analysis-kotlin-descriptors-1.9.10.jar is bundled with log4j:1.2.17.2

**Describe the bug**
Similar to #2488 

Seems that analysis-kotlin-descriptors-1.9.10.jar is bundled with log4j version 1.2.17.2. [DependencyCheck](https://github.com/jeremylong/DependencyCheck) is marking it `CRITICAL` via `.gradle/caches/modules-2/files-2.1/org.jetbrains.dokka/analysis-kotlin-descriptors/1.9.10/.../analysis-kotlin-descriptors-1.9.10.jar/META-INF/maven/log4j/log4j/pom.xml`

**Expected behaviour**
Upgrade to log4j version without security issues.

**To Reproduce**
Check the dependency tree

**Installation**

Operating system: Linux
Build tool: Gradle v8.5
Dokka version: 1.9.10 & 1.9.20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

analysis-kotlin-descriptors-1.9.10.jar is bundled with log4j:1.2.17.2 #3508

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

analysis-kotlin-descriptors-1.9.10.jar is bundled with log4j:1.2.17.2 #3508

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions