Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump slf4j-api from 1.7.36 to 2.0.3 #859

Merged
merged 1 commit into from
Oct 11, 2022
Merged

Bump slf4j-api from 1.7.36 to 2.0.3 #859

merged 1 commit into from
Oct 11, 2022

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 10, 2022

Bumps slf4j-api from 1.7.36 to 2.0.3.

Commits
  • b2cb05f prepare release 2.0.3
  • 4b5bb41 fix SLF4J-546, Fluent logging API doesn't populate timestamp with Reload4JLogger
  • b500a6f javadoc explaining using multiple markers instead of nested markers
  • d81affb comment about ThreadLocal key or value types
  • bcbbe40 Reword Marker Javadoc to improve grammar.
  • 7686020 Merge pull request #310 from ascopes/patch-1
  • 3f47f87 Add missing javadoc to SLF4JServiceProvider.java
  • eb1710a start work on 2.0.3-SNAPSHOT, fix SLF4J-564
  • bb49a5a Merge pull request #307 from radio-rogal/slf4j-564-simple-logger-javadoc
  • 768ca7d [SLF4J-564] slf4j-simple: fix javadoc for SimpleLogger
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump slf4j-api from 1.7.36 to 2.0.3
d02d7fd 
Bumps [slf4j-api](https://github.com/qos-ch/slf4j) from 1.7.36 to 2.0.3.
- [Release notes](https://github.com/qos-ch/slf4j/releases)
- [Commits](qos-ch/slf4j@v_1.7.36...v_2.0.3)

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependency-update java Pull requests that update Java code labels Oct 10, 2022
@bennetelli bennetelli merged commit ea6cf17 into master Oct 11, 2022
@bennetelli bennetelli deleted the dependabot/maven/org.slf4j-slf4j-api-2.0.3 branch October 11, 2022 12:01
@schnapster
Copy link
Contributor

schnapster commented Nov 17, 2022
edited
Loading

@bennetelli Not sure this works well with Spring Boot 2.7.x which is on slf4j 1.7.x. I have experienced some breaking stuff when pulling in the Togglz v3.3.1 update into a Gradle project because doing that also upgrades the whole project to SLF4J v2. This can be fixed in downstream projects by excluding slf4j from togglz, and maybe paying more attention to lockfile changes / having a stricter dependency platform setup.
However I think the spring-related togglz packages, org.togglz:togglz-spring-boot-starter, org.togglz:togglz-spring-core & org.togglz:togglz-spring-web should generally stick to the version provided by the Spring Boot dependency management and only deviate from it for a good reason.

@schnapster
Copy link
Contributor

schnapster commented Nov 17, 2022
edited
Loading

I see three options here:

  • A) Make it the downstream projects problem to stick to the correct version they want
  • B) Roll back this change = slf4j v1 for all of Togglz
  • C) Keep v2 overall in Togglz, but v1 in the Spring Boot dependencies for now.

One thing to keep in mind is that the SpringBoot v3 release is imminent which will be on slf4j v2. It might not be worth it to build anything special for C) if the versions are going to be the same soon anyways.

@hennr hennr mentioned this pull request Nov 21, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependency-update java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@schnapster @bennetelli