Hello, Dependabot has reached the maximum number of PRs allowed by its configuration, so I believe it is spring cleaning time.
Some actions are no brainers: * `javax.servlet-api` (https://github.com/apache/logging-log4j2/pull/803) should stay at 3.0, since we don't use features from higher version, * `cassandra-all` 2.2.8 (https://github.com/apache/logging-log4j2/pull/817) is unsupported and has 2 vulnerabilities. We should switch to 3.0.26, although this requires some code changes. Do we need to do it before 2.18.0? Other 'bumps' require IMHO some discussion: * `org.apache.felix.framework` is used only for testing. Should we switch to a newer version? * `maven-bundle-plugin`: documentation seems to be stuck at 4.2.1, while the implementation reached 5.1.4. Do we need to upgrade? Piotr
