build: update jetty dependencies to 12.0.12 to fix CVE-2024-6763 (#2921)

* build-update-jetty-dependencies-to-12.0.12-to-fix-CVE-2024-6763-

* checkstyle

Author: stankiewicz

pom.xml

@@ -98,6 +98,7 @@
     <mssql-jdbc.version>13.2.1.jre11</mssql-jdbc.version>
     <neo4j-driver.version>4.4.18</neo4j-driver.version>
     <okio.version>3.16.2</okio.version>
+    <jetty.version>12.0.12</jetty.version>
     <!-- Socket factory JARs for Cloud SQL -->
     <mysql-socket-factory.version>1.15.2</mysql-socket-factory.version>
     <postgres-socket-factory.version>1.25.3</postgres-socket-factory.version>
@@ -246,6 +247,80 @@
         <artifactId>okio</artifactId>
         <version>${okio.version}</version>
       </dependency>
+      <!-- Enforce non-vulnerable version of Jetty HTTP (CVE-2024-6763) -->
+      <!-- Using Jetty 12 EE8 artifacts for compatibility with Hadoop -->
+      <dependency>
+        <groupId>org.eclipse.jetty</groupId>
+        <artifactId>jetty-http</artifactId>
+        <version>${jetty.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.eclipse.jetty</groupId>
+        <artifactId>jetty-server</artifactId>
+        <version>${jetty.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.eclipse.jetty</groupId>
+        <artifactId>jetty-client</artifactId>
+        <version>${jetty.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.eclipse.jetty</groupId>
+        <artifactId>jetty-io</artifactId>
+        <version>${jetty.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.eclipse.jetty</groupId>
+        <artifactId>jetty-util</artifactId>
+        <version>${jetty.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.eclipse.jetty</groupId>
+        <artifactId>jetty-security</artifactId>
+        <version>${jetty.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.eclipse.jetty</groupId>
+        <artifactId>jetty-util-ajax</artifactId>
+        <version>${jetty.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.eclipse.jetty</groupId>
+        <artifactId>jetty-xml</artifactId>
+        <version>${jetty.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.eclipse.jetty</groupId>
+        <artifactId>jetty-alpn-client</artifactId>
+        <version>${jetty.version}</version>
+      </dependency>
+      <!-- EE8 specific artifacts for compatibility with Hadoop -->
+      <dependency>
+        <groupId>org.eclipse.jetty.ee8</groupId>
+        <artifactId>jetty-ee8-servlet</artifactId>
+        <version>${jetty.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.eclipse.jetty.ee8</groupId>
+        <artifactId>jetty-ee8-webapp</artifactId>
+        <version>${jetty.version}</version>
+      </dependency>
+      <!-- WebSocket artifacts with correct Jetty 12 coordinates -->
+      <dependency>
+        <groupId>org.eclipse.jetty.websocket</groupId>
+        <artifactId>jetty-websocket-jetty-api</artifactId>
+        <version>${jetty.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.eclipse.jetty.websocket</groupId>
+        <artifactId>jetty-websocket-jetty-client</artifactId>
+        <version>${jetty.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.eclipse.jetty.websocket</groupId>
+        <artifactId>jetty-websocket-jetty-common</artifactId>
+        <version>${jetty.version}</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 

v2/googlecloud-to-googlecloud/src/test/java/com/google/cloud/teleport/v2/templates/bigtablechangestreamstovectorsearch/VectorSearchResourceManager.java

@@ -37,9 +37,10 @@
 import com.google.cloud.aiplatform.v1.UpsertDatapointsRequest;
 import com.google.protobuf.TextFormat;
 import java.util.List;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.TimeUnit;
 import org.apache.beam.it.common.ResourceManager;
-import org.eclipse.jetty.util.ConcurrentHashSet;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.threeten.bp.Duration;
@@ -112,7 +113,7 @@ public IndexEndpoint getTestEndpoint() {
   // will slowly grow over time, so we should figure out how to periodically purge the index, but
   // that could cause running instances of this test to fail, so it's not perfect.
   // Using ConcurrentHashSet instead of HashSet to support parallelized test cases
-  private ConcurrentHashSet<String> pendingDatapoints = new ConcurrentHashSet<>();
+  private final Set<String> pendingDatapoints = ConcurrentHashMap.newKeySet();
 
   private VectorSearchResourceManager(String projectNumber, String region) throws Exception {
     this.projectNumber = projectNumber;