Fix dependabot alert 30: upgrade netty-codec-http to 4.2.8.Final

Override transitive io.netty:netty-codec-http version to 4.2.8.Final
via dependency constraint to fix CVE-2025-67735 (CRLF injection in
HttpRequestEncoder).

Author: pboos

build.gradle

@@ -64,6 +64,14 @@ subprojects {
         annotationProcessor(libs.lombok)
         testCompileOnly(libs.lombok)
         testAnnotationProcessor(libs.lombok)
+
+        // Security: override transitive netty-codec-http to fix CVE-2025-67735 (CRLF injection)
+        constraints {
+            implementation('io.netty:netty-codec-http') {
+                version { require libs.versions.netty.get() }
+                because 'CVE-2025-67735: CRLF injection in HttpRequestEncoder'
+            }
+        }
     }
 
     checkstyle {

gradle/libs.versions.toml

@@ -11,6 +11,7 @@ lombok = "1.18.42"
 commons-codec = "1.20.0"
 find-bugs = "3.0.2"
 gradle-nexus-publish-plugin = "2.0.0"
+netty = "4.2.8.Final"
 datadog-statsd = "4.4.5"
 # Verify
 checkstyle = "8.44"