Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4#122
Conversation
Bumps org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4. --- updated-dependencies: - dependency-name: org.apache.logging.log4j:log4j-core dependency-version: 2.25.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
There was a problem hiding this comment.
Pull request overview
Updates dependencies (Dependabot) for Log4j, with an additional project version change.
Changes:
- Bump
org.apache.logging.log4j:log4j-corefrom2.25.3to2.25.4in the Gradle version catalog. - Bump the project artifact version from
1.2.9-RELEASEto1.3.0-RELEASEinbuild.gradle.kts.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
gradle/libs.versions.toml |
Updates Log4j Core version in the centralized versions catalog. |
build.gradle.kts |
Updates the project’s published version string. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| org-apache-logging-log4j-log4j-api = "2.25.4" | ||
| org-apache-logging-log4j-log4j-core = "2.25.4" | ||
| org-apache-logging-log4j-log4j-to-slf4j = "2.25.4" |
There was a problem hiding this comment.
The Log4j artifacts are now on mixed versions (log4j-core is 2.25.4, but log4j-api and log4j-to-slf4j remain 2.25.3). Log4j modules are intended to be kept on the same version; this mismatch can lead to dependency resolution conflicts or runtime linkage errors. Consider bumping all Log4j modules together (api/core/to-slf4j) to 2.25.4 or managing them via the Log4j BOM/platform to keep versions aligned.
|
dependabot
Bot
deleted the
dependabot/gradle/org.apache.logging.log4j-log4j-core-2.25.4
branch
Bumps org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)