bpholt commented on issue #2065:
URL:
https://github.com/apache/logging-log4j2/issues/2065#issuecomment-1843314600
That override scheme makes sense in principle and has a certain elegance,
but I don't think this issue is specific to Coursier, nor does including
slf4j-api as a direct dependency resolve the problem. I can include
```scala
ThisBuild / useCoursier := false
```
in the `build.sbt` to use Ivy for dependency resolution instead of Coursier,
and it still brings in slf4j 2:
```
sbt:log4j2-slf4j> show fullClasspath
[info] * Attributed(~/log4j2-slf4j/target/scala-2.12/classes)
[info] * Attributed(~/.sbt/boot/scala-2.12.18/lib/scala-library.jar)
[info] *
Attributed(~/.ivy2/cache/org.apache.logging.log4j/log4j-slf4j-impl/jars/log4j-slf4j-impl-2.22.0.jar)
[info] *
Attributed(~/.ivy2/cache/org.apache.logging.log4j/log4j-api/jars/log4j-api-2.22.0.jar)
[info] *
Attributed(~/.ivy2/cache/org.slf4j/slf4j-api/jars/slf4j-api-2.0.9.jar)
[info] *
Attributed(~/.ivy2/cache/org.apache.logging.log4j/log4j-core/jars/log4j-core-2.22.0.jar)
[success] Total time: 0 s, completed Dec 6, 2023, 10:06:25 AM
```
(Note that the paths now refer to the `.ivy2` cache directory instead of the
Coursier cache.)
Similarly, regardless if Coursier or Ivy is used, setting:
```scala
libraryDependencies ++= Seq(
"org.apache.logging.log4j" % "log4j-slf4j-impl" % "2.22.0",
"org.slf4j" % "slf4j-api" % "1.7.36",
)
```
(such that `slf4j-api` is specified as a direct dependency) results in an
eviction warning, but slf4j 2.x is still the version selected for the classpath:
```
sbt:log4j2-slf4j> evicted
[warn] Found version conflict(s) in library dependencies; some are suspected
to be binary incompatible:
[warn] * org.slf4j:slf4j-api:2.0.9 is selected over 1.7.36
[warn] +- org.apache.logging.log4j:log4j-slf4j-impl:2.22.0
(depends on 2.0.9)
[warn] +- default:log4j2-slf4j_2.12:0.1.0-SNAPSHOT
(depends on 1.7.36)
[success] Total time: 0 s, completed Dec 6, 2023, 10:06:36 AM
sbt:log4j2-slf4j>
```
FWIW, another workaround (other than downgrading) is to specify a dependency
override:
```scala
dependencyOverrides += "org.slf4j" % "slf4j-api" % "1.7.36"
```
but it's mistake-prone to have to specify that everywhere, when we didn't
have to before `v2.22.0` of this library. In my experience,
`dependencyOverrides` has been a source of issues itself, because it allows one
to introduce version conflicts that the eviction warning scheme is meant to
help prevent, so it makes me nervous to suggest it as a workaround as it feels
like an anti-pattern.
Is there a name for this override scheme in Maven, so I can open tickets
with Ivy and Coursier so that they might add support? In the meantime, until
those tools support the scheme, could log4j revert to its earlier way of
specifying the slf4j-api dependency, so this downstream effect is mitigated?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
