Bump org.apache.logging.log4j:log4j-bom from 2.25.1 to 2.25.3 in /data-prepper-expression

[dependabot]

Bumps org.apache.logging.log4j:log4j-bom from 2.25.1 to 2.25.3.

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.25.3

This patch release addresses issues detailed in the changelog below. In particular, it includes an important fix for the host name verification in SSL/TLS configuration. This is used by Socket Appender.

Changed

• Optimize DefaultThreadContextMap.getCopy() performance by avoiding megamorphic calls in HashMap constructor (#3935, #3939)

Fixed

• Fix GraalVM metadata for nested classes to use binary names instead of canonical names (#3871, #3996)
• Fix failures caused by null SslConfiguration (#3947, #3953)
• Fix incorrect handling of the host name verification in SSL/TLS configuration, which is used by Socket Appender when SSL/TLS is enabled (#4002)

Removed

• Remove the com.github.spotbugs:spotbugs-annotations dependency (#3984, #3985)

2.25.2

This patch release addresses certain minor issues detailed in the changelog.

Fixed

• Fix potential memory leak involving LogBuilder in Log4j API to Logback bridge (#3819, #3824)
• Prevent unnecessary warnings in AbstractDriverManagerConnectionSource (#3828, #3831)
• Fix missing newlines in default logging configuration for log4j-core (#3835, #3851)
• Fix missing default Target value in Console Appender (#3852)
• Discard the sub-second part while obtaining the initial time (i.e., creation time) of a file in RollingFileManager (#3068, #3872)
• Fix Pattern Layout exception stack trace converters to no longer prepend newlines based on context (#3873, #3919)
• Fix the com.google.errorprone:error_prone_annotations dependency whose version property gets erased due to flattening (#3779, #3785, #3822, #3905)
• Fix detection of Throwable converters inside nested Pattern Layout patterns when applying alwaysWriteExceptions (#3920)
• Fix parsing and merging of literals in InstantPatternDynamicFormatter (#3930, #3932)

Commits

• 028e9fa Update the project.build.outputTimestamp property
• 5350d10 Fix host name verification in SSLSocketManager (#4002)
• e2898a0 Fix @Version annotations
• 041435d Get ready for the 2.25.3 release
• 73db4fb Fix log message in ApiLogger::setUseParentHandlers (#3943)
• 6076b16 Fix nullability issues in SslConfiguration (#3953)
• 8d43a99 Remove the com.github.spotbugs:spotbugs-annotations dependency (#3984, #3985)
• 78dc01d Use binary names in GraalVmProcessor (#3996)
• c09b012 Optimize DefaultThreadContextMap.getCopy() performance (#3939)
• 6923bd9 Release changelog for version 2.25.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)