Upgrade slf4j-api from 1.7.32 to 1.7.36

[JinwooHwang]

Summary

This PR upgrades the SLF4J API library from version 1.7.32 to 1.7.36 to resolve a version conflict in the dependency tree and eliminate duplicate jars in the build output.

Problem Statement

The build was producing both slf4j-api-1.7.32.jar and slf4j-api-1.7.36.jar, causing potential classpath conflicts and unnecessary duplication. This occurred because:

• Geode's dependency constraints specified slf4j-api:1.7.32
• Apache Shiro 1.13.0 (a transitive dependency) requires slf4j-api:1.7.36
• Gradle was resolving the conflict by including both versions in different contexts

Root Cause

Apache Shiro 1.13.0, which is used as a dependency in Geode, declares a dependency on slf4j-api:1.7.36. When Geode's dependency management specified version 1.7.32, it created a version mismatch that resulted in both versions being included in the build artifacts.

Solution

Align Geode's SLF4J API version with the version required by Apache Shiro 1.13.0 by upgrading to 1.7.36.

Changes

Dependency Management

• build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
  • Updated slf4j-api.version from 1.7.32 to 1.7.36

Test Resources

Updated expected dependency versions in test resources to reflect the new SLF4J API version:

• boms/geode-all-bom/src/test/resources/expected-pom.xml

  • Updated expected SLF4J API version in generated POM from 1.7.32 to 1.7.36

• geode-assembly/src/integrationTest/resources/assembly_content.txt

  • Removed duplicate lib/slf4j-api-1.7.32.jar entry
  • Kept only lib/slf4j-api-1.7.36.jar

• geode-server-all/src/integrationTest/resources/dependency_classpath.txt

  • Updated jar filename from slf4j-api-1.7.32.jar to slf4j-api-1.7.36.jar

Impact

Benefits

• Eliminates duplicate jars: Build output now contains only one version of slf4j-api (1.7.36)
• Resolves version conflict: Aligns with Apache Shiro 1.13.0's dependency requirements
• Reduces build size: Removes unnecessary duplicate jar file
• Improves consistency: All modules now use the same SLF4J API version

Risk Assessment

• Low risk: Minor version upgrade within the same major version (1.7.x)
• No breaking changes: SLF4J 1.7.36 maintains full backward compatibility with 1.7.32
• Widely tested: This is a stable, mature version of SLF4J used by many projects

Compatibility

SLF4J API 1.7.36:

• Maintains API compatibility with 1.7.32
• No breaking changes
• Continued Java 8+ compatibility
• Fully compatible with existing Geode codebase and all SLF4J bindings

Testing

All changes have been validated:

Build Tasks: ./gradlew clean build

• Clean build successful
• No version conflicts in dependency resolution
• Single slf4j-api jar in output

Related Dependencies

This change affects all modules that depend on SLF4J API, which includes most Geode modules. The upgrade is transparent to all consumers as it maintains full API compatibility.

Files Changed

• 4 files changed
• 3 insertions(+), 4 deletions(-)

Notes

• The geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt file already had the correct version (1.7.36) and required no changes
• The LICENSE file already correctly referenced SLF4J API v1.7.36

For all changes, please confirm:

• Is there a JIRA ticket associated with this PR? Is it referenced in the commit message?
• Has your PR been rebased against the latest commit within the target branch (typically develop)?
• Is your initial contribution a single, squashed commit?
• Does gradlew build run cleanly?
• Have you written or updated unit tests to verify your changes?
• If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?

[JinwooHwang]

All checks have passed.

[raboof]

Gradle was resolving the conflict by including both versions in different contexts

ouch

[JinwooHwang]

Thank you so much for your review @raboof