JinwooHwang opened a new pull request, #7951:
URL: https://github.com/apache/geode/pull/7951
## Summary
This PR upgrades the SLF4J API library from version 1.7.32 to 1.7.36 to
resolve a version conflict in the dependency tree and eliminate duplicate jars
in the build output.
## Problem Statement
The build was producing both `slf4j-api-1.7.32.jar` and
`slf4j-api-1.7.36.jar`, causing potential classpath conflicts and unnecessary
duplication. This occurred because:
- Geode's dependency constraints specified `slf4j-api:1.7.32`
- Apache Shiro 1.13.0 (a transitive dependency) requires `slf4j-api:1.7.36`
- Gradle was resolving the conflict by including both versions in different
contexts
## Root Cause
Apache Shiro 1.13.0, which is used as a dependency in Geode, declares a
dependency on `slf4j-api:1.7.36`. When Geode's dependency management specified
version 1.7.32, it created a version mismatch that resulted in both versions
being included in the build artifacts.
## Solution
Align Geode's SLF4J API version with the version required by Apache Shiro
1.13.0 by upgrading to 1.7.36.
## Changes
### Dependency Management
-
**`build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy`**
- Updated `slf4j-api.version` from `1.7.32` to `1.7.36`
### Test Resources
Updated expected dependency versions in test resources to reflect the new
SLF4J API version:
- **`boms/geode-all-bom/src/test/resources/expected-pom.xml`**
- Updated expected SLF4J API version in generated POM from 1.7.32 to 1.7.36
- **`geode-assembly/src/integrationTest/resources/assembly_content.txt`**
- Removed duplicate `lib/slf4j-api-1.7.32.jar` entry
- Kept only `lib/slf4j-api-1.7.36.jar`
-
**`geode-server-all/src/integrationTest/resources/dependency_classpath.txt`**
- Updated jar filename from `slf4j-api-1.7.32.jar` to
`slf4j-api-1.7.36.jar`
## Impact
### Benefits
- **Eliminates duplicate jars**: Build output now contains only one version
of slf4j-api (1.7.36)
- **Resolves version conflict**: Aligns with Apache Shiro 1.13.0's
dependency requirements
- **Reduces build size**: Removes unnecessary duplicate jar file
- **Improves consistency**: All modules now use the same SLF4J API version
### Risk Assessment
- **Low risk**: Minor version upgrade within the same major version (1.7.x)
- **No breaking changes**: SLF4J 1.7.36 maintains full backward
compatibility with 1.7.32
- **Widely tested**: This is a stable, mature version of SLF4J used by many
projects
## Compatibility
SLF4J API 1.7.36:
- Maintains API compatibility with 1.7.32
- No breaking changes
- Continued Java 8+ compatibility
- Fully compatible with existing Geode codebase and all SLF4J bindings
## Testing
All changes have been validated:
**Build Tasks**: `./gradlew clean build`
- Clean build successful
- No version conflicts in dependency resolution
- Single slf4j-api jar in output
## Related Dependencies
This change affects all modules that depend on SLF4J API, which includes
most Geode modules. The upgrade is transparent to all consumers as it maintains
full API compatibility.
## Files Changed
- 4 files changed
- 3 insertions(+), 4 deletions(-)
## Notes
- The
`geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt`
file already had the correct version (1.7.36) and required no changes
- The LICENSE file already correctly referenced SLF4J API v1.7.36
<!-- Thank you for submitting a contribution to Apache Geode. -->
<!-- In order to streamline review of your contribution we ask that you
ensure you've taken the following steps. -->
### For all changes, please confirm:
- [ ] Is there a JIRA ticket associated with this PR? Is it referenced in
the commit message?
- [x] Has your PR been rebased against the latest commit within the target
branch (typically `develop`)?
- [x] Is your initial contribution a single, squashed commit?
- [x] Does `gradlew build` run cleanly?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
