[DR-3412] Upgrade Spring Boot 3.1.6 -> 3.1.7 #163

okotsopoulos · 2024-01-02T16:12:42Z

Jira: https://broadworkbench.atlassian.net/browse/DR-3412

What: Upgrade Spring Boot 3.1.6 -> 3.1.7

Why: Because this release includes a logback upgrade to 1.4.14, we can now remove our pin of this version which addressed a security vulnerability.

How: Dependency insights verify that the pin is no longer necessary:

(base) okotsopo@wm111-e35 terra-external-credentials-manager % ./gradlew service:dependencyInsight --dependency logback-classic 

> Task :service:dependencyInsight
ch.qos.logback:logback-classic:1.4.14 (selected by rule)
   variant "compile" [
      org.gradle.status              = release (not requested)
      org.gradle.usage               = java-api
      org.gradle.libraryelements     = jar (compatible with: classes)
      org.gradle.category            = library

      Requested attributes not found in the selected variant:
         org.gradle.dependency.bundling = external
         org.gradle.jvm.environment     = standard-jvm
         org.gradle.jvm.version         = 17
   ]

ch.qos.logback:logback-classic:1.4.14
\--- org.springframework.boot:spring-boot-starter-logging:3.1.7
     \--- org.springframework.boot:spring-boot-starter:3.1.7
          +--- org.springframework.boot:spring-boot-starter-jdbc:3.1.7
          |    \--- compileClasspath (requested org.springframework.boot:spring-boot-starter-jdbc)
          +--- org.springframework.boot:spring-boot-starter-thymeleaf:3.1.7
          |    \--- compileClasspath (requested org.springframework.boot:spring-boot-starter-thymeleaf)
          +--- org.springframework.boot:spring-boot-starter-web:3.1.7
          |    \--- compileClasspath (requested org.springframework.boot:spring-boot-starter-web)
          +--- org.springframework.boot:spring-boot-starter-webflux:3.1.7
          |    \--- compileClasspath (requested org.springframework.boot:spring-boot-starter-webflux)
          +--- org.springframework.boot:spring-boot-starter-cache:3.1.7
          |    \--- compileClasspath (requested org.springframework.boot:spring-boot-starter-cache)
          +--- org.springframework.boot:spring-boot-starter-json:3.1.7
          |    +--- org.springframework.boot:spring-boot-starter-web:3.1.7 (*)
          |    \--- org.springframework.boot:spring-boot-starter-webflux:3.1.7 (*)
          \--- com.google.cloud:spring-cloud-gcp-starter:4.9.0 (requested org.springframework.boot:spring-boot-starter:3.1.5)
               \--- com.google.cloud:spring-cloud-gcp-starter-logging:4.9.0
                    \--- compileClasspath

ch.qos.logback:logback-classic:1.1.3 -> 1.4.14
\--- ch.qos.logback.contrib:logback-json-classic:0.1.5
     \--- com.google.cloud:spring-cloud-gcp-logging:4.9.0
          \--- com.google.cloud:spring-cloud-gcp-starter-logging:4.9.0
               \--- compileClasspath

ch.qos.logback:logback-classic:1.2.11 -> 1.4.14
\--- com.google.cloud:google-cloud-logging-logback:0.130.28-alpha
     +--- com.google.cloud:spring-cloud-gcp-logging:4.9.0
     |    \--- com.google.cloud:spring-cloud-gcp-starter-logging:4.9.0
     |         \--- compileClasspath
     \--- com.google.cloud:libraries-bom:26.28.0
          \--- compileClasspath

(*) - dependencies omitted (listed previously)

(base) okotsopo@wm111-e35 terra-external-credentials-manager % ./gradlew service:dependencyInsight --dependency logback-core    

> Task :service:dependencyInsight
ch.qos.logback:logback-core:1.4.14 (selected by rule)
   variant "compile" [
      org.gradle.status              = release (not requested)
      org.gradle.usage               = java-api
      org.gradle.libraryelements     = jar (compatible with: classes)
      org.gradle.category            = library

      Requested attributes not found in the selected variant:
         org.gradle.dependency.bundling = external
         org.gradle.jvm.environment     = standard-jvm
         org.gradle.jvm.version         = 17
   ]

ch.qos.logback:logback-core:1.4.14
\--- ch.qos.logback:logback-classic:1.4.14
     +--- com.google.cloud:google-cloud-logging-logback:0.130.28-alpha (requested ch.qos.logback:logback-classic:1.2.11)
     |    +--- com.google.cloud:spring-cloud-gcp-logging:4.9.0
     |    |    \--- com.google.cloud:spring-cloud-gcp-starter-logging:4.9.0
     |    |         \--- compileClasspath
     |    \--- com.google.cloud:libraries-bom:26.28.0
     |         \--- compileClasspath
     +--- org.springframework.boot:spring-boot-starter-logging:3.1.7
     |    \--- org.springframework.boot:spring-boot-starter:3.1.7
     |         +--- org.springframework.boot:spring-boot-starter-jdbc:3.1.7
     |         |    \--- compileClasspath (requested org.springframework.boot:spring-boot-starter-jdbc)
     |         +--- org.springframework.boot:spring-boot-starter-thymeleaf:3.1.7
     |         |    \--- compileClasspath (requested org.springframework.boot:spring-boot-starter-thymeleaf)
     |         +--- org.springframework.boot:spring-boot-starter-web:3.1.7
     |         |    \--- compileClasspath (requested org.springframework.boot:spring-boot-starter-web)
     |         +--- org.springframework.boot:spring-boot-starter-webflux:3.1.7
     |         |    \--- compileClasspath (requested org.springframework.boot:spring-boot-starter-webflux)
     |         +--- org.springframework.boot:spring-boot-starter-cache:3.1.7
     |         |    \--- compileClasspath (requested org.springframework.boot:spring-boot-starter-cache)
     |         +--- org.springframework.boot:spring-boot-starter-json:3.1.7
     |         |    +--- org.springframework.boot:spring-boot-starter-web:3.1.7 (*)
     |         |    \--- org.springframework.boot:spring-boot-starter-webflux:3.1.7 (*)
     |         \--- com.google.cloud:spring-cloud-gcp-starter:4.9.0 (requested org.springframework.boot:spring-boot-starter:3.1.5)
     |              \--- com.google.cloud:spring-cloud-gcp-starter-logging:4.9.0 (*)
     \--- ch.qos.logback.contrib:logback-json-classic:0.1.5 (requested ch.qos.logback:logback-classic:1.1.3)
          \--- com.google.cloud:spring-cloud-gcp-logging:4.9.0 (*)

ch.qos.logback:logback-core:1.1.3 -> 1.4.14
\--- ch.qos.logback.contrib:logback-json-core:0.1.5
     \--- ch.qos.logback.contrib:logback-json-classic:0.1.5
          \--- com.google.cloud:spring-cloud-gcp-logging:4.9.0
               \--- com.google.cloud:spring-cloud-gcp-starter-logging:4.9.0
                    \--- compileClasspath

ch.qos.logback:logback-core:1.2.11 -> 1.4.14
\--- com.google.cloud:google-cloud-logging-logback:0.130.28-alpha
     +--- com.google.cloud:spring-cloud-gcp-logging:4.9.0
     |    \--- com.google.cloud:spring-cloud-gcp-starter-logging:4.9.0
     |         \--- compileClasspath
     \--- com.google.cloud:libraries-bom:26.28.0
          \--- compileClasspath

(*) - dependencies omitted (listed previously)

Because this release includes a logback upgrade to 1.4.14, we can also remove our pin of this version which addressed a security vulnerability.

sonarqubecloud · 2024-01-02T16:15:28Z

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

nmalfroy

lgtm!

[DR-3412] Upgrade Spring Boot 3.1.6 -> 3.1.7

3f94db0

Because this release includes a logback upgrade to 1.4.14, we can also remove our pin of this version which addressed a security vulnerability.

okotsopoulos requested a review from a team as a code owner January 2, 2024 16:12

Shakespeared approved these changes Jan 2, 2024

View reviewed changes

okotsopoulos requested review from nmalfroy and snf2ye January 2, 2024 16:53

nmalfroy approved these changes Jan 2, 2024

View reviewed changes

okotsopoulos merged commit c61a752 into dev Jan 2, 2024
13 checks passed

okotsopoulos deleted the okotsopo/DR-3412-springboot-patch-upgrade branch January 2, 2024 17:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[DR-3412] Upgrade Spring Boot 3.1.6 -> 3.1.7 #163

[DR-3412] Upgrade Spring Boot 3.1.6 -> 3.1.7 #163

okotsopoulos commented Jan 2, 2024

sonarqubecloud bot commented Jan 2, 2024

nmalfroy left a comment

[DR-3412] Upgrade Spring Boot 3.1.6 -> 3.1.7 #163

[DR-3412] Upgrade Spring Boot 3.1.6 -> 3.1.7 #163

Conversation

okotsopoulos commented Jan 2, 2024

sonarqubecloud bot commented Jan 2, 2024

Quality Gate passed

nmalfroy left a comment

Choose a reason for hiding this comment