chore(deps): bump zeebe-bom from 1.2.9 to 1.3.0

[dependabot]

Bumps zeebe-bom from 1.2.9 to 1.3.0.

Release notes

Sourced from zeebe-bom's releases.

Zeebe 1.3.0-alpha3

Release: 1.3.0-alpha3

⚠️ This release contains a critical security patch which fixes the Log4Shell exploit present in log4j-core version < 2.15.0. ⚠️

Merged Pull Requests

• build(deps): bump log4j-api from 2.14.1 to 2.15.0 in /parent (#8347)

Zeebe 1.3.0-alpha2

Release: 1.3.0-alpha2

Enhancements

Broker

• Reject the deployment if the result variable is missing (#8172)
• Reject the deployment if the decisionId is invalid (#8061)
• In the model API, a business rule task can reference a DMN decision (#8060)
• Configure elasticseach index shards and replication (#8004)
• Configure raft timeouts and failure detection parameters (#6320)
• Client should accept the job to send complete command (#5763)
• Time travel API for Zeebe (#5289)

Misc

• Improve log messages when communication failed (#7017)

Bug Fixes

Broker

• When the creation of snapshots fails, the (internal) set of pending requests is not updated properly (#8212)
• When current snapshot is newer than the pending snapshot, the pending snapshot is not deleted (#8211)
• Two process instances with different process definitions share the same key (#8129)
• Do not fail snapshotting when exporter position is -1 (#7978)
• Transition to follower fails because Segment not open (#7962)
• Appender position is smaller than previous appender position (#7862)
• Readers are not closed (#7767)
• Unnecessary complexity figuring out why a partition is unhealthy (#7759)

Java Client

• Java client is returning null instead of empty objects (#7630)

Misc

• NPE BrokerHealthCheckService.setBrokerStarted()" (#8311)
• Query API request data is corrupted (#8269)
• UserTaskForm should have a default unique id (#8153)
• Potential NPE in BpmnElementType.getElementTypeName (#8141)
• Panel "Number of records not exported" shows wrong values (#7228)

Documentation

• Update Contributing Guide for Java 17 (#8031)

Merged Pull Requests

• Fix NPE (#8313)
• deps(maven): bump version.bouncycastle from 1.69 to 1.70 (#8301)
• deps(maven): bump version.spring-boot from 2.5.6 to 2.6.1 (#8297)
• deps(maven): bump flaky-test-extractor-maven-plugin from 2.0.3 to 2.0.4 (#8296)
• Expose Broker API to step down if not leader (#8295)
• Evaluate candidate groups expression on user task activation (#8287)
• fix(raft): notify role change listener only when transition completed (#8285)
• Introduce a general ApiRequestHandler for CommandApi and QueryApi (#8257)
• Add CodeQL workflow (#8144)

... (truncated)

Commits

• 0f15676 [maven-release-plugin] prepare release 1.3.0
• 556186a build(project): update go embedded version data
• 5d83bdf Merge pull request #8497 from camunda-cloud/backport-8493-to-release-1.3.0
• 1e56a9a deps(maven): bump version.log4j from 2.17.0 to 2.17.1
• b6ac714 merge: #8490
• 4082ac4 test(raft): remove unnecessary test
• b39bb55 merge: #8485
• b7785ef style(raft): fix code style in RaftTest
• d8864ba test(raft): fix flaky shouldTriggerHeartbeatTimeouts test
• be8c605 merge: #8478
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)