-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): bump slf4j.version from 1.7.36 to 2.0.0 #14409
Conversation
Bumps `slf4j.version` from 1.7.36 to 2.0.0. Updates `slf4j-api` from 1.7.36 to 2.0.0 - [Release notes](https://github.com/qos-ch/slf4j/releases) - [Commits](qos-ch/slf4j@v_1.7.36...v_2.0.0) Updates `slf4j-simple` from 1.7.36 to 2.0.0 - [Release notes](https://github.com/qos-ch/slf4j/releases) - [Commits](qos-ch/slf4j@v_1.7.36...v_2.0.0) --- updated-dependencies: - dependency-name: org.slf4j:slf4j-api dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.slf4j:slf4j-simple dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
@mshabarov for what version is this planned? 24.0 or 23.3? |
@knoobie thanks for asking, this is for both 23.3 and 24. Even though it's a breaking change for those who uses |
@mshabarov I would be against an update into 23.3 :) that's where my question comes from - the Log4J Version that supports 2.0 was just recently released 3 days ago (2.19.0) and even Spring Boot 2.7 can't really support it because the default Implementation of SLF4J (Logback) in Version 1.2 is used. Log back 1.3/1.4 comes with full support for 2.0, but that can't be integrated into SB 2.7 because of the policy that no feature releases are included in a 2.x.y Bugfix Release and currently Boot doesn't plan to add support for it with reflection magic so that 1.2-1.4 could be used - instead Boot and Spring "plans" (at least it looks like it) that they wanna only update to 2.0 in their 6.0 and respective 3.0 release (the next milestone after the one coming today or tomorrow) TL;DR: 23.3 shouldn't update - 24 sounds like a good fit with SB 3.0 |
@knoobie excellent comment, thanks! I agree that better not upgrade it until V24. Proposed to be reverted. |
Thanks for considering! Sorry for the mess with all the version numbers ;) Dependency Management is just a mess.. You can find all the information also more scattered e.g. in the SB issue about upgrading spring-projects/spring-boot#12649 |
…14409)" Reverted because 2.0 is not fully supported by Spring and might cause a breaking changes rather that package names.
Bumps
slf4j.version
from 1.7.36 to 2.0.0.Updates
slf4j-api
from 1.7.36 to 2.0.0Commits
0614d46
prepare release 2.0.0b1afcd0
javadoc edits20cd3ad
start work on 2.0.0-SNAPSHOTaeebb61
prepare release 2.0.0-beta11068cd0
javadoc changes4e4e56a
add CheckReturnValue annotation in org.slf4j.helpers0dcfa19
check for return value in some oggingEventBuilder methodse7ca8d1
start work on 2.0.0-beta1-SNAPSHOPT2314de9
add setMessage and log method to the fluent API508a796
set version to 2.0.0-beta0Updates
slf4j-simple
from 1.7.36 to 2.0.0Commits
0614d46
prepare release 2.0.0b1afcd0
javadoc edits20cd3ad
start work on 2.0.0-SNAPSHOTaeebb61
prepare release 2.0.0-beta11068cd0
javadoc changes4e4e56a
add CheckReturnValue annotation in org.slf4j.helpers0dcfa19
check for return value in some oggingEventBuilder methodse7ca8d1
start work on 2.0.0-beta1-SNAPSHOPT2314de9
add setMessage and log method to the fluent API508a796
set version to 2.0.0-beta0Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)