Bump hazelcast.version from 4.2.4 to 4.2.5

[dependabot]

Bumps hazelcast.version from 4.2.4 to 4.2.5.
Updates hazelcast from 4.2.4 to 4.2.5

Release notes

Sourced from hazelcast's releases.

v4.2.5

This document lists the new features, enhancements, fixed issues and, removed or deprecated features for Hazelcast IMDG 4.2.5 release. The numbers in the square brackets refer to the issues in Hazelcast's GitHub repositories.

Enhancements

• Introduced a system property for allowing you to audit that all the Hazelcast instances running in your environment have the instance tracking file name set correctly in the configuration. See the note in Instance Tracking documentation. #19929
• Enabled XXE (XML External Entity Reference) protection for XMLInputFactory. The issue was reported through https://huntr.dev/bounties/d63972a2-b910-480a-a86b-d1f75d24d563/. #20942
• The probe level for most of the network related statistics has been changed to "DEBUG" to decrease the pressure on Management Center; now they are not sent to Management Center by default. If you want to see these statistics, you need to set the "hazelcast.metrics.debug.enabled" property to "true. #21275

Fixes

• Fixed an issue where the statistics like puts and removals were not increasing when these operations are executed through Transactional interface. #21105
• Fixed an issue where Hazelcast clients, which have only the IP address of a member to connect (but the member also has a hostname), were not able to connect to the cluster. #20631
• Hazelcast’s memcached implementation was interpreting the number values and parameters for incr and decr wrongly (numbers were being converted into byte arrays instead of decimals). This has been fixed by making these commands' implementations strictly follow the memcached protocol specification. #19676
• Fixed an issue where the totalPublishes statistics for the Reliable Topic data structure were always generated as 0. #19656
• Fixed an issue where the map.clear and cache.clear methods were evicting all entries in all near caches of all the maps in a cluster, not only the map on which these methods are called. #19501
• Fixed an issue where map entries were never evicted or expired: ** Let's say you have a map whose entries have both time-to-live and maximum idle durations configured. ** You are periodically reading the entries at times shorter than these durations. In this case, the entries were not evicted or expired according to their time-to-live or maximum idle duration configurations. You can set the per-entry-stats-enabled property to true to fix this. #19483

Removed/Deprecated Features

The following system properties have been deprecated:

• hazelcast.client.statistics.enabled
• hazelcast.client.statistics.period.seconds

Commits

• 555971e version update for 4.2.5 release
• 1dbec0d Completing IMDG OS 4.2.5 release notes.
• 8c49339 Remove suppressionFiles from owasp plugin (#21285)
• 3483d5b Reduce metrics sent to MC [HZ-1056] (#21275)
• a2dc25c Adding IMDG OS 4.2.5 RN.
• 50fc992 prepare release 4.2.5
• 5b994b3 Make sizeAndData check assertion eventual (#21241)
• bd8e2be Add Transactional IMap operation stats
• 56902df Fix hanging cluster safe query from common pool (#21206)
• bf651ca Don't allow empty memberlist on cluster id changes [API-1215] (#20818) (#21180)
• Additional commits viewable in compare view

Updates hazelcast-all from 4.2.4 to 4.2.5

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)