Merge branch 'stable-3.1'

* stable-3.1:
  Update log4j2 version to 2.17.0
  Update log4j2 version to 2.16.0 to fix CVE-2021-44228
  Update JGit dependency to align with core's version

Change-Id: I29bb066bae4bf5879da3bbd4765c8683dda8b4f7
diff --git a/external_plugin_deps.bzl b/external_plugin_deps.bzl
index 33c4e4e..ab5a444 100644
--- a/external_plugin_deps.bzl
+++ b/external_plugin_deps.bzl
@@ -21,24 +21,24 @@
         sha1 = "595d5dabfeb29244b8c91776898cee78299080d5",
     )
 
-    LOG4J2_VERS = "2.11.1"
+    LOG4J2_VERS = "2.17.0"
 
     maven_jar(
         name = "log4j-slf4j-impl",
         artifact = "org.apache.logging.log4j:log4j-slf4j-impl:" + LOG4J2_VERS,
-        sha1 = "4b41b53a3a2d299ce381a69d165381ca19f62912",
+        sha1 = "1ec25ce0254749c94549ea9c3cea34bd0488c9c6",
     )
 
     maven_jar(
         name = "log4j-core",
         artifact = "org.apache.logging.log4j:log4j-core:" + LOG4J2_VERS,
-        sha1 = "592a48674c926b01a9a747c7831bcd82a9e6d6e4",
+        sha1 = "fe6e7a32c1228884b9691a744f953a55d0dd8ead",
     )
 
     maven_jar(
         name = "log4j-api",
         artifact = "org.apache.logging.log4j:log4j-api:" + LOG4J2_VERS,
-        sha1 = "268f0fe4df3eefe052b57c87ec48517d64fb2a10",
+        sha1 = "bbd791e9c8c9421e45337c4fe0a10851c086e36c",
     )
 
     maven_jar(