dependabot: bump org.slf4j:slf4j-api from 1.7.30 to 1.7.36 (#3249) · opensearch-project/security@3e66d54

Commit

dependabot: bump org.slf4j:slf4j-api from 1.7.30 to 1.7.36 (#3249)

Bumps [org.slf4j:slf4j-api](https://github.com/qos-ch/slf4j) from 1.7.30
to 1.7.36.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/qos-ch/slf4j/commit/e9ee55cca93c2bf26f14482a9bdf961c750d2a56"><code>e9ee55c</code></a>
update timestamp before release</li>
<li><a
href="https://github.com/qos-ch/slf4j/commit/3b6a92f66815605ce851671dd1d6e0758c29ed4c"><code>3b6a92f</code></a>
reproducible builds</li>
<li><a
href="https://github.com/qos-ch/slf4j/commit/882502706063b460997a3c6018223018f36cecd3"><code>8825027</code></a>
prepare release 1.7.36, fix SLF4J-541</li>
<li><a
href="https://github.com/qos-ch/slf4j/commit/561738747da5813b8a9d2e2ebd10f0128a78a960"><code>5617387</code></a>
add relase.sh</li>
<li><a
href="https://github.com/qos-ch/slf4j/commit/02860b67ef7ff39fa9c7d98fd00da2ee913faeda"><code>02860b6</code></a>
prepare relase 1.7.35</li>
<li><a
href="https://github.com/qos-ch/slf4j/commit/a622f5186a57188dab7f71651245eb91c6ac263b"><code>a622f51</code></a>
fix maven deploy issues</li>
<li><a
href="https://github.com/qos-ch/slf4j/commit/26068bd4bf93fcbd00185ad986dc43b79aceeb4a"><code>26068bd</code></a>
slf4j no longer references log4j</li>
<li><a
href="https://github.com/qos-ch/slf4j/commit/0a21ee1ac1daa2d8e077bec68815421dd7a7a54a"><code>0a21ee1</code></a>
replace references to slf4j-log4j12</li>
<li><a
href="https://github.com/qos-ch/slf4j/commit/51b6d20b71de75f69ee68167afbf4073c1be7c31"><code>51b6d20</code></a>
prepare release 1.7.34</li>
<li><a
href="https://github.com/qos-ch/slf4j/commit/d22943faedd5da8d0321cf60437796fb53618481"><code>d22943f</code></a>
relocate slf4j-log4j12 as slf4j-reload4j</li>
<li>Additional commits viewable in <a
href="https://github.com/qos-ch/slf4j/compare/v_1.7.30...v_1.7.36">compare
view</a></li>
</ul>
</details>
<br />

<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>

| Dependency Name | Ignore Conditions |
| --- | --- |
| org.slf4j:slf4j-api | [>= 2.a, < 3] |
</details>


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.slf4j:slf4j-api&package-manager=gradle&previous-version=1.7.30&new-version=1.7.36)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Loading branch information

dependabot[bot] authored Aug 28, 2023

1 parent 09dd28b commit 3e66d54

build.gradle

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -417,7 +417,7 @@ configurations {
  
        all {

            resolutionStrategy {

                force 'commons-codec:commons-codec:1.16.0'

                force 'org.slf4j:slf4j-api:1.7.30'

                force 'org.slf4j:slf4j-api:1.7.36'

                force 'org.scala-lang:scala-library:2.13.11'

                force "com.fasterxml.jackson:jackson-bom:${versions.jackson}"

                force "com.fasterxml.jackson.core:jackson-core:${versions.jackson}"

    @@ -561,7 +561,7 @@ dependencies {
  
        runtimeOnly 'com.google.code.findbugs:jsr305:3.0.2'

        runtimeOnly 'org.lz4:lz4-java:1.8.0'

        runtimeOnly 'io.dropwizard.metrics:metrics-core:4.2.19'

        runtimeOnly 'org.slf4j:slf4j-api:1.7.30'

        runtimeOnly 'org.slf4j:slf4j-api:1.7.36'

        runtimeOnly "org.apache.logging.log4j:log4j-slf4j-impl:${versions.log4j}"

        runtimeOnly 'org.xerial.snappy:snappy-java:1.1.10.3'

        runtimeOnly 'org.codehaus.woodstox:stax2-api:4.2.1'

0 comments on commit `3e66d54`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `3e66d54`

Commit

There are no files selected for viewing

0 comments on commit 3e66d54

0 comments on commit `3e66d54`