Bump Bump ch.qos.logback:logback-classic & Bump ch.qos.logback:logback-core dependencies #3392
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Description
there are open PR's for this library by dependabot, so that means there is an open CVE for it. We should process it.
This one conerns logback
Goals
Bump ch.qos.logback:logback-core from 1.4.7 to 1.4.14 in /kogito-build/kogito-dependencies-bom
Bump ch.qos.logback:logback-classic from 1.4.7 to 1.4.14 in /kogito-build/kogito-dependencies-bom
Bump ch.qos.logback:logback-core from 1.2.9 to 1.2.14 in /.ci/jenkins/tests
Bump ch.qos.logback:logback-classic from 1.2.9 to 1.2.14 in /.ci/jenkins/tests
Consider unification, so that only one version is used across repository
This should replace existing PR's by depedabot, they upgrade to lower versions.
See #3318 #3317 and #3334 #3335
Implementation ideas
No response
The text was updated successfully, but these errors were encountered: