0.1"
+    minipass: "npm:^5.0.0 || ^6.0.2 || ^7.0.0"
+    path-scurry: "npm:^1.10.1"
+  bin:
+    glob: dist/esm/bin.mjs
+  checksum: 13d8a1feb7eac7945f8c8480e11cd4a44b24d26503d99a8d8ac8d5aefbf3e9802a2b6087318a829fad04cb4e829f25c5f4f1110c68966c498720dd261c7e344d
+  languageName: node
+  linkType: hard
+
 "glob@npm:^7.0.3, glob@npm:^7.1.3, glob@npm:^7.1.4, glob@npm:^7.2.0":
   version: 7.2.3
   resolution: "glob@npm:7.2.3"
@@ -4336,6 +4423,19 @@ __metadata:
   languageName: node
   linkType: hard
 
+"jackspeak@npm:^2.3.5":
+  version: 2.3.6
+  resolution: "jackspeak@npm:2.3.6"
+  dependencies:
+    "@isaacs/cliui": "npm:^8.0.2"
+    "@pkgjs/parseargs": "npm:^0.11.0"
+  dependenciesMeta:
+    "@pkgjs/parseargs":
+      optional: true
+  checksum: f01d8f972d894cd7638bc338e9ef5ddb86f7b208ce177a36d718eac96ec86638a6efa17d0221b10073e64b45edc2ce15340db9380b1f5d5c5d000cbc517dc111
+  languageName: node
+  linkType: hard
+
 "jenkins-ui@workspace:.":
   version: 0.0.0-use.local
   resolution: "jenkins-ui@workspace:."
@@ -4364,7 +4464,7 @@ __metadata:
     sass-loader: "npm:13.3.3"
     sortablejs: "npm:1.15.1"
     style-loader: "npm:3.3.3"
-    stylelint: "npm:16.0.2"
+    stylelint: "npm:16.1.0"
     stylelint-checkstyle-reporter: "npm:0.2.0"
     stylelint-config-standard: "npm:33.0.0"
     tippy.js: "npm:6.3.7"
@@ -4531,7 +4631,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"keyv@npm:^4.5.3":
+"keyv@npm:^4.5.3, keyv@npm:^4.5.4":
   version: 4.5.4
   resolution: "keyv@npm:4.5.4"
   dependencies:
@@ -4690,6 +4790,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"lru-cache@npm:^9.1.1 || ^10.0.0":
+  version: 10.1.0
+  resolution: "lru-cache@npm:10.1.0"
+  checksum: 778bc8b2626daccd75f24c4b4d10632496e21ba064b126f526c626fbdbc5b28c472013fccd45d7646b9e1ef052444824854aed617b59cd570d01a8b7d651fc1e
+  languageName: node
+  linkType: hard
+
 "make-dir@npm:^2.1.0":
   version: 2.1.0
   resolution: "make-dir@npm:2.1.0"
@@ -4745,10 +4852,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"meow@npm:^12.1.1":
-  version: 12.1.1
-  resolution: "meow@npm:12.1.1"
-  checksum: a125ca99a32e2306e2f4cbe651a0d27f6eb67918d43a075f6e80b35e9bf372ebf0fc3a9fbc201cbbc9516444b6265fb3c9f80c5b7ebd32f548aa93eb7c28e088
+"meow@npm:^13.0.0":
+  version: 13.0.0
+  resolution: "meow@npm:13.0.0"
+  checksum: fab0f91578154c048e792a81704f3f28099ffff900f364df8a85f6e770a57e1c124859a25e186186e149dad30692c7893af0dfd71517bea343bfe5d749b1fa04
   languageName: node
   linkType: hard
 
@@ -4821,6 +4928,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"minimatch@npm:^9.0.1":
+  version: 9.0.3
+  resolution: "minimatch@npm:9.0.3"
+  dependencies:
+    brace-expansion: "npm:^2.0.1"
+  checksum: 85f407dcd38ac3e180f425e86553911d101455ca3ad5544d6a7cec16286657e4f8a9aa6695803025c55e31e35a91a2252b5dc8e7d527211278b8b65b4dbd5eac
+  languageName: node
+  linkType: hard
+
 "minimist@npm:^1.2.0, minimist@npm:^1.2.5":
   version: 1.2.7
   resolution: "minimist@npm:1.2.7"
@@ -4888,6 +5004,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"minipass@npm:^5.0.0 || ^6.0.2 || ^7.0.0":
+  version: 7.0.4
+  resolution: "minipass@npm:7.0.4"
+  checksum: 6c7370a6dfd257bf18222da581ba89a5eaedca10e158781232a8b5542a90547540b4b9b7e7f490e4cda43acfbd12e086f0453728ecf8c19e0ef6921bc5958ac5
+  languageName: node
+  linkType: hard
+
 "minizlib@npm:^2.1.1, minizlib@npm:^2.1.2":
   version: 2.1.2
   resolution: "minizlib@npm:2.1.2"
@@ -5194,6 +5317,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"path-scurry@npm:^1.10.1":
+  version: 1.10.1
+  resolution: "path-scurry@npm:1.10.1"
+  dependencies:
+    lru-cache: "npm:^9.1.1 || ^10.0.0"
+    minipass: "npm:^5.0.0 || ^6.0.2 || ^7.0.0"
+  checksum: e5dc78a7348d25eec61ab166317e9e9c7b46818aa2c2b9006c507a6ff48c672d011292d9662527213e558f5652ce0afcc788663a061d8b59ab495681840c0c1e
+  languageName: node
+  linkType: hard
+
 "path-type@npm:^4.0.0":
   version: 4.0.0
   resolution: "path-type@npm:4.0.0"
@@ -6262,6 +6395,17 @@ __metadata:
   languageName: node
   linkType: hard
 
+"rimraf@npm:^5.0.5":
+  version: 5.0.5
+  resolution: "rimraf@npm:5.0.5"
+  dependencies:
+    glob: "npm:^10.3.7"
+  bin:
+    rimraf: dist/esm/bin.mjs
+  checksum: d50dbe724f33835decd88395b25ed35995077c60a50ae78ded06e0185418914e555817aad1b4243edbff2254548c2f6ad6f70cc850040bebb4da9e8cc016f586
+  languageName: node
+  linkType: hard
+
 "run-parallel@npm:^1.1.9":
   version: 1.2.0
   resolution: "run-parallel@npm:1.2.0"
@@ -6529,7 +6673,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"string-width@npm:^1.0.2 || 2 || 3 || 4, string-width@npm:^4.2.3":
+"string-width-cjs@npm:string-width@^4.2.0, string-width@npm:^1.0.2 || 2 || 3 || 4, string-width@npm:^4.1.0, string-width@npm:^4.2.3":
   version: 4.2.3
   resolution: "string-width@npm:4.2.3"
   dependencies:
@@ -6540,6 +6684,17 @@ __metadata:
   languageName: node
   linkType: hard
 
+"string-width@npm:^5.0.1, string-width@npm:^5.1.2":
+  version: 5.1.2
+  resolution: "string-width@npm:5.1.2"
+  dependencies:
+    eastasianwidth: "npm:^0.2.0"
+    emoji-regex: "npm:^9.2.2"
+    strip-ansi: "npm:^7.0.1"
+  checksum: ab9c4264443d35b8b923cbdd513a089a60de339216d3b0ed3be3ba57d6880e1a192b70ae17225f764d7adbf5994e9bb8df253a944736c15a0240eff553c678ca
+  languageName: node
+  linkType: hard
+
 "string_decoder@npm:^1.1.1":
   version: 1.3.0
   resolution: "string_decoder@npm:1.3.0"
@@ -6549,7 +6704,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"strip-ansi@npm:^6.0.1":
+"strip-ansi-cjs@npm:strip-ansi@^6.0.1, strip-ansi@npm:^6.0.0, strip-ansi@npm:^6.0.1":
   version: 6.0.1
   resolution: "strip-ansi@npm:6.0.1"
   dependencies:
@@ -6558,7 +6713,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"strip-ansi@npm:^7.1.0":
+"strip-ansi@npm:^7.0.1, strip-ansi@npm:^7.1.0":
   version: 7.1.0
   resolution: "strip-ansi@npm:7.1.0"
   dependencies:
@@ -6624,14 +6779,14 @@ __metadata:
   languageName: node
   linkType: hard
 
-"stylelint@npm:16.0.2":
-  version: 16.0.2
-  resolution: "stylelint@npm:16.0.2"
+"stylelint@npm:16.1.0":
+  version: 16.1.0
+  resolution: "stylelint@npm:16.1.0"
   dependencies:
-    "@csstools/css-parser-algorithms": "npm:^2.3.2"
-    "@csstools/css-tokenizer": "npm:^2.2.1"
-    "@csstools/media-query-list-parser": "npm:^2.1.5"
-    "@csstools/selector-specificity": "npm:^3.0.0"
+    "@csstools/css-parser-algorithms": "npm:^2.4.0"
+    "@csstools/css-tokenizer": "npm:^2.2.2"
+    "@csstools/media-query-list-parser": "npm:^2.1.6"
+    "@csstools/selector-specificity": "npm:^3.0.1"
     balanced-match: "npm:^2.0.0"
     colord: "npm:^2.9.3"
     cosmiconfig: "npm:^9.0.0"
@@ -6640,7 +6795,7 @@ __metadata:
     debug: "npm:^4.3.4"
     fast-glob: "npm:^3.3.2"
     fastest-levenshtein: "npm:^1.0.16"
-    file-entry-cache: "npm:^7.0.2"
+    file-entry-cache: "npm:^8.0.0"
     global-modules: "npm:^2.0.0"
     globby: "npm:^11.1.0"
     globjoin: "npm:^0.1.4"
@@ -6650,7 +6805,7 @@ __metadata:
     is-plain-object: "npm:^5.0.0"
     known-css-properties: "npm:^0.29.0"
     mathml-tag-names: "npm:^2.1.3"
-    meow: "npm:^12.1.1"
+    meow: "npm:^13.0.0"
     micromatch: "npm:^4.0.5"
     normalize-path: "npm:^3.0.0"
     picocolors: "npm:^1.0.0"
@@ -6668,7 +6823,7 @@ __metadata:
     write-file-atomic: "npm:^5.0.1"
   bin:
     stylelint: bin/stylelint.mjs
-  checksum: 5ec755e209beb1877ff40d50f18c1ebb05bf251925da1f98f28fb3911e4031195eb86adaf641ac5cdb01ba973f4c999bc0c6b0270d08c1d5c070adbdd9e734cf
+  checksum: 765eea0b07319d1e7989502c07b8b5794938e5a8542bec00990b09ec10c3f7006891689930099e948d06c9ef9982066edb98b1ea64a435138a6b0f0905eb2b87
   languageName: node
   linkType: hard
 
@@ -7104,6 +7259,28 @@ __metadata:
   languageName: node
   linkType: hard
 
+"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0":
+  version: 7.0.0
+  resolution: "wrap-ansi@npm:7.0.0"
+  dependencies:
+    ansi-styles: "npm:^4.0.0"
+    string-width: "npm:^4.1.0"
+    strip-ansi: "npm:^6.0.0"
+  checksum: d15fc12c11e4cbc4044a552129ebc75ee3f57aa9c1958373a4db0292d72282f54373b536103987a4a7594db1ef6a4f10acf92978f79b98c49306a4b58c77d4da
+  languageName: node
+  linkType: hard
+
+"wrap-ansi@npm:^8.1.0":
+  version: 8.1.0
+  resolution: "wrap-ansi@npm:8.1.0"
+  dependencies:
+    ansi-styles: "npm:^6.1.0"
+    string-width: "npm:^5.0.1"
+    strip-ansi: "npm:^7.0.1"
+  checksum: 138ff58a41d2f877eae87e3282c0630fc2789012fc1af4d6bd626eeb9a2f9a65ca92005e6e69a75c7b85a68479fe7443c7dbe1eb8fbaa681a4491364b7c55c60
+  languageName: node
+  linkType: hard
+
 "wrappy@npm:1":
   version: 1.0.2
   resolution: "wrappy@npm:1.0.2"

From 2e267453eb7530848df3a4b75774136446e280b5 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sun, 31 Dec 2023 12:24:56 +0100
Subject: [PATCH 04/20] Update dependency postcss-loader to v7.3.4 (#8812)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 war/package.json |  2 +-
 war/yarn.lock    | 51 ++++++++++++++++++++++++++----------------------
 2 files changed, 29 insertions(+), 24 deletions(-)

diff --git a/war/package.json b/war/package.json
index 2c91ee9ba42a..307f28d71172 100644
--- a/war/package.json
+++ b/war/package.json
@@ -35,7 +35,7 @@
     "handlebars-loader": "1.7.3",
     "mini-css-extract-plugin": "2.7.6",
     "postcss": "8.4.32",
-    "postcss-loader": "7.3.3",
+    "postcss-loader": "7.3.4",
     "postcss-preset-env": "9.3.0",
     "postcss-scss": "4.0.9",
     "prettier": "3.1.1",
diff --git a/war/yarn.lock b/war/yarn.lock
index 7aa8317d793e..3781e65b0635 100644
--- a/war/yarn.lock
+++ b/war/yarn.lock
@@ -3041,15 +3041,20 @@ __metadata:
   languageName: node
   linkType: hard
 
-"cosmiconfig@npm:^8.2.0":
-  version: 8.2.0
-  resolution: "cosmiconfig@npm:8.2.0"
+"cosmiconfig@npm:^8.3.5":
+  version: 8.3.6
+  resolution: "cosmiconfig@npm:8.3.6"
   dependencies:
-    import-fresh: "npm:^3.2.1"
+    import-fresh: "npm:^3.3.0"
     js-yaml: "npm:^4.1.0"
-    parse-json: "npm:^5.0.0"
+    parse-json: "npm:^5.2.0"
     path-type: "npm:^4.0.0"
-  checksum: 4180aa6d1881b75ba591b2fc04b022741a3a4b67e9e243c0eb8d169b6e1efbd3cdf7e8ca19243c0f2e53a9d59ac3eccd5cad5f95f487fcbf4e740f9e86745747
+  peerDependencies:
+    typescript: ">=4.9.5"
+  peerDependenciesMeta:
+    typescript:
+      optional: true
+  checksum: 0382a9ed13208f8bfc22ca2f62b364855207dffdb73dc26e150ade78c3093f1cf56172df2dd460c8caf2afa91c0ed4ec8a88c62f8f9cd1cf423d26506aa8797a
   languageName: node
   linkType: hard
 
@@ -4456,7 +4461,7 @@ __metadata:
     lodash: "npm:4.17.21"
     mini-css-extract-plugin: "npm:2.7.6"
     postcss: "npm:8.4.32"
-    postcss-loader: "npm:7.3.3"
+    postcss-loader: "npm:7.3.4"
     postcss-preset-env: "npm:9.3.0"
     postcss-scss: "npm:4.0.9"
     prettier: "npm:3.1.1"
@@ -4512,12 +4517,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"jiti@npm:^1.18.2":
-  version: 1.18.2
-  resolution: "jiti@npm:1.18.2"
+"jiti@npm:^1.20.0":
+  version: 1.21.0
+  resolution: "jiti@npm:1.21.0"
   bin:
     jiti: bin/jiti.js
-  checksum: 578343e883838a5d6775350925d9e1a647e00132ade9c8cc318c163b692988612472f0af3cd9d92b8d8ca61e623092e86ab89563cbf6394900a5a39962e3c4e8
+  checksum: 7f361219fe6c7a5e440d5f1dba4ab763a5538d2df8708cdc22561cf25ea3e44b837687931fca7cdd8cdd9f567300e90be989dd1321650045012d8f9ed6aab07f
   languageName: node
   linkType: hard
 
@@ -5263,7 +5268,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"parse-json@npm:^5.0.0, parse-json@npm:^5.2.0":
+"parse-json@npm:^5.2.0":
   version: 5.2.0
   resolution: "parse-json@npm:5.2.0"
   dependencies:
@@ -5656,17 +5661,17 @@ __metadata:
   languageName: node
   linkType: hard
 
-"postcss-loader@npm:7.3.3":
-  version: 7.3.3
-  resolution: "postcss-loader@npm:7.3.3"
+"postcss-loader@npm:7.3.4":
+  version: 7.3.4
+  resolution: "postcss-loader@npm:7.3.4"
   dependencies:
-    cosmiconfig: "npm:^8.2.0"
-    jiti: "npm:^1.18.2"
-    semver: "npm:^7.3.8"
+    cosmiconfig: "npm:^8.3.5"
+    jiti: "npm:^1.20.0"
+    semver: "npm:^7.5.4"
   peerDependencies:
     postcss: ^7.0.0 || ^8.0.1
     webpack: ^5.0.0
-  checksum: d039654273f858be1f75dfdf8b550869d88905b73a7684b3e48a2937a6087619e84fd1a3551cdef78685a965a2573e985b29a532c3878d834071ecd2da0eb304
+  checksum: 1bf7614aeea9ad1f8ee6be3a5451576c059391688ea67f825aedc2674056369597faeae4e4a81fe10843884c9904a71403d9a54197e1f560e8fbb9e61f2a2680
   languageName: node
   linkType: hard
 
@@ -6507,14 +6512,14 @@ __metadata:
   languageName: node
   linkType: hard
 
-"semver@npm:^7.3.5, semver@npm:^7.3.8":
-  version: 7.3.8
-  resolution: "semver@npm:7.3.8"
+"semver@npm:^7.3.5, semver@npm:^7.3.8, semver@npm:^7.5.4":
+  version: 7.5.4
+  resolution: "semver@npm:7.5.4"
   dependencies:
     lru-cache: "npm:^6.0.0"
   bin:
     semver: bin/semver.js
-  checksum: 7e581d679530db31757301c2117721577a2bb36a301a443aac833b8efad372cda58e7f2a464fe4412ae1041cc1f63a6c1fe0ced8c57ce5aca1e0b57bb0d627b9
+  checksum: 5160b06975a38b11c1ab55950cb5b8a23db78df88275d3d8a42ccf1f29e55112ac995b3a26a522c36e3b5f76b0445f1eef70d696b8c7862a2b4303d7b0e7609e
   languageName: node
   linkType: hard
 

From f4095698966cd901681241e994e872846429211d Mon Sep 17 00:00:00 2001
From: Alexander Brandes <mc.cache@web.de>
Date: Mon, 1 Jan 2024 08:17:56 +0100
Subject: [PATCH 05/20] Run GH actions release artifact uploader with JDK 17
 (#8813)

---
 .github/workflows/publish-release-artifact.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish-release-artifact.yml b/.github/workflows/publish-release-artifact.yml
index 86d55282ebba..3bb991579de8 100644
--- a/.github/workflows/publish-release-artifact.yml
+++ b/.github/workflows/publish-release-artifact.yml
@@ -16,11 +16,11 @@ jobs:
       is-rc: ${{ steps.set-version.outputs.is-rc }}
     steps:
       - uses: actions/checkout@v4
-      - name: Set up JDK 11
+      - name: Set up JDK 17
         uses: actions/setup-java@v4
         with:
           distribution: "temurin"
-          java-version: 11
+          java-version: 17
           cache: "maven"
       - name: Set version
         id: set-version

From a82e94b05b56193066d85a17065440084fd62552 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 1 Jan 2024 00:18:46 -0700
Subject: [PATCH 06/20] Update dependency sass to v1.69.6 (#8816)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 war/package.json |  2 +-
 war/yarn.lock    | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/war/package.json b/war/package.json
index 307f28d71172..9f3bb4c4978c 100644
--- a/war/package.json
+++ b/war/package.json
@@ -39,7 +39,7 @@
     "postcss-preset-env": "9.3.0",
     "postcss-scss": "4.0.9",
     "prettier": "3.1.1",
-    "sass": "1.69.5",
+    "sass": "1.69.6",
     "sass-loader": "13.3.3",
     "style-loader": "3.3.3",
     "stylelint": "16.1.0",
diff --git a/war/yarn.lock b/war/yarn.lock
index 3781e65b0635..0a5ddcde88fb 100644
--- a/war/yarn.lock
+++ b/war/yarn.lock
@@ -4465,7 +4465,7 @@ __metadata:
     postcss-preset-env: "npm:9.3.0"
     postcss-scss: "npm:4.0.9"
     prettier: "npm:3.1.1"
-    sass: "npm:1.69.5"
+    sass: "npm:1.69.6"
     sass-loader: "npm:13.3.3"
     sortablejs: "npm:1.15.1"
     style-loader: "npm:3.3.3"
@@ -6458,16 +6458,16 @@ __metadata:
   languageName: node
   linkType: hard
 
-"sass@npm:1.69.5":
-  version: 1.69.5
-  resolution: "sass@npm:1.69.5"
+"sass@npm:1.69.6":
+  version: 1.69.6
+  resolution: "sass@npm:1.69.6"
   dependencies:
     chokidar: "npm:>=3.0.0 <4.0.0"
     immutable: "npm:^4.0.0"
     source-map-js: "npm:>=0.6.2 <2.0.0"
   bin:
     sass: sass.js
-  checksum: a9003a9482f2e467fc412cfe58ba4fa14fb78bef7e1283ce5d64a065f8a31114ec3bbf5d4e724f94eb8512c32c768a6f91f228c7f16a26a300bbf4db293b5608
+  checksum: 8153db8e51e74a9007bb54332e14d122c34288c7d21a5f2eaefef753a1b7bb13f35e042dc6247253dab5b1550b05cea27970371e7548286b4f50f23dd1147d89
   languageName: node
   linkType: hard
 

From 2ac59590a6a5021228936a239154300b425a6d8d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Jan 2024 00:19:11 -0700
Subject: [PATCH 07/20] Bump slf4jVersion from 2.0.9 to 2.0.10 (#8809)

Bumps `slf4jVersion` from 2.0.9 to 2.0.10.

Updates `org.slf4j:jcl-over-slf4j` from 2.0.9 to 2.0.10

Updates `org.slf4j:log4j-over-slf4j` from 2.0.9 to 2.0.10

Updates `org.slf4j:slf4j-api` from 2.0.9 to 2.0.10

Updates `org.slf4j:slf4j-jdk14` from 2.0.9 to 2.0.10

---
updated-dependencies:
- dependency-name: org.slf4j:jcl-over-slf4j
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.slf4j:log4j-over-slf4j
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.slf4j:slf4j-jdk14
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 bom/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bom/pom.xml b/bom/pom.xml
index 36c3542fad35..a4c8690015ca 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -39,7 +39,7 @@ THE SOFTWARE.
 
   <properties>
     <asm.version>9.6</asm.version>
-    <slf4jVersion>2.0.9</slf4jVersion>
+    <slf4jVersion>2.0.10</slf4jVersion>
     <stapler.version>1822.v120278426e1c</stapler.version>
     <groovy.version>2.4.21</groovy.version>
   </properties>

From b5030b74ace4bde13d44b62078596b8634a12e57 Mon Sep 17 00:00:00 2001
From: Alexander Brandes <mc.cache@web.de>
Date: Mon, 1 Jan 2024 14:31:01 +0100
Subject: [PATCH 08/20] Update JDK recommendations for contributors (#8818)

---
 CONTRIBUTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 0e6dbffdda9d..77c012b44c68 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -9,7 +9,7 @@ This page provides information about contributing code to the Jenkins core codeb
 1. Fork the repository on GitHub
 2. Clone the forked repository to your machine
 3. Install the necessary development tools. In order to develop Jenkins, you need the following:
-   - Java Development Kit (JDK) 11 or 17.
+   - Java Development Kit (JDK) 11, 17 or 21.
      In the Jenkins project we usually use [Eclipse Temurin](https://adoptium.net/) or [OpenJDK](https://openjdk.java.net/), but you can use other JDKs as well.
    - Apache Maven 3.8.1 or above. You can [download Maven here](https://maven.apache.org/download.cgi).
      In the Jenkins project we usually use the most recent Maven release.

From c878487461f1e535e39766893636f2bbf88becc0 Mon Sep 17 00:00:00 2001
From: Debayan Ghosh <66942246+debayangg@users.noreply.github.com>
Date: Tue, 2 Jan 2024 08:38:59 +0530
Subject: [PATCH 09/20] [JENKINS-71666] Adapt to Popper deprecation in Jenkins
 core (#8810)

Removed deprecated popper2-api from war/pom.xml
---
 war/pom.xml | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/war/pom.xml b/war/pom.xml
index 2808d786b3d4..eaacd13349e3 100644
--- a/war/pom.xml
+++ b/war/pom.xml
@@ -403,14 +403,6 @@ THE SOFTWARE.
                   <type>hpi</type>
                 </artifactItem>
 
-                <artifactItem>
-                  <!-- former dependency of bootstrap5-api (see JENKINS-71666) -->
-                  <groupId>io.jenkins.plugins</groupId>
-                  <artifactId>popper2-api</artifactId>
-                  <version>2.11.6-4</version>
-                  <type>hpi</type>
-                </artifactItem>
-
                 <artifactItem>
                   <!-- dependency of bootstrap5-api and echarts-api -->
                   <groupId>io.jenkins.plugins</groupId>

From 3597db8e13f8fd5ef5309b31ef55eb8121663a6b Mon Sep 17 00:00:00 2001
From: Anders Hammar <anders@hammar.net>
Date: Tue, 2 Jan 2024 04:09:22 +0100
Subject: [PATCH 10/20] [JENKINS-72466] Upgrade jbcrypt dependency (#8811)

JENKINS-72466: Upgrades jbcrypt dependency
---
 bom/pom.xml                                            |  4 ++--
 core/pom.xml                                           |  2 +-
 .../security/HudsonPrivateSecurityRealmTest.java       | 10 +++++++++-
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/bom/pom.xml b/bom/pom.xml
index a4c8690015ca..53ac85bdaa4c 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -196,9 +196,9 @@ THE SOFTWARE.
         <version>${groovy.version}</version>
       </dependency>
       <dependency>
-        <groupId>org.connectbot.jbcrypt</groupId>
+        <groupId>org.connectbot</groupId>
         <artifactId>jbcrypt</artifactId>
-        <version>1.0.0</version>
+        <version>1.0.2</version>
       </dependency>
       <dependency>
         <!-- Groovy shell uses this, but it doesn't declare the dependency -->
diff --git a/core/pom.xml b/core/pom.xml
index 45539865962a..82d3b76bbb21 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -282,7 +282,7 @@ THE SOFTWARE.
       <artifactId>groovy-all</artifactId>
     </dependency>
     <dependency>
-      <groupId>org.connectbot.jbcrypt</groupId>
+      <groupId>org.connectbot</groupId>
       <artifactId>jbcrypt</artifactId>
     </dependency>
     <dependency>
diff --git a/core/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java b/core/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java
index 9d7e2b7b5980..09aab39cb0e3 100644
--- a/core/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java
+++ b/core/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java
@@ -55,7 +55,7 @@ public void timingPBKDF2() {
      * or slow hardware, so this is commented out but left for ease of running locally when desired.
      */
     //@Test
-    public void timingBcrypt() {
+    public void timingJBCrypt() {
         // ignore the salt generation - check just matching....
         JBCryptEncoder encoder = new JBCryptEncoder();
         String encoded = encoder.encode("thisIsMyPassword1");
@@ -143,4 +143,12 @@ public void passwordPBKDF2HashWithInvalidKeySpec() throws Exception {
             assertThrows(RuntimeException.class, () -> pbkdf2PasswordEncoder.matches("MySecurePassword", PBKDF2_HMAC_SHA512_ENCODED_PASSWORD));
         }
     }
+
+    @Test
+    public void testJBCryptPasswordMatching() {
+        JBCryptEncoder encoder = new JBCryptEncoder();
+        String encoded = encoder.encode("thisIsMyPassword");
+        assertTrue(encoder.matches("thisIsMyPassword", encoded));
+        assertFalse(encoder.matches("thisIsNotMyPassword", encoded));
+    }
 }

From c8156d41f2e6abf52b41669287e9ab771080b8e4 Mon Sep 17 00:00:00 2001
From: Mark Waite <mark.earl.waite@gmail.com>
Date: Mon, 1 Jan 2024 20:09:42 -0700
Subject: [PATCH 11/20] [JENKINS-72469] Avoid repeated tool downloads from
 misconfigured HTTP servers (#8814)

* [JENKINS-72469] Avoid repeated tool downloads from misconfigured HTTP servers

The Azul Systems content delivery network stopped providing the
last-modified header in their URL responses.  They only provide the
ETag header.

Add ETag support to the Jenkins FilePath URL download method so that if ETag is
provided, we use the ETag value.  If last-modified is provided and matches, we
continue to honor it as well.

https://issues.jenkins.io/browse/JENKINS-72469 has more details.

https://community.jenkins.io/t/job-stuck-on-unpacking-global-jdk-tool/11272
also includes more details.

Testing done

* Automated test added to FilePathTest for code changes on the controller.
  The automated test confirms that even without a last-modified value,
  the later downloads are skipped if a matching ETag is received.
  The automated test also confirms that download is skipped if OK is
  received with a matching ETag.  No automated test was added to confirm
  download on the agent because that path is not tested by any of the
  other test automation of this class.

* Interactive test with the Azul Systems JDK installer on the controller.
  I created a tool installer for the Azul JDK.  I verified that before
  this change it was downloaded each time the job was run.  I verified
  that after the change it was downloaded only once.

* Interactive test with the Azul Systems JDK installer on an agent.
  I created a tool installer for the Azul JDK.  I verified that before
  this change it was downloaded each time the job was run.  I verified
  that after the change it was downloaded only once.

* Interactive test on the controller with a file download from an NGINX
  web server confirmed that the tool is downloaded once and then later
  runs of the job did not download the file again.

* Use equals instead of contains to check ETag

Don't risk that a substring of an earlier ETag might cause a later
ETag to incorrectly assume it does not need to download a modified
installer.

* Use weak comparison for ETag values

https://httpwg.org/specs/rfc9110.html#field.etag describes weak comparison
cases and notes that content providers may provide weak or strong entity
tags.  Updated code to correctly compare weak and strong entity tags.

Also improves the null checks based on the suggestions from @mawinter69
in https://github.com/jenkinsci/jenkins/pull/8814#discussion_r1438909824

* Test comparison of weak and strong validators

* Do not duplicate test args, more readable

* Use better variable names in test

Cover more branches in the equalEtags method as well

* Fix variable declaration order
---
 core/src/main/java/hudson/FilePath.java     | 42 +++++++++++-
 core/src/test/java/hudson/FilePathTest.java | 71 +++++++++++++++++++++
 2 files changed, 111 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/hudson/FilePath.java b/core/src/main/java/hudson/FilePath.java
index cdc057ef9c54..1da338d6e549 100644
--- a/core/src/main/java/hudson/FilePath.java
+++ b/core/src/main/java/hudson/FilePath.java
@@ -28,6 +28,7 @@
 
 import static hudson.Util.fileToPath;
 import static hudson.Util.fixEmpty;
+import static hudson.Util.fixEmptyAndTrim;
 
 import com.google.common.annotations.VisibleForTesting;
 import com.jcraft.jzlib.GZIPInputStream;
@@ -962,7 +963,7 @@ public Void invoke(File dir, VirtualChannel channel) throws IOException {
      * </ul>
      *
      * @param archive
-     *      The resource that represents the tgz/zip file. This URL must support the {@code Last-Modified} header.
+     *      The resource that represents the tgz/zip file. This URL must support the {@code Last-Modified} header or the {@code ETag} header.
      *      (For example, you could use {@link ClassLoader#getResource}.)
      * @param listener
      *      If non-null, a message will be printed to this listener once this method decides to
@@ -984,12 +985,18 @@ private boolean installIfNecessaryFrom(@NonNull URL archive, @NonNull TaskListen
         try {
             FilePath timestamp = this.child(".timestamp");
             long lastModified = timestamp.lastModified();
+            // https://httpwg.org/specs/rfc9110.html#field.etag is the ETag specification
+            // Read previously stored ETag if timestamp is available
+            String etag = timestamp.exists() ? fixEmptyAndTrim(timestamp.readToString()) : null;
             URLConnection con;
             try {
                 con = ProxyConfiguration.open(archive);
                 if (lastModified != 0) {
                     con.setIfModifiedSince(lastModified);
                 }
+                if (etag != null) {
+                    con.setRequestProperty("If-None-Match", etag);
+                }
                 con.connect();
             } catch (IOException x) {
                 if (this.exists()) {
@@ -1016,7 +1023,7 @@ private boolean installIfNecessaryFrom(@NonNull URL archive, @NonNull TaskListen
                         return false;
                     }
                 }
-                if (lastModified != 0) {
+                if (lastModified != 0 || etag != null) {
                     if (responseCode == HttpURLConnection.HTTP_NOT_MODIFIED) {
                         return false;
                     } else if (responseCode != HttpURLConnection.HTTP_OK) {
@@ -1027,8 +1034,12 @@ private boolean installIfNecessaryFrom(@NonNull URL archive, @NonNull TaskListen
             }
 
             long sourceTimestamp = con.getLastModified();
+            String resultEtag = fixEmptyAndTrim(con.getHeaderField("ETag"));
 
             if (this.exists()) {
+                if (equalETags(etag, resultEtag)) {
+                    return false;   // already up to date
+                }
                 if (lastModified != 0 && sourceTimestamp == lastModified)
                     return false;   // already up to date
                 this.deleteContents();
@@ -1042,6 +1053,10 @@ private boolean installIfNecessaryFrom(@NonNull URL archive, @NonNull TaskListen
                 // First try to download from the agent machine.
                 try {
                     act(new Unpack(archive));
+                    if (resultEtag != null && !equalETags(etag, resultEtag)) {
+                        /* Store the ETag value in the timestamp file for later use */
+                        timestamp.write(resultEtag, "UTF-8");
+                    }
                     timestamp.touch(sourceTimestamp);
                     return true;
                 } catch (IOException x) {
@@ -1061,6 +1076,10 @@ private boolean installIfNecessaryFrom(@NonNull URL archive, @NonNull TaskListen
                 throw new IOException(String.format("Failed to unpack %s (%d bytes read of total %d)",
                         archive, cis.getByteCount(), con.getContentLength()), e);
             }
+            if (resultEtag != null && !equalETags(etag, resultEtag)) {
+                /* Store the ETag value in the timestamp file for later use */
+                timestamp.write(resultEtag, "UTF-8");
+            }
             timestamp.touch(sourceTimestamp);
             return true;
         } catch (IOException e) {
@@ -1068,6 +1087,25 @@ private boolean installIfNecessaryFrom(@NonNull URL archive, @NonNull TaskListen
         }
     }
 
+    /* Return true if etag1 equals etag2 as defined by the etag specification
+       https://httpwg.org/specs/rfc9110.html#field.etag
+     */
+    private boolean equalETags(String etag1, String etag2) {
+        if (etag1 == null || etag2 == null) {
+            return false;
+        }
+        if (etag1.equals(etag2)) {
+            return true;
+        }
+        /* Weak tags are identified by leading characters "W/" as a marker */
+        /* Weak tag marker must not be considered in tag comparison.
+           This implements the weak comparison in the specification at
+           https://httpwg.org/specs/rfc9110.html#field.etag */
+        String opaqueTag1 = etag1.startsWith("W/") ? etag1.substring(2) : etag1;
+        String opaqueTag2 = etag2.startsWith("W/") ? etag2.substring(2) : etag2;
+        return opaqueTag1.equals(opaqueTag2);
+    }
+
     // this reads from arbitrary URL
     private static final class Unpack extends MasterToSlaveFileCallable<Void> {
         private final URL archive;
diff --git a/core/src/test/java/hudson/FilePathTest.java b/core/src/test/java/hudson/FilePathTest.java
index fe152a25ba49..54d37c2b3dcd 100644
--- a/core/src/test/java/hudson/FilePathTest.java
+++ b/core/src/test/java/hudson/FilePathTest.java
@@ -670,6 +670,77 @@ private static void assertValidateAntFileMask(String expected, FilePath d, Strin
         assertTrue(d.installIfNecessaryFrom(url, null, message));
     }
 
+    @Issue("JENKINS-72469")
+    @Test public void installIfNecessaryWithoutLastModifiedStrongValidator() throws Exception {
+        String strongValidator = "\"An-ETag-strong-validator\"";
+        installIfNecessaryWithoutLastModified(strongValidator);
+    }
+
+    @Issue("JENKINS-72469")
+    @Test public void installIfNecessaryWithoutLastModifiedStrongValidatorNoQuotes() throws Exception {
+        // This ETag is a violation of the spec at https://httpwg.org/specs/rfc9110.html#field.etag
+        // However, better safe to handle without quotes as well, just in case
+        String strongValidator = "An-ETag-strong-validator-without-quotes";
+        installIfNecessaryWithoutLastModified(strongValidator);
+    }
+
+    @Issue("JENKINS-72469")
+    @Test public void installIfNecessaryWithoutLastModifiedWeakValidator() throws Exception {
+        String weakValidator = "W/\"An-ETag-weak-validator\"";
+        installIfNecessaryWithoutLastModified(weakValidator);
+    }
+
+    @Issue("JENKINS-72469")
+    @Test public void installIfNecessaryWithoutLastModifiedStrongAndWeakValidators() throws Exception {
+        String strongValidator = "\"An-ETag-validator\"";
+        String weakValidator = "W/" + strongValidator;
+        installIfNecessaryWithoutLastModified(strongValidator, weakValidator);
+    }
+
+    @Issue("JENKINS-72469")
+    @Test public void installIfNecessaryWithoutLastModifiedWeakAndStrongValidators() throws Exception {
+        String strongValidator = "\"An-ETag-validator\"";
+        String weakValidator = "W/" + strongValidator;
+        installIfNecessaryWithoutLastModified(weakValidator, strongValidator);
+    }
+
+    private void installIfNecessaryWithoutLastModified(String validator) throws Exception {
+        installIfNecessaryWithoutLastModified(validator, validator);
+    }
+
+    private void installIfNecessaryWithoutLastModified(String validator, String alternateValidator) throws Exception {
+        final HttpURLConnection con = mock(HttpURLConnection.class);
+        // getLastModified == 0 when last-modified header is not returned
+        when(con.getLastModified()).thenReturn(0L);
+        // An Etag is provided by Azul CDN without last-modified header
+        when(con.getHeaderField("ETag")).thenReturn(validator);
+        when(con.getInputStream()).thenReturn(someZippedContent());
+
+        final URL url = someUrlToZipFile(con);
+
+        File tmp = temp.getRoot();
+        final FilePath d = new FilePath(tmp);
+
+        /* Initial download expected to occur */
+        assertTrue(d.installIfNecessaryFrom(url, null, "message if failed first download"));
+
+        /* Timestamp last modified == 0 means the header was not provided */
+        assertThat(d.child(".timestamp").lastModified(), is(0L));
+
+        /* Second download should not occur if JENKINS-72469 is fixed and NOT_MODIFIED is returned */
+        when(con.getResponseCode()).thenReturn(HttpURLConnection.HTTP_NOT_MODIFIED);
+        when(con.getInputStream()).thenReturn(someZippedContent());
+        when(con.getHeaderField("ETag")).thenReturn(alternateValidator);
+        assertFalse(d.installIfNecessaryFrom(url, null, "message if failed second download"));
+
+        /* Third download should not occur if JENKINS-72469 is fixed and OK is returned with matching ETag */
+        /* Unexpected to receive an OK and a matching ETag from a real web server, but check for safety */
+        when(con.getResponseCode()).thenReturn(HttpURLConnection.HTTP_OK);
+        when(con.getInputStream()).thenReturn(someZippedContent());
+        when(con.getHeaderField("ETag")).thenReturn(alternateValidator);
+        assertFalse(d.installIfNecessaryFrom(url, null, "message if failed third download"));
+    }
+
     private URL someUrlToZipFile(final URLConnection con) throws IOException {
 
         final URLStreamHandler urlHandler = new URLStreamHandler() {

From 8118d8862eaaa90d8e850fb23eab4d93d7cfa15d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Jan 2024 20:13:39 -0700
Subject: [PATCH 12/20] Bump com.puppycrawl.tools:checkstyle from 10.12.6 to
 10.12.7 (#8819)

Bumps [com.puppycrawl.tools:checkstyle](https://github.com/checkstyle/checkstyle) from 10.12.6 to 10.12.7.
- [Release notes](https://github.com/checkstyle/checkstyle/releases)
- [Commits](https://github.com/checkstyle/checkstyle/compare/checkstyle-10.12.6...checkstyle-10.12.7)

---
updated-dependencies:
- dependency-name: com.puppycrawl.tools:checkstyle
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6541831b2a10..9de262dcd31d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -332,7 +332,7 @@ THE SOFTWARE.
             <dependency>
               <groupId>com.puppycrawl.tools</groupId>
               <artifactId>checkstyle</artifactId>
-              <version>10.12.6</version>
+              <version>10.12.7</version>
             </dependency>
           </dependencies>
           <executions>

From 45586a4d28cf1853a3e20fbdff7c6eb6c254d0aa Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 1 Jan 2024 20:15:13 -0700
Subject: [PATCH 13/20] Update babel monorepo to v7.23.7 (#8820)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 war/package.json |   4 +-
 war/yarn.lock    | 118 +++++++++++++++++++++++------------------------
 2 files changed, 61 insertions(+), 61 deletions(-)

diff --git a/war/package.json b/war/package.json
index 9f3bb4c4978c..90c31887382d 100644
--- a/war/package.json
+++ b/war/package.json
@@ -24,8 +24,8 @@
   },
   "devDependencies": {
     "@babel/cli": "7.23.4",
-    "@babel/core": "7.23.6",
-    "@babel/preset-env": "7.23.6",
+    "@babel/core": "7.23.7",
+    "@babel/preset-env": "7.23.7",
     "babel-loader": "9.1.3",
     "clean-webpack-plugin": "4.0.0",
     "css-loader": "6.8.1",
diff --git a/war/yarn.lock b/war/yarn.lock
index 0a5ddcde88fb..a4fe98ca0023 100644
--- a/war/yarn.lock
+++ b/war/yarn.lock
@@ -66,26 +66,26 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@babel/core@npm:7.23.6":
-  version: 7.23.6
-  resolution: "@babel/core@npm:7.23.6"
+"@babel/core@npm:7.23.7":
+  version: 7.23.7
+  resolution: "@babel/core@npm:7.23.7"
   dependencies:
     "@ampproject/remapping": "npm:^2.2.0"
     "@babel/code-frame": "npm:^7.23.5"
     "@babel/generator": "npm:^7.23.6"
     "@babel/helper-compilation-targets": "npm:^7.23.6"
     "@babel/helper-module-transforms": "npm:^7.23.3"
-    "@babel/helpers": "npm:^7.23.6"
+    "@babel/helpers": "npm:^7.23.7"
     "@babel/parser": "npm:^7.23.6"
     "@babel/template": "npm:^7.22.15"
-    "@babel/traverse": "npm:^7.23.6"
+    "@babel/traverse": "npm:^7.23.7"
     "@babel/types": "npm:^7.23.6"
     convert-source-map: "npm:^2.0.0"
     debug: "npm:^4.1.0"
     gensync: "npm:^1.0.0-beta.2"
     json5: "npm:^2.2.3"
     semver: "npm:^6.3.1"
-  checksum: a02bae7d916029b70706dc301535e1b31e5d216f55d4ee6f64a15825c6b69ee2c14c52a213d1497ec414e925ed4e9d897d41fb0d75df9fea28ed2c0008790e31
+  checksum: 38c9934973d384ed83369712978453eac91dc3f22167404dbdb272b64f602e74728a6f37012c53ee57e521b8ae2da60097f050497d9b6a212d28b59cdfb2cd1d
   languageName: node
   linkType: hard
 
@@ -164,9 +164,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@babel/helper-define-polyfill-provider@npm:^0.4.3":
-  version: 0.4.3
-  resolution: "@babel/helper-define-polyfill-provider@npm:0.4.3"
+"@babel/helper-define-polyfill-provider@npm:^0.4.4":
+  version: 0.4.4
+  resolution: "@babel/helper-define-polyfill-provider@npm:0.4.4"
   dependencies:
     "@babel/helper-compilation-targets": "npm:^7.22.6"
     "@babel/helper-plugin-utils": "npm:^7.22.5"
@@ -175,7 +175,7 @@ __metadata:
     resolve: "npm:^1.14.2"
   peerDependencies:
     "@babel/core": ^7.4.0 || ^8.0.0-0 <8.0.0
-  checksum: 0007035157e0d32ee9cb4ca319b89d6f3705523383efe52a59eb3d4dfa2ed08c5147e49c10a6e6d69c15221d89c76c8e5875475d6710fb44a5c37b8e69388e40
+  checksum: 60126f5f719b9e2114df62e3bf3ac0797b71d8dc733db60192eb169b004fde72ee309fa5848c5fdfe98b8e8863c46f55e16da5aa8a4e420b4d2670cd0c5dd708
   languageName: node
   linkType: hard
 
@@ -339,14 +339,14 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@babel/helpers@npm:^7.23.6":
-  version: 7.23.6
-  resolution: "@babel/helpers@npm:7.23.6"
+"@babel/helpers@npm:^7.23.7":
+  version: 7.23.7
+  resolution: "@babel/helpers@npm:7.23.7"
   dependencies:
     "@babel/template": "npm:^7.22.15"
-    "@babel/traverse": "npm:^7.23.6"
+    "@babel/traverse": "npm:^7.23.7"
     "@babel/types": "npm:^7.23.6"
-  checksum: df1cf6607676ad36f52f652ec03536f2732d70aef5e76dba5c964e34d49f3c2d3dcf9fb3740db359f53071d74b64606a833d5ba156f79f437f71bfe06e2e7e19
+  checksum: f74a61ad28a1bc1fdd9133ad571c07787b66d6db017c707b87c203b0cd06879cea8b33e9c6a8585765a4949efa5df3cc9e19b710fe867f11be38ee29fd4a0488
   languageName: node
   linkType: hard
 
@@ -394,15 +394,15 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@npm:^7.23.3":
-  version: 7.23.3
-  resolution: "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@npm:7.23.3"
+"@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@npm:^7.23.7":
+  version: 7.23.7
+  resolution: "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@npm:7.23.7"
   dependencies:
     "@babel/helper-environment-visitor": "npm:^7.22.20"
     "@babel/helper-plugin-utils": "npm:^7.22.5"
   peerDependencies:
     "@babel/core": ^7.0.0
-  checksum: 0f43b74741d50e637ba4dcef2786621126fe4da6ccf4ee2e94423ee23f6a04ecd91d458e59764c43e4968be139e5197ee43be8a2fea2c09f0b202a3391e548cc
+  checksum: 355746e21ad7f43e4f4daef54cfe2ef461ecd19446b2afedd53c39df1bf9aa2eeeeaabee2279b1321de89a97c9360e4f76e9ba950fee50ff1676c25f6929d625
   languageName: node
   linkType: hard
 
@@ -625,9 +625,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@babel/plugin-transform-async-generator-functions@npm:^7.23.4":
-  version: 7.23.4
-  resolution: "@babel/plugin-transform-async-generator-functions@npm:7.23.4"
+"@babel/plugin-transform-async-generator-functions@npm:^7.23.7":
+  version: 7.23.7
+  resolution: "@babel/plugin-transform-async-generator-functions@npm:7.23.7"
   dependencies:
     "@babel/helper-environment-visitor": "npm:^7.22.20"
     "@babel/helper-plugin-utils": "npm:^7.22.5"
@@ -635,7 +635,7 @@ __metadata:
     "@babel/plugin-syntax-async-generators": "npm:^7.8.4"
   peerDependencies:
     "@babel/core": ^7.0.0-0
-  checksum: f2eef4de609975a3f7da7832576b5ffc93e43c80f87e1a99e886b0f8591096cfc4c37e2d5f52fdeaa2a9c09a25a59f3e621159abaca75d3193922a5c0e4cbe0c
+  checksum: 63d314edc9fbeaf2700745ca0e19bf9840e87f2d7d1f6c5638e06d2aec3e7418d0d7493ed09087e2fe369cc15e9d96c113fb2cd367cb5e3ff922e3712c27b7d4
   languageName: node
   linkType: hard
 
@@ -1195,9 +1195,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@babel/preset-env@npm:7.23.6":
-  version: 7.23.6
-  resolution: "@babel/preset-env@npm:7.23.6"
+"@babel/preset-env@npm:7.23.7":
+  version: 7.23.7
+  resolution: "@babel/preset-env@npm:7.23.7"
   dependencies:
     "@babel/compat-data": "npm:^7.23.5"
     "@babel/helper-compilation-targets": "npm:^7.23.6"
@@ -1205,7 +1205,7 @@ __metadata:
     "@babel/helper-validator-option": "npm:^7.23.5"
     "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": "npm:^7.23.3"
     "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": "npm:^7.23.3"
-    "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": "npm:^7.23.3"
+    "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": "npm:^7.23.7"
     "@babel/plugin-proposal-private-property-in-object": "npm:7.21.0-placeholder-for-preset-env.2"
     "@babel/plugin-syntax-async-generators": "npm:^7.8.4"
     "@babel/plugin-syntax-class-properties": "npm:^7.12.13"
@@ -1226,7 +1226,7 @@ __metadata:
     "@babel/plugin-syntax-top-level-await": "npm:^7.14.5"
     "@babel/plugin-syntax-unicode-sets-regex": "npm:^7.18.6"
     "@babel/plugin-transform-arrow-functions": "npm:^7.23.3"
-    "@babel/plugin-transform-async-generator-functions": "npm:^7.23.4"
+    "@babel/plugin-transform-async-generator-functions": "npm:^7.23.7"
     "@babel/plugin-transform-async-to-generator": "npm:^7.23.3"
     "@babel/plugin-transform-block-scoped-functions": "npm:^7.23.3"
     "@babel/plugin-transform-block-scoping": "npm:^7.23.4"
@@ -1274,14 +1274,14 @@ __metadata:
     "@babel/plugin-transform-unicode-regex": "npm:^7.23.3"
     "@babel/plugin-transform-unicode-sets-regex": "npm:^7.23.3"
     "@babel/preset-modules": "npm:0.1.6-no-external-plugins"
-    babel-plugin-polyfill-corejs2: "npm:^0.4.6"
-    babel-plugin-polyfill-corejs3: "npm:^0.8.5"
-    babel-plugin-polyfill-regenerator: "npm:^0.5.3"
+    babel-plugin-polyfill-corejs2: "npm:^0.4.7"
+    babel-plugin-polyfill-corejs3: "npm:^0.8.7"
+    babel-plugin-polyfill-regenerator: "npm:^0.5.4"
     core-js-compat: "npm:^3.31.0"
     semver: "npm:^6.3.1"
   peerDependencies:
     "@babel/core": ^7.0.0-0
-  checksum: 5b24d179af52f082d04b9b98cc4777e37bf31a97cef5a91d8917e996dbd75f2f743c88c40f80744cb8529355bb674619d150c0260c32d834aa4067e21d0c8962
+  checksum: ac9def873cec52ee02a550bde6e22eced16d1ae331bb8ebc82c03e4c91c12ac17e3e4027647e61612937bcc25ac46e71370aaf99dc2e85dbd11f7777ffeed54e
   languageName: node
   linkType: hard
 
@@ -1325,9 +1325,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@babel/traverse@npm:^7.23.6":
-  version: 7.23.6
-  resolution: "@babel/traverse@npm:7.23.6"
+"@babel/traverse@npm:^7.23.7":
+  version: 7.23.7
+  resolution: "@babel/traverse@npm:7.23.7"
   dependencies:
     "@babel/code-frame": "npm:^7.23.5"
     "@babel/generator": "npm:^7.23.6"
@@ -1339,7 +1339,7 @@ __metadata:
     "@babel/types": "npm:^7.23.6"
     debug: "npm:^4.3.1"
     globals: "npm:^11.1.0"
-  checksum: 5b4ebb94a00a7e1daf111e4b0b45a7998d5b7598637a14e75e855e88cc1b702789e09a958726b5d599a003be1e9032dbdfde4b88ea6061332228738950d5582d
+  checksum: e32fceb4249beec2bde83968ddffe17444221c1ee5cd18c543a2feaf94e3ca83f2a4dfbc2dcca87cf226e0105973e0fe3717063a21e982a9de9945615ab3f3f5
   languageName: node
   linkType: hard
 
@@ -2659,39 +2659,39 @@ __metadata:
   languageName: node
   linkType: hard
 
-"babel-plugin-polyfill-corejs2@npm:^0.4.6":
-  version: 0.4.6
-  resolution: "babel-plugin-polyfill-corejs2@npm:0.4.6"
+"babel-plugin-polyfill-corejs2@npm:^0.4.7":
+  version: 0.4.7
+  resolution: "babel-plugin-polyfill-corejs2@npm:0.4.7"
   dependencies:
     "@babel/compat-data": "npm:^7.22.6"
-    "@babel/helper-define-polyfill-provider": "npm:^0.4.3"
+    "@babel/helper-define-polyfill-provider": "npm:^0.4.4"
     semver: "npm:^6.3.1"
   peerDependencies:
     "@babel/core": ^7.4.0 || ^8.0.0-0 <8.0.0
-  checksum: 64a98811f343492aa6970ab253760194e389c0417e5b830522f944009c1f0c78e1251975fd1b9869cd48cc4623111b20a3389cf6732a1d10ba0d19de6fa5114f
+  checksum: f80f7284ec72c63e7dd751e0bdf25e9978df195a79e0887470603bfdea13ee518d62573cf360bb1bc01b80819e54915dd5edce9cff14c52d0af5f984aa3d36a3
   languageName: node
   linkType: hard
 
-"babel-plugin-polyfill-corejs3@npm:^0.8.5":
-  version: 0.8.5
-  resolution: "babel-plugin-polyfill-corejs3@npm:0.8.5"
+"babel-plugin-polyfill-corejs3@npm:^0.8.7":
+  version: 0.8.7
+  resolution: "babel-plugin-polyfill-corejs3@npm:0.8.7"
   dependencies:
-    "@babel/helper-define-polyfill-provider": "npm:^0.4.3"
-    core-js-compat: "npm:^3.32.2"
+    "@babel/helper-define-polyfill-provider": "npm:^0.4.4"
+    core-js-compat: "npm:^3.33.1"
   peerDependencies:
     "@babel/core": ^7.4.0 || ^8.0.0-0 <8.0.0
-  checksum: 577a072971bda2929a87655c816ad14b6a8f7276e6914851b98a6465bdb56f7f2e3db6136c8b8607bd6ba4cde3cd9cbde21f0078250cd93aee3df977c0a731d0
+  checksum: 094e40f4ab9f131408202063964d63740609fd4fdb70a5b6332b371761921b540ffbcee7a434c0199b8317dfb2ba4675eef674867215fd3b85e24054607c1501
   languageName: node
   linkType: hard
 
-"babel-plugin-polyfill-regenerator@npm:^0.5.3":
-  version: 0.5.3
-  resolution: "babel-plugin-polyfill-regenerator@npm:0.5.3"
+"babel-plugin-polyfill-regenerator@npm:^0.5.4":
+  version: 0.5.4
+  resolution: "babel-plugin-polyfill-regenerator@npm:0.5.4"
   dependencies:
-    "@babel/helper-define-polyfill-provider": "npm:^0.4.3"
+    "@babel/helper-define-polyfill-provider": "npm:^0.4.4"
   peerDependencies:
     "@babel/core": ^7.4.0 || ^8.0.0-0 <8.0.0
-  checksum: cc32313b9ebbf1d7bedc33524a861136b9e5d3b6e9be317ac360a1c2a59ae5ed1b465a6c68b2715cdefb089780ddfb0c11f4a148e49827a947beee76e43da598
+  checksum: 0b903f5fe2f8c487b4260935dfe60bd9a95bcaee7ae63958f063045093b16d4e8288c232199d411261300aa21f6b106a3cb83c42cc996de013b337f5825a79fe
   languageName: node
   linkType: hard
 
@@ -3032,12 +3032,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"core-js-compat@npm:^3.31.0, core-js-compat@npm:^3.32.2":
-  version: 3.33.0
-  resolution: "core-js-compat@npm:3.33.0"
+"core-js-compat@npm:^3.31.0, core-js-compat@npm:^3.33.1":
+  version: 3.35.0
+  resolution: "core-js-compat@npm:3.35.0"
   dependencies:
-    browserslist: "npm:^4.22.1"
-  checksum: 1db27222420548c65fdb92574192aa1ab434e8e3b80a347fc9c20004e459cc146e719dee8a8c3a3c0773190834e865542d3745ada27a160937fc312a14f66d5c
+    browserslist: "npm:^4.22.2"
+  checksum: 8c4379240b8decb94b21e81d5ba6f768418721061923b28c9dfc97574680c35d778d39c010207402fc7c8308a68a4cf6d5e02bcbcb96e931c52e6e0dce29a68c
   languageName: node
   linkType: hard
 
@@ -4446,8 +4446,8 @@ __metadata:
   resolution: "jenkins-ui@workspace:."
   dependencies:
     "@babel/cli": "npm:7.23.4"
-    "@babel/core": "npm:7.23.6"
-    "@babel/preset-env": "npm:7.23.6"
+    "@babel/core": "npm:7.23.7"
+    "@babel/preset-env": "npm:7.23.7"
     babel-loader: "npm:9.1.3"
     clean-webpack-plugin: "npm:4.0.0"
     css-loader: "npm:6.8.1"

From 81c3249ca0e6bcc69e1caa2e6828ec6c8c0884cd Mon Sep 17 00:00:00 2001
From: Mark Waite <mark.earl.waite@gmail.com>
Date: Tue, 2 Jan 2024 01:11:15 -0700
Subject: [PATCH 14/20] Use spotbugs 4.8.2 with more exclusions (#8803)

---
 core/src/spotbugs/excludesFilter.xml | 123 +++++++++++++++++++++++++++
 pom.xml                              |   4 +
 2 files changed, 127 insertions(+)

diff --git a/core/src/spotbugs/excludesFilter.xml b/core/src/spotbugs/excludesFilter.xml
index af99fff5055f..7d36952fc372 100644
--- a/core/src/spotbugs/excludesFilter.xml
+++ b/core/src/spotbugs/excludesFilter.xml
@@ -53,6 +53,125 @@
     <Bug pattern="SF_SWITCH_NO_DEFAULT"/>
     <Class name="hudson.scheduler.CrontabParser"/>
   </Match>
+  <Match>
+    <!-- Preserve API compatibility -->
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE"/>
+    <Class name="hudson.PluginManager"/>
+    <Field name="pluginUploaded"/>
+  </Match>
+  <Match>
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE"/>
+    <Class name="hudson.ProxyConfiguration"/>
+    <Field name="noProxyHost"/>
+  </Match>
+  <Match>
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE"/>
+    <Class name="hudson.cli.CLICommand"/>
+    <Or>
+      <Field name="locale"/>
+      <Field name="stderr"/>
+      <Field name="stdin"/>
+      <Field name="stdout"/>
+    </Or>
+  </Match>
+  <Match>
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE"/>
+    <Class name="hudson.cli.CopyJobCommand"/>
+    <Field name="dst"/>
+  </Match>
+  <Match>
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE"/>
+    <Class name="hudson.cli.CreateJobCommand"/>
+    <Field name="name"/>
+  </Match>
+  <Match>
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE"/>
+    <Class name="hudson.cli.SetBuildDescriptionCommand"/>
+    <Field name="description"/>
+  </Match>
+  <Match>
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE"/>
+    <Class name="hudson.cli.SetBuildDisplayNameCommand"/>
+    <Field name="displayName"/>
+  </Match>
+  <Match>
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE"/>
+    <Class name="hudson.model.Job"/>
+    <Field name="runIdMigrator"/>
+  </Match>
+  <Match>
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE"/>
+    <Class name="hudson.model.StringParameterValue"/>
+    <Field name="value"/>
+  </Match>
+  <Match>
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE"/>
+    <Class name="hudson.security.Permission"/>
+    <Field name="enabled"/>
+  </Match>
+  <Match>
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE"/>
+    <Class name="hudson.tasks.Maven"/>
+    <Field name="usePrivateRepository"/>
+  </Match>
+  <Match>
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE"/>
+    <Class name="hudson.util.Graph"/>
+    <Field name="defaultScale"/>
+  </Match>
+  <Match>
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE"/>
+    <Class name="hudson.widgets.HistoryWidget"/>
+    <Field name="baseList"/>
+  </Match>
+  <Match>
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE"/>
+    <Class name="jenkins.model.Jenkins"/>
+    <Or>
+      <Field name="tcpSlaveAgentListener"/>
+      <Field name="proxy"/>
+      <Field name="VERSION"/>
+      <Field name="CHANGELOG_URL"/>
+      <Field name="VERSION_HASH"/>
+      <Field name="SESSION_HASH"/>
+      <Field name="RESOURCE_PATH"/>
+      <Field name="VIEW_RESOURCE_PATH"/>
+    </Or>
+  </Match>
+  <Match>
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE"/>
+    <Class name="jenkins.widgets.HistoryPageFilter"/>
+    <Or>
+      <Field name="hasDownPage"/>
+      <Field name="hasUpPage"/>
+      <Field name="newestOnPage"/>
+      <Field name="nextBuildNumber"/>
+      <Field name="oldestOnPage"/>
+    </Or>
+  </Match>
+  <Match>
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE"/>
+    <Class name="hudson.slaves.JNLPLauncher"/>
+    <Field name="tunnel"/>
+  </Match>
+  <Match>
+    <!-- Reserved for future use -->
+    <Bug pattern="SS_SHOULD_BE_STATIC"/>
+    <Class name="hudson.model.User"/>
+    <Field name="version"/>
+  </Match>
+  <Match>
+    <!-- Reserved for future use -->
+    <Bug pattern="SS_SHOULD_BE_STATIC"/>
+    <Class name="hudson.model.UserIdMapper"/>
+    <Field name="version"/>
+  </Match>
+  <Match>
+    <!-- Reserved for future use -->
+    <Bug pattern="SS_SHOULD_BE_STATIC"/>
+    <Class name="hudson.util.Graph"/>
+    <Field name="defaultScale"/>
+  </Match>
   <!--
     Here lies technical debt. Exclusions in this section have not yet been triaged. When working on
     on this section, pick an exclusion to triage, then:
@@ -377,4 +496,8 @@
       </And>
     </Or>
   </Match>
+  <Match>
+    <Bug pattern="SIC_INNER_SHOULD_BE_STATIC"/>
+    <Class name="jenkins.security.stapler.StaplerDispatchValidator$ValidatorCache$Validator"/>
+  </Match>
 </FindBugsFilter>
diff --git a/pom.xml b/pom.xml
index 9de262dcd31d..cd28d0f7b0ff 100644
--- a/pom.xml
+++ b/pom.xml
@@ -90,7 +90,11 @@ THE SOFTWARE.
     <!-- Minimum Remoting version, which is tested for API compatibility -->
     <remoting.minimum.supported.version>4.13</remoting.minimum.supported.version>
 
+    <!-- TODO: Remove when parent pom is using this version or newer -->
+    <!-- https://github.com/jenkinsci/pom/pull/510 -->
+    <spotbugs-maven-plugin.version>4.8.2.0</spotbugs-maven-plugin.version>
     <spotbugs.effort>Max</spotbugs.effort>
+    <spotbugs.omitVisitors>FindReturnRef,ConstructorThrow</spotbugs.omitVisitors>
     <spotbugs.threshold>Medium</spotbugs.threshold>
 
     <access-modifier.version>1.33</access-modifier.version>

From 4c423d484267cef3bff602a2e58ae7d7634b1a77 Mon Sep 17 00:00:00 2001
From: Alexander Brandes <mc.cache@web.de>
Date: Tue, 2 Jan 2024 09:11:38 +0100
Subject: [PATCH 15/20] Update XML namespace schemaLocation (#8817)

---
 bom/pom.xml               | 2 +-
 cli/pom.xml               | 2 +-
 core/pom.xml              | 2 +-
 coverage/pom.xml          | 2 +-
 pom.xml                   | 2 +-
 test/pom.xml              | 2 +-
 war/pom.xml               | 2 +-
 websocket/jetty10/pom.xml | 2 +-
 websocket/spi/pom.xml     | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/bom/pom.xml b/bom/pom.xml
index 53ac85bdaa4c..4ecb6251acea 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -22,7 +22,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
   <parent>
diff --git a/cli/pom.xml b/cli/pom.xml
index 21aabc88e649..50588e3e692b 100644
--- a/cli/pom.xml
+++ b/cli/pom.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
   <parent>
diff --git a/core/pom.xml b/core/pom.xml
index 82d3b76bbb21..4280e9075da9 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -23,7 +23,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
   <parent>
diff --git a/coverage/pom.xml b/coverage/pom.xml
index 9f27c8d11cf0..fe1e89a120dc 100644
--- a/coverage/pom.xml
+++ b/coverage/pom.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
   <parent>
diff --git a/pom.xml b/pom.xml
index cd28d0f7b0ff..4bc1be3f9b55 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
   <parent>
diff --git a/test/pom.xml b/test/pom.xml
index 014299562104..c91796e0c567 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -22,7 +22,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
   <parent>
diff --git a/war/pom.xml b/war/pom.xml
index eaacd13349e3..8d6d579e5919 100644
--- a/war/pom.xml
+++ b/war/pom.xml
@@ -22,7 +22,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
   <parent>
diff --git a/websocket/jetty10/pom.xml b/websocket/jetty10/pom.xml
index eb4a169a59d1..c91e1583c039 100644
--- a/websocket/jetty10/pom.xml
+++ b/websocket/jetty10/pom.xml
@@ -22,7 +22,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
   <parent>
diff --git a/websocket/spi/pom.xml b/websocket/spi/pom.xml
index 77abcc3b7248..a99aada6a446 100644
--- a/websocket/spi/pom.xml
+++ b/websocket/spi/pom.xml
@@ -22,7 +22,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
   <parent>

From 7dc5d1fecc2588a07ad47e3bae294f59f8de6ab8 Mon Sep 17 00:00:00 2001
From: Jenkins Release Bot
 <66998184+jenkins-release-bot@users.noreply.github.com>
Date: Tue, 2 Jan 2024 13:11:25 +0000
Subject: [PATCH 16/20] [maven-release-plugin] prepare release jenkins-2.439

---
 bom/pom.xml               | 2 +-
 cli/pom.xml               | 2 +-
 core/pom.xml              | 2 +-
 coverage/pom.xml          | 2 +-
 pom.xml                   | 4 ++--
 test/pom.xml              | 2 +-
 war/pom.xml               | 2 +-
 websocket/jetty10/pom.xml | 2 +-
 websocket/spi/pom.xml     | 2 +-
 9 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/bom/pom.xml b/bom/pom.xml
index 4ecb6251acea..89515189e048 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -28,7 +28,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jenkins-ci.main</groupId>
     <artifactId>jenkins-parent</artifactId>
-    <version>${revision}${changelist}</version>
+    <version>2.439</version>
   </parent>
 
   <artifactId>jenkins-bom</artifactId>
diff --git a/cli/pom.xml b/cli/pom.xml
index 50588e3e692b..4746696841eb 100644
--- a/cli/pom.xml
+++ b/cli/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>org.jenkins-ci.main</groupId>
     <artifactId>jenkins-parent</artifactId>
-    <version>${revision}${changelist}</version>
+    <version>2.439</version>
   </parent>
 
   <artifactId>cli</artifactId>
diff --git a/core/pom.xml b/core/pom.xml
index 4280e9075da9..da4e3bee979e 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -29,7 +29,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jenkins-ci.main</groupId>
     <artifactId>jenkins-parent</artifactId>
-    <version>${revision}${changelist}</version>
+    <version>2.439</version>
   </parent>
 
   <artifactId>jenkins-core</artifactId>
diff --git a/coverage/pom.xml b/coverage/pom.xml
index fe1e89a120dc..110dd068c918 100644
--- a/coverage/pom.xml
+++ b/coverage/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>org.jenkins-ci.main</groupId>
     <artifactId>jenkins-parent</artifactId>
-    <version>${revision}${changelist}</version>
+    <version>2.439</version>
   </parent>
 
   <artifactId>jenkins-coverage</artifactId>
diff --git a/pom.xml b/pom.xml
index 4bc1be3f9b55..dece4a5f8817 100644
--- a/pom.xml
+++ b/pom.xml
@@ -34,7 +34,7 @@ THE SOFTWARE.
 
   <groupId>org.jenkins-ci.main</groupId>
   <artifactId>jenkins-parent</artifactId>
-  <version>${revision}${changelist}</version>
+  <version>2.439</version>
   <packaging>pom</packaging>
 
   <name>Jenkins main module</name>
@@ -63,7 +63,7 @@ THE SOFTWARE.
   <scm child.scm.connection.inherit.append.path="false" child.scm.developerConnection.inherit.append.path="false" child.scm.url.inherit.append.path="false">
     <connection>scm:git:https://github.com/jenkinsci/jenkins.git</connection>
     <developerConnection>scm:git:git@github.com:jenkinsci/jenkins.git</developerConnection>
-    <tag>${scmTag}</tag>
+    <tag>jenkins-2.439</tag>
     <url>https://github.com/jenkinsci/jenkins</url>
   </scm>
 
diff --git a/test/pom.xml b/test/pom.xml
index c91796e0c567..580cce79bf43 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -28,7 +28,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jenkins-ci.main</groupId>
     <artifactId>jenkins-parent</artifactId>
-    <version>${revision}${changelist}</version>
+    <version>2.439</version>
   </parent>
 
   <artifactId>jenkins-test</artifactId>
diff --git a/war/pom.xml b/war/pom.xml
index 8d6d579e5919..02f7e82a89ff 100644
--- a/war/pom.xml
+++ b/war/pom.xml
@@ -28,7 +28,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jenkins-ci.main</groupId>
     <artifactId>jenkins-parent</artifactId>
-    <version>${revision}${changelist}</version>
+    <version>2.439</version>
   </parent>
 
   <artifactId>jenkins-war</artifactId>
diff --git a/websocket/jetty10/pom.xml b/websocket/jetty10/pom.xml
index c91e1583c039..4978868a3a29 100644
--- a/websocket/jetty10/pom.xml
+++ b/websocket/jetty10/pom.xml
@@ -28,7 +28,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jenkins-ci.main</groupId>
     <artifactId>jenkins-parent</artifactId>
-    <version>${revision}${changelist}</version>
+    <version>2.439</version>
     <relativePath>../..</relativePath>
   </parent>
 
diff --git a/websocket/spi/pom.xml b/websocket/spi/pom.xml
index a99aada6a446..b3520239828d 100644
--- a/websocket/spi/pom.xml
+++ b/websocket/spi/pom.xml
@@ -28,7 +28,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jenkins-ci.main</groupId>
     <artifactId>jenkins-parent</artifactId>
-    <version>${revision}${changelist}</version>
+    <version>2.439</version>
     <relativePath>../..</relativePath>
   </parent>
 

From 95bff130c32c5c1fb049792d6419517748658633 Mon Sep 17 00:00:00 2001
From: Jenkins Release Bot
 <66998184+jenkins-release-bot@users.noreply.github.com>
Date: Tue, 2 Jan 2024 13:11:47 +0000
Subject: [PATCH 17/20] [maven-release-plugin] prepare for next development
 iteration

---
 bom/pom.xml               | 2 +-
 cli/pom.xml               | 2 +-
 core/pom.xml              | 2 +-
 coverage/pom.xml          | 2 +-
 pom.xml                   | 6 +++---
 test/pom.xml              | 2 +-
 war/pom.xml               | 2 +-
 websocket/jetty10/pom.xml | 2 +-
 websocket/spi/pom.xml     | 2 +-
 9 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/bom/pom.xml b/bom/pom.xml
index 89515189e048..4ecb6251acea 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -28,7 +28,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jenkins-ci.main</groupId>
     <artifactId>jenkins-parent</artifactId>
-    <version>2.439</version>
+    <version>${revision}${changelist}</version>
   </parent>
 
   <artifactId>jenkins-bom</artifactId>
diff --git a/cli/pom.xml b/cli/pom.xml
index 4746696841eb..50588e3e692b 100644
--- a/cli/pom.xml
+++ b/cli/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>org.jenkins-ci.main</groupId>
     <artifactId>jenkins-parent</artifactId>
-    <version>2.439</version>
+    <version>${revision}${changelist}</version>
   </parent>
 
   <artifactId>cli</artifactId>
diff --git a/core/pom.xml b/core/pom.xml
index da4e3bee979e..4280e9075da9 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -29,7 +29,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jenkins-ci.main</groupId>
     <artifactId>jenkins-parent</artifactId>
-    <version>2.439</version>
+    <version>${revision}${changelist}</version>
   </parent>
 
   <artifactId>jenkins-core</artifactId>
diff --git a/coverage/pom.xml b/coverage/pom.xml
index 110dd068c918..fe1e89a120dc 100644
--- a/coverage/pom.xml
+++ b/coverage/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>org.jenkins-ci.main</groupId>
     <artifactId>jenkins-parent</artifactId>
-    <version>2.439</version>
+    <version>${revision}${changelist}</version>
   </parent>
 
   <artifactId>jenkins-coverage</artifactId>
diff --git a/pom.xml b/pom.xml
index dece4a5f8817..8ce605075697 100644
--- a/pom.xml
+++ b/pom.xml
@@ -34,7 +34,7 @@ THE SOFTWARE.
 
   <groupId>org.jenkins-ci.main</groupId>
   <artifactId>jenkins-parent</artifactId>
-  <version>2.439</version>
+  <version>${revision}${changelist}</version>
   <packaging>pom</packaging>
 
   <name>Jenkins main module</name>
@@ -63,7 +63,7 @@ THE SOFTWARE.
   <scm child.scm.connection.inherit.append.path="false" child.scm.developerConnection.inherit.append.path="false" child.scm.url.inherit.append.path="false">
     <connection>scm:git:https://github.com/jenkinsci/jenkins.git</connection>
     <developerConnection>scm:git:git@github.com:jenkinsci/jenkins.git</developerConnection>
-    <tag>jenkins-2.439</tag>
+    <tag>${scmTag}</tag>
     <url>https://github.com/jenkinsci/jenkins</url>
   </scm>
 
@@ -73,7 +73,7 @@ THE SOFTWARE.
   </issueManagement>
 
   <properties>
-    <revision>2.439</revision>
+    <revision>2.440</revision>
     <changelist>-SNAPSHOT</changelist>
 
     <!-- configuration for patch tracker plugin  -->
diff --git a/test/pom.xml b/test/pom.xml
index 580cce79bf43..c91796e0c567 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -28,7 +28,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jenkins-ci.main</groupId>
     <artifactId>jenkins-parent</artifactId>
-    <version>2.439</version>
+    <version>${revision}${changelist}</version>
   </parent>
 
   <artifactId>jenkins-test</artifactId>
diff --git a/war/pom.xml b/war/pom.xml
index 02f7e82a89ff..8d6d579e5919 100644
--- a/war/pom.xml
+++ b/war/pom.xml
@@ -28,7 +28,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jenkins-ci.main</groupId>
     <artifactId>jenkins-parent</artifactId>
-    <version>2.439</version>
+    <version>${revision}${changelist}</version>
   </parent>
 
   <artifactId>jenkins-war</artifactId>
diff --git a/websocket/jetty10/pom.xml b/websocket/jetty10/pom.xml
index 4978868a3a29..c91e1583c039 100644
--- a/websocket/jetty10/pom.xml
+++ b/websocket/jetty10/pom.xml
@@ -28,7 +28,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jenkins-ci.main</groupId>
     <artifactId>jenkins-parent</artifactId>
-    <version>2.439</version>
+    <version>${revision}${changelist}</version>
     <relativePath>../..</relativePath>
   </parent>
 
diff --git a/websocket/spi/pom.xml b/websocket/spi/pom.xml
index b3520239828d..a99aada6a446 100644
--- a/websocket/spi/pom.xml
+++ b/websocket/spi/pom.xml
@@ -28,7 +28,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jenkins-ci.main</groupId>
     <artifactId>jenkins-parent</artifactId>
-    <version>2.439</version>
+    <version>${revision}${changelist}</version>
     <relativePath>../..</relativePath>
   </parent>
 

From f06a954ea4ef114ff30612f6d4c21be53364aeaf Mon Sep 17 00:00:00 2001
From: Markus Winter <m.winter@sap.com>
Date: Wed, 3 Jan 2024 01:24:22 +0100
Subject: [PATCH 18/20] allow to change the icon size of the node overview
 table (#8802)

make icon size of node overview page changeable

similar to the list of projects on the start page of Jenkins the
icon size of the overview page of nodes can now be changed.
---
 core/src/main/resources/hudson/model/ComputerSet/index.jelly | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/src/main/resources/hudson/model/ComputerSet/index.jelly b/core/src/main/resources/hudson/model/ComputerSet/index.jelly
index ec4d2ab97883..1725b24b6fbc 100644
--- a/core/src/main/resources/hudson/model/ComputerSet/index.jelly
+++ b/core/src/main/resources/hudson/model/ComputerSet/index.jelly
@@ -56,8 +56,8 @@ THE SOFTWARE.
 
     <j:set var="monitors" value="${it._monitors}"/>
     <j:set var="tableWidth" value="${3}"/>
-
-    <table id="computers" class="jenkins-table sortable">
+    <t:setIconSize/>
+    <table id="computers" class="jenkins-table ${iconSize == '16x16' ? 'jenkins-table--small' : iconSize == '24x24' ? 'jenkins-table--medium' : ''} sortable">
       <thead>
         <tr>
           <th class="jenkins-table__cell--tight">S</th>
@@ -123,6 +123,7 @@ THE SOFTWARE.
       </tr>
       </tbody>
     </table>
+    <t:iconSize/>
   </l:main-panel>
 </l:layout>
 </j:jelly>

From d75833e5e0e1983cb1c9efec28cf6746e547cab0 Mon Sep 17 00:00:00 2001
From: Jan Faracik <43062514+janfaracik@users.noreply.github.com>
Date: Wed, 3 Jan 2024 09:27:14 +0000
Subject: [PATCH 19/20] Update appearance of controls in header (#8791)

* Init

* Tidy up

* Update resources.css

* Update resources.css

* Tidy up

* Update resources.css
---
 .../loginLink.jelly                           |  3 +-
 .../security/SecurityRealm/loginLink.jelly    |  2 +-
 .../resources.css                             | 75 +++++--------------
 .../main/scss/components/_page-header.scss    | 40 +++-------
 4 files changed, 34 insertions(+), 86 deletions(-)

diff --git a/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/loginLink.jelly b/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/loginLink.jelly
index ba75e740a89e..cd989c23f030 100644
--- a/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/loginLink.jelly
+++ b/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/loginLink.jelly
@@ -26,7 +26,6 @@ THE SOFTWARE.
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler">
   <st:include page="/hudson/security/SecurityRealm/loginLink.jelly" />
   <j:if test="${it.allowsSignup()}">
-    |
-    <a href="${rootURL}/signup"><b>${%sign up}</b></a>
+    <a href="${rootURL}/signup">${%sign up}</a>
   </j:if>
 </j:jelly>
diff --git a/core/src/main/resources/hudson/security/SecurityRealm/loginLink.jelly b/core/src/main/resources/hudson/security/SecurityRealm/loginLink.jelly
index 8b065c318b2c..8fb92ed3dd1c 100644
--- a/core/src/main/resources/hudson/security/SecurityRealm/loginLink.jelly
+++ b/core/src/main/resources/hudson/security/SecurityRealm/loginLink.jelly
@@ -25,5 +25,5 @@ THE SOFTWARE.
 
 <?jelly escape-by-default='true'?>
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler">
-  <a href="${rootURL}/${app.securityRealm.loginUrl}?from=${app.securityRealm.from}"><b>${%login}</b></a>
+  <a href="${rootURL}/${app.securityRealm.loginUrl}?from=${app.securityRealm.from}">${%login}</a>
 </j:jelly>
diff --git a/core/src/main/resources/jenkins/management/AdministrativeMonitorsDecorator/resources.css b/core/src/main/resources/jenkins/management/AdministrativeMonitorsDecorator/resources.css
index 5960ecd93193..d5d817c6a223 100644
--- a/core/src/main/resources/jenkins/management/AdministrativeMonitorsDecorator/resources.css
+++ b/core/src/main/resources/jenkins/management/AdministrativeMonitorsDecorator/resources.css
@@ -1,5 +1,5 @@
 .am-container {
-  height: 100%;
+  display: contents;
 }
 
 .am-button {
@@ -14,89 +14,62 @@
   border-radius: 50%;
   width: 0.65rem;
   height: 0.65rem;
-  background-color: #ff9800;
+  background-color: var(--warning-color);
 }
 .security-am .am-monitor__indicator-mobile {
-  background-color: #dc3545;
+  background-color: var(--error-color);
 }
 
 .am-button .am-monitor__count {
-  display: inline-block;
   display: inline-flex;
   justify-content: center;
   align-items: center;
-  height: 20px;
-  min-width: 20px;
+  height: 18px;
+  min-width: 18px;
 
   color: #fff;
-  background-color: #ff9800;
-  font-weight: bold;
+  background-color: var(--warning-color);
+  font-weight: 500;
+  font-size: var(--font-size-xs);
 
-  border-radius: 4px;
+  border-radius: 16px;
 }
 .am-button.security-am .am-monitor__count {
   color: #fff;
-  background-color: #dc3545;
+  background-color: var(--error-color);
 }
 .am-container div.am-list {
   position: absolute;
   top: 48px;
   right: 2%;
   height: auto;
-  z-index: 0;
-  padding: 2em;
+  padding: var(--section-padding);
   text-align: left;
   display: block;
-  background-color: #fff;
   background-color: var(--background);
-  border-radius: 5px;
-
-  /* Darken the box shadow to make the popup visible over the search box  */
-  box-shadow: 0 1px 7px 0 rgba(0, 0, 0, 0.3);
-
-  transition: all 0.15s cubic-bezier(0.84, 0.03, 0.21, 0.96);
+  box-shadow: var(--dropdown-box-shadow);
+  transition: var(--standard-transition);
+  border-radius: 15px;
   opacity: 0;
-  transform: scale(0);
+  transform: translateY(-10px) scale(0.975);
+  z-index: 1000;
 }
 .am-container.visible div.am-list {
   opacity: 1;
   transform: scale(1);
-  z-index: 1000;
-}
-.am-container.visible .am-button {
-  background-color: #404040;
-  background-color: var(--header-link-bg-classic-active);
-  text-decoration: none;
-}
-.am-container .am-button:after {
-  content: "";
-  display: inline-block;
-  position: absolute;
-  bottom: 0;
-  left: 32%;
-  width: 0;
-  height: 0;
-  border-left: 7px solid transparent;
-  border-right: 7px solid transparent;
-  border-bottom: 7px solid #fff;
-  opacity: 0;
-  transition-property: all;
-  transition-delay: 0s;
-  z-index: 1001;
-}
-.am-container.visible .am-button:after {
-  opacity: 1;
-  transition-property: all;
-  transition-delay: 0.15s;
 }
 .am-container .am-message {
   display: block;
   line-height: 1.4em;
   margin-bottom: 1.4em;
 }
+.am-container.visible .am-button:after {
+  background: var(--button-background--hover);
+}
 
 .am-message-list {
   padding: 0;
+  margin: 0;
 }
 
 .am-container .am-message .alert form {
@@ -123,22 +96,18 @@
 /* Restore hyperlink style overriden by the page header */
 .am-container .am-list a:link {
   display: inline-block;
-  color: #204a87;
   color: var(--link-color);
   text-decoration: underline;
   margin-right: 0;
   padding: 0;
-  font-weight: 600;
   font-weight: var(--link-font-weight);
 }
 .am-container .am-list a:visited {
-  color: #5c3566;
   color: var(--link-color);
 }
 .am-container .am-list a:hover,
 .am-container .am-list a:focus,
 .am-container .am-list a:active {
-  color: #5c3566;
   color: var(--link-color);
   background-color: transparent;
   text-decoration: underline;
@@ -146,22 +115,18 @@
 }
 
 .am-container .am-list .alert-success a {
-  color: #155724;
   color: var(--alert-success-text-color);
 }
 
 .am-container .am-list .alert-info a {
-  color: #31708f;
   color: var(--alert-info-text-color);
 }
 
 .am-container .am-list .alert-warning a {
-  color: #8a6d3b;
   color: var(--alert-warning-text-color);
 }
 
 .am-container .am-list .alert-danger a {
-  color: #a94442;
   color: var(--alert-danger-text-color);
 }
 
diff --git a/war/src/main/scss/components/_page-header.scss b/war/src/main/scss/components/_page-header.scss
index 13e63d91a771..e1b34ea09c71 100644
--- a/war/src/main/scss/components/_page-header.scss
+++ b/war/src/main/scss/components/_page-header.scss
@@ -1,3 +1,5 @@
+@use "../abstracts/mixins";
+
 .page-header {
   display: flex;
   align-items: center;
@@ -36,8 +38,7 @@ a.page-header__brand-link {
 }
 
 .page-header__am-wrapper {
-  height: 100%;
-  padding: 0.5rem 0;
+  display: contents;
 }
 
 .page-header__hyperlinks {
@@ -45,37 +46,22 @@ a.page-header__brand-link {
   align-items: center;
 }
 
-.page-header__hyperlinks a {
+.page-header__hyperlinks > a,
+.am-container > a {
+  @include mixins.item;
+
   --text-color: var(--header-link-color);
 
   display: inline-flex;
   align-items: center;
-
-  // need to override an existing rule
-  /* stylelint-disable declaration-block-no-shorthand-property-overrides */
-  padding-right: 0.5rem;
+  color: var(--text-color);
+  text-decoration: none;
   padding: 0.5rem;
   margin-right: 0 !important;
-  font-weight: bold;
-
-  &:link,
-  &:visited {
-    color: var(--header-link-color);
-    border-radius: var(--header-item-border-radius);
-    text-decoration: none;
-  }
 
-  &:hover,
-  &:focus,
-  &.mouseIsOverMenuSelector {
-    color: var(--header-link-color-active);
-    background-color: var(--header-link-bg-classic-hover);
-    text-decoration: underline;
-    text-decoration-color: var(--header-link-color-active);
-  }
-
-  &:active {
-    background-color: var(--header-link-bg-classic-active);
+  &::before,
+  &::after {
+    inset: 0 !important;
   }
 
   .jenkins-menu-dropdown-chevron {
@@ -91,8 +77,6 @@ a.page-header__brand-link {
 }
 
 .page-header__hyperlinks a span {
-  font-weight: bold;
-
   &:not(:first-child) {
     margin-left: 0.25rem;
   }

From 444f2de993786310f998b4432e2550b35e1d7a45 Mon Sep 17 00:00:00 2001
From: Basil Crow <me@basilcrow.com>
Date: Wed, 3 Jan 2024 01:27:32 -0800
Subject: [PATCH 20/20] Improve crash consistency on Linux (#8815)

* Improve crash consistency

* `fsync` the correct parent directory

* More flexibility

* Add reference to man page

* fix formatting

---------

Co-authored-by: Tim Jacomb <21194782+timja@users.noreply.github.com>
---
 .../main/java/hudson/util/AtomicFileWriter.java | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/core/src/main/java/hudson/util/AtomicFileWriter.java b/core/src/main/java/hudson/util/AtomicFileWriter.java
index 4e871b3262f0..fabe15c5a6b6 100644
--- a/core/src/main/java/hudson/util/AtomicFileWriter.java
+++ b/core/src/main/java/hudson/util/AtomicFileWriter.java
@@ -26,11 +26,13 @@
 
 import edu.umd.cs.findbugs.annotations.NonNull;
 import edu.umd.cs.findbugs.annotations.Nullable;
+import hudson.Functions;
 import java.io.File;
 import java.io.FileWriter;
 import java.io.IOException;
 import java.io.Writer;
 import java.lang.ref.Cleaner;
+import java.nio.channels.FileChannel;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.AtomicMoveNotSupportedException;
@@ -62,6 +64,9 @@ public class AtomicFileWriter extends Writer {
     private static /* final */ boolean DISABLE_FORCED_FLUSH = SystemProperties.getBoolean(
             AtomicFileWriter.class.getName() + ".DISABLE_FORCED_FLUSH");
 
+    private static /* final */ boolean REQUIRES_DIR_FSYNC = SystemProperties.getBoolean(
+            AtomicFileWriter.class.getName() + ".REQUIRES_DIR_FSYNC", !Functions.isWindows());
+
     static {
         if (DISABLE_FORCED_FLUSH) {
             LOGGER.log(Level.WARNING, "DISABLE_FORCED_FLUSH flag used, this could result in dataloss if failures happen in your storage subsystem.");
@@ -234,6 +239,18 @@ public void commit() throws IOException {
                 throw replaceFailed;
             }
         }
+
+        /*
+         * From fsync(2) on Linux:
+         *
+         *     Calling fsync() does not necessarily ensure that the entry in the directory containing the file has also
+         *     reached disk. For that an explicit fsync() on a file descriptor for the directory is also needed.
+         */
+        if (!DISABLE_FORCED_FLUSH && REQUIRES_DIR_FSYNC) {
+            try (FileChannel parentChannel = FileChannel.open(destPath.getParent())) {
+                parentChannel.force(true);
+            }
+        }
     }
 
     private static final class CleanupChecker implements Runnable {