Bump ch.qos.logback:logback-classic from 1.5.16 to 1.5.18 (#2080)

Bumps
[ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) from
1.5.16 to 1.5.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-classic's
releases</a>.</em></p>
<blockquote>
<h2>Logback 1.5.18</h2>
<p><strong>2025-03-18 Release of logback version 1.5.18</strong></p>
<p>• Added<a
href="https://logback.qos.ch/manual/appenders.html#fileCompression">
support for XZ compression</a> for archived log files. Note that XZ
compression requires Tukaani project's <a
href="https://tukaani.org/xz/java.html">XZ library</a> for Java. In case
XZ compression is requested but the XZ library is missing, then logback
will substitute GZ compression as a fallback. This feature was requested
in issues/755.</p>
<p>• Removed references to <code>java.security.AccessController</code>
class. This class has been deprecated for some time and is slated for
removal in future JDK versions.</p>
<p>• A bit-wise identical binary of this version can be reproduced by
building from source code at commit
b2a02f065379a9b1ba5ff837fc08913b744774bc associated with the tag
v_1.5.18. Release built using Java &quot;21&quot; 2023-10-17 LTS build
21.0.1.+12-LTS-29 under Linux Debian 11.6.</p>
<h2>Logback 1.5.17</h2>
<p><strong>2025-02-25 Release of logback version 1.5.17</strong></p>
<p>• Fixed Jansi 2.4.0 color-coded output not working on Windows CMD.exe
console when the default terminal application is set to &quot;Windows
Console Host&quot;. This problem was reported in issues/753 by Michael
Lyubkin.</p>
<p>• Fixed race condition occurring in case MDC class is initialized
while org.slf4j.LoggerFactory is initializing logback-classic's
LoggerContext. When this race conditions occurs, the MDCAdapter instance
used by MDC does not match the instance used by logback-classic. This
issue was reported in SLF4J issues/450. While logback-classic version
1.5.17 remains compatible with SLF4J versions in the 2.0.x series,
fixing this particular MDC issue requires SLF4J version 2.0.17.</p>
<p>• A bit-wise identical binary of this version can be reproduced by
building from source code at commit
10358724ed723b3745c010aa40cb02a2dfed4593 associated with the tag
v_1.5.17. Release built using Java &quot;21&quot; 2023-10-17 LTS build
21.0.1.+12-LTS-29 under Linux Debian 11.6.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/qos-ch/logback/commit/b2a02f065379a9b1ba5ff837fc08913b744774bc"><code>b2a02f0</code></a>
prepare release 1.5.18</li>
<li><a
href="https://github.com/qos-ch/logback/commit/991de5828b2afc2ddb8fbc7b233bd660096d793f"><code>991de58</code></a>
remove references to AccessController marked for deletion in the
JDK</li>
<li><a
href="https://github.com/qos-ch/logback/commit/f54ab16c8436475f16579e887c1305506212ac5a"><code>f54ab16</code></a>
If compression mode is XZ but the XZ library is missing, then fallback
to GZ ...</li>
<li><a
href="https://github.com/qos-ch/logback/commit/fb45971e5457296abfcf706322a06563fb3df62a"><code>fb45971</code></a>
add support for XZ compression</li>
<li><a
href="https://github.com/qos-ch/logback/commit/31c1f55a1bf177922cf6a3c609a9d379f12d0693"><code>31c1f55</code></a>
add xz compression support with tests</li>
<li><a
href="https://github.com/qos-ch/logback/commit/8968d0fd43d065f2f0e63b6679e59c89e0c2a8b8"><code>8968d0f</code></a>
introduce strategy based compression</li>
<li><a
href="https://github.com/qos-ch/logback/commit/834059cb64ea8a6ca6e51c78fa0ac2b2797df0ed"><code>834059c</code></a>
start work on 1.5.18-SNAPSHOT</li>
<li><a
href="https://github.com/qos-ch/logback/commit/10358724ed723b3745c010aa40cb02a2dfed4593"><code>1035872</code></a>
prepare release 1.5.17</li>
<li><a
href="https://github.com/qos-ch/logback/commit/2e6984d1e16c78c703a62bf2789a9c157d7bc050"><code>2e6984d</code></a>
bump to slf4j version 2.0.17</li>
<li><a
href="https://github.com/qos-ch/logback/commit/100995244bf75ded9cb51bade91f84e63f349474"><code>1009952</code></a>
use a new LoggerContert instance when running LogbackListenerTest. This
shoul...</li>
<li>Additional commits viewable in <a
href="https://github.com/qos-ch/logback/compare/v_1.5.16...v_1.5.18">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ch.qos.logback:logback-classic&package-manager=maven&previous-version=1.5.16&new-version=1.5.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

pom.xml

@@ -51,7 +51,7 @@
         <slf4j.version>2.0.16</slf4j.version>
         <zstd-jni.version>1.5.7-2</zstd-jni.version>
         <activation.version>2.0.1</activation.version>
-        <logback.version>1.5.16</logback.version>
+        <logback.version>1.5.18</logback.version>
         <jetbrains-annotations.version>26.0.2</jetbrains-annotations.version>
     </properties>