[Snyk] Fix for 2 vulnerabilities (#42)

snyk-bot · yotamloe · web-flow · commit 8f866cf192b4 · 2021-12-12T13:25:36.000+02:00
* fix: pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314719 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720 * Update README.md * Update README.md * Add auto test workflow * update workflow Co-authored-by: yotamloe <yotam12341@gmail.com>
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,18 @@
+name: Test with mvn
+on:
+  pull_request:
+    branches: [ master ]
+jobs:
+  test:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        java: [ '8', '11', '15' ]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-java@v1
+        with:
+          java-version: ${{ matrix.java }}
+      - name: Test with Maven
+        run: mvn test
diff --git a/README.md b/README.md
@@ -13,7 +13,7 @@ This appender uses  [LogzioSender](https://github.com/logzio/logzio-java-sender)
     <dependency>
         <groupId>io.logz.log4j2</groupId>
         <artifactId>logzio-log4j2-appender</artifactId>
-        <version>1.0.12</version>
+        <version>1.0.13</version>
     </dependency>
 ```
 
@@ -137,6 +137,11 @@ Will send a log to Logz.io that looks like this:
 ```
 
 ### Release notes
+ - 1.0.14
+   - Bump versions of `log4j-api` and `log4j-core`
+ - 1.0.13
+   - Fix for issue #38, thanks to @idachev
+   - Bump versions of `log4j` and `guava`
  - 1.0.11
    - add in memory queue option
    - change bufferDir(deprecated) to queueDir
diff --git a/pom.xml b/pom.xml
@@ -150,12 +150,12 @@
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-api</artifactId>
-            <version>2.14.1</version>
+            <version>2.15.0</version>
         </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-core</artifactId>
-            <version>2.14.1</version>
+            <version>2.15.0</version>
         </dependency>
         <dependency>
             <groupId>io.logz.sender</groupId>
