Bump the maven group with 2 updates

[dependabot]

Bumps the maven group with 2 updates: org.apache.commons:commons-lang3 and io.projectreactor.netty:reactor-netty-http.

Updates org.apache.commons:commons-lang3 from 3.13.0 to 3.18.0

Updates io.projectreactor.netty:reactor-netty-http from 1.1.16 to 1.2.8

Release notes

Sourced from io.projectreactor.netty:reactor-netty-http's releases.

v1.2.8

Reactor Netty 1.2.8 is part of 2024.0.8 Release Train.

What's Changed

✨ New features and improvements

• Depend on Reactor Core v3.7.8 by @​chemicL in 79468f613c936d7d694a6c92907f04af17a36edc, see release notes
• Depend on Netty QUIC Codec v0.0.73.Final by @​violetagg in #3811
• Depend on Netty HTTP/3 Codec v0.0.30.Final by @​dependabot[bot] in #3812
• Remove the usage of deprecated functionality by @​violetagg in #3819
• Improve protocol validation in Forwarded/X-Forwarded-Proto header parsing by @​violetagg in #3823 and #3824
• Remove trailer header pre-declaration requirement by @​violetagg in #3825

🐞 Bug fixes

• Ensure the connection is invalidated when a connection close happens before HTTP/1.1 to HTTP/2 upgrade operation by @​violetagg in #3806
• When HTTP/2 apply always the trailer headers by @​violetagg in #3808
• Trailers must not include pseudo-header fields by @​violetagg in #3810
• Add the HTTP/2 connection to the channel group for a proper graceful shutdown in case no active streams by @​violetagg in #3827
• Add proper initialisation of maxConcurrentStreams when successful HTTP/1.1 to HTTP/2 upgrade by @​violetagg in #3832
• Ensure the HTTP/2 upgrade stream inherits the proper state from the original HTTP/1.1 connection when successful upgrade from HTTP/1.1 to HTTP/2 by @​violetagg in #3838

New Contributors

• @​jkonicki made their first contribution in #3829 and #3830

Full Changelog: reactor/reactor-netty@v1.2.7...v1.2.8

v1.2.7

Reactor Netty 1.2.7 is part of 2024.0.7 Release Train.

What's Changed

✨ New features and improvements

• Depend on Reactor Core v3.7.7 by @​violetagg in 7ad6a24b67a3f40b78ed39aed8e85545be6ae410, see release notes
• Depend on Netty v4.1.122.Final by @​violetagg in #3791
• Remove the usage of deprecated functionality by @​violetagg in #3792
• Use the new Netty HTTP/2 setting SETTINGS_ENABLE_CONNECT_PROTOCOL by @​violetagg in #3794

📖 Documentation

• Document the required HTTP/2 initial setting when websocket over HTTP/2 on the server by @​violetagg in #3783

Full Changelog: reactor/reactor-netty@v1.2.6...v1.2.7

v1.2.6

Reactor Netty 1.2.6 is part of 2024.0.6 Release Train.

... (truncated)

Commits

• 79468f6 [release] Prepare and release 1.2.8
• 61e6799 Bump @​springio/antora-extensions from 1.14.5 to 1.14.6 in /docs (#3839)
• 4ed9cb2 [test] Deregister the metrics repository as soon as possible
• ab67d7f Polish
• c53e1bb [test] Move the check to try block
• 5228923 Ensure the HTTP/2 upgrade stream inherits the proper state from the original ...
• a60f640 Bump @​springio/antora-extensions from 1.14.4 to 1.14.5 in /docs (#3837)
• 4a7eb75 Bump org.junit.platform:junit-platform-launcher from 1.13.2 to 1.13.3 (#3836)
• 502e385 Bump junitVersion from 5.13.2 to 5.13.3 (#3835)
• 9d2c795 Bump org.apache.tomcat.embed:tomcat-embed-core from 9.0.106 to 9.0.107 (#3834)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.