Bump com.github.luben:zstd-jni from 1.5.7-3 to 1.5.7-4 in /log4j-parent

.github/dependabot.yaml

@@ -45,50 +45,17 @@ updates:
 
   - package-ecosystem: maven
     directories:
-      - "/log4j-1.2-api"
-      - "/log4j-api-test"
-      - "/log4j-api"
-      - "/log4j-appserver"
-      - "/log4j-cassandra"
-      - "/log4j-core-fuzz-test"
-      - "/log4j-core-its"
-      - "/log4j-core-test"
-      - "/log4j-core"
-      - "/log4j-couchdb"
-      - "/log4j-docker"
-      - "/log4j-fuzz-test"
-      - "/log4j-iostreams"
-      - "/log4j-jakarta-jms"
-      - "/log4j-jakarta-smtp"
-      - "/log4j-jakarta-web"
-      - "/log4j-jcl"
-      - "/log4j-jdbc-dbcp2"
-      - "/log4j-jpa"
-      - "/log4j-jpl"
-      - "/log4j-jul"
-      - "/log4j-layout-template-json-fuzz-test"
-      - "/log4j-layout-template-json-test"
-      - "/log4j-layout-template-json"
-      - "/log4j-mongodb"
-        # `log4j-mongodb4` is in a separate run
-      - "/log4j-osgi-test"
       - "/log4j-parent"
-      - "/log4j-perf-test"
-        # `log4j-slf4j-impl` is in a separate run
-      - "/log4j-slf4j2-impl-fuzz-test"
-      - "/log4j-slf4j2-impl"
-      - "/log4j-spring-boot"
-      - "/log4j-spring-cloud-config-client"
-      - "/log4j-taglib"
-      - "/log4j-to-jul"
-      - "/log4j-to-slf4j"
-      - "/log4j-web"
     open-pull-requests-limit: 10
     schedule:
       interval: "daily"
     target-branch: "2.x"
     registries:
       - maven-central
+    groups:
+      all-dependencies:
+        patterns:
+          - "*"
     ignore:
       # Jetty 10.x does not have an internal logging API
       - dependency-name: "org.eclipse.jetty:*"

.github/workflows/analyze-dependabot.yaml

@@ -0,0 +1,30 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: Dependabot Analyze PR
+
+on:
+  pull_request:
+
+permissions: { }
+
+jobs:
+
+  analyze-dependabot:
+    # Skip this workflow on commits not pushed by Dependabot
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    uses: apache/logging-parent/.github/workflows/analyze-dependabot-reusable.yaml@feat/dependabot-add-changelog2

.github/workflows/build.yaml

@@ -23,23 +23,25 @@ on:
       - "2.x"
       - "release/2*"
   pull_request:
+  workflow_dispatch:
 
 permissions: read-all
 
 jobs:
 
   build:
-    if: github.actor != 'dependabot[bot]'
-    uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/12.1.0
-    secrets:
-      DV_ACCESS_TOKEN: ${{ startsWith(github.ref_name, 'release/') && '' || secrets.DEVELOCITY_ACCESS_KEY }}
-    with:
-      java-version: |
-        8
-        17
-      site-enabled: true
-      reproducibility-check-enabled: false
-      develocity-enabled: ${{ ! startsWith(github.ref_name, 'release/') }}
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Just print some data
+        env:
+          ACTOR: ${{ github.actor }}
+          SENDER: ${{ toJSON(github.event.sender) }}
+          PR_USER: ${{ toJSON(github.event.pull_request.user) }}
+        run: |
+          echo "Actor: $ACTOR"
+          echo "Sender: $SENDER"
+          echo "User: $PR_USER"
 
   deploy-snapshot:
     needs: build
@@ -57,7 +59,7 @@ jobs:
   deploy-release:
     needs: build
     if: github.repository == 'apache/logging-log4j2' && startsWith(github.ref_name, 'release/')
-    uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@rel/12.1.0
+    uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@rel/12.1.1
     # Secrets for deployments
     secrets:
       GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}
@@ -78,7 +80,7 @@ jobs:
     needs: [ deploy-snapshot, deploy-release ]
     if: ${{ always() && (needs.deploy-snapshot.result == 'success' || needs.deploy-release.result == 'success') }}
     name: "verify-reproducibility (${{ needs.deploy-release.result == 'success' && needs.deploy-release.outputs.project-version || needs.deploy-snapshot.outputs.project-version }})"
-    uses: apache/logging-parent/.github/workflows/verify-reproducibility-reusable.yaml@rel/12.1.0
+    uses: apache/logging-parent/.github/workflows/verify-reproducibility-reusable.yaml@rel/12.1.1
     with:
       nexus-url: ${{ needs.deploy-release.result == 'success' && needs.deploy-release.outputs.nexus-url || 'https://repository.apache.org/content/groups/snapshots' }}
       # Encode the `runs-on` input as JSON array

.github/workflows/codeql-analysis.yaml

@@ -18,19 +18,14 @@
 name: codeql-analysis
 
 on:
-  push:
-    branches: [ "2.x", "main" ]
-  pull_request:
-    branches: [ "2.x", "main" ]
-  schedule:
-    - cron: '32 12 * * 5'
+  workflow_dispatch:
 
 permissions: read-all
 
 jobs:
 
   analyze:
-    uses: apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@rel/12.1.0
+    uses: apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@rel/12.1.1
     with:
       java-version: |
         8

.github/workflows/develocity-publish-build-scans.yaml

@@ -31,12 +31,12 @@ jobs:
     steps:
 
       - name: Setup Build Scan link capture
-        uses: gradle/develocity-actions/setup-maven@b8d3a572314ffff3b940a2c1b7b384d4983d422d   # 1.3
+        uses: gradle/develocity-actions/setup-maven@4a2aed82eea165ba2d5c494fc2a8730d7fdff229   # 1.4
         with:
           capture-build-scan-links: true
 
       - name: Publish Build Scans
-        uses: gradle/develocity-actions/maven-publish-build-scan@b8d3a572314ffff3b940a2c1b7b384d4983d422d   # 1.3
+        uses: gradle/develocity-actions/maven-publish-build-scan@4a2aed82eea165ba2d5c494fc2a8730d7fdff229   # 1.4
         with:
           develocity-url: 'https://develocity.apache.org'
           develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}

.github/workflows/process-dependabot.yaml

@@ -0,0 +1,46 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: Dependabot Process PR
+
+on:
+  workflow_run:
+    workflows:
+      - "Dependabot Analyze PR"
+    types:
+      - completed
+
+permissions: { }
+
+jobs:
+
+  process-dependabot:
+    # Skip this workflow on commits not pushed by Dependabot
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    uses: apache/logging-parent/.github/workflows/process-dependabot-reusable.yaml@feat/dependabot-add-changelog2
+    permissions:
+      # Required to auto-merge PRs
+      contents: write
+      pull-requests: write
+    secrets:
+      RECURSIVE_TOKEN: ${{ secrets.USER_TOKEN }}
+      GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+      GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+    with:
+      user-name: 'Release Manager'
+      user-email: [email protected]
+      analyze-workflow-run-id: ${{ github.event.workflow_run.id }}

log4j-mongodb/pom.xml

@@ -30,7 +30,7 @@
     <!-- OSGi and JPMS options -->
     <Fragment-Host>org.apache.logging.log4j.core</Fragment-Host>
     <!-- Dependency versions -->
-    <mongodb.version>5.3.1</mongodb.version>
+    <mongodb.version>5.3.0</mongodb.version>
     <slf4j2.version>2.0.17</slf4j2.version>
   </properties>
   <dependencyManagement>

log4j-parent/pom.xml

@@ -60,7 +60,7 @@
     <!-- =====================================================
          Direct dependency version properties (in alphabetical order)
          ===================================================== -->
-    <activemq.version>6.1.6</activemq.version>
+    <activemq.version>6.1.7</activemq.version>
     <angus-activation.version>2.0.2</angus-activation.version>
     <angus-mail.version>2.0.3</angus-mail.version>
     <assertj.version>3.27.3</assertj.version>
@@ -73,21 +73,21 @@
     <commons-compress.version>1.27.1</commons-compress.version>
     <commons-csv.version>1.14.0</commons-csv.version>
     <commons-dbcp2.version>2.13.0</commons-dbcp2.version>
-    <commons-io.version>2.18.0</commons-io.version>
+    <commons-io.version>2.19.0</commons-io.version>
     <commons-lang3.version>3.17.0</commons-lang3.version>
     <commons-logging.version>1.3.5</commons-logging.version>
     <!-- `com.conversantmedia:disruptor` version 1.2.16 requires Java 9: -->
     <conversant.disruptor.version>1.2.15</conversant.disruptor.version>
     <disruptor.version>3.4.4</disruptor.version>
     <embedded-ldap.version>0.9.0</embedded-ldap.version>
     <felix.version>7.0.5</felix.version>
-    <groovy.version>4.0.26</groovy.version>
-    <guava.version>33.4.7-jre</guava.version>
+    <groovy.version>4.0.27</groovy.version>
+    <guava.version>33.4.8-jre</guava.version>
     <h2.version>2.2.224</h2.version>
     <hamcrest.version>3.0</hamcrest.version>
     <HdrHistogram.version>2.2.2</HdrHistogram.version>
     <hsqldb.version>2.7.4</hsqldb.version>
-    <jackson-bom.version>2.18.3</jackson-bom.version>
+    <jackson-bom.version>2.19.1</jackson-bom.version>
     <!-- Override the version in Jakarta EE 9 BOM: -->
     <jakarta-activation.version>2.1.3</jakarta-activation.version>
     <jakarta-mail.version>2.1.3</jakarta-mail.version>
@@ -109,20 +109,20 @@
     <jmdns.version>3.6.1</jmdns.version>
     <jmh.version>1.37</jmh.version>
     <junit.version>4.13.2</junit.version>
-    <junit-jupiter.version>5.12.1</junit-jupiter.version>
+    <junit-jupiter.version>5.13.2</junit-jupiter.version>
     <junit-pioneer.version>1.9.1</junit-pioneer.version>
-    <kafka.version>3.9.0</kafka.version>
+    <kafka.version>4.0.0</kafka.version>
     <lightcouch.version>0.2.0</lightcouch.version>
     <log4j.version>1.2.17</log4j.version>
     <log4j-transform.version>0.2.0</log4j-transform.version>
     <log4j2-cachefile-transformer.version>2.15.0</log4j2-cachefile-transformer.version>
-    <log4j2-ecs-layout.version>1.6.0</log4j2-ecs-layout.version>
+    <log4j2-ecs-layout.version>1.7.0</log4j2-ecs-layout.version>
     <logback.version>1.3.15</logback.version>
-    <maven.version>3.9.9</maven.version>
+    <maven.version>3.9.10</maven.version>
     <mockito.version>4.11.0</mockito.version>
     <nashorn.version>15.6</nashorn.version>
-    <org.eclipse.osgi.version>3.23.0</org.eclipse.osgi.version>
-    <org.eclipse.persistence.version>2.7.15</org.eclipse.persistence.version>
+    <org.eclipse.osgi.version>3.23.100</org.eclipse.osgi.version>
+    <org.eclipse.persistence.version>2.7.16</org.eclipse.persistence.version>
     <oro.version>2.0.8</oro.version>
     <!-- The OSGi API version MUST always be the MINIMUM version Log4j supports: -->
     <osgi.api.version>6.0.0</osgi.api.version>
@@ -136,9 +136,9 @@
     <system-stubs.version>2.0.3</system-stubs.version>
     <velocity.version>1.7</velocity.version>
     <wiremock.version>2.35.2</wiremock.version>
-    <xmlunit.version>2.10.0</xmlunit.version>
+    <xmlunit.version>2.10.3</xmlunit.version>
     <xz.version>1.10</xz.version>
-    <zstd.version>1.5.7-2</zstd.version>
+    <zstd.version>1.5.7-4</zstd.version>
 
     <!-- =====================================================
          Pinned transitive dependency version properties (in alphabetical order)

pom.xml

@@ -31,7 +31,7 @@
   <parent>
     <groupId>org.apache.logging</groupId>
     <artifactId>logging-parent</artifactId>
-    <version>12.1.0</version>
+    <version>12.1.1</version>
     <relativePath />
   </parent>
 
@@ -345,12 +345,12 @@
     <site-conversant.version>1.2.21</site-conversant.version>
     <site-disruptor.version>4.0.0</site-disruptor.version>
     <site-flume.version>1.11.0</site-flume.version>
-    <site-jackson.version>2.18.3</site-jackson.version>
+    <site-jackson.version>2.19.1</site-jackson.version>
     <site-javax-mail.version>1.6.2</site-javax-mail.version>
     <site-jctools.version>4.0.5</site-jctools.version>
     <site-je.version>18.3.12</site-je.version>
     <site-jeromq.version>0.6.0</site-jeromq.version>
-    <site-kafka.version>3.9.0</site-kafka.version>
+    <site-kafka.version>4.0.0</site-kafka.version>
     <site-logback.version>1.3.15</site-logback.version>
     <site-slf4j.version>2.0.17</site-slf4j.version>