CORE-15310: Upgrade CLI PF4J to 3.10 and SLF4J to 2.0.6

corda · Sep 28, 2023 · 663d7b9 · 663d7b9
1 parent 2adcee5
commit 663d7b9
Show file tree

Hide file tree

Showing 7 changed files with 35 additions and 2 deletions.
diff --git a/gradle.properties b/gradle.properties
@@ -89,6 +89,7 @@ quasarVersion = 0.9.1_r3-SNAPSHOT
 reflectAsmVersion = 1.11.9
 # SLF4J cannot be ugraded to 2.x due to CorDapps requiring the 1.7 <= x < 2.0
 slf4jVersion=1.7.36
+slf4jV2Version=2.0.6
 # Snappy version used for serialization
 snappyVersion=0.4
 # Completely different version of Snappy used in Kafka client
@@ -136,7 +137,7 @@ jibCoreVersion=0.23.0
 artifactoryPluginVersion = 4.28.2
 
 # PF4J
-pf4jVersion=3.9.0
+pf4jVersion=3.10.0
 
 # corda-cli plugin host
 pluginHostVersion=5.1.0-beta+

diff --git a/testing/e2e-test-utilities/build.gradle b/testing/e2e-test-utilities/build.gradle
@@ -19,7 +19,6 @@ dependencies {
     implementation project(':components:flow:flow-rest-resource-service')
     implementation project(':libs:crypto:certificate-generation')
     implementation project(':libs:crypto:crypto-utils')
-    implementation project(':tools:plugins:package')
     implementation project(":testing:packaging-test-utilities")
     implementation "org.slf4j:slf4j-api:$slf4jVersion"
     implementation project(':libs:crypto:crypto-core')

diff --git a/tools/plugins/db-config/build.gradle b/tools/plugins/db-config/build.gradle
@@ -26,6 +26,11 @@ dependencies {
         implementation("org.yaml:snakeyaml:$snakeyamlVersion") {
             because "required until liquibase-core updates it's internal version of snakeYaml, currently using 1.33 which has CVE-2022-1471"
         }
+        implementation('org.slf4j:slf4j-api') {
+            version {
+                strictly slf4jV2Version
+            }
+        }
     }
 
     // DO NOT DISTRIBUTE DRIVERS HERE WE ARE NOT LICENSED TO DISTRIBUTE

diff --git a/tools/plugins/network/build.gradle b/tools/plugins/network/build.gradle
@@ -45,6 +45,15 @@ kotlin {
 group 'net.corda.cli.deployment'
 
 dependencies {
+    constraints {
+        implementation('org.slf4j:slf4j-api') {
+            version {
+                strictly slf4jV2Version
+            }
+        }
+
+    }
+
     compileOnly "net.corda.cli.host:api:$pluginHostVersion"
 
     implementation "com.fasterxml.jackson.module:jackson-module-kotlin:$jacksonVersion"

diff --git a/tools/plugins/package/build.gradle b/tools/plugins/package/build.gradle
@@ -13,6 +13,15 @@ ext {
 group 'net.corda.cli.deployment'
 
 dependencies {
+    constraints {
+        implementation('org.slf4j:slf4j-api') {
+            version {
+                strictly slf4jV2Version
+            }
+        }
+
+    }
+
     compileOnly "net.corda.cli.host:api:$pluginHostVersion"
 
     implementation project(':libs:packaging:packaging-verify')

diff --git a/tools/plugins/topic-config/build.gradle b/tools/plugins/topic-config/build.gradle
@@ -29,6 +29,11 @@ dependencies {
             because 'Kafka Client uses an older version of Snappy library which is exposed to CVE-2023-34455. ' +
                     'This might be resolved in the future versions of Kafka Client.'
         }
+        implementation('org.slf4j:slf4j-api') {
+            version {
+                strictly slf4jV2Version
+            }
+        }
     }
 
     testImplementation 'org.jetbrains.kotlin:kotlin-stdlib'

diff --git a/tools/plugins/virtual-node/build.gradle b/tools/plugins/virtual-node/build.gradle
@@ -33,6 +33,11 @@ dependencies {
         implementation("org.yaml:snakeyaml:$snakeyamlVersion") {
             because "required until liquibase-core updates it's internal version of snakeYaml, currently using 1.33 which has CVE-2022-1471"
         }
+        implementation('org.slf4j:slf4j-api') {
+            version {
+                strictly slf4jV2Version
+            }
+        }
     }
 
     // DO NOT DISTRIBUTE DRIVERS HERE WE ARE NOT LICENSED TO DISTRIBUTE