Bumps [jquery-validation](https://github.com/jquery-validation/jquery-validation) from 1.19.4 to 1.19.5.
- [Release notes](https://github.com/jquery-validation/jquery-validation/releases)
- [Changelog](https://github.com/jquery-validation/jquery-validation/blob/master/changelog.md)
- [Commits](https://github.com/jquery-validation/jquery-validation/compare/1.19.4...1.19.5

)

---
updated-dependencies:
- dependency-name: jquery-validation
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [uglify-js](https://github.com/mishoo/UglifyJS) from 3.16.1 to 3.16.2.
- [Release notes](https://github.com/mishoo/UglifyJS/releases)
- [Commits](https://github.com/mishoo/UglifyJS/compare/v3.16.1...v3.16.2

)

---
updated-dependencies:
- dependency-name: uglify-js
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

By the way, clean unnecessary code and change groovy scripting call by the native date translation

Thanks to Ingo Wolfmayr for this issue

On the widget-form.xsd definition, the element on-field-event-update-area haven't possibility to define some parameters.

But on java code, the on-field-event-update-area is read like on-event-update-area.

If you put some parameters on your code, your editor raise a syntax error but OFBiz analyse and execute it well.

            <wf:field name="reload" >
                <wf:submit/>
                <wf:on-field-event-update-area event-type="click"
                                               area-target="ReloadIt">
                    <wf:auto-parameters-service service-name="computeForReload" send-if-empty="false"/>
                </wf:on-field-event-update-area>
            </wf:field>

By the way we can synchronize the on-field-event-update-area xsd on on-event-update-area.

When you define a display-entity you have the possibility to add a sub-hyperlink related to the element displayed.

             <field name="partyIdFrom">
                <display-entity entity-name="PartyNameView" key-field-name="partyId" description="${groupName}${firstName} ${lastName}">
                    <sub-hyperlink target="viewprofile" description="view">...</sub-hyperlink>
                </display-entity>
            <field>

This display the party name with a link "view" connected.

When you use the name as link without a dedicate sub link, you need to change all the form to resolve the information to display for creating an hyperlink

            <row-actions>
                <entity-one entity-name="PartyNameView" value-field="partyName">
                        <field-map field-name="partyId" from-field="partyIdFrom"/>
                </entity-one>
                <set field="partyNameValue" value=" ${partyName.groupName}${partyName.firstName} ${partyName.lastName}"/>
            </row-actions>
            <field name="partyIdFrom">
                <hyperlink target="viewprofile" description="${partyNameValue}">..</hyperlink>
            </field>

We lost the advantage of the display-entity. With this case, we improve display-entity with the following rule :

If the display-entity has a subhyperlink and the subhyperlink haven't description, the description of the link is the display-entity description.
In the code, if a sub-hyperlink has an empty description, we convert the display entity as a hyperlink

The service "resequence" compute for a content all sequenceNum for linked content assoc.

The code is very old (before apache) so apply a slim refactor and migrate the service name resequence to resequenceContentAssocChildren.

By the way I kept the service definition resequence to move it as deprecated.

Fix a null pointer exception when the extended menu have an entry without link.

Thanks to Jacques Leroux for the alert

Adds <img> and <hr> to CustomSafePolicy, removes obsolete <tt>. <img> allows
only attributes src and alt.

Both <br> and <br /> are correct. For that, this rather uses
TagBalancingHtmlStreamEventReceiver

Thanks: Ingo Wolfmayr

When hovering an app-navigation item, the height of the app bar changes.
Doesn't look good. Attached the correction.

Thanks: Ingo Wolfmayr

Reverts asciidoctorj-pdf to 1.5.3

Not sure it will work, at least I have a (another?) problem locally in Win 7

Reverts tika-core to 1.28.4 and fop to 2.3

I did not launch the tests, those did not pass:
ecommercetests	testSendOrderConfirmation
widgettests testFopMacroLibrary

Tika is a bit annoying, no security releases after Sept. 30

New line just to apply change made in Buildbot config to run w/ Java 11

Thanks to Gavin who noticed I forgot one line in Buildbot config  :/

New line just to apply change made in Buildbot config to run w/ Java 11

Seems last time Buildbot did not catch up or something is wrong
I double checked Buildbot config is properly set to run w/ Java 11 and change is
committed

Trying again after Gavin confirmed it should be OK on Slack #asfinfra channel

New line just to apply change made in Buildbot config to run w/ Java 11

Seems last time Buildbot did not catch up or something is wrong
I double checked Buildbot config is properly set to run w/ Java 11 and change is
committed

Trivial change just to apply change made in Buildbot config to run w/ Java 11

I noticed that JpegImageParser from Apache Commons Imaging never had a write
option. So I commented it out. I tested uploading, it's OK

org.apache.axiom.om.impl.builder.StAXOMBuilder has been replaced by
org.apache.axiom.om.OMXMLParserWrapper
in SOAPEventHandler.java

The rest of information is in the main build.gradle

I got 2 test errors on Win7. I'll see how it goes on GH and BB.
Maybe it's write.lock issues with Lucene or/and Solr indexes

Mentionned at https://tika.apache.org/
Apache Tika 1.28.4 has been released! This release includes security related
fixes and dependency upgrades
Note: The Apache Tika PMC has set September 30, 2022 as the End Of Life for the
Tika 1.x branch.

Allows both <br> and <br /> to pass in UtilCodec::checkStringForHtmlSafe, both
are correct.

Clarifies owasp.properties documentation about how to create own sanitizer
policies

Bumps [uglify-js](https://github.com/mishoo/UglifyJS) from 3.15.4 to 3.16.1.
- [Release notes](https://github.com/mishoo/UglifyJS/releases)
- [Commits](https://github.com/mishoo/UglifyJS/compare/v3.15.4...v3.16.1

)

---
updated-dependencies:
- dependency-name: uglify-js
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Dependabot does not support paths with "\" as in Windows

This supersedes the usage of npx npm-check-updates by automating npm things with Dependabot in GH

When you generate an order on a party who have a PartyAcctgPreference with a customMethod orderSequence_enforced, the service failed due to the missing parameter partyAcctgPreference.

Like quote and invoice it's preferable to forward the partyAcctgPreference information.

When you use two menus where the second extend the first, menu items and menu links aren't correctly propagated.

The menu items and menu links presents on the second menu already have the first menu on their model.

    ****
    <menu name="FirstMenu" extends="CommonInlineBarMenu" extends-resource="component://common/widget/CommonMenus.xml">
        <menu-item name="MyItem">
            <link target="GoAction"/>
        </menu-item>
    </menu>
    <menu name="SecondMenu" extends="FirstMenu"/>
    ****

The result, if during the rendering some information are generated from the menu, in the previous case, it's always the "FirstMenu" that would be use.

Like when your menu generate a hidden-form, the SecondMenu link the bad form

    ****
    <form method="post" action="GoAction" onsubmit="javascript:submitFormDisableSubmits(this)" name="SecondMenu">...</form>
    <a href="javascript:ajaxSubmitFormUpdateAreas('FirstMenu', 'xxx')">MyItem</a>
    ****

To solve it and don't break the thread safe pattern, I introduce two new constructor for ModelItem and MenuLink for duplicate the ModelMenuItem and MenuLink in memory with the new parent. With this, the SecondMenu iw now completely duplicated on memory and now share any reference with the extended menu.

Thanks to Marco Rodrigues that detect this problem

No functional change (correction on trunk already did by the OFBIZ-12609)

Condensing the code and remove unused errMsg variable.

Allows to check for only CSV files. This is not used OOTB in OFBiz.

Thanks: Sachin for report and confirmation it's OK

ScreenWidget links to form  but should be grid.

Thanks: Ingo Wolfmayr

Service has been moved to groovy but definition still links to minilang.

Thanks: Ingo Wolfmayr

https://github.com/apache/ofbiz-framework/actions/runs/2479996158

Few more debug log texts changes for clarity

I backport to ease future merging while backporting

Several changes in SecuredUpload class:
Mostly checks that uploaded CSV files are valid text files
Also few debug log texts changes for clarity

We need to upload a CSV format file as part of project requirement
We were able upload CSV format file under eCommerce in Version 16.11.07.
We are trying to implement the same in version 18.12.05 - there the same upload
module does not work.

jleroux: I missed to check and allow CSV files when all files are allowed.
That now uses:
https://commons.apache.org/proper/commons-csv/apidocs/org/apache/commons/csv/CSVFormat.html

The default CSV format used to check upload of CSV files is set in the property
csvformat=CSVFormat.DEFAULT in security.properties

Thanks: Sachin for report

(OFBIZ-12634)

Updates a few german translations for consistency.

Thanks Ingo Wolfmayr for reporting and providing the patch.

Hide the "Received a null Security object from HttpServletRequest" warning when
ControlFilter is in the StackTrace.

This release includes 23 bug fixes/improvements as outlined in the changelog:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318123&version=12351416

Thanks: Ingo Wolfmayr

Apache Tika 1.28.3 contains security-related fixes and dependency upgrades.
Details can be found in the changes file:
https://www.apache.org/dist/tika/1.28.3/CHANGES-1.28.3.txt

Add integration test to validate the good retrieval of the success /
error message.

Ajout de 4 services groovy pour tester le fonctionnement du moteur de service en groovy couplé a des appels de type DSL