Update dependency org.http4k:http4k-format-moshi to v5

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
org.http4k:http4k-format-moshi (source)	compile	major	4.40.1.0 -> 5.13.4.0

By merging this PR, the issue #2 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability
Medium	5.9	CVE-2023-3635

---

Release Notes

http4k/http4k (org.http4k:http4k-format-moshi)

v5.13.4.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-contract : Support for data4k progressive data models with field metadata via delegate properties

v5.13.2.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-contract* : [Fix] Enums do not pick up custom prefixes in model naming. H/T @​ashcor for the tip-off!
• http4k-opentelemetry* : [Fix] Fix to set HTTP_REQUEST_BODY_SIZE attribute in OpenTelemetryTracing. H/T @​dkandalov
• http4k-contract* : Added Canonical model-namer.

v5.13.1.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-client-helidon : [Fix #​1037] Improve support for query parameters. H/T @​franckrasolo

v5.13.0.1

Compare Source

• http4k-testing-tracerbullet : [Fix] Mermaid sequence diagram generation was constantly changing by default editorconfig files and people committing with
  different IDE settings
• http4k-server-jetty : [Fix #​1023] Header values in quotes lose their quotes. H/T @​efasel, @​dhs3000

v5.13.0.0

Compare Source

• http4k-format-jade4j : [Breaking] This module has been renamed due to the library Jade4J becoming Pug4J. Migration should be a no-op apart from switching
  the imported module, and renaming your templates from .jade to .pug. Please see Pug4j docs for anything else.
• http4k-format-pug4j : [New module] Replacement for Jade4j

v5.12.2.1

Compare Source

• http4k-webhooks : Move VerifyWebhookSignature filter to ServerFilters as it's not for HTTP clients!

v5.12.2.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-core : [New module!] Support for the Standard Webhooks format
• http4k-core [Fix #​1022] For a request with matching if-none-match header the response lacks the etag header. H/T @​efasel
• http4k-core [Fix #​1030] Maven POM for http4k-format-jackson-xml is invalid: jackson-dataformat-xml is missing a version

v5.12.1.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-core : Fix lens replacement of path parameter when there is a regular expression in the path segment
• http4k-format-jackson : Added lens support for deserialising data4k containers directly
  from HTTP message bodies (via Body.json(::JsonNodeDataContainer)).toLens()

v5.12.0.0

Compare Source

• http4k-* : Upgrade some dependency versions, including Kotlin to 1.9.22, and Jetty 12 (see below).
• http4k-server-jetty - [Breaking] Upgrade to Jetty 12. This is a major rewrite of the Jetty engine and the API surface is incompatible with v11. If you are
  using vanilla Jetty backend then this is a NoOp replacement, otherwise fallback to using the new Jetty11 module and then plan migration accordingly. Massive
  H/T to H/T @​FredNordin for the implementation upgrade.
• http4k-server-jetty11 - [New Module!] Drop-in replacement module for custom Jetty11 users. Constructor is now called Jetty11() instead of Jetty(), so
  migration should be very simple. Other renames as required (using 11) to avoid API clashes in the http4k codebase.
• http4k-aws : [Breaking] Tweaks to the signature of AwsPreSignRequests. Use AwsRequestPreSigner instead. H/T @​oharaandrew314

v5.11.1.0

Compare Source

• http4k-aws : Pre-sign AWS requests with the new AwsPreSignRequests class. H/T @​oharaandrew314
• http4k-serverless-lambda : [Fix #​1013] Support multi value query parameters in ApiGatewayV2LambdaFunction (
  http4k-serverless/lambda)

v5.11.0.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-core : [Unlikely Break: Fix #​1011] Jackson does not honour serialisation of Enums when they are used as Map
  keys. The fix MAY break JSON serialisation (which actually is a bug as the expected behaviour is for the Enums to use
  the predefined mapping).

v5.10.7.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-core : [Fix #​1009] Extracting access token from non-standard AccessToken response fails

v5.10.6.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-core : Make RouterDescription print-friendly

v5.10.5.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-serverless-lambda : Add support for custom EventBridgeEvent format

v5.10.4.0

Compare Source

• http4k-* : Upgrade some dependency versions, including Kotlin to 1.9.21

v5.10.3.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-contract [Fix #​1002]: Ability to use RequestContexts for providing a User Principal with Security.

v5.10.2.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-core- : [Fix] FollowRedirects now remove host header
• http4k-testing-webdriver- : Ability to inject clock into the Webdriver

v5.10.1.0

Compare Source

• http4k-testing-webdriver* : Allow the originalUri method of the OAuthRedirectionFilter to be configured when
  constructing an OAuthProvider H/T @​mbcltd
• http4k-format-* : Add alternative syntax for Automarshalling injection/extraction of bodies into and out of
  HttpMessages

v5.10.0.0

Compare Source

• http4k-* : Upgrade some dependency versions, including Kotlin to 1.9.20
• http4k-testing-webdriver* : Host header is populated in Http4kWebDriver H/T @​mbcltd

v5.9.0.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-server-helidon : [Breaking] Upgrade to stable v4 of Helidon, API changes.
• http4k-client-helidon : [Breaking] Upgrade to stable v4 of Helidon, API changes.
• http4k-* : [Breaking - dev only] http4k is now built with Java 21, although Java 8 is still targeted.

v5.8.6.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-core : New filter to validate zipkin headers. H/T @​time4tea

v5.8.5.1

Compare Source

• http4k-* : Fix maven dependencies marked as optional in various http4k modules

v5.8.5.0

Compare Source

• http4k-* : Upgrade some dependency versions, including CVE fix for Jetty.
• http4k-core : Rename Events.then() with Events.and() for clarity.

v5.8.4.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-serverless-lambda : Add support to multiple query/header values with the same key

v5.8.3.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-incubator* : Added HTMX emulation on Http4kWebDriver H/T @​mbcltd

v5.8.2.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-core : Added extension function ExecutionService.withRequestTracing() to propagate Zipkin traces across
  threads

v5.8.1.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-core : BiDiLenses now implement LensInjectorExtractor

v5.8.0.0

Compare Source

• http4k-core : BiDiLenses now implement LensInjectorExtractor
• http4k-contract : [Unlikely break] NoRenderer now returns a 404 instead of an empty JSON document.

v5.7.5.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-aws : Add support for AwsSdkAsyncClient. H/T @​oharaandrew314

v5.7.4.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-testing-playwright : [New Module] Easily browser-test your http4k apps with this Playwright JUnit
  extension! H/T @​dmcg for the inspiration.

v5.7.3.0

Compare Source

• http4k-* : Upgrade some dependency versions, including Kotlin to 1.9.10
• http4k-htmx : Added hyperscript.js webjar to the distribution.

v5.7.2.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-htmx : [New Module] Basic support for htmx development, including Webjar and custom lens types
• http4k-testing-webdriver : Improve support for radio buttons and radio groups in the http4k-testing-webdriver. H/T
  @​mbcltd

v5.7.1.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-contract* : [Fix #​964] ContractRoute - inconsistent behavior on route matching. H/T @​potfur for the
  investigation.

v5.6.5.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-testing-approval : Whitespace is now trimmed from end of approval file content. Improves compatibility with
  IntelliJ (as final line endings might be added automatically)
• http4k-testing-webdriver : [Fix #​963] Submitting empty textarea form element in the webdriver causes a validation
  error

v5.6.4.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-server-apache4: Upgrade compromised commons-codec version. H/T @​oharaandrew314
• http4k-template-jte : [New module] JTE templating support

v5.6.3.0

Compare Source

• http4k-security-oauth :Add ability to override response mode in OAuthProvider.

v5.6.2.1

Compare Source

• http4k-core : [Fix] Extend URI now supports fragment parameters

v5.6.2.0

Compare Source

• http4k-* : Upgrade some dependency versions
• http4k-security-oauth : [Fix] In-memory request tracking for FakeOAuthServer now supports full AuthRequest.

v5.6.1.0

Compare Source

Changelog:

• http4k-* : Upgrade some dependency versions.
• http4k-serverless-core : Add some filters for Serverless functions.

v5.6.0.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-core : Added nonBlank() to set of standard BiDiMappings. H/T @​dmcg
• http4k-core : [Unlikely break: Fix #​956] Lenses don't really work for optional fields in HTML form parsing.
  Form-fields are now filtered for values which are not blank. This means that you may need to change form lenses to be
  optional and default to an empty string if they are missing.

v5.5.0.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-cloudnative - Add support for enums in EnvironmentKey
• http4k-testing-tracerbullet : [Breaking] Fixed SequenceDiagrams for Mermaid to be formatted correctly. This may
  break approval files for any tests.

v5.4.1.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-client-helidon : API changes from Helidon alpha to M1
• http4k-server-helidon : API changes from Helidon alpha to M1
• http4k-contract : [Fix #​750] JacksonFieldMetadataRetrievalStrategy is incompatible with kotlinx.serialization
  @​Serializable classes. H/T @​krissrex
• http4k-realtime-core : [Fix #​951] Add filters to initialise request context for SSE and WS.
• http4k-realtime-core : [Fix #​885] Accept websocket subprotocols. Note that not all servers are currently supported
• http4k-server-jetty : [Fix #​885] Support subprotocols for Websockets

v5.4.0.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-aws: [Fix #​656] AWS request signing issue for URLs with special characters. H/T @​krissrex
• http4k-aws: [Fix #​947] AWS request signing issue for duplicated headers and header values with multiple spaces.
  H/T @​krissrex
• http4k-format-kondor-json: [Unlikely Break] Upgrade kondor-json to 2.0.0. H/T @​FredNordin

v5.3.0.0

Compare Source

• http4k-* : Upgrade some dependency versions, including Kotlin to 1.9.0.
• http4k-core : Surface root error messages in Body lenses when failure occurs on deserialisation.
• http4k-template-thymeleaf : [Unlikely Break] Use HTML rendering mode and .html suffix by default for Thymeleaf
  templates. H/T @​mikaelstaldal

v5.2.1.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-core : [Fix #​939] Override all Request and Response mutators for routed messages. H/T @​kwydler

v5.2.0.0

Compare Source

• http4k-contract-jsonschema : [New module] Extracted this so we can reuse in non-OpenAPI scenarios
• http4k-contract : [Deprecation] Repackaging of JSON schema classes. Should only affect users if they have
  explicitly used/extended the standard behaviour.

v5.1.2.1

Compare Source

• http4k-serverless-lambda* : [Fix #​936] AWS SQS null deserialization issues

v5.1.2.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-security-oauth* : Remove dependency on Kotlin-reflect by adding custom adapters. H/T

v5.1.1.1

Compare Source

• http4k-serverless-lambda* : [Fix #​933] AWS SQS deserialization issue when md5OfMessageAttributes is null. H/T
  @​oharaandrew314

v5.1.1.0

Compare Source

• http4k-realtime-core : Readd test client methods for SSE and WS

v5.1.0.0

Compare Source

• http4k-server-realtime-core : [Breaking - Fix #​931] Change Websocket and SSE interfaces to return WsResponse
  and SseResponse objects. This makes it easier to set response headers and control if a connection is made from the
  incoming request as it is no-longer hidden (it is exposed at the top level instead of being hidden in the SSE and
  Websocket objects). It also means that the interfaces for the protocols follow the same pattern.
• http4k-server-jetty : As above
• http4k-server-undertow : As above
• http4k-core : [Fix #​930] Update content-length header after GZipping it. H/T @​bjornbugge

v5.0.0.0

• http4k-* : Upgrade some dependency versions.
• http4k-* : [Breaking] Remove all previous deprecations from all modules for v4. To upgrade cleanly, first upgrade
  to v4.48.0.0 and then re-upgrade to v5.0.0.0. This will ensure that you only have to deal with Deprecations
  between the major versions.
• http4k-templates-dust: [Breaking] Nashorn is finally removed, so we are dropping support for this module. If you
  are on-pre Java 19 you can continue to use the old module version with no breaking changes.
• http4k-*: [Breaking] http4k is now built with Java 20. We are still compiling for older Java versions. New major
  versions will now be incoming with every major JDK release in order to track new and retired JVM features (6 month
  cycle).
• http4k-server-jetty: New Server Backend JettyLoom, based on Loom VirtualThreads. Requires Java 21 to use.
  Standard Jetty remains usable with any Java version.
• http4k-core: New Server Backend SunHttpLoom, based on Loom VirtualThreads. Requires Java 21 to use.
  Standard SunHttp remains usable with any Java version.
• http4k-server-helidon: [New Module] Helidon is a Loom-first rewrite of the popular server. Requires Java >= 19 to
  use.
• http4k-server-websocket: [New Module] A lightweight Websocket server built
  on TooTallNate/Java-Websocket. H/T @​oharaandrew314
• http4k-client-helidon: [New Module] An HTTP client build from the ground up to take advantage of project Loom.
  Requires Java >= 19 to use.
• http4k-format-kondor-json: [New Module] Support for KondorJson , the
  reflection-free JSON library.
• http4k-testing-tracerbullet: [New Module] TracerBullet allows you to hook into the http4k Events implementation
  to visually document your applications through testing. See example in reference guide.
• http4k-contract: Allow RouteMetaDsl to be marked as hidden H/T @​oharaandrew314

v4.48.2.0

• http4k-* : Commercially licensed LTS version of http4k v4. This is a marker release only and is covered by
  the http4k Enterprise Edition subscription. Non-licensed parties should NOT use this version of http4k libraries. Either
  downgrade to the Apache2 licensed v4.48.0.0, or contact us to arrange an http4k Enterprise Edition subscription.

v4.48.0.0

Compare Source

• http4k-* : Upgrade some dependency versions, including Kotlin to 1.8.22.

v4.47.2.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-incubator Further simplifications of tracing algorithm

v4.47.1.0

Compare Source

• http4k-core Make it easy to propagate or update trace spans in ZipkinStorage
• http4k-incubator Further simplifications of tracing algorithm

v4.46.0.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-core : Added status lookup by code. H/T @​jhult
• http4k-core : [Unlikely break] Client request tracing now sets and resets the ThreadLocal containing the current
  Zipkin traces. Possible break
  if you were relying on Zipkin state in a downstream handler. This change will allow better in-memory testing as traces
  will be reported correctly inside the context of the filter.
• http4k-incubator : [Break] Changes to improve how we create Tracing trees, and this the signature of the Tracer to
  take EventNode which is a tree node.

v4.45.0.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-core: [Breaking] Fix #​912 - CatchLensFailure filter now can pass the Request object into the receiver. H/T
  @​mikaelstaldal
• http4k-server-format-moshi: Add support for Sets
• http4k-security-oauth: [Breaking] AccessTokens create method took an unnecessary duplicate parameter. To fix, just
  remove the authorizationCode parameter from your implementations and use the code from the tokenRequest

v4.44.1.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-core: SameSite cookie is now lax when it comes to casing.

v4.44.0.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-core : [Breaking] Allow setting of compression level on GZip filter in both Streaming and Memory mode. To
  fix, simply change from GzipCompressionMode.Memory/Streaming to GzipCompressionMode.Memory()/Streaming()

v4.43.1.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-core : [Fix] #​901. Improve performance of GZip in streaming mode.

v4.43.0.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-server-undertow : Upgrade websocket requests based on other common headers. H/T @​endofhome
• http4k-security-oauth : [Breaking] Make full callback URI available as part AuthorizationCodeMissing error.
  Fixes #​895
• http4k-core : Static resources now return directives as well as content type on served assets.

v4.42.1.0

Compare Source

• http4k-* : Upgrade some dependency versions.

v4.42.0.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-testing-kotest : [Possible break] Fix of this Kotest issue
  in new dependency release might lead to some surprising changes in behaviour of matchers for comparing JSON nodes

v4.41.4.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-contract-ui-redoc: [New Module] Serve Redoc with the redocUiWebjar function.
• http4k-contract: [New Feature] Serve Redoc with the redocUiLite function.
• http4k-contract-ui-swagger: [Fix] #​880. swaggerUiWebjar now works properly with a non-root path. Plus
  performance improvements.

v4.41.3.0

Compare Source

• http4k-incubator TracerBullet diagrams have more options for reporting errors.

v4.41.2.0

Compare Source

• http4k-* : Upgrade some dependency versions, including Kotlin to 1.8.20.
• http4k-incubator TracerBullet diagrams have added colours.

v4.41.1.1

Compare Source

• http4k-contract-ui-swagger Fix dependency from provided -> api

v4.41.1.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-opentelemetry* :Fix #​867. OpenTelemetry tracing uses bad default span naming. H/T @​krissrex for the report.
• http4k-contract-ui-swagger : [New Module] Serve a customized Swagger UI via a bundled WebJar with the
  new swaggerUiWebjar function. H/T @​oharaandrew314
• http4k-contract : Deprecate swaggerUI in favor of new swaggerUiLite function, which uses a new config format.
  H/T @​oharaandrew314

v4.41.0.0

Compare Source

• http4k-core : [Unlikely break] Fix creation of UriTemplate when it starts/ends with multiple slashes. This
  shouldn't cause any problems that we know about, but we are bumping the breaking version number just in case.

v4.40.2.0

Compare Source

• http4k-* : Upgrade some dependency versions.
• http4k-client-apache* : Fix #​866 - ApacheClient does not handle SocketException.

---

• If you want to rebase/retry this PR, check this box