From 663d7b9e8349753e32462bccee30a1ec664bf074 Mon Sep 17 00:00:00 2001
From: Joseph Zuniga-Daly <joseph.zunigadaly@r3.com>
Date: Wed, 27 Sep 2023 17:18:48 +0100
Subject: [PATCH] CORE-15310: Upgrade CLI PF4J to 3.10 and SLF4J to 2.0.6

---
 gradle.properties                       | 3 ++-
 testing/e2e-test-utilities/build.gradle | 1 -
 tools/plugins/db-config/build.gradle    | 5 +++++
 tools/plugins/network/build.gradle      | 9 +++++++++
 tools/plugins/package/build.gradle      | 9 +++++++++
 tools/plugins/topic-config/build.gradle | 5 +++++
 tools/plugins/virtual-node/build.gradle | 5 +++++
 7 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/gradle.properties b/gradle.properties
index 84f6f74a16bd..85aa6d880812 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -89,6 +89,7 @@ quasarVersion = 0.9.1_r3-SNAPSHOT
 reflectAsmVersion = 1.11.9
 # SLF4J cannot be ugraded to 2.x due to CorDapps requiring the 1.7 <= x < 2.0
 slf4jVersion=1.7.36
+slf4jV2Version=2.0.6
 # Snappy version used for serialization
 snappyVersion=0.4
 # Completely different version of Snappy used in Kafka client
@@ -136,7 +137,7 @@ jibCoreVersion=0.23.0
 artifactoryPluginVersion = 4.28.2
 
 # PF4J
-pf4jVersion=3.9.0
+pf4jVersion=3.10.0
 
 # corda-cli plugin host
 pluginHostVersion=5.1.0-beta+
diff --git a/testing/e2e-test-utilities/build.gradle b/testing/e2e-test-utilities/build.gradle
index 7aa44025bc01..7c5547eb62b1 100644
--- a/testing/e2e-test-utilities/build.gradle
+++ b/testing/e2e-test-utilities/build.gradle
@@ -19,7 +19,6 @@ dependencies {
     implementation project(':components:flow:flow-rest-resource-service')
     implementation project(':libs:crypto:certificate-generation')
     implementation project(':libs:crypto:crypto-utils')
-    implementation project(':tools:plugins:package')
     implementation project(":testing:packaging-test-utilities")
     implementation "org.slf4j:slf4j-api:$slf4jVersion"
     implementation project(':libs:crypto:crypto-core')
diff --git a/tools/plugins/db-config/build.gradle b/tools/plugins/db-config/build.gradle
index af2c968dde7d..27d453df2fcc 100644
--- a/tools/plugins/db-config/build.gradle
+++ b/tools/plugins/db-config/build.gradle
@@ -26,6 +26,11 @@ dependencies {
         implementation("org.yaml:snakeyaml:$snakeyamlVersion") {
             because "required until liquibase-core updates it's internal version of snakeYaml, currently using 1.33 which has CVE-2022-1471"
         }
+        implementation('org.slf4j:slf4j-api') {
+            version {
+                strictly slf4jV2Version
+            }
+        }
     }
 
     // DO NOT DISTRIBUTE DRIVERS HERE WE ARE NOT LICENSED TO DISTRIBUTE
diff --git a/tools/plugins/network/build.gradle b/tools/plugins/network/build.gradle
index bf818dcefe84..0a5fa2ec94a0 100644
--- a/tools/plugins/network/build.gradle
+++ b/tools/plugins/network/build.gradle
@@ -45,6 +45,15 @@ kotlin {
 group 'net.corda.cli.deployment'
 
 dependencies {
+    constraints {
+        implementation('org.slf4j:slf4j-api') {
+            version {
+                strictly slf4jV2Version
+            }
+        }
+
+    }
+
     compileOnly "net.corda.cli.host:api:$pluginHostVersion"
 
     implementation "com.fasterxml.jackson.module:jackson-module-kotlin:$jacksonVersion"
diff --git a/tools/plugins/package/build.gradle b/tools/plugins/package/build.gradle
index 29c95f4ef60e..a5433f772bcc 100644
--- a/tools/plugins/package/build.gradle
+++ b/tools/plugins/package/build.gradle
@@ -13,6 +13,15 @@ ext {
 group 'net.corda.cli.deployment'
 
 dependencies {
+    constraints {
+        implementation('org.slf4j:slf4j-api') {
+            version {
+                strictly slf4jV2Version
+            }
+        }
+
+    }
+
     compileOnly "net.corda.cli.host:api:$pluginHostVersion"
 
     implementation project(':libs:packaging:packaging-verify')
diff --git a/tools/plugins/topic-config/build.gradle b/tools/plugins/topic-config/build.gradle
index 896708307ad7..536740def19c 100644
--- a/tools/plugins/topic-config/build.gradle
+++ b/tools/plugins/topic-config/build.gradle
@@ -29,6 +29,11 @@ dependencies {
             because 'Kafka Client uses an older version of Snappy library which is exposed to CVE-2023-34455. ' +
                     'This might be resolved in the future versions of Kafka Client.'
         }
+        implementation('org.slf4j:slf4j-api') {
+            version {
+                strictly slf4jV2Version
+            }
+        }
     }
 
     testImplementation 'org.jetbrains.kotlin:kotlin-stdlib'
diff --git a/tools/plugins/virtual-node/build.gradle b/tools/plugins/virtual-node/build.gradle
index da527dd6ec0d..775862d81cd4 100644
--- a/tools/plugins/virtual-node/build.gradle
+++ b/tools/plugins/virtual-node/build.gradle
@@ -33,6 +33,11 @@ dependencies {
         implementation("org.yaml:snakeyaml:$snakeyamlVersion") {
             because "required until liquibase-core updates it's internal version of snakeYaml, currently using 1.33 which has CVE-2022-1471"
         }
+        implementation('org.slf4j:slf4j-api') {
+            version {
+                strictly slf4jV2Version
+            }
+        }
     }
 
     // DO NOT DISTRIBUTE DRIVERS HERE WE ARE NOT LICENSED TO DISTRIBUTE