glimmerveen commented on PR #421: URL: https://github.com/apache/felix-dev/pull/421#issuecomment-2875386815
> > If it works and as only tests are affected it looks fine. Tools like dependabot still might complain/suggest updates. @grgrzybek can maybe give some more advice here regarding pax-logging/pax-exam updates in general. > > That is a good point; for changes like these, we should be careful with merging dependabot updates. A couple observations/suggestions from my side: * I downgraded logback to 1.2.x as that is the latest logback version that is compatible with SLF4j 1.7.x. It is possible to go to a newer logback version (1.5.x), but in an OSGi runtime we'll need to add additional components in order to deal with SLF4j's 2.x use of ServiceLoader. I opted for keeping the changeset small, but if it is preferred, I can update the PR and incorporate this. * Currently I put the version of the bundles in the test code (as some were already managed in this way), it is also possible to extract the version from the Maven project (by adding `org.apache.servicemix.tooling:depends-maven-plugin` execution). Benefit of this approach is that the Maven dependencies are leading, and also aligns any dependabot updates, with what is actually used within the Pax Exam tests, and with the change from 789cb77 we also ensure that if updates no longer resolve, tests will fail (hopefully catching versions updates that are not simple drop-in replacements). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@felix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
