chore(deps): bump org.apache.logging.log4j:log4j-bom from 2.21.1 to 2.22.0

[dependabot]

Bumps org.apache.logging.log4j:log4j-bom from 2.21.1 to 2.22.0.

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.22.0

This releases provides a CycloneDX Software Bill of Materials (SBOM) along with each artifact and contains bug fixes addressing issues in the JPMS & OSGi infrastructure overhauled in 2.21.0, dependency updates, and some other minor fixes and improvements.

CycloneDX Software Bill of Materials (SBOM)

This is the first Log4j release that provides a CycloneDX Software Bill of Materials (SBOM) along with each artifact. Generated SBOMs are attached as artifacts with cyclonedx classifier and XML extensions, that is, <artifactId>-<version>-cyclonedx.xml. They contain vulnerability-assertion references to a CycloneDX Vulnerability Disclosure Report (VDR) that Apache Logging Services uses for all projects it maintains. This VDR is accessible through the following URL: https://logging.apache.org/cyclonedx/vdr.xml[]

SBOM generation is streamlined by logging-parent, see its website for details.

Changed

• Change the order of evaluation of FormattedMessage formatters. Messages are evaluated using java.util.Format only if they don't comply to the java.text.MessageFormat or ParameterizedMessage format. (#1223)
• Change default encoding of HTTP Basic Authentication to UTF-8 and add log4j2.configurationAuthorizationEncoding property to overwrite it. (#1970)
• Update com.fasterxml.jackson:jackson-bom to version 2.16.0 (#1974)
• Update com.github.luben:zstd-jni to version 1.5.5-10 (#1940)
• Update com.google.guava:guava to version 32.1.3-jre (#1875)
• Update io.netty:netty-bom to version 4.1.101.Final (#1960)
• Update org.eclipse.persistence:org.eclipse.persistence.jpa to version 2.7.13 (#1900)
• Update org.fusesource.jansi:jansi to version 2.4.1 (#1907)
• Update org.mongodb:bson to version 4.11.1 (#1957)
• Update org.springframework:spring-framework-bom to version 5.3.30
• Update org.springframework.boot:spring-boot to version 2.7.17 (#1874)
• Update org.springframework:spring-framework-bom to version 5.3.31 (#1973)
• Update org.zeromq:jeromq to version 0.5.4 (#1878)

Removed

• Removed unused FastDateParser which was causing unnecessary heap overhead (LOG4J2-3672, #1848)

Fixed

• Fix MDC pattern converter causing issues for %notEmpty (#1922)
• Export missing OSGi & JPMS modules in log4j-layout-template-json and log4j-1.2-api (#1895)
• Fix spring-test dependency scope change (LOG4J2-3675)
• Fix JPMS descriptors causing jlink issues (#1896)
• Add missing Implementation- and Specification- entries to MANIFEST.MF (implemented by logging-parent version 10.3.0 update) (#1923)
• Fix NotSerializableException thrown when Logger is serialized with a ReusableMessageFactory (#1884)

Commits

• a1634d6 Release changelog for version 2.22.0
• 4d27296 Update the project.build.outputTimestamp property
• d91092f Fix .changelog.adoc.ftl typo
• 5c41c01 Improve release notes
• d6d9626 Update the project.build.outputTimestamp property
• b382a65 Remove explicit distribution-attachment-* arguments to CI
• 9873b11 Update the project.build.outputTimestamp property
• 38e133f Release changelog
• 200909c Set the version to 2.22.0
• 819b738 Merge remote-tracking branch ppkarwasz/basic-auth into 2.x (#1970)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (672a8c4) 88.09% compared to head (c8a71dd) 88.09%.
Report is 6 commits behind head on main.

❗ Current head c8a71dd differs from pull request most recent head b3fed71. Consider uploading reports for the commit b3fed71 to get more accurate results

Additional details and impacted files

@@            Coverage Diff            @@
##               main     #231   +/-   ##
=========================================
  Coverage     88.09%   88.09%           
  Complexity       73       73           
=========================================
  Files            25       25           
  Lines           487      487           
  Branches         39       39           
=========================================
  Hits            429      429           
  Misses           26       26           
  Partials         32       32           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.