search

guardian / riff-raff

The Guardian's deployment platform
Apache License 2.0
265 stars 18 forks source link

Bump logback-classic to 1.4.14 #1291

Closed AshCorr closed 8 months ago

AshCorr commented 9 months ago

What does this change?

Bumps logback-classic to 1.4.14. Resolving 4 high vulnerabilities.

github-actions[bot] commented 9 months ago

Deploy build 3210 of tools::riffraff to CODE

All deployment options - [Deploy build 3210 of `tools::riffraff` to CODE](https://riffraff.gutools.co.uk/deployment/deployAgain?project=tools%3A%3Ariffraff&build=3210&stage=CODE&updateStrategy=MostlyHarmless&action=deploy) - [Deploy parts of build 3210 to CODE by previewing it first](https://riffraff.gutools.co.uk/preview/yaml?project=tools%3A%3Ariffraff&build=3210&stage=CODE&updateStrategy=MostlyHarmless) - [What's on CODE right now?](https://riffraff.gutools.co.uk/deployment/history?projectName=tools%3A%3Ariffraff&stage=CODE)

From guardian/actions-riff-raff.

AshCorr commented 8 months ago

This version of logback-classic is incompatible with our Play version. We probably need to do a bit of work to try and get riff-raff to Play 3.0 (or atleast a newer version of play) before we can fix this vuln.