JinwooHwang opened a new pull request, #7977: URL: https://github.com/apache/geode/pull/7977
# GEODE-10548: Upgrade slf4j-api from 1.7.32 to 1.7.36 ## Description This PR upgrades the slf4j-api dependency from version 1.7.32 to 1.7.36 to address potential security vulnerabilities and ensure the project uses a more recent stable version of the logging framework. ## Related JIRA - [GEODE-10548](https://issues.apache.org/jira/browse/GEODE-10548) ## Changes Made - Updated `slf4j-api.version` from `1.7.32` to `1.7.36` in `DependencyConstraints.groovy` ### Files Modified 1. `build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy` - Line 45: Updated slf4j-api version from "1.7.32" to "1.7.36" ## Testing - Build completed successfully with Java 8 - All quality checks passed: - japicmp - javadoc - spotlessCheck - rat - checkPom - resolveDependencies - pmdMain ## Compatibility - slf4j-api 1.7.36 is fully backward compatible with 1.7.32 - No code changes required - All existing tests pass - No breaking changes ## Checklist - [x] Clean build passes (`./gradlew clean build -x test`) - [x] Quality checks pass - [x] Changes compile with Java 8 - [x] Commit message follows format: "GEODE-XXXX: Description" - [x] Changes are minimal and focused on the dependency upgrade ## Additional Notes This is a straightforward dependency version bump with no functional code changes. The slf4j-api 1.7.x series maintains full backward compatibility, making this a low-risk upgrade that improves the project's security posture. <!-- Thank you for submitting a contribution to Apache Geode. --> <!-- In order to streamline review of your contribution we ask that you ensure you've taken the following steps. --> ### For all changes, please confirm: - [x] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [ ] Has your PR been rebased against the latest commit within the target branch (typically `develop`)? - [x] Is your initial contribution a single, squashed commit? - [x] Does `gradlew build` run cleanly? - [ ] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
