Upgrade Netty to 4.1.132.Final to fix CVE-2026-33870 and CVE-2026-33871

Add Netty BOM to dependencyManagement to override the vulnerable transitive
Netty version (~4.1.115.Final) pulled in by Vert.x 4.5.21.

- CVE-2026-33870: HTTP request smuggling via chunked extension parsing (CVSS 7.5)
- CVE-2026-33871: HTTP/2 DoS via CONTINUATION frame flood (CVSS 8.7)

See: UID2-6837

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: BehnamMozafari

pom.xml

@@ -13,6 +13,7 @@
         <maven.compiler.target>21</maven.compiler.target>
         <vertx.version>4.5.21</vertx.version>
         <uid2-shared.version>11.4.0</uid2-shared.version>
+        <netty.version>4.1.132.Final</netty.version>
     </properties>
 
     <repositories>
@@ -36,6 +37,13 @@
 
     <dependencyManagement>
         <dependencies>
+            <dependency>
+                <groupId>io.netty</groupId>
+                <artifactId>netty-bom</artifactId>
+                <version>${netty.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
             <dependency>
                 <groupId>org.junit</groupId>
                 <artifactId>junit-bom</artifactId>