Merge branch 'master' into release

.github/workflows/codeql-analysis.yml

@@ -45,10 +45,10 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # 4.1.2
+      uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # 4.1.5
       with:
         persist-credentials: false
-    - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1
+    - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
       with:
         path: ~/.m2/repository
         key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
@@ -57,7 +57,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@3ab4101902695724f9365a384f86c1074d94e18c    # 3.24.7
+      uses: github/codeql-action/init@ccf74c947955fd1cf117aef6a0e4e66191ef6f61    # 3.25.4
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -68,7 +68,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@3ab4101902695724f9365a384f86c1074d94e18c    # 3.24.7
+      uses: github/codeql-action/autobuild@ccf74c947955fd1cf117aef6a0e4e66191ef6f61    # 3.25.4
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -82,4 +82,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@3ab4101902695724f9365a384f86c1074d94e18c    # 3.24.7
+      uses: github/codeql-action/analyze@ccf74c947955fd1cf117aef6a0e4e66191ef6f61    # 3.25.4

.github/workflows/coverage.yml

@@ -29,7 +29,7 @@ jobs:
         java: [ 8 ]
 
     steps:
-    - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+    - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
       with:
         persist-credentials: false
     - name: Set up JDK ${{ matrix.java }}
@@ -42,6 +42,6 @@ jobs:
       run: mvn --show-version --batch-mode --no-transfer-progress verify jacoco:report
 
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v3
+      uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v3
       with:
         files: ./target/site/jacoco/jacoco.xml

.github/workflows/maven.yml

@@ -31,12 +31,12 @@ jobs:
         java: [ 8, 11, 17, 21 ]
         experimental: [false]
 #        include:
-#          - java: 22-ea
+#          - java: 23-ea
 #            experimental: true        
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
     - name: Set up JDK ${{ matrix.java }}
       uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1

.github/workflows/scorecards-analysis.yml

@@ -40,12 +40,12 @@ jobs:
     steps:
 
       - name: "Checkout code"
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633   # 4.1.2
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b   # 4.1.5
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736    # 2.3.1
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534    # 2.3.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -57,13 +57,13 @@ jobs:
           publish_results: true
 
       - name: "Upload artifact"
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3    # 4.3.1
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808    # 4.3.3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c    # 3.24.7
+        uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61    # 3.25.4
         with:
           sarif_file: results.sarif

README.md

@@ -46,7 +46,7 @@ Apache Commons Logging
 [![Java CI](https://github.com/apache/commons-logging/actions/workflows/maven.yml/badge.svg)](https://github.com/apache/commons-logging/actions/workflows/maven.yml)
 [![Coverage Status](https://codecov.io/gh/apache/commons-logging/branch/master/graph/badge.svg)](https://app.codecov.io/gh/apache/commons-logging)
 [![Maven Central](https://maven-badges.herokuapp.com/maven-central/commons-logging/commons-logging/badge.svg?gav=true)](https://maven-badges.herokuapp.com/maven-central/commons-logging/commons-logging/?gav=true)
-[![Javadocs](https://javadoc.io/badge/commons-logging/commons-logging/1.3.1.svg)](https://javadoc.io/doc/commons-logging/commons-logging/1.3.1)
+[![Javadocs](https://javadoc.io/badge/commons-logging/commons-logging/1.3.2.svg)](https://javadoc.io/doc/commons-logging/commons-logging/1.3.2)
 [![CodeQL](https://github.com/apache/commons-logging/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/apache/commons-logging/actions/workflows/codeql-analysis.yml)
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/apache/commons-logging/badge)](https://api.securityscorecards.dev/projects/github.com/apache/commons-logging)
 
@@ -70,7 +70,7 @@ Alternatively, you can pull it from  the central Maven repositories:
 <dependency>
   <groupId>commons-logging</groupId>
   <artifactId>commons-logging</artifactId>
-  <version>1.3.1</version>
+  <version>1.3.2</version>
 </dependency>
 ```
 

RELEASE-NOTES.txt

@@ -38,6 +38,56 @@ Changes
 *               Bump logkit from 1.0.1 to 2.0 #32. Thanks to Dependabot.
 
 
+Historical list of changes: https://commons.apache.org/proper/commons-logging/changes-report.html
+
+Download it from https://commons.apache.org/proper/commons-logging/download_logging.cgi
+
+For complete information on Apache Commons Logging, including instructions on how to submit bug reports,
+patches, or suggestions for improvement, see the Apache Commons Logging website:
+
+https://commons.apache.org/proper/commons-logging/
+
+-----------------------------------------------------------------------------
+Apache Commons Logging
+Version 1.3.1
+RELEASE NOTES
+
+The Apache Commons Logging team is pleased to announce the release of Apache Commons Logging 1.3.1
+
+Apache Commons Logging is a thin adapter allowing configurable bridging to other,
+well-known logging systems.
+
+This is a feature and maintenance release. Java 8 or later is required.
+
+Changes in this version
+-----------------------
+
+New features
+------------
+
+*               Add Maven property project.build.outputTimestamp for build reproducibility. Thanks to Gary Gregory.
+
+Fixed Bugs
+----------
+
+*               Remove references to very old JDK and Commons Logging versions #201. Thanks to Elliotte Rusty Harold.
+*               Update from Logj 1 to the Log4j 2 API compatibility layer #231. Thanks to Gary Gregory, Piotr P. Karwasz.
+*               Allow Servlet 4 in OSGi environment #191. Thanks to V�clav Haisman.
+*               Fix generics warnings #213. Thanks to Elliotte Rusty Harold.
+* LOGGING-189:  Fix Import-Package entry for org.slf4j #188. Thanks to V�clav Haisman, Sebb, Hannes Wellmann, Gary Gregory, Piotr P. Karwasz.
+
+Changes
+-------
+
+*               Bump org.apache.commons:commons-parent from 65 to 67. Thanks to Dependabot.
+*               Bump log4j2.version from 2.21.1 to 2.23.1 #187, #230. Thanks to Dependabot, Piotr P. Karwasz.
+*               Bump org.slf4j:slf4j-api from 2.0.9 to 2.0.12 #207. Thanks to Dependabot.
+*               Bump ch.qos.logback:logback-classic from 1.3.11 to 1.3.14 #212. Thanks to Dependabot, Gary Gregory.
+*               Bump ch.qos.logback:logback-core from 1.3.11 to 1.3.14 #211. Thanks to Dependabot, Gary Gregory.
+*               Bump com.h3xstream.findsecbugs:findsecbugs-plugin from 1.12.0 to 1.13.0. Thanks to Dependabot.
+*               Bump logkit from 1.0.1 to 2.0 #32. Thanks to Dependabot.
+
+
 Historical list of changes: https://commons.apache.org/proper/commons-logging/changes-report.html
 
 Download it from https://commons.apache.org/proper/commons-logging/download_logging.cgi