Skip to content

Bump ch.qos.logback:logback-core from 1.5.18 to 1.5.20 in /test/fixtures/hdfs-fixture #19782

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 2 commits into from
Closed

Bump ch.qos.logback:logback-core from 1.5.18 to 1.5.20 in /test/fixtures/hdfs-fixture #19782

dependabot wants to merge 2 commits into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 27, 2025
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps ch.qos.logback:logback-core from 1.5.18 to 1.5.20.

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • 930fb15 prepare release 1.5.20
  • 0b4432a provide an alternative to Janino based conditional configuration processing -...
  • 258558f provide an alternative to Janino based conditional configuration processing -...
  • ee77a70 provide an alternative to Janino based conditional configuration processing -...
  • 5ca7ce8 provide an alternative to Janino based conditional configuration processing -...
  • 728803f fix typo
  • aa5eeb1 start work on version 1.5.20-SNAPSHOT
  • e572d4f skip deployment of blackbox and example modules, published as version 1.5.9
  • 4adae8b add plugin for Maven Central deployment
  • ee70cf4 prepare release 1.5.19
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump ch.qos.logback:logback-core in /test/fixtures/hdfs-fixture
eb3b85a 
Bumps [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) from 1.5.18 to 1.5.20.
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.18...v_1.5.20)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-core
  dependency-version: 1.5.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependabot PRs with auto version bumps from dependabot dependencies Pull requests that update a dependency file patch labels Oct 27, 2025
@dependabot dependabot bot requested a review from a team as a code owner October 27, 2025 13:51
@dependabot dependabot bot added dependencies Pull requests that update a dependency file dependabot PRs with auto version bumps from dependabot labels Oct 27, 2025
@dependabot
Update changelog
bcc52c1 
Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Copy link
Contributor

github-actions bot commented Oct 27, 2025

❌ Gradle check result for bcc52c1: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@cwperks
Copy link
Member

cwperks commented Oct 27, 2025

Created this manually last week here: #19763

@opensearch-ci-bot opensearch-ci-bot mentioned this pull request Oct 27, 2025
Open
@cwperks
Copy link
Member

cwperks commented Oct 27, 2025

Can be closed as #19763 is merged.

@cwperks cwperks closed this Oct 27, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 27, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/gradle/test/fixtures/hdfs-fixture/ch.qos.logback-logback-core-1.5.20 branch October 27, 2025 23:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependabot PRs with auto version bumps from dependabot dependencies Pull requests that update a dependency file patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cwperks