chore: update logback-classic to 1.4.14 [skip ci] #4776
Conversation
| @@ -76,7 +76,7 @@ | |||
| <dependency> | |||
| <groupId>ch.qos.logback</groupId> | |||
| <artifactId>logback-classic</artifactId> | |||
| <version>1.4.12</version> | |||
| <version>1.4.14</version> | |||
There was a problem hiding this comment.
Copy from the closed PR: Got another thing for you :) You should probably also add the other logback-* dependencies, otherwise you get a mismatch which is hard to debug: qos-ch/logback#744 (comment)
Dependencies Report
|
| @@ -76,7 +76,7 @@ | |||
| <dependency> | |||
| <groupId>ch.qos.logback</groupId> | |||
| <artifactId>logback-classic</artifactId> | |||
| <version>1.4.12</version> | |||
There was a problem hiding this comment.
I think you have to remove the target/23.x labels because 23.x requires Spring Boot 2.7 where the baseline of logback is 1.2.x (https://github.com/spring-projects/spring-boot/blob/2.7.x/spring-boot-project/spring-boot-dependencies/build.gradle) A fix for the CVE was also added in 1.2.13 (qos-ch/logback#745)
* chore: update logback-classic to 1.4.14 * Update pom.xml
|
Hi @ZheSun88 , this commit cannot be picked to 24.1 by this bot, can you take a look and pick it manually? |
* chore: update logback-classic to 1.4.14 * Update pom.xml Co-authored-by: Zhe Sun <[email protected]>
* chore: update logback-classic to 1.4.14 * Update pom.xml
* chore : update dependency-check to use latest (#4731) * chore: update dependency-check to use 9.0.0 * Update sbom.yml * Update generateAndCheckSBOM.js --------- Co-authored-by: Manuel Carrasco Moñino <[email protected]> * update dependency to fix CVE-2023-6378 (#4759) * chore: update logback-classic to 1.4.14 [skip ci] (#4776) * chore: update logback-classic to 1.4.14 * Update pom.xml --------- Co-authored-by: Zhe Sun <[email protected]> Co-authored-by: Manuel Carrasco Moñino <[email protected]>
No description provided.