Skip to content

deps(deps): bump the logging group with 3 updates#45

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/logging-97f184e8af
Closed

deps(deps): bump the logging group with 3 updates#45
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/logging-97f184e8af

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the logging group with 3 updates: org.apache.logging.log4j:log4j-slf4j2-impl, org.apache.logging.log4j:log4j-api and org.apache.logging.log4j:log4j-core.

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.26.0 to 2.26.1

Updates org.apache.logging.log4j:log4j-api from 2.26.0 to 2.26.1

Updates org.apache.logging.log4j:log4j-core from 2.26.0 to 2.26.1

Updates org.apache.logging.log4j:log4j-api from 2.26.0 to 2.26.1

Updates org.apache.logging.log4j:log4j-core from 2.26.0 to 2.26.1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the logging group with 3 updates: org.apache.logging.log4j:log4j-slf4j2-impl, org.apache.logging.log4j:log4j-api and org.apache.logging.log4j:log4j-core.


Updates `org.apache.logging.log4j:log4j-slf4j2-impl` from 2.26.0 to 2.26.1

Updates `org.apache.logging.log4j:log4j-api` from 2.26.0 to 2.26.1

Updates `org.apache.logging.log4j:log4j-core` from 2.26.0 to 2.26.1

Updates `org.apache.logging.log4j:log4j-api` from 2.26.0 to 2.26.1

Updates `org.apache.logging.log4j:log4j-core` from 2.26.0 to 2.26.1

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-slf4j2-impl
  dependency-version: 2.26.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: logging
- dependency-name: org.apache.logging.log4j:log4j-api
  dependency-version: 2.26.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: logging
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-version: 2.26.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: logging
- dependency-name: org.apache.logging.log4j:log4j-api
  dependency-version: 2.26.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: logging
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-version: 2.26.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: logging
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 3 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA fcd3eb9.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

pom.xml

PackageVersionLicenseIssue Type
org.apache.logging.log4j:log4j-api2.26.1NullUnknown License
org.apache.logging.log4j:log4j-core2.26.1NullUnknown License
org.apache.logging.log4j:log4j-slf4j2-impl2.26.1NullUnknown License
Allowed Licenses: Apache-2.0, MIT, BSD-2-Clause, BSD-3-Clause, ISC, LGPL-2.0-only, LGPL-2.1-only, LGPL-2.1-or-later, EPL-1.0, EPL-2.0, CDDL-1.0, CC0-1.0

OpenSSF Scorecard

PackageVersionScoreDetails
maven/org.apache.logging.log4j:log4j-api 2.26.1 🟢 8.3
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 44 out of 9 merged PRs checked by a CI test -- score normalized to 4
CII-Best-Practices⚠️ 2badge detected: in_progress
Code-Review⚠️ 1found 20 unreviewed changesets out of 23 -- score normalized to 1
Contributors🟢 1046 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 17 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 10all dependencies are pinned
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 10no vulnerabilities detected
maven/org.apache.logging.log4j:log4j-core 2.26.1 🟢 8.3
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 44 out of 9 merged PRs checked by a CI test -- score normalized to 4
CII-Best-Practices⚠️ 2badge detected: in_progress
Code-Review⚠️ 1found 20 unreviewed changesets out of 23 -- score normalized to 1
Contributors🟢 1046 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 17 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 10all dependencies are pinned
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 10no vulnerabilities detected
maven/org.apache.logging.log4j:log4j-slf4j2-impl 2.26.1 🟢 8.3
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 44 out of 9 merged PRs checked by a CI test -- score normalized to 4
CII-Best-Practices⚠️ 2badge detected: in_progress
Code-Review⚠️ 1found 20 unreviewed changesets out of 23 -- score normalized to 1
Contributors🟢 1046 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 17 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 10all dependencies are pinned
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 10no vulnerabilities detected

Scanned Files

  • pom.xml

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

📋 Unreleased Changelog Preview

This is what the next release notes will look like based on commits in this PR.

Changelog

All notable changes to this project will be documented in this file.

[Unreleased]

⬆️ Dependency Updates

  • Bump the logging group with 3 updates (deps)

Generated by git-cliff


🔄 Run #119 · Mon, 06 Jul 2026 07:08:39 GMT

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

✅ Test Results

Metric Count
Passed 669
Failed 0
⏭️ Skipped 0
📊 Total 669

✅ Coverage

Type Coverage Covered / Total
📏 Lines 83.7% 1746 / 2085
🌿 Branches 72.5% 527 / 727
🔧 Methods 83.4% 361 / 433

🔄 CI run #138 · Mon, 06 Jul 2026 07:11:51 GMT

@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 6, 2026
@dependabot dependabot Bot deleted the dependabot/maven/logging-97f184e8af branch July 6, 2026 20:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants