This is an automated email from the ASF dual-hosted git repository.
pkarwasz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/logging-log4j-samples.git
The following commit(s) were added to refs/heads/main by this push:
new e30a8b7 Bump the all group across 1 directory with 5 updates (#341)
e30a8b7 is described below
commit e30a8b7c263f6b81980d8a05917f3af946a72417
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Sat Jun 28 09:40:19 2025 +0200
Bump the all group across 1 directory with 5 updates (#341)
* Bump the all group across 1 directory with 5 updates
Bumps the all group with 5 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
|
[com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) |
`2.19.0` | `2.19.1` |
|
[org.apache.logging.log4j:log4j-bom](https://github.com/apache/logging-log4j2)
| `0.0.0-SNAPSHOT` | `3.0.0-beta3` |
| org.apache.logging.log4j:log4j-core | `2.25.0` | `3.0.0-beta3` |
|
[org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot)
| `3.5.0` | `3.5.3` |
|
[org.springframework.boot:spring-boot-maven-plugin](https://github.com/spring-projects/spring-boot)
| `3.5.0` | `3.5.3` |
Updates `com.fasterxml.jackson:jackson-bom` from 2.19.0 to 2.19.1
-
[Commits](https://github.com/FasterXML/jackson-bom/compare/jackson-bom-2.19.0...jackson-bom-2.19.1)
Updates `org.apache.logging.log4j:log4j-bom` from 0.0.0-SNAPSHOT to
3.0.0-beta3
- [Release notes](https://github.com/apache/logging-log4j2/releases)
-
[Changelog](https://github.com/apache/logging-log4j2/blob/2.x/RELEASE-NOTES.adoc)
-
[Commits](https://github.com/apache/logging-log4j2/commits/rel/3.0.0-beta3)
Updates `org.apache.logging.log4j:log4j-core` from 2.25.0 to 3.0.0-beta3
Updates `org.springframework.boot:spring-boot-dependencies` from 3.5.0 to
3.5.3
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
-
[Commits](https://github.com/spring-projects/spring-boot/compare/v3.5.0...v3.5.3)
Updates `org.springframework.boot:spring-boot-maven-plugin` from 3.5.0 to
3.5.3
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
-
[Commits](https://github.com/spring-projects/spring-boot/compare/v3.5.0...v3.5.3)
Updates `org.apache.logging.log4j:log4j-core` from 2.25.0 to 3.0.0-beta3
Updates `org.springframework.boot:spring-boot-maven-plugin` from 3.5.0 to
3.5.3
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
-
[Commits](https://github.com/spring-projects/spring-boot/compare/v3.5.0...v3.5.3)
---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
dependency-version: 2.19.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
- dependency-name: org.apache.logging.log4j:log4j-bom
dependency-version: 3.0.0-beta3
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: all
- dependency-name: org.apache.logging.log4j:log4j-core
dependency-version: 3.0.0-beta3
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: all
- dependency-name: org.springframework.boot:spring-boot-dependencies
dependency-version: 3.5.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
- dependency-name: org.springframework.boot:spring-boot-maven-plugin
dependency-version: 3.5.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
- dependency-name: org.apache.logging.log4j:log4j-core
dependency-version: 3.0.0-beta3
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: all
- dependency-name: org.springframework.boot:spring-boot-maven-plugin
dependency-version: 3.5.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
...
Signed-off-by: dependabot[bot] <[email protected]>
* fix: Limit Log4j to version < 3.0.0-alpha1
Dependabot attempts to upgrade Log4j to `3.0.0-beta3` because, per the
Maven version ordering, `3.0.0-beta3` is considered lower than a plain `3`.
This commit explicitly limits Log4j to a version lower than `3.0.0-alpha1` to
prevent premature upgrades to the 3.x series.
---------
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Piotr P. Karwasz <[email protected]>
---
.github/dependabot.yaml | 4 ++--
pom.xml | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
index 4686f18..0be13d2 100644
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@@ -39,7 +39,7 @@ updates:
- maven-central
ignore:
- dependency-name: "org.apache.logging.log4j:*"
- versions: ["[3,)"]
+ versions: ["[3.0.0-alpha1,)"]
- package-ecosystem: gradle
directories:
@@ -54,7 +54,7 @@ updates:
- maven-central
ignore:
- dependency-name: "org.apache.logging.log4j:*"
- versions: ["[3,)"]
+ versions: ["[3.0.0-alpha1,)"]
- package-ecosystem: github-actions
directory: "/"
diff --git a/pom.xml b/pom.xml
index 261d0a4..555b601 100644
--- a/pom.xml
+++ b/pom.xml
@@ -90,7 +90,7 @@
<jetty.version>11.0.25</jetty.version>
<javax-jms.version>2.0.1</javax-jms.version>
<spotbugs-annotations.version>4.9.3</spotbugs-annotations.version>
- <spring-boot.version>3.5.0</spring-boot.version>
+ <spring-boot.version>3.5.3</spring-boot.version>
<spring-cloud.version>2025.0.0</spring-cloud.version>
<!-- Pinned transitive dependencies -->
@@ -98,7 +98,7 @@
<error_prone.version>2.38.0</error_prone.version>
<guava.version>33.4.8-jre</guava.version>
<httpclient.version>4.5.14</httpclient.version>
- <jackson.version>2.19.0</jackson.version>
+ <jackson.version>2.19.1</jackson.version>
<joda-time.version>2.14.0</joda-time.version>
<kotlin.version>2.1.21</kotlin.version>
<snakeyaml.version>2.4</snakeyaml.version>
