Bump the all group across 2 directories with 7 updates

[dependabot]

Bumps the all group with 2 updates in the / directory: org.apache.logging.log4j:log4j-bom and org.apache.logging.log4j:log4j-core.
Bumps the all group with 6 updates in the /log4j-samples-graalvm directory:

Package	From	To
org.apache.logging.log4j:log4j-bom	2.25.1	2.25.2
org.assertj:assertj-bom	3.27.4	3.27.6
org.junit:junit-bom	5.13.4	6.0.0
ch.qos.logback:logback-classic	1.5.18	1.5.19
org.graalvm.buildtools:native-maven-plugin	0.11.0	0.11.1
org.codehaus.mojo:exec-maven-plugin	3.5.1	3.6.1

Updates org.apache.logging.log4j:log4j-bom from 0.0.0-SNAPSHOT to 2.25.2

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.25.2

This patch release addresses certain minor issues detailed in the changelog.

Fixed

• Fix potential memory leak involving LogBuilder in Log4j API to Logback bridge (#3819, #3824)
• Prevent unnecessary warnings in AbstractDriverManagerConnectionSource (#3828, #3831)
• Fix missing newlines in default logging configuration for log4j-core (#3835, #3851)
• Fix missing default Target value in Console Appender (#3852)
• Discard the sub-second part while obtaining the initial time (i.e., creation time) of a file in RollingFileManager (#3068, #3872)
• Fix Pattern Layout exception stack trace converters to no longer prepend newlines based on context (#3873, #3919)
• Fix the com.google.errorprone:error_prone_annotations dependency whose version property gets erased due to flattening (#3779, #3785, #3822, #3905)
• Fix detection of Throwable converters inside nested Pattern Layout patterns when applying alwaysWriteExceptions (#3920)
• Fix parsing and merging of literals in InstantPatternDynamicFormatter (#3930, #3932)

2.25.1

This patch release addresses a dozen bugs in version 2.25.0, in particular:

• Resolves a concurrency issue in the new unified datetime formatter.
• Fixes build failures affecting Gradle users.
• Restores backward compatibility with Spring Boot’s common logging configuration.
• Improves handling of edge cases in GraalVM support.

Fixed

• Fix detection of the Disruptor major version in environments with non-standard thread context classloader. (#3706)
• Downgrade spotbugs-annotations to resolve Gradle build failures. (#3754)
• Fix incorrect version resolution of jspecify and error_prone_annotations dependencies in published POM files. (#3758, #3779)
• Restore compatibility with Spring Boot by allowing reconfiguration using the LoggerContext.start method. (#3770)
• Allow omission of the -Alog4j.graalvm.groupId and -Alog4j.graalvm.artifactId arguments when building Log4j plugins. (#3771)
• Broaden the OSGi manifest's Import-Package constraints to support Jakarta Servlet API up to version 6. (#3787)
• Enable the resource: protocol for configuration files by default when running on GraalVM. (#3790)
• Fix timestamp formatting concurrency issue, when log4j2.enabledThreadlocals is true. (#3792)
• Fix GraalVM reachability metadata generation for methods with annotated array type parameters, such as @Nullable String[]. (#3796)
• Resolve PropertiesConfiguration compatibility issues with GraalVM and address additional minor reflection-related problems. (#3800)

2.25.0

This minor release introduces bug fixes, behavior improvements, and complete support for GraalVM native image generation.

GraalVM Reachability Metadata

Log4j Core and all extension modules now include embedded
GraalVM reachability metadata,
enabling seamless generation of native images with GraalVM out of the box—no manual configuration required.
For more information, refer to our GraalVM guide.

[!NOTE]
When building third-party Log4j plugins, using the new GraalVmProcessor
introduced in version 2.25.0 will automatically generate the required reachability metadata for GraalVM native images.
However, the processor will fail the build if the required log4j.graalvm.groupId and log4j.graalvm.artifactId parameters are not provided.

... (truncated)

Commits

• See full diff in compare view

Updates org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2

Updates org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2

Updates org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2

Updates org.apache.logging.log4j:log4j-bom from 2.25.1 to 2.25.2

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.25.2

This patch release addresses certain minor issues detailed in the changelog.

Fixed

• Fix potential memory leak involving LogBuilder in Log4j API to Logback bridge (#3819, #3824)
• Prevent unnecessary warnings in AbstractDriverManagerConnectionSource (#3828, #3831)
• Fix missing newlines in default logging configuration for log4j-core (#3835, #3851)
• Fix missing default Target value in Console Appender (#3852)
• Discard the sub-second part while obtaining the initial time (i.e., creation time) of a file in RollingFileManager (#3068, #3872)
• Fix Pattern Layout exception stack trace converters to no longer prepend newlines based on context (#3873, #3919)
• Fix the com.google.errorprone:error_prone_annotations dependency whose version property gets erased due to flattening (#3779, #3785, #3822, #3905)
• Fix detection of Throwable converters inside nested Pattern Layout patterns when applying alwaysWriteExceptions (#3920)
• Fix parsing and merging of literals in InstantPatternDynamicFormatter (#3930, #3932)

2.25.1

This patch release addresses a dozen bugs in version 2.25.0, in particular:

• Resolves a concurrency issue in the new unified datetime formatter.
• Fixes build failures affecting Gradle users.
• Restores backward compatibility with Spring Boot’s common logging configuration.
• Improves handling of edge cases in GraalVM support.

Fixed

• Fix detection of the Disruptor major version in environments with non-standard thread context classloader. (#3706)
• Downgrade spotbugs-annotations to resolve Gradle build failures. (#3754)
• Fix incorrect version resolution of jspecify and error_prone_annotations dependencies in published POM files. (#3758, #3779)
• Restore compatibility with Spring Boot by allowing reconfiguration using the LoggerContext.start method. (#3770)
• Allow omission of the -Alog4j.graalvm.groupId and -Alog4j.graalvm.artifactId arguments when building Log4j plugins. (#3771)
• Broaden the OSGi manifest's Import-Package constraints to support Jakarta Servlet API up to version 6. (#3787)
• Enable the resource: protocol for configuration files by default when running on GraalVM. (#3790)
• Fix timestamp formatting concurrency issue, when log4j2.enabledThreadlocals is true. (#3792)
• Fix GraalVM reachability metadata generation for methods with annotated array type parameters, such as @Nullable String[]. (#3796)
• Resolve PropertiesConfiguration compatibility issues with GraalVM and address additional minor reflection-related problems. (#3800)

2.25.0

This minor release introduces bug fixes, behavior improvements, and complete support for GraalVM native image generation.

GraalVM Reachability Metadata

Log4j Core and all extension modules now include embedded
GraalVM reachability metadata,
enabling seamless generation of native images with GraalVM out of the box—no manual configuration required.
For more information, refer to our GraalVM guide.

[!NOTE]
When building third-party Log4j plugins, using the new GraalVmProcessor
introduced in version 2.25.0 will automatically generate the required reachability metadata for GraalVM native images.
However, the processor will fail the build if the required log4j.graalvm.groupId and log4j.graalvm.artifactId parameters are not provided.

... (truncated)

Commits

• See full diff in compare view

Updates org.assertj:assertj-bom from 3.27.4 to 3.27.6

Release notes

Sourced from org.assertj:assertj-bom's releases.

v3.27.6

🐛 Bug Fixes

Core

• Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​duponter

v3.27.5

⚡ Improvements

Core

• ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.17.7 #3947
• Upgrade to JUnit BOM 5.13.4 #3947

Guava

• Upgrade to Guava 33.4.8-jre #3947

Commits

• 716b1e0 [maven-release-plugin] prepare release assertj-build-3.27.6
• e189652 Add missing export for org.assertj.core.annotation (#3951)
• 0cb489e Update Maven Central URL
• 7286309 [maven-release-plugin] prepare for next development iteration
• dd4cc1d [maven-release-plugin] prepare release assertj-build-3.27.5
• 1d0defc Add missing permission to release workflow
• 844d5d0 Add missing GitHub Actions pinning to CodeQL workflow
• bdd7106 Add CodeQL custom workflow
• a93d7e6 Remove EOL Java 24
• 26ea866 Update production dependencies (#3947)
• Additional commits viewable in compare view

Updates org.junit:junit-bom from 5.13.4 to 6.0.0

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

• @​2897robo made their first contribution in junit-team/junit-framework#4525
• @​strangelookingnerd made their first contribution in junit-team/junit-framework#4683
• @​eric6iese made their first contribution in junit-team/junit-framework#4717
• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823
• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

See Release Notes.

New Contributors

• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823

Full Changelog: junit-team/junit-framework@r6.0.0-M2...r6.0.0-RC1

JUnit 6.0.0-M2 = Platform 6.0.0-M2 + Jupiter 6.0.0-M2 + Vintage 6.0.0-M2

See Release Notes.

New Contributors

• @​eric6iese made their first contribution in junit-team/junit-framework#4717

Full Changelog: junit-team/junit-framework@r6.0.0-M1...r6.0.0-M2

... (truncated)

Commits

• 4f79594 Release 6.0.0
• 55af30a Revert "Use develop/6.x branch for junit-examples during release build"
• df3cfdd Release 5.14.0
• fcb84a2 Disable backward compatibility check when offline
• c9c8344 Prune 5.14.0 release notes
• 03d8a72 Update broken link to using API Gaurdian with bndtools
• 3a0b29b Use temporary JUnit 6 logo
• 6603caa Rename eclipseClasspath to eclipseConventions to avoid confusion
• ab3470b Make sealed MediaType work in Eclipse
• a8cd41e Remove annotations not visible in Eclipse
• Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-bom from 2.25.1 to 2.25.2

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.25.2

This patch release addresses certain minor issues detailed in the changelog.

Fixed

• Fix potential memory leak involving LogBuilder in Log4j API to Logback bridge (#3819, #3824)
• Prevent unnecessary warnings in AbstractDriverManagerConnectionSource (#3828, #3831)
• Fix missing newlines in default logging configuration for log4j-core (#3835, #3851)
• Fix missing default Target value in Console Appender (#3852)
• Discard the sub-second part while obtaining the initial time (i.e., creation time) of a file in RollingFileManager (#3068, #3872)
• Fix Pattern Layout exception stack trace converters to no longer prepend newlines based on context (#3873, #3919)
• Fix the com.google.errorprone:error_prone_annotations dependency whose version property gets erased due to flattening (#3779, #3785, #3822, #3905)
• Fix detection of Throwable converters inside nested Pattern Layout patterns when applying alwaysWriteExceptions (#3920)
• Fix parsing and merging of literals in InstantPatternDynamicFormatter (#3930, #3932)

2.25.1

This patch release addresses a dozen bugs in version 2.25.0, in particular:

• Resolves a concurrency issue in the new unified datetime formatter.
• Fixes build failures affecting Gradle users.
• Restores backward compatibility with Spring Boot’s common logging configuration.
• Improves handling of edge cases in GraalVM support.

Fixed

• Fix detection of the Disruptor major version in environments with non-standard thread context classloader. (#3706)
• Downgrade spotbugs-annotations to resolve Gradle build failures. (#3754)
• Fix incorrect version resolution of jspecify and error_prone_annotations dependencies in published POM files. (#3758, #3779)
• Restore compatibility with Spring Boot by allowing reconfiguration using the LoggerContext.start method. (#3770)
• Allow omission of the -Alog4j.graalvm.groupId and -Alog4j.graalvm.artifactId arguments when building Log4j plugins. (#3771)
• Broaden the OSGi manifest's Import-Package constraints to support Jakarta Servlet API up to version 6. (#3787)
• Enable the resource: protocol for configuration files by default when running on GraalVM. (#3790)
• Fix timestamp formatting concurrency issue, when log4j2.enabledThreadlocals is true. (#3792)
• Fix GraalVM reachability metadata generation for methods with annotated array type parameters, such as @Nullable String[]. (#3796)
• Resolve PropertiesConfiguration compatibility issues with GraalVM and address additional minor reflection-related problems. (#3800)

2.25.0

This minor release introduces bug fixes, behavior improvements, and complete support for GraalVM native image generation.

GraalVM Reachability Metadata

Log4j Core and all extension modules now include embedded
GraalVM reachability metadata,
enabling seamless generation of native images with GraalVM out of the box—no manual configuration required.
For more information, refer to our GraalVM guide.

[!NOTE]
When building third-party Log4j plugins, using the new GraalVmProcessor
introduced in version 2.25.0 will automatically generate the required reachability metadata for GraalVM native images.
However, the processor will fail the build if the required log4j.graalvm.groupId and log4j.graalvm.artifactId parameters are not provided.

... (truncated)

Commits

• See full diff in compare view

Updates ch.qos.logback:logback-classic from 1.5.18 to 1.5.19

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• e572d4f skip deployment of blackbox and example modules, published as version 1.5.9
• 4adae8b add plugin for Maven Central deployment
• ee70cf4 prepare release 1.5.19
• 20802cf mindor javadoc changes
• 8116069 comment out code in COWArrayListConcurrencyTest to make IDE happy
• 7f65340 minor changes
• 8d2262d soften warning on using ConsoleAppender
• c76fed3 ViewStatusMessagesServlet requires method POST for button 'Clear' (#971)
• 61f6a25 disallow new in if condition attribute in config files
• a07cfd5 logback-core: fix spelling errors (#956)
• Additional commits viewable in compare view

Updates org.graalvm.buildtools:native-maven-plugin from 0.11.0 to 0.11.1

Release notes

Sourced from org.graalvm.buildtools:native-maven-plugin's releases.

0.11.1

What's Changed

• Create release 0.11.0 by @​brahimhaddou in graalvm/native-build-tools#746
• bump version to 0.11.1 SNAPSHOT by @​brahimhaddou in graalvm/native-build-tools#749
• [GR-68095] Change links in the Native Build Tools Gradle page by @​ban-mi in graalvm/native-build-tools#753
• Group annotations by dependency and print a warning if the dependency is missing by @​dnestoro in graalvm/native-build-tools#752
• Fix configuration cache compatibility in generating excluded args by @​bacecek in graalvm/native-build-tools#763
• Remove the default Maven phase bound to the metadata-copy Maven goal to simplify the use of integration tests by @​linghengqian in graalvm/native-build-tools#748
• Prepare SBOM integration for GraalVM 25 by @​rudsberg in graalvm/native-build-tools#759
• Add testing of Gradle 9 by @​melix in graalvm/native-build-tools#766
• supporting jdk toolchain configuration by @​SergeDemoulinGebit in graalvm/native-build-tools#622
• Move JUnit tests to get started by @​ban-mi in graalvm/native-build-tools#767
• Disable layered images test temporarily because of a problem on GralVM side by @​dnestoro in graalvm/native-build-tools#772
• Add new JUnit 5.14/6.0 types to initialize-at-build-time classes by @​marcphilipp in graalvm/native-build-tools#771
• Prepare repository for release 0.11.1 by @​dnestoro in graalvm/native-build-tools#770

New Contributors

• @​ban-mi made their first contribution in graalvm/native-build-tools#753
• @​bacecek made their first contribution in graalvm/native-build-tools#763
• @​SergeDemoulinGebit made their first contribution in graalvm/native-build-tools#622

Full Changelog: graalvm/native-build-tools@0.11.0...0.11.1

Commits

• 6545631 Create release 0.11.1
• 359acfb Update licenses to pass style check
• 7327427 Add changelog entries
• 73d17cc Update Reachability metadata version
• eb52764 Add new JUnit 5.14/6.0 types to initialize-at-build-time classes
• f94e6d6 Disable layered images test temporarily because of a problem on GraalVM side
• 200e23c Update docs/src/docs/asciidoc/end-to-end-gradle-guide.adoc
• 079f06d Move JUnit tests to get started
• 50d8fbb supporting jdk toolchain configuration
• 77b4cfb Add testing of Gradle 9
• Additional commits viewable in compare view

Updates org.codehaus.mojo:exec-maven-plugin from 3.5.1 to 3.6.1

Release notes

Sourced from org.codehaus.mojo:exec-maven-plugin's releases.

3.6.1

🐛 Bug Fixes

• Revert change from #480 - plugin dependencies must be resolved from plugin repositories (#496) @​slawekjaranowski

📦 Dependency updates

• Bump org.codehaus.mojo:mojo-parent from 93 to 94 (#495) @dependabot[bot]

3.6.0

🚀 New features and improvements

• [ExecMojo]Add getShebang method to correctly set the command line executable name (#487) @​uchenily
• JEP 512 Support (#484) @​cayhorstmann

🐛 Bug Fixes

• fix inheritIo option (#488) @​dernasherbrezon
• Fix for #479 - Wrong repositories used to collect deps (#480) @​cstamas

👻 Maintenance

• Use JSR-330 for component injection (#493) @​slawekjaranowski
• Re-run failed tests (#491) @​slawekjaranowski
• Restore default matrix build (#486) @​slawekjaranowski

📦 Dependency updates

• Use Maven 3.9.11 in dependencies, still requires 3.6.3 as minimum (#492) @​slawekjaranowski
• Bump org.codehaus.mojo:mojo-parent from 92 to 93 (#483) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 91 to 92 (#478) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 90 to 91 (#477) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 89 to 90 (#476) @dependabot[bot]

Commits

• 53087eb [maven-release-plugin] prepare release 3.6.1
• 02e72e2 Revert change from #480 - plugin dependencies must be resolved from plugin re...
• 18a21ea Bump org.codehaus.mojo:mojo-parent from 93 to 94
• 3b6b9c5 [maven-release-plugin] prepare for next development iteration
• febfc6f [maven-release-plugin] prepare release 3.6.0
• ed19086 fix inheritIo option (#488)
• a4297c6 Use JSR-330 for component injection
• 5d90977 Use Maven 3.9.11 in dependencies, still requires 3.6.3 as minimum
• b55f906 Re-run failed tests
• 664d788 [ExecMojo]Add getShebang method to correctly set the command line executabl...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions