log4j in the classpath #753
Comments
|
Hmm, I went to exclude this and saw that there's already an exclusion... 🤔 (in core/build.gradle) Will investigate... |
|
When I'm running |
|
I think the struggle is that the published pom (e.g. http://central.maven.org/maven2/org/testcontainers/testcontainers/1.8.0/testcontainers-1.8.0.pom) doesn't exclude it. I see the same thing in ~/.m2/repositories when I run: I think the struggle is in the custom way the pom gets built....here. This doesn't take into account the exclusions. Changing to a configuration-wide exclusion: didn't help. I took a crack at the more vanilla way of building a pom (by specifying |
|
Yes, we will need to handle the exclusion of public deps, thanks for
reporting! I
…On Fri, 22 Jun 2018 at 18:49, David Byron ***@***.***> wrote:
I think the struggle is that the published pom (e.g.
http://central.maven.org/maven2/org/testcontainers/testcontainers/1.8.0/testcontainers-1.8.0.pom)
doesn't exclude it. I see the same thing in ~/.m2/repositories when I run: $
./gradlew testcontainers:publishToMavenLocal (though the version there
shows up as unspecified...different issue).
I think the struggle is in the custom way the pom gets built....here
<https://github.com/testcontainers/testcontainers-java/blob/master/gradle/publishing.gradle#L64>.
This doesn't take into account the exclusions. Changing to a
configuration-wide exclusion:
configurations {
compile.exclude group: 'log4j', module: 'log4j'
}
didn't help.
I took a crack at the more vanilla way of building a pom (by specifying from
components.java as the docs
<https://docs.gradle.org/current/userguide/publishing_maven.html#sec:publishing_component_to_maven>
say, and commenting out the code that adds dependencies to the xml
directly), and the exclusions show up in the pom, but it's messy.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#753 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABAIiiX6N1CULM3ClLt-dCyfBhofkDmMks5t_SAngaJpZM4Uou1N>
.
|
|
There's been a lot of activity on the gradle side around publishing...It's likely worth upgrading to 4.8.1 at least for https://docs.gradle.org/4.8/release-notes.html#customizing-the-generated-pom, though I don't see a silver bullet for this issue. |
|
Released in 1.8.1! 🎉 |
Not a problem with version 1.7.2, but 1.7.3 and 1.8.0 bring in org.rnorth:tcp-unix-socket-proxy:1.0.2 which indirectly drags in log4j. Here's how (via
$ gradle dependencies)junixsocket has already fixed the problem here, but I'm pretty sure no version 2.0.5 has been released. I asked awhile ago, but no dice.
This creates a classpath conflict for me because slf4j (really log4j-over-slf4j) and log4j both contain e.g. org/apache/log4j/Appender.class.
I can exclude log4j myself but here maybe might be better because we use slf4j here.
The text was updated successfully, but these errors were encountered: