neo4j-5.26/5.26.0-r0: cve remediation

[octo-sts]

neo4j-5.26/5.26.0-r0: fix GHSA-qh8g-58pp-2wxh

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/neo4j-5.26.advisories.yaml

[debasishbsws]

The CVE is sill there

[debasishbsws]

  - timestamp: 2024-11-20T13:04:12Z
    type: pending-upstream-fix
    data:
      note: |
        This vulnerability relates to the 'jetty-http' dependency, which is fixed in v12.0.12 and later.
        Unfortunately, we are not able to remediate this CVE, as bumping this dependency version results in build failures.
        Specifically, there are version conflicts between the various jetty dependencies. Attempting to bump the related dependencies to the same version, results in different build issues.
        Another component: 'jetty-servlet', has also been relocated to a new location in maven central: https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-servlet. This requires additional code changes.
        All attempts were made to chain up the required changes, but to no avail. Pending fix from upstream.

[debasishbsws]

wolfi-dev/advisories#11024