chore(deps): bump slf4j.version from 1.7.36 to 2.0.0 #14409
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps `slf4j.version` from 1.7.36 to 2.0.0. Updates `slf4j-api` from 1.7.36 to 2.0.0 - [Release notes](https://github.com/qos-ch/slf4j/releases) - [Commits](qos-ch/slf4j@v_1.7.36...v_2.0.0) Updates `slf4j-simple` from 1.7.36 to 2.0.0 - [Release notes](https://github.com/qos-ch/slf4j/releases) - [Commits](qos-ch/slf4j@v_1.7.36...v_2.0.0) --- updated-dependencies: - dependency-name: org.slf4j:slf4j-api dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.slf4j:slf4j-simple dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
external dependency
java
|
Kudos, SonarCloud Quality Gate passed!
|
|
@mshabarov for what version is this planned? 24.0 or 23.3? |
|
@knoobie thanks for asking, this is for both 23.3 and 24. Even though it's a breaking change for those who uses |
|
@mshabarov I would be against an update into 23.3 :) that's where my question comes from - the Log4J Version that supports 2.0 was just recently released 3 days ago (2.19.0) and even Spring Boot 2.7 can't really support it because the default Implementation of SLF4J (Logback) in Version 1.2 is used. Log back 1.3/1.4 comes with full support for 2.0, but that can't be integrated into SB 2.7 because of the policy that no feature releases are included in a 2.x.y Bugfix Release and currently Boot doesn't plan to add support for it with reflection magic so that 1.2-1.4 could be used - instead Boot and Spring "plans" (at least it looks like it) that they wanna only update to 2.0 in their 6.0 and respective 3.0 release (the next milestone after the one coming today or tomorrow) TL;DR: 23.3 shouldn't update - 24 sounds like a good fit with SB 3.0 |
|
@knoobie excellent comment, thanks! I agree that better not upgrade it until V24. Proposed to be reverted. |
|
Thanks for considering! Sorry for the mess with all the version numbers ;) Dependency Management is just a mess.. You can find all the information also more scattered e.g. in the SB issue about upgrading spring-projects/spring-boot#12649 |
…14409)" Reverted because 2.0 is not fully supported by Spring and might cause a breaking changes rather that package names.
Bumps
slf4j.versionfrom 1.7.36 to 2.0.0.Updates
slf4j-apifrom 1.7.36 to 2.0.0Commits
0614d46prepare release 2.0.0b1afcd0javadoc edits20cd3adstart work on 2.0.0-SNAPSHOTaeebb61prepare release 2.0.0-beta11068cd0javadoc changes4e4e56aadd CheckReturnValue annotation in org.slf4j.helpers0dcfa19check for return value in some oggingEventBuilder methodse7ca8d1start work on 2.0.0-beta1-SNAPSHOPT2314de9add setMessage and log method to the fluent API508a796set version to 2.0.0-beta0Updates
slf4j-simplefrom 1.7.36 to 2.0.0Commits
0614d46prepare release 2.0.0b1afcd0javadoc edits20cd3adstart work on 2.0.0-SNAPSHOTaeebb61prepare release 2.0.0-beta11068cd0javadoc changes4e4e56aadd CheckReturnValue annotation in org.slf4j.helpers0dcfa19check for return value in some oggingEventBuilder methodse7ca8d1start work on 2.0.0-beta1-SNAPSHOPT2314de9add setMessage and log method to the fluent API508a796set version to 2.0.0-beta0Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)