(do not) Bump version.slf4j from 1.7.36 to 2.0.1 (#2791)

dependabot[bot] · SylvainJuge · web-flow · commit 77852449fb69 · 2022-09-27T11:16:31.000-04:00
* Bump version.slf4j from 1.7.36 to 2.0.1 Bumps `version.slf4j` from 1.7.36 to 2.0.1. Updates `slf4j-api` from 1.7.36 to 2.0.1 - [Release notes](https://github.com/qos-ch/slf4j/releases) - [Commits](qos-ch/slf4j@v_1.7.36...v_2.0.1) Updates `slf4j-simple` from 1.7.36 to 2.0.1 - [Release notes](https://github.com/qos-ch/slf4j/releases) - [Commits](qos-ch/slf4j@v_1.7.36...v_2.0.1) --- updated-dependencies: - dependency-name: org.slf4j:slf4j-api dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.slf4j:slf4j-simple dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * stick to 1.7.36 Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sylvain Juge <sylvain.juge@elastic.co>
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -41,8 +41,8 @@ updates:
         # We deliberately want to keep this older version of Byte Buddy for our runtime attach test
         versions: ["<=1.9.16"]
       - dependency-name: "org.slf4j:slf4j-api"
-        # A static arbitrary version used within our external plugin test
-        versions: ["<=1.7.25"]
+        # A static arbitrary version used within our external plugin test + latest for java 7
+        versions: ["<=1.7.25", "1.7.36"]
       # Since these AWS dependencies are heavy and are being released very frequently, we ignore in the weekly update and update monthly
       - dependency-name: "com.amazonaws:aws-java-sdk-s3"
       - dependency-name: "com.amazonaws:aws-java-sdk-dynamodb"
diff --git a/apm-agent-plugins/apm-servlet-jakarta-test/pom.xml b/apm-agent-plugins/apm-servlet-jakarta-test/pom.xml
@@ -62,12 +62,12 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.36</version>
+            <version>${version.slf4j}</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-simple</artifactId>
-            <version>1.7.36</version>
+            <version>${version.slf4j}</version>
         </dependency>
     </dependencies>
 </project>
diff --git a/integration-tests/external-plugin-test/plugin-instrumentation-target/pom.xml b/integration-tests/external-plugin-test/plugin-instrumentation-target/pom.xml
@@ -20,7 +20,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.36</version>
+            <version>${version.slf4j}</version>
         </dependency>
     </dependencies>
 </project>
diff --git a/pom.xml b/pom.xml
@@ -108,6 +108,7 @@
         <version.junit-vintage-engine>5.9.0</version.junit-vintage-engine>
         <version.logback>1.2.3</version.logback>
         <version.okhttp>4.9.1</version.okhttp>
+        <!-- this is the last version of slf4j that is compatible with Java 7-->
         <version.slf4j>1.7.36</version.slf4j>
         <!-- this is the last version of log4j that is compatible with Java 7. Due to a known vulnerability
         (https://nvd.nist.gov/vuln/detail/CVE-2020-9488#vulnCurrentDescriptionTitle), the SMTP appender is
