⬆️ [Dependencies] `logback` to `1.3.12` and Update Dependencies for Compatibility

eclipse / kapua

Eclipse Public License 2.0

227 stars 160 forks source link

Summary

This pull request addresses a security vulnerability by upgrading Logback to version 1.3.12 and includes necessary updates to related dependencies, such as SLF4J and Spring Boot, to ensure compatibility across the project.

Details

Upgraded Logback to 1.3.12
- The primary objective of this update was to resolve a known security vulnerability (CVE) affecting all versions prior to 1.3.12.
Upgraded SLF4J to 2.0.0
- Upgrading Logback to version 1.3.x required a corresponding update to SLF4J, as SLF4J 1.x is incompatible with Logback 1.3.x.
- This change ensures smooth logging functionality and eliminates conflicts arising from older SLF4J versions.
Updated Spring Boot Version
- The upgrade to SLF4J 2.0.0 introduced compatibility issues with Spring Boot 2.x, leading to runtime errors when mixing SLF4J 2.x with Spring Boot 2.x.
- As part of this pull request, Spring Boot has been upgraded to a version compatible with SLF4J 2.0.0 to resolve these issues.

Background

This update is part of a larger effort to enhance the security and stability of the project by addressing known vulnerabilities and maintaining compatibility among core libraries. The changes ensure a smooth upgrade path and avoid runtime errors caused by mismatched versions.

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 16.80%. Comparing base (d5e338d) to head (553a7e4). Report is 3 commits behind head on develop.

Additional details and impacted files

[![Impacted file tree graph](https://app.codecov.io/gh/eclipse/kapua/pull/4125/graphs/tree.svg?width=650&height=150&src=pr&token=1P4N4CApH8&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=eclipse)](https://app.codecov.io/gh/eclipse/kapua/pull/4125?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=eclipse) ```diff @@ Coverage Diff @@ ## develop #4125 +/- ## ========================================== Coverage 16.80% 16.80% Complexity 22 22 ========================================== Files 2021 2021 Lines 52463 52463 Branches 4424 4424 ========================================== Hits 8815 8815 Misses 43250 43250 Partials 398 398 ```

eclipse / kapua