MINOR: Bump logback.version from 1.5.18 to 1.5.20 (#897)

Bumps `logback.version` from 1.5.18 to 1.5.20.
Updates `ch.qos.logback:logback-classic` from 1.5.18 to 1.5.20
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-classic's
releases</a>.</em></p>
<blockquote>
<h2>Logback 1.5.19</h2>
<p><strong>2025-09-30 Release of logback version 1.5.19</strong></p>
<p>• Disallow &quot;new&quot; operator in the <code>condition</code>
attribute of &lt;<code>if</code>&gt; elements. This fixes an ACE
vulnerability recorded as <a
href="https://www.cve.org/cverecord?id=CVE-2025-11226">CVE-2025-11226</a>.</p>
<p>• At initialization time, slightly better reporting about watched
configuration files.</p>
<p>• Softer message regarding usage of ConsoleAppender and its potential
impact on performance.</p>
<p>• In ViewStatusMessagesServlet, restrict processing of
&quot;Clear&quot; button to POST method. This change was proposed by
Ralf Wiebicke who also provided the relevant <a
href="https://redirect.github.com/qos-ch/logback/pull/971">PR</a>.</p>
<p>• A bit-wise identical binary of this version can be reproduced by
building from <a href="https://github.com/qos-ch/logback">source
code</a> at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated
with the tag v_1.5.19. Release built using Java &quot;21&quot;
2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/qos-ch/logback/commit/930fb15c993a4344bcecc6ba2225c12a2c38e676"><code>930fb15</code></a>
prepare release 1.5.20</li>
<li><a
href="https://github.com/qos-ch/logback/commit/0b4432a31921df31e31bf9f4331f6e7e2888e893"><code>0b4432a</code></a>
provide an alternative to Janino based conditional configuration
processing -...</li>
<li><a
href="https://github.com/qos-ch/logback/commit/258558f457089c786b6c36a51a8ff9a5a5c66b94"><code>258558f</code></a>
provide an alternative to Janino based conditional configuration
processing -...</li>
<li><a
href="https://github.com/qos-ch/logback/commit/ee77a70217b5fc49e18de61176fa5de061b6074c"><code>ee77a70</code></a>
provide an alternative to Janino based conditional configuration
processing -...</li>
<li><a
href="https://github.com/qos-ch/logback/commit/5ca7ce8a86cdf28f2d389c3d7dc780f538f3d059"><code>5ca7ce8</code></a>
provide an alternative to Janino based conditional configuration
processing -...</li>
<li><a
href="https://github.com/qos-ch/logback/commit/728803f660e07e495843d8aee43ae353c8390973"><code>728803f</code></a>
fix typo</li>
<li><a
href="https://github.com/qos-ch/logback/commit/aa5eeb1f0d38cc195e7eab183d79f9d0c4f07c0a"><code>aa5eeb1</code></a>
start work on version 1.5.20-SNAPSHOT</li>
<li><a
href="https://github.com/qos-ch/logback/commit/e572d4f87f06674788eb3ca7148e8d1dffc615fa"><code>e572d4f</code></a>
skip deployment of blackbox and example modules, published as version
1.5.9</li>
<li><a
href="https://github.com/qos-ch/logback/commit/4adae8bdcdcf018bb29e51387175412bd9c6d546"><code>4adae8b</code></a>
add plugin for Maven Central deployment</li>
<li><a
href="https://github.com/qos-ch/logback/commit/ee70cf4cd99774ea5fe1f7e2d928061126e45eeb"><code>ee70cf4</code></a>
prepare release 1.5.19</li>
<li>Additional commits viewable in <a
href="https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.20">compare
view</a></li>
</ul>
</details>
<br />

Updates `ch.qos.logback:logback-core` from 1.5.18 to 1.5.20
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-core's
releases</a>.</em></p>
<blockquote>
<h2>Logback 1.5.19</h2>
<p><strong>2025-09-30 Release of logback version 1.5.19</strong></p>
<p>• Disallow &quot;new&quot; operator in the <code>condition</code>
attribute of &lt;<code>if</code>&gt; elements. This fixes an ACE
vulnerability recorded as <a
href="https://www.cve.org/cverecord?id=CVE-2025-11226">CVE-2025-11226</a>.</p>
<p>• At initialization time, slightly better reporting about watched
configuration files.</p>
<p>• Softer message regarding usage of ConsoleAppender and its potential
impact on performance.</p>
<p>• In ViewStatusMessagesServlet, restrict processing of
&quot;Clear&quot; button to POST method. This change was proposed by
Ralf Wiebicke who also provided the relevant <a
href="https://redirect.github.com/qos-ch/logback/pull/971">PR</a>.</p>
<p>• A bit-wise identical binary of this version can be reproduced by
building from <a href="https://github.com/qos-ch/logback">source
code</a> at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated
with the tag v_1.5.19. Release built using Java &quot;21&quot;
2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/qos-ch/logback/commit/930fb15c993a4344bcecc6ba2225c12a2c38e676"><code>930fb15</code></a>
prepare release 1.5.20</li>
<li><a
href="https://github.com/qos-ch/logback/commit/0b4432a31921df31e31bf9f4331f6e7e2888e893"><code>0b4432a</code></a>
provide an alternative to Janino based conditional configuration
processing -...</li>
<li><a
href="https://github.com/qos-ch/logback/commit/258558f457089c786b6c36a51a8ff9a5a5c66b94"><code>258558f</code></a>
provide an alternative to Janino based conditional configuration
processing -...</li>
<li><a
href="https://github.com/qos-ch/logback/commit/ee77a70217b5fc49e18de61176fa5de061b6074c"><code>ee77a70</code></a>
provide an alternative to Janino based conditional configuration
processing -...</li>
<li><a
href="https://github.com/qos-ch/logback/commit/5ca7ce8a86cdf28f2d389c3d7dc780f538f3d059"><code>5ca7ce8</code></a>
provide an alternative to Janino based conditional configuration
processing -...</li>
<li><a
href="https://github.com/qos-ch/logback/commit/728803f660e07e495843d8aee43ae353c8390973"><code>728803f</code></a>
fix typo</li>
<li><a
href="https://github.com/qos-ch/logback/commit/aa5eeb1f0d38cc195e7eab183d79f9d0c4f07c0a"><code>aa5eeb1</code></a>
start work on version 1.5.20-SNAPSHOT</li>
<li><a
href="https://github.com/qos-ch/logback/commit/e572d4f87f06674788eb3ca7148e8d1dffc615fa"><code>e572d4f</code></a>
skip deployment of blackbox and example modules, published as version
1.5.9</li>
<li><a
href="https://github.com/qos-ch/logback/commit/4adae8bdcdcf018bb29e51387175412bd9c6d546"><code>4adae8b</code></a>
add plugin for Maven Central deployment</li>
<li><a
href="https://github.com/qos-ch/logback/commit/ee70cf4cd99774ea5fe1f7e2d928061126e45eeb"><code>ee70cf4</code></a>
prepare release 1.5.19</li>
<li>Additional commits viewable in <a
href="https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.20">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

pom.xml

@@ -111,7 +111,7 @@ under the License.
     <checkstyle.failOnViolation>true</checkstyle.failOnViolation>
     <error_prone_core.version>2.37.0</error_prone_core.version>
     <checker.framework.version>3.49.3</checker.framework.version>
-    <logback.version>1.5.18</logback.version>
+    <logback.version>1.5.21</logback.version>
     <doclint>none</doclint>
     <additionalparam>-Xdoclint:none</additionalparam>
     <!-- List of add-opens arg line arguments for tests -->