* Use "Files.createTempDirectory" to create temp directory instead
See SonarQube critical vulnerability squid:S2976 (tag: owasp-a9)
https://next.sonarqube.com/sonarqube/coding_rules#rule_key=squid%3AS2976

* [JENKINS-48227]
Creating a utility "static Path toPath(File file) throws IOException" method,
which wraps InvalidPathException to IOException so that it will be checked.
- also fixed public static final reference
- fixed broken test cases
- added new test cases for toPath() and createTempDir()

* Revert back to public static int

* adjustments due to merges

* Add posix check to determine if Posix FileAttributes should be included
in call to Files.createTempDirectory()

* Remove reference to private element

* Updated to use explicit imports

* Deprecate Jenkins.getInstance in favor of (usually) getActiveInstance.

* Introduced get() as a concise non-null accessor.

* May as well suggest rewrites of getActiveInstance too.

 Add Chinese translation

* Ensure all Jelly view have escape-by-default.
- all those views escape the content theirself, so no vulnerability corrected here (for TextParameterDefinition, it's done by textarea.jelly)

* - just a line break at end

* - just a line break at end (part 2)

* - change from st:out to j:out because their content is expected to be html tags

* - st => j for all finally

* Create messages_zh_CN.properties

* Update messages_zh_CN.properties

* Rename messages_zh_CN.properties to message_zh_CN.properties

* Update message_zh_CN.properties

* Add getSystemProperty(key) to fix hudson.consoleTailKB system property

* Add Javadoc, @Restricted and delegate to SystemProperties

These changes were requested by @daniel-beck.

* PR was not merged in time for 2.96

* Changes as requested by @oleg-nenashev

[JENKINS-48604] Do not downgrade plugins that are dependencies of detached plugins when upgrading Jenkins

This reverts commit eb77e5f2.

[JENKINS-48365] Install detached plugins when upgrading Jenkins past the version the plugins were detached

[JENKINS-34254] Fix RequirePOST form

* [JENKINS-22474] API Token does not require CSRF token
- in order to ease the use of the api, we are not requiring the request to have a crumb
- in terms of security it's not a problem normally since the CSRF attacks use the cookies and in case of API Token, it's session-less / cookie-less

* - adjust the license header

* - add test for basic authentication
- add test for login process

* - add test for form submission using ui (htmlunit), not just login form

* - modification requested by Jesse

* - pom.xml update to use the last version of jenkins-test-harness (with the token helper methods)
- beginning of the simplification of tests

* - using the try-with-resource approach to ease readability

* - using closure method now

* - add missing login transformation

* - add unit test

* - use withToken
- remove useless crumb for GET method
- add fail (otherwise the assert in catch is not as useful as it could be)

* another bunch of test cases

* - for HudsonTestCase, some additional modifications are required: changing the view / different type of management for the variable inside the views

* - small other tests

* - last batch for the login method

* - crumb is not more required since we are using API Token

* - converting auth to ApiToken to avoid crumb method

* - converting auth to ApiToken to avoid crumb method (second)

* - remove usage of closure aware methods

* - update the pom using the snapshot as adviced by Jesse
- modifications on other class to adapt to the last modifications in JTH

* - modifications requested during code review

* - also put back my changes to the conflicted file

* - correction of the merge :)

* Use NIO in tryOnceDeleteFile and makeWritable

* Don't try to set PosixFileAttributes on Windows

* Do not create arbitrary exceptions in makeWritable to fix test failures on Windows

* Remove unhelpful layer of exception wrapping

* Add test exercising Util#makeWritable in Util#tryOnceDeleteFile

* Add test for deleting a non-existant file

* Return early if changing permissions with NIO succeeds

[JENKINS-48505] - Invoke optimistic get before computeIfAbsent to avoid contention.

* Move an instance of renameTo() to Files.move()

* Replace an instance of File.toURI() with an instance of Path.toUri()

* Replace mkdirs() with Files.createDirectories()
Replace mkdir() with Files.createTempDirectory()

* Undo addition of createTempDirectory() as per review comments

* Return to use of FilePath#mkdirs(File) and instead modify it to use the new API.

* Undo addition of toPath() in a URI conversion as it brings no benefits.

* Replace new uses of toPath() with Util.fileToPath() to pre-handle runtime exceptions

* Remove * import.
move mkdirs() to using FilePath method instead of File method.

* Make IOUtils.mkdirs(File) use Java7 API calls

* Add back accidentally removed imports.

* Fixed use of wildcard import

* Use utility method fileToPath() to handle potential exception thrown

Fixed typo in German translation.

* Introduce UserIdCause constructor, which accepts userId as an argument.

* [JENKINS-48467] - UserIdCuase: Add issue link in the TODO comment

* [JENKINS-27026] Notify the SecurityListener in case of Token based authentication success
- due the current version of the method, the UserDetails required for the event was not accessible. In order to stay with the same API in SecurityListener, two "protected" methods were created to split the job and let the UserDetails accessible

* - add test to ensure the SecurityListener is called for REST Token but also for regular basic auth

* - remove the comment about the split, will be put in GitHub comment instead

* - add check for anonymous call instead of just putting a comment
- remove the constructor in the dummy
- add link to PR from Daniel to simplify a call

* - separate the before/after to save one clear and be more explicit
- put more meaning in the assertLastEventIs method by explicitly say we will remove the last event

* - add comment about why we do not fire the "failedToAuthenticated" in the case of an invalid token (tips: it's because it could be a valid password)

* - also add the authenticated trigger on legacy filter as pointed by Ivan

* - add support of event on CLI remoting authentication
- adjust tests by moving the helper class used to spy on events

* - as mentioned Yvan, the code had some problems with null checking, so the approach is changed in order to encapsulate all that internal mechanism

* - add javadoc
- open the getUserDetailsForImpersonation from the User (will let the SSHD module to retrieve UserDetails from that)

* - remove single quote in log messages

* - basic corrections requested by Jesse

* - just another typo

* - adjust the javadoc for SecurityListener events

* - add the link to Jenkins#Anonymous

* - add link (not using see)

* - update comment on the isAnonymous as we (me + Oleg) do not find a best place at the moment

* - put the new method isAnonymous in ACL instead of Functions

* - little typo
- add requirement about the SecurityContext authentication

Deprecating Service in favor of ServiceLoader

with 1.12 @Restricted annotation are kept for runtime, which is a requirement for [configuration-as-code](https://github.com/jenkinsci/configuration-as-code-plugin) to detect technical attribute which should not be exposed (typically : `Jenkins#setInstallState()`)