Apache Logging Security Vulnerability

[marshmallowrobot]

Summary

Dependabot has identified several security vulnerabilities in the 3rd party libraries Pacbot relies on. In most cases, these vulnerabilities can be resolved by upgrading the library to the most current version.

Maintainers, if you're internal to T-Mobile, you should have been seeing these security alerts coming in over the last several weeks. Please respond to these in a timely manner.

org.apache.logging.log4j:log4j-core | Version< 2.13.2 | Upgrade to~> 2.13.2

If upgrading this dependency is not possible at the moment, please respond to this with a series of issues (or story cards in a project) that break down the code issues and describe a possible fix. If these are visible, your community can help resolve them quickly.