Bump the all group across 1 directory with 5 updates (#341)

* Bump the all group across 1 directory with 5 updates

Bumps the all group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) | `2.19.0` | `2.19.1` |
| [org.apache.logging.log4j:log4j-bom](https://github.com/apache/logging-log4j2) | `0.0.0-SNAPSHOT` | `3.0.0-beta3` |
| org.apache.logging.log4j:log4j-core | `2.25.0` | `3.0.0-beta3` |
| [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) | `3.5.0` | `3.5.3` |
| [org.springframework.boot:spring-boot-maven-plugin](https://github.com/spring-projects/spring-boot) | `3.5.0` | `3.5.3` |



Updates `com.fasterxml.jackson:jackson-bom` from 2.19.0 to 2.19.1
- [Commits](FasterXML/jackson-bom@jackson-bom-2.19.0...jackson-bom-2.19.1)

Updates `org.apache.logging.log4j:log4j-bom` from 0.0.0-SNAPSHOT to 3.0.0-beta3
- [Release notes](https://github.com/apache/logging-log4j2/releases)
- [Changelog](https://github.com/apache/logging-log4j2/blob/2.x/RELEASE-NOTES.adoc)
- [Commits](https://github.com/apache/logging-log4j2/commits/rel/3.0.0-beta3)

Updates `org.apache.logging.log4j:log4j-core` from 2.25.0 to 3.0.0-beta3

Updates `org.springframework.boot:spring-boot-dependencies` from 3.5.0 to 3.5.3
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.0...v3.5.3)

Updates `org.springframework.boot:spring-boot-maven-plugin` from 3.5.0 to 3.5.3
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.0...v3.5.3)

Updates `org.apache.logging.log4j:log4j-core` from 2.25.0 to 3.0.0-beta3

Updates `org.springframework.boot:spring-boot-maven-plugin` from 3.5.0 to 3.5.3
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.0...v3.5.3)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.19.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: org.apache.logging.log4j:log4j-bom
  dependency-version: 3.0.0-beta3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-version: 3.0.0-beta3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: org.springframework.boot:spring-boot-dependencies
  dependency-version: 3.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: org.springframework.boot:spring-boot-maven-plugin
  dependency-version: 3.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-version: 3.0.0-beta3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: org.springframework.boot:spring-boot-maven-plugin
  dependency-version: 3.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <[email protected]>

* fix: Limit Log4j to version < 3.0.0-alpha1

Dependabot attempts to upgrade Log4j to `3.0.0-beta3` because, per the Maven version ordering, `3.0.0-beta3` is considered lower than a plain `3`. This commit explicitly limits Log4j to a version lower than `3.0.0-alpha1` to prevent premature upgrades to the 3.x series.

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Piotr P. Karwasz <[email protected]>

Author: dependabot[bot]

.github/dependabot.yaml

@@ -39,7 +39,7 @@ updates:
       - maven-central
     ignore:
       - dependency-name: "org.apache.logging.log4j:*"
-        versions: ["[3,)"]
+        versions: ["[3.0.0-alpha1,)"]
 
   - package-ecosystem: gradle
     directories:
@@ -54,7 +54,7 @@ updates:
       - maven-central
     ignore:
       - dependency-name: "org.apache.logging.log4j:*"
-        versions: ["[3,)"]
+        versions: ["[3.0.0-alpha1,)"]
 
   - package-ecosystem: github-actions
     directory: "/"

pom.xml

@@ -90,15 +90,15 @@
     <jetty.version>11.0.25</jetty.version>
     <javax-jms.version>2.0.1</javax-jms.version>
     <spotbugs-annotations.version>4.9.3</spotbugs-annotations.version>
-    <spring-boot.version>3.5.0</spring-boot.version>
+    <spring-boot.version>3.5.3</spring-boot.version>
     <spring-cloud.version>2025.0.0</spring-cloud.version>
 
     <!-- Pinned transitive dependencies -->
     <!-- Try removing from time to time -->
     <error_prone.version>2.38.0</error_prone.version>
     <guava.version>33.4.8-jre</guava.version>
     <httpclient.version>4.5.14</httpclient.version>
-    <jackson.version>2.19.0</jackson.version>
+    <jackson.version>2.19.1</jackson.version>
     <joda-time.version>2.14.0</joda-time.version>
     <kotlin.version>2.1.21</kotlin.version>
     <snakeyaml.version>2.4</snakeyaml.version>