Skip to content

fix(deps): bump org.slf4j:slf4j-api from 1.7.26 to 2.0.18#6180

Open
dependabot[bot] wants to merge 4 commits into
mainfrom
dependabot/sbt/org.slf4j-slf4j-api-2.0.18
Open

fix(deps): bump org.slf4j:slf4j-api from 1.7.26 to 2.0.18#6180
dependabot[bot] wants to merge 4 commits into
mainfrom
dependabot/sbt/org.slf4j-slf4j-api-2.0.18

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown
Contributor

Bumps org.slf4j:slf4j-api from 1.7.26 to 2.0.18.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file sbt Pull requests that update sbt code labels Jul 5, 2026
@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Automated Reviewer Suggestions

Based on the git blame history of the changed files, we recommend the following reviewers:

  • Contributors with relevant context: @aglinxinyuan
    You can notify them by mentioning @aglinxinyuan in a comment.

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

⚠️ Benchmark changes need a look

🟢 2 better · 🔴 6 worse · ⚪ 7 noise (<±5%) · 0 without baseline

Compared against main 27f145a benchmarked on this same runner, so the delta is largely free of cross-runner hardware noise. The "7d avg" column still reflects the gh-pages dashboard. Treat <±5% as noise unless repeated.

Dashboard · Run

config throughput MB/s latency max Δ latest / 7d
🔴 bs=10 sw=10 sl=64 410 0.25 23,243/31,340/31,340 us 🟢 -15.0% / 🔴 +100.3%
🔴 bs=100 sw=10 sl=64 820 0.501 120,105/151,001/151,001 us 🔴 +16.0% / 🔴 +38.3%
bs=1000 sw=10 sl=64 946 0.577 1,056,179/1,085,306/1,085,306 us ⚪ within ±5% / 🔴 -5.5%
Baseline details

Latest main 27f145a from same runner

config metric PR latest main 7d avg Δ latest Δ 7d
bs=10 sw=10 sl=64 throughput 410 tuples/sec 429 tuples/sec 760.25 tuples/sec -4.4% -46.1%
bs=10 sw=10 sl=64 MB/s 0.25 MB/s 0.262 MB/s 0.464 MB/s -4.6% -46.1%
bs=10 sw=10 sl=64 p50 23,243 us 21,595 us 12,873 us +7.6% +80.6%
bs=10 sw=10 sl=64 p95 31,340 us 36,877 us 15,648 us -15.0% +100.3%
bs=10 sw=10 sl=64 p99 31,340 us 36,877 us 19,338 us -15.0% +62.1%
bs=100 sw=10 sl=64 throughput 820 tuples/sec 878 tuples/sec 974.75 tuples/sec -6.6% -15.9%
bs=100 sw=10 sl=64 MB/s 0.501 MB/s 0.536 MB/s 0.595 MB/s -6.5% -15.8%
bs=100 sw=10 sl=64 p50 120,105 us 111,620 us 102,470 us +7.6% +17.2%
bs=100 sw=10 sl=64 p95 151,001 us 130,207 us 109,144 us +16.0% +38.3%
bs=100 sw=10 sl=64 p99 151,001 us 130,207 us 115,530 us +16.0% +30.7%
bs=1000 sw=10 sl=64 throughput 946 tuples/sec 956 tuples/sec 1,000 tuples/sec -1.0% -5.4%
bs=1000 sw=10 sl=64 MB/s 0.577 MB/s 0.584 MB/s 0.61 MB/s -1.2% -5.5%
bs=1000 sw=10 sl=64 p50 1,056,179 us 1,048,664 us 1,005,545 us +0.7% +5.0%
bs=1000 sw=10 sl=64 p95 1,085,306 us 1,091,724 us 1,045,968 us -0.6% +3.8%
bs=1000 sw=10 sl=64 p99 1,085,306 us 1,091,724 us 1,076,800 us -0.6% +0.8%
Raw CSV
config_idx,batch_size,schema_width,string_len,num_batches,total_ms,total_tuples,total_bytes,tuples_per_sec,mb_per_sec,lat_p50_us,lat_p95_us,lat_p99_us
0,10,10,64,20,487.38,200,128000,410,0.250,23243.30,31339.70,31339.70
1,100,10,64,20,2438.09,2000,1280000,820,0.501,120104.58,151001.06,151001.06
2,1000,10,64,20,21147.40,20000,12800000,946,0.577,1056179.06,1085306.21,1085306.21

@dependabot dependabot Bot force-pushed the dependabot/sbt/org.slf4j-slf4j-api-2.0.18 branch from cc82261 to ab594bb Compare July 5, 2026 22:30
@aglinxinyuan aglinxinyuan self-assigned this Jul 6, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Amber/WorkflowExecutionService build configuration to use SLF4J API 2.0.18 instead of 1.7.26.

Changes:

  • Bump org.slf4j:slf4j-api override in WorkflowExecutionService to 2.0.18.
  • Bump org.slf4j:slf4j-api in Amber’s mbknorJacksonJsonSchemaDependencies to 2.0.18.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
build.sbt Updates WorkflowExecutionService dependency override for slf4j-api to 2.0.18.
amber/build.sbt Updates Amber JSON-schema-related dependency set to use slf4j-api 2.0.18.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread amber/build.sbt
Bumps org.slf4j:slf4j-api from 1.7.26 to 2.0.18.

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-version: 2.0.18
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/sbt/org.slf4j-slf4j-api-2.0.18 branch from ab594bb to 27c322c Compare July 6, 2026 01:02
@aglinxinyuan

Copy link
Copy Markdown
Contributor

The failing build / amber check is the LICENSE-binary direct-dep drift guard — the amber dist now bundles slf4j-api-2.0.18.jar but amber/LICENSE-binary-java still claimed 1.7.26:

DRIFT (direct) JVM jars — claimed versions differ from bundled:
  ~ org.slf4j.slf4j-api: LICENSE-binary=1.7.26  bundled=2.0.18 → update in amber/LICENSE-binary-java

Fixed with two edits on top of this branch:

  • amber/LICENSE-binary-java — claim slf4j-api-2.0.18.jar
  • common/workflow-operator/build.sbt — bump the duplicate kjetland slf4j-api block Dependabot missed (evicted to 2.0.18 at resolve time anyway; aligned so the declaration is honest)

Verified locally by reproducing the exact CI command against a synthesized dist lib/ (all 407 claimed jars, slf4j-api at 2.0.18, ssl-config-core at the real bundled 0.7.1):

Scenario check_binary_deps.py --ignore-transitive-version jar
Fixed (slf4j-api 2.0.18) OK: 407 JVM jars match LICENSE-binary — exit 0 ✅
Control (pre-fix 1.7.26) DRIFT (direct) ~ org.slf4j.slf4j-api: 1.7.26 → 2.0.18 — exit 1 ❌ (matches the CI failure verbatim)

The com.typesafe.ssl-config-core line in the log is transitive/informational (the nightly exact-match check on main refreshes those) — it doesn't block PR-mode. NOTICE-binary is unaffected: the generator is version-less and slf4j ships no NOTICE block.

@codecov-commenter

codecov-commenter commented Jul 6, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 60.23%. Comparing base (27f145a) to head (c79b567).
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@             Coverage Diff              @@
##               main    #6180      +/-   ##
============================================
- Coverage     60.74%   60.23%   -0.52%     
+ Complexity     3368     3363       -5     
============================================
  Files          1135     1132       -3     
  Lines         44188    43737     -451     
  Branches       4830     4738      -92     
============================================
- Hits          26844    26344     -500     
- Misses        15889    15966      +77     
+ Partials       1455     1427      -28     
Flag Coverage Δ *Carryforward flag
access-control-service 70.00% <ø> (ø)
agent-service 44.59% <ø> (ø) Carriedforward from 2ddf1e1
amber 65.98% <ø> (-0.17%) ⬇️
computing-unit-managing-service 0.00% <ø> (ø)
config-service 52.30% <ø> (ø)
file-service 63.97% <ø> (ø)
frontend 51.37% <ø> (-1.28%) ⬇️ Carriedforward from 2ddf1e1
notebook-migration-service 78.57% <ø> (ø)
pyamber 91.17% <ø> (-0.02%) ⬇️ Carriedforward from 2ddf1e1
workflow-compiling-service 55.14% <ø> (ø)

*This pull request uses carry forward flags. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

The slf4j-api 1.7.26 -> 2.0.18 bump makes the amber dist bundle
slf4j-api-2.0.18.jar, but amber/LICENSE-binary-java still claimed 1.7.26,
failing `build / amber` on the direct-dep LICENSE-binary drift check:

  DRIFT (direct) ~ org.slf4j.slf4j-api: LICENSE-binary=1.7.26 bundled=2.0.18

Sync the claim to slf4j-api-2.0.18.jar.
@aglinxinyuan aglinxinyuan force-pushed the dependabot/sbt/org.slf4j-slf4j-api-2.0.18 branch from 2f8eb76 to 4e1a9b8 Compare July 6, 2026 01:20
@aglinxinyuan

Copy link
Copy Markdown
Contributor

Correction to the above — I dropped the common/workflow-operator/build.sbt bump. workflow-compiling-service depends on workflow-operator, and pushing slf4j-api to 2.0.18 there evicted that service's resolved slf4j-api up from 2.0.17 → 2.0.18, which then failed its LICENSE-binary check:

~ org.slf4j.slf4j-api: LICENSE-binary=2.0.17  bundled=2.0.18 → update in workflow-compiling-service/LICENSE-binary

So the PR now carries only the one required change — amber/LICENSE-binary-java claiming slf4j-api-2.0.18.jar. That's all build / amber needs, and it leaves the downstream platform services untouched.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

common dependencies Pull requests that update a dependency file engine sbt Pull requests that update sbt code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants