From 3e1894a01a81f427bdfc2d08bb1d7128abe10a3b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Sep 2024 14:17:23 +0200
Subject: [PATCH 1/5] Bump vaadin.version from 24.4.8 to 24.4.11 (#824)

Bumps `vaadin.version` from 24.4.8 to 24.4.11.

Updates `com.vaadin:vaadin-bom` from 24.4.8 to 24.4.11

Updates `com.vaadin:vaadin-maven-plugin` from 24.4.8 to 24.4.11

---
updated-dependencies:
- dependency-name: com.vaadin:vaadin-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: com.vaadin:vaadin-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 35b755bf8..023ac2e64 100644
--- a/pom.xml
+++ b/pom.xml
@@ -30,7 +30,7 @@
 
   <properties>
     <java.version>17</java.version>
-    <vaadin.version>24.4.8</vaadin.version>
+    <vaadin.version>24.4.11</vaadin.version>
     <maven.compiler.source>17</maven.compiler.source>
     <maven.compiler.target>17</maven.compiler.target>
     <jakarta.persistence.version>3.1.0</jakarta.persistence.version>

From 36106ccf539c95170607199bccb65500a6bbc508 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Sep 2024 14:23:52 +0200
Subject: [PATCH 2/5] Bump org.apache.maven.plugins:maven-surefire-plugin
 (#818)

Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.0.0-M5 to 3.5.0.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.0.0-M5...surefire-3.5.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 023ac2e64..95e4715f4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -223,7 +223,7 @@
       </plugin>
       <plugin>
         <artifactId>maven-surefire-plugin</artifactId>
-        <version>3.0.0-M5</version>
+        <version>3.5.0</version>
         <configuration>
           <useModulePath>false</useModulePath>
           <includes>

From 2a6564c3249734197d89e67ebdb43604fe4768b2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Sep 2024 15:08:51 +0200
Subject: [PATCH 3/5] Bump ch.qos.logback:logback-core from 1.5.6 to 1.5.7
 (#816)

* Bump ch.qos.logback:logback-core from 1.5.6 to 1.5.7

Bumps [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) from 1.5.6 to 1.5.7.
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.6...v_1.5.7)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump ch.qos.logback:logback-core from 1.5.6 to 1.5.7

Bumps [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) from 1.5.6 to 1.5.7.
- [Commits](https://github.com/qos-ch/logback/compare/v_1.5.6...v_1.5.7)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix rolling strategy

* replace layout by encoder

* replace layout with encoder

layout is deprecated

* fix log rolling

* bump logback-classic as well

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tobias Koch <tobias.koch@qbic.uni-tuebingen.de>
---
 logging/pom.xml                               |  4 ++--
 logging/src/test/resources/logger.xml         |  7 +++----
 .../src/main/resources/logback-spring.xml     | 19 ++++++++-----------
 3 files changed, 13 insertions(+), 17 deletions(-)

diff --git a/logging/pom.xml b/logging/pom.xml
index 25e5410b0..c04b6b49d 100644
--- a/logging/pom.xml
+++ b/logging/pom.xml
@@ -26,12 +26,12 @@
       <dependency>
         <groupId>ch.qos.logback</groupId>
         <artifactId>logback-classic</artifactId>
-        <version>1.5.6</version>
+        <version>1.5.7</version>
       </dependency>
       <dependency>
         <groupId>ch.qos.logback</groupId>
         <artifactId>logback-core</artifactId>
-        <version>1.5.6</version>
+        <version>1.5.7</version>
       </dependency>
     </dependencies>
   </dependencyManagement>
diff --git a/logging/src/test/resources/logger.xml b/logging/src/test/resources/logger.xml
index 948b61941..7020f3532 100644
--- a/logging/src/test/resources/logger.xml
+++ b/logging/src/test/resources/logger.xml
@@ -3,13 +3,12 @@
 
   <property name="LOGS" value="${LOG_PATH:-./logs}"/>
 
-  <appender name="Console"
-    class="ch.qos.logback.core.ConsoleAppender">
-    <layout class="ch.qos.logback.classic.PatternLayout">
+  <appender name="Console" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
       <Pattern>
         %black(%d{ISO8601}) %highlight(%-5level) [%blue(%t)] %yellow(%C{1.}): %msg%n%throwable
       </Pattern>
-    </layout>
+    </encoder>
   </appender>
 
   <!-- LOG everything at INFO level -->
diff --git a/user-interface/src/main/resources/logback-spring.xml b/user-interface/src/main/resources/logback-spring.xml
index ad619e738..7969f630d 100644
--- a/user-interface/src/main/resources/logback-spring.xml
+++ b/user-interface/src/main/resources/logback-spring.xml
@@ -5,31 +5,28 @@
 
   <appender name="Console"
     class="ch.qos.logback.core.ConsoleAppender">
-    <layout class="ch.qos.logback.classic.PatternLayout">
+    <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
       <Pattern>
         %black(%d{ISO8601}) %highlight(%-5level) [%blue(%t)] %yellow(%logger{36}): %msg%n%throwable
       </Pattern>
-    </layout>
+    </encoder>
   </appender>
 
   <appender name="RollingFile"
     class="ch.qos.logback.core.rolling.RollingFileAppender">
     <file>${LOGS}/datamanager-logger.log</file>
-    <encoder
-      class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
-      <Pattern>%d %p %C{1} [%t] %m%n</Pattern>
-    </encoder>
 
     <rollingPolicy
-      class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
       <!-- rollover daily and when the file reaches 10 MegaBytes -->
       <fileNamePattern>${LOGS}/archived/spring-boot-logger-%d{yyyy-MM-dd}.%i.log
       </fileNamePattern>
-      <timeBasedFileNamingAndTriggeringPolicy
-        class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
-        <maxFileSize>10MB</maxFileSize>
-      </timeBasedFileNamingAndTriggeringPolicy>
+      <maxFileSize>10MB</maxFileSize>
     </rollingPolicy>
+    <encoder
+      class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+      <Pattern>%d %p %C{1} [%t] %m%n</Pattern>
+    </encoder>
   </appender>
 
   <!-- LOG everything at INFO level -->

From 18dfb5f46e83e76b633827f174016578f50b7bbf Mon Sep 17 00:00:00 2001
From: Tobias Koch <tobias.koch@qbic.uni-tuebingen.de>
Date: Thu, 5 Sep 2024 15:25:20 +0200
Subject: [PATCH 4/5] Bump spring boot version from 3.3.2 to 3.3.3 (#825)

* Bump spring boot version

* remove explicit version of snakeyaml
---
 pom.xml | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/pom.xml b/pom.xml
index 95e4715f4..4f59d1c44 100644
--- a/pom.xml
+++ b/pom.xml
@@ -41,7 +41,7 @@
   <parent>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
-    <version>3.3.2</version>
+    <version>3.3.3</version>
   </parent>
 
   <repositories>
@@ -173,13 +173,6 @@
         <artifactId>jackson-annotations</artifactId>
         <version>${jackson.version}</version>
       </dependency>
-
-      <!--If not specified, spring-boot-starter-parent dependency will introduce transitively the 1.33 version of snakeyaml, for a CVE exists. -->
-      <dependency>
-        <groupId>org.yaml</groupId>
-        <artifactId>snakeyaml</artifactId>
-        <version>2.2</version>
-      </dependency>
     </dependencies>
 
   </dependencyManagement>

From b8ce28430454cf8818eeaf8c670005b6fce6db07 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Sep 2024 15:31:28 +0200
Subject: [PATCH 5/5] Bump jakarta.persistence:jakarta.persistence-api from
 3.1.0 to 3.2.0 (#730)

Bumps [jakarta.persistence:jakarta.persistence-api](https://github.com/jakartaee/persistence) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/jakartaee/persistence/releases)
- [Commits](https://github.com/jakartaee/persistence/commits)

---
updated-dependencies:
- dependency-name: jakarta.persistence:jakarta.persistence-api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 4f59d1c44..0faddf068 100644
--- a/pom.xml
+++ b/pom.xml
@@ -33,7 +33,7 @@
     <vaadin.version>24.4.11</vaadin.version>
     <maven.compiler.source>17</maven.compiler.source>
     <maven.compiler.target>17</maven.compiler.target>
-    <jakarta.persistence.version>3.1.0</jakarta.persistence.version>
+    <jakarta.persistence.version>3.2.0</jakarta.persistence.version>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <jackson.version>2.17.2</jackson.version>
   </properties>