Bump extra-enforcer-rules from 1.3 to 1.4

[dependabot]

Bumps extra-enforcer-rules from 1.3 to 1.4.

Release notes

Sourced from extra-enforcer-rules's releases.

1.4

• Bump mockito-core from 3.11.2 to 3.12.4 (#139) @​dependabot
• Bump mojo-parent from 60 to 63 (#142) @​dependabot
• Master update dependencies (#136) @​slachiewicz
• Refactor AbstractRequireRoles.getRolesFromString (#133) @​pzygielo
• Require Java 8 (#134) @​slachiewicz
• [jdk17] Apply jdk 17 to allowed jdk versions (#129) @​hazendaz

🚀 New features and improvements

• add dependabot and release drafter configurations (#138) @​olamy

Commits

• fffd377 [maven-release-plugin] prepare release extra-enforcer-rules-1.4
• a91ca9b Bump mockito-core from 3.11.2 to 3.12.4 (#139)
• a7c1f7b Bump mojo-parent from 60 to 63 (#142)
• 3df79ea add dependabot and release drafter configurations (#138)
• d380fe5 Upgrade to maven-enforcer-api 3.0.0; Require Maven 3.1.1
• f428f30 improve build configuration
• 3e1f7f8 Update dependencies and plugin versions to version before m-enforcer-plugin 3...
• 7ade053 Bump maven-dependency-tree from 2.1 to 2.2
• 5e34e58 Update dependencies and plugins.
• c97a9d2 Refactor AbstractRequireRoles.getRolesFromString
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[timja]

Enforce 3.0.0 fails with the servlet API hack and something to do with jetty

Any ideas @jglick / @jtnord

[jglick]

Not sure, but I would love to remove https://github.com/jenkinsci/jenkins/blob/73522166a4f55e8dc225d30268a512e5cb7b5d28/pom.xml#L141-L158 in favor of a proper Enforcer rule (if we do not already have one).

[jtnord]

Spring security requires javax.servlet:javax.servlet:4.0.1 jetty uses 3.x so this may well be a real issue we just did not see elsewhere.

This is not the hack which is javax.servlet:servlet-api which also fails but is a bit strange. I'm still looking

[basil]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[basil]

@dependabot recreate

[basil]

@dependabot rebase

[dependabot]

Looks like org.codehaus.mojo:extra-enforcer-rules is up-to-date now, so this is no longer needed.