Bump org.apache.logging.log4j:log4j-core from 2.19.0 to 2.20.0 in /buildSrc/src/testKit/thirdPartyAudit/sample_jars

[dependabot]

Bumps org.apache.logging.log4j:log4j-core from 2.19.0 to 2.20.0.

Commits

• 44ab013 [maven-release-plugin] prepare release log4j-2.20.0-rc1
• ffa25f1 Skip spotless plugin during release
• 7c4e69f [maven-release-plugin] rollback the release of log4j-2.20.0-rc1
• 6825e26 [maven-release-plugin] prepare for next development iteration
• 68d0bab [maven-release-plugin] prepare release log4j-2.20.0-rc1
• 763b844 Revert version update
• c3e8696 [maven-release-plugin] prepare release log4j-2.20.1-rc1
• c541268 [maven-release-plugin] prepare for next development iteration
• 903547c [maven-release-plugin] prepare release log4j-2.20.1-rc1
• 090af6d Add test jars
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Gradle Check (Jenkins) Run Completed with:

• RESULT: SUCCESS ✅
• URL: https://build.ci.opensearch.org/job/gradle-check/11739/
• CommitID: efdf6fb

[codecov-commenter]

Codecov Report

Merging #6490 (efdf6fb) into main (eb78246) will decrease coverage by 0.13%.
The diff coverage is n/a.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@             Coverage Diff              @@
##               main    #6490      +/-   ##
============================================
- Coverage     70.73%   70.60%   -0.13%     
+ Complexity    59083    58962     -121     
============================================
  Files          4801     4801              
  Lines        282901   282901              
  Branches      40787    40787              
============================================
- Hits         200117   199753     -364     
- Misses        66360    66703     +343     
- Partials      16424    16445      +21     

Impacted Files	Coverage Δ
...adonly/AddIndexBlockClusterStateUpdateRequest.java	0.00% <0.00%> (-75.00%)	⬇️
...readonly/TransportVerifyShardIndexBlockAction.java	9.75% <0.00%> (-58.54%)	⬇️
...n/admin/indices/readonly/AddIndexBlockRequest.java	17.85% <0.00%> (-53.58%)	⬇️
.../java/org/opensearch/node/NodeClosedException.java	50.00% <0.00%> (-50.00%)	⬇️
...rch/client/transport/NoNodeAvailableException.java	28.57% <0.00%> (-42.86%)	⬇️
...nsearch/rest/action/cat/RestCatRecoveryAction.java	43.61% <0.00%> (-42.56%)	⬇️
.../org/opensearch/client/indices/AnalyzeRequest.java	31.00% <0.00%> (-42.00%)	⬇️
...indices/readonly/TransportAddIndexBlockAction.java	20.68% <0.00%> (-41.38%)	⬇️
...h/action/ingest/SimulateDocumentVerboseResult.java	60.71% <0.00%> (-39.29%)	⬇️
...java/org/opensearch/threadpool/ThreadPoolInfo.java	56.25% <0.00%> (-37.50%)	⬇️
... and 468 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[kotwanikunal]

@dependabot recreate

[github-actions]

Gradle Check (Jenkins) Run Completed with:

• RESULT: FAILURE ❌
• URL: https://build.ci.opensearch.org/job/gradle-check/11759/
• CommitID: 1486d46
  Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green.
  Is the failure a flaky test unrelated to your change?

[github-actions]

Gradle Check (Jenkins) Run Completed with:

• RESULT: SUCCESS ✅
• URL: https://build.ci.opensearch.org/job/gradle-check/11762/
• CommitID: b96b9f8

[kartg]

Inspecting the whitesource failure here and clicking through to the actual security report reveals that this is due to the SnakeYAML dependency

We have applied the mitigation for this (#5576 (comment)) so OpenSearch is not vulnerable.

I will go ahead and merge this in.

[opensearch-trigger-bot]

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-6490-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 02be640b4e3c1915fb5e6922d305c93ecf1d8f04
# Push it to GitHub
git push --set-upstream origin backport/backport-6490-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-6490-to-2.x.