SolaceProducts / solace-spring-cloud

An umbrella project containing all Solace projects for Spring Cloud
Apache License 2.0
22 stars 15 forks source link

Bump org.apache.logging.log4j:log4j-bom from 2.21.1 to 2.22.0 #252

Closed dependabot[bot] closed 10 months ago

dependabot[bot] commented 11 months ago

Bumps org.apache.logging.log4j:log4j-bom from 2.21.1 to 2.22.0.

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.22.0

This releases provides a CycloneDX Software Bill of Materials (SBOM) along with each artifact and contains bug fixes addressing issues in the JPMS & OSGi infrastructure overhauled in 2.21.0, dependency updates, and some other minor fixes and improvements.

CycloneDX Software Bill of Materials (SBOM)

This is the first Log4j release that provides a CycloneDX Software Bill of Materials (SBOM) along with each artifact. Generated SBOMs are attached as artifacts with cyclonedx classifier and XML extensions, that is, <artifactId>-<version>-cyclonedx.xml. They contain vulnerability-assertion references to a CycloneDX Vulnerability Disclosure Report (VDR) that Apache Logging Services uses for all projects it maintains. This VDR is accessible through the following URL: https://logging.apache.org/cyclonedx/vdr.xml[]

SBOM generation is streamlined by logging-parent, see its website for details.

Changed

  • Change the order of evaluation of FormattedMessage formatters. Messages are evaluated using java.util.Format only if they don't comply to the java.text.MessageFormat or ParameterizedMessage format. (#1223)
  • Change default encoding of HTTP Basic Authentication to UTF-8 and add log4j2.configurationAuthorizationEncoding property to overwrite it. (#1970)
  • Update com.fasterxml.jackson:jackson-bom to version 2.16.0 (#1974)
  • Update com.github.luben:zstd-jni to version 1.5.5-10 (#1940)
  • Update com.google.guava:guava to version 32.1.3-jre (#1875)
  • Update io.netty:netty-bom to version 4.1.101.Final (#1960)
  • Update org.eclipse.persistence:org.eclipse.persistence.jpa to version 2.7.13 (#1900)
  • Update org.fusesource.jansi:jansi to version 2.4.1 (#1907)
  • Update org.mongodb:bson to version 4.11.1 (#1957)
  • Update org.springframework:spring-framework-bom to version 5.3.30
  • Update org.springframework.boot:spring-boot to version 2.7.17 (#1874)
  • Update org.springframework:spring-framework-bom to version 5.3.31 (#1973)
  • Update org.zeromq:jeromq to version 0.5.4 (#1878)

Removed

  • Removed unused FastDateParser which was causing unnecessary heap overhead (LOG4J2-3672, #1848)

Fixed

  • Fix MDC pattern converter causing issues for %notEmpty (#1922)
  • Export missing OSGi & JPMS modules in log4j-layout-template-json and log4j-1.2-api (#1895)
  • Fix spring-test dependency scope change (LOG4J2-3675)
  • Fix JPMS descriptors causing jlink issues (#1896)
  • Add missing Implementation- and Specification- entries to MANIFEST.MF (implemented by logging-parent version 10.3.0 update) (#1923)
  • Fix NotSerializableException thrown when Logger is serialized with a ReusableMessageFactory (#1884)
Commits
  • a1634d6 Release changelog for version 2.22.0
  • 4d27296 Update the project.build.outputTimestamp property
  • d91092f Fix .changelog.adoc.ftl typo
  • 5c41c01 Improve release notes
  • d6d9626 Update the project.build.outputTimestamp property
  • b382a65 Remove explicit distribution-attachment-* arguments to CI
  • 9873b11 Update the project.build.outputTimestamp property
  • 38e133f Release changelog
  • 200909c Set the version to 2.22.0
  • 819b738 Merge remote-tracking branch ppkarwasz/basic-auth into 2.x (#1970)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 10 months ago

Superseded by #264.