Firefox console has started showing this warning:
Cookie “JSESSIONID” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Cookies
It seems JSESSIONID is a cookie generated by Servlet containers like Tomcat.
The CLDR code itself doesn't include "sameSite", so maybe what's needed is just to update one of the libraries we're using.