From c49057e05d35ff2ad1a7307aa9168b84ae7588db Mon Sep 17 00:00:00 2001
From: Luca Milanesio <luca.milanesio@gmail.com>
Date: Thu, 12 Oct 2023 23:48:24 +0100
Subject: Update Jetty to 9.4.53.v20231009 for security updates

Jetty 9.4.53.v20231009 includes the following two security fixes:

- CVE-2023-36478 [1] - zero-days security issue discovered on
  the 10th of October, also known as "HTTP/2 Rapid Reset"
- CVE-2023-44487 [2] - HTTP/2 Stream Cancellation Attack

[1] https://nvd.nist.gov/vuln/detail/CVE-2023-36478
[2] https://nvd.nist.gov/vuln/detail/CVE-2023-44487

Release-Notes: Update Jetty to 9.4.53.v20231009 with critical security fixes
Change-Id: Ie93fbcb8b35d9e4997dc0578893a8856b56b173c
---
 tools/deps.bzl | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/tools/deps.bzl b/tools/deps.bzl
index d76e5e2e80..6dd2eaf4de 100644
--- a/tools/deps.bzl
+++ b/tools/deps.bzl
@@ -19,7 +19,7 @@ GITILES_REPO = GERRIT
 # When updating Bouncy Castle, also update it in bazlets.
 BC_VERS = "1.72"
 HTTPCOMP_VERS = "4.5.2"
-JETTY_VERS = "9.4.36.v20210114"
+JETTY_VERS = "9.4.53.v20231009"
 BYTE_BUDDY_VERSION = "1.10.7"
 
 def java_dependencies():
@@ -607,50 +607,50 @@ def java_dependencies():
     maven_jar(
         name = "jetty-servlet",
         artifact = "org.eclipse.jetty:jetty-servlet:" + JETTY_VERS,
-        sha1 = "b189e52a5ee55ae172e4e99e29c5c314f5daf4b9",
+        sha1 = "6670d6a54cdcaedd8090e8cf420fd5dd7d08e859",
     )
 
     maven_jar(
         name = "jetty-security",
         artifact = "org.eclipse.jetty:jetty-security:" + JETTY_VERS,
-        sha1 = "42030d6ed7dfc0f75818cde0adcf738efc477574",
+        sha1 = "6fbc8ebe9046954dc2f51d4ba69c8f8344b05f7f",
     )
 
     maven_jar(
         name = "jetty-server",
         artifact = "org.eclipse.jetty:jetty-server:" + JETTY_VERS,
-        sha1 = "88a7d342974aadca658e7386e8d0fcc5c0788f41",
+        sha1 = "8b0e761a0b359db59dae77c00b4213b0586cb994",
     )
 
     maven_jar(
         name = "jetty-jmx",
         artifact = "org.eclipse.jetty:jetty-jmx:" + JETTY_VERS,
-        sha1 = "bb3847eabe085832aeaedd30e872b40931632e54",
+        sha1 = "f0392f756b59f65ea7d6be41bf7a2f7b2c7c98d5",
     )
 
     maven_jar(
         name = "jetty-http",
         artifact = "org.eclipse.jetty:jetty-http:" + JETTY_VERS,
-        sha1 = "1eee89a55e04ff94df0f85d95200fc48acb43d86",
+        sha1 = "87faf21eb322753f0527bcb88c43e67044786369",
     )
 
     maven_jar(
         name = "jetty-io",
         artifact = "org.eclipse.jetty:jetty-io:" + JETTY_VERS,
-        sha1 = "84a8faf9031eb45a5a2ddb7681e22c483d81ab3a",
+        sha1 = "70cf7649b27c964ad29bfddf58f3bfe0d30346cf",
     )
 
     maven_jar(
         name = "jetty-util",
         artifact = "org.eclipse.jetty:jetty-util:" + JETTY_VERS,
-        sha1 = "925257fbcca6b501a25252c7447dbedb021f7404",
+        sha1 = "f72bb4f687b4454052c6f06528ba9910714df947",
     )
 
     maven_jar(
         name = "jetty-util-ajax",
         artifact = "org.eclipse.jetty:jetty-util-ajax:" + JETTY_VERS,
-        sha1 = "2f478130c21787073facb64d7242e06f94980c60",
-        src_sha1 = "7153d7ca38878d971fd90992c303bb7719ba7a21",
+        sha1 = "4d20f6206eb7747293697c5f64c2dc5bf4bd54a4",
+        src_sha1 = "1aed8017c3c8a449323901639de6b4eb3b1f02ea",
     )
 
     maven_jar(
-- 
cgit v1.2.3