[PF-2983, PF-2978] Remove logback override now that spring boot is updated. #156

cahrens · 2024-02-27T14:00:04Z

Followup to #127, now that spring-boot is updated and is using the non-vulnerable version (1.4.14).

Output of ./gradlew dependencyInsight --dependency ch.qos.logback

> Task :dependencyInsight
ch.qos.logback:logback-classic:1.4.14
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 17           |
   Selection reasons:
      - By conflict resolution: between versions 1.4.14 and 1.1.3

ch.qos.logback:logback-classic:1.4.14
\--- org.springframework.boot:spring-boot-starter-logging:3.2.3
     \--- org.springframework.boot:spring-boot-starter:3.2.3
          +--- org.springframework.boot:spring-boot-starter-web:3.2.3
          |    \--- compileClasspath
          +--- org.springframework.boot:spring-boot-starter-jdbc:3.2.3
          |    \--- org.springframework.boot:spring-boot-starter-data-jdbc:3.2.3
          |         \--- compileClasspath
          \--- org.springframework.boot:spring-boot-starter-json:3.2.3
               \--- org.springframework.boot:spring-boot-starter-web:3.2.3 (*)

ch.qos.logback:logback-classic:1.1.3 -> 1.4.14
\--- ch.qos.logback.contrib:logback-json-classic:0.1.5
     \--- compileClasspath

ch.qos.logback:logback-core:1.4.14
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 17           |
   Selection reasons:
      - By conflict resolution: between versions 1.4.14 and 1.1.3

ch.qos.logback:logback-core:1.4.14
\--- ch.qos.logback:logback-classic:1.4.14
     +--- ch.qos.logback.contrib:logback-json-classic:0.1.5 (requested ch.qos.logback:logback-classic:1.1.3)
     |    \--- compileClasspath
     \--- org.springframework.boot:spring-boot-starter-logging:3.2.3
          \--- org.springframework.boot:spring-boot-starter:3.2.3
               +--- org.springframework.boot:spring-boot-starter-web:3.2.3
               |    \--- compileClasspath
               +--- org.springframework.boot:spring-boot-starter-jdbc:3.2.3
               |    \--- org.springframework.boot:spring-boot-starter-data-jdbc:3.2.3
               |         \--- compileClasspath
               \--- org.springframework.boot:spring-boot-starter-json:3.2.3
                    \--- org.springframework.boot:spring-boot-starter-web:3.2.3 (*)

ch.qos.logback:logback-core:1.1.3 -> 1.4.14
\--- ch.qos.logback.contrib:logback-json-core:0.1.5
     +--- ch.qos.logback.contrib:logback-json-classic:0.1.5
     |    \--- compileClasspath
     \--- ch.qos.logback.contrib:logback-jackson:0.1.5
          \--- compileClasspath

ch.qos.logback.contrib:logback-jackson:0.1.5
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 17           |

ch.qos.logback.contrib:logback-jackson:0.1.5
\--- compileClasspath

ch.qos.logback.contrib:logback-json-classic:0.1.5
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 17           |

ch.qos.logback.contrib:logback-json-classic:0.1.5
\--- compileClasspath

ch.qos.logback.contrib:logback-json-core:0.1.5
  Variant compile:
    | Attribute Name                 | Provided | Requested    |
    |--------------------------------|----------|--------------|
    | org.gradle.status              | release  |              |
    | org.gradle.category            | library  | library      |
    | org.gradle.libraryelements     | jar      | classes      |
    | org.gradle.usage               | java-api | java-api     |
    | org.gradle.dependency.bundling |          | external     |
    | org.gradle.jvm.environment     |          | standard-jvm |
    | org.gradle.jvm.version         |          | 17           |

ch.qos.logback.contrib:logback-json-core:0.1.5
+--- ch.qos.logback.contrib:logback-jackson:0.1.5
|    \--- compileClasspath
\--- ch.qos.logback.contrib:logback-json-classic:0.1.5
     \--- compileClasspath

sonarqubecloud · 2024-02-27T14:00:36Z

Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

cahrens · 2024-02-27T14:12:43Z

.github/dependabot.yml

@@ -22,5 +22,3 @@ updates:
      - "gradle"
    commit-message:
      prefix: "[PF-2983]"
-    ignore:
-      - dependency-name: "org.springframework.boot:spring-boot-gradle-plugin"


This ignore was actually not doing what I hoped, and thus we did update spring-boot… which ended up working.

rtitle

Oh, nice! LGTM, thanks for doing this.

mmorgantaylor

super, thank you!

Remove logback override now that spring boot is updated.

b368a23

cahrens mentioned this pull request Feb 27, 2024

Upgrade to Spring Boot 3.2.1; remove explicit logback dependency #130

Closed

cahrens changed the title ~~Remove logback override now that spring boot is updated.~~ [PF-2983] Remove logback override now that spring boot is updated. Feb 27, 2024

cahrens requested review from rtitle, a team and mmorgantaylor and removed request for a team February 27, 2024 14:10

cahrens commented Feb 27, 2024

View reviewed changes

cahrens marked this pull request as ready for review February 27, 2024 14:12

cahrens changed the title ~~[PF-2983] Remove logback override now that spring boot is updated.~~ [PF-2983, PF-2978] Remove logback override now that spring boot is updated. Feb 27, 2024

rtitle approved these changes Feb 27, 2024

View reviewed changes

mmorgantaylor approved these changes Feb 27, 2024

View reviewed changes

cahrens merged commit 10318de into develop Feb 27, 2024
2 checks passed

cahrens deleted the remove-logback-override branch February 27, 2024 17:46

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[PF-2983, PF-2978] Remove logback override now that spring boot is updated. #156

[PF-2983, PF-2978] Remove logback override now that spring boot is updated. #156

cahrens commented Feb 27, 2024 •

edited

Loading

sonarqubecloud bot commented Feb 27, 2024

cahrens Feb 27, 2024

rtitle left a comment

mmorgantaylor left a comment

[PF-2983, PF-2978] Remove logback override now that spring boot is updated. #156

[PF-2983, PF-2978] Remove logback override now that spring boot is updated. #156

Conversation

cahrens commented Feb 27, 2024 • edited Loading

sonarqubecloud bot commented Feb 27, 2024

Quality Gate passed

cahrens Feb 27, 2024

Choose a reason for hiding this comment

rtitle left a comment

Choose a reason for hiding this comment

mmorgantaylor left a comment

Choose a reason for hiding this comment

cahrens commented Feb 27, 2024 •

edited

Loading