[JAVA-5240] Update slf4j-api dependency to 2.0.x Created: 12/Nov/23 Updated: 20/Nov/23 Resolved: 20/Nov/23 |
|
| Status: | Closed |
| Project: | Java Driver |
| Component/s: | Build |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Unknown |
| Reporter: | Jeffrey Yemin | Assignee: | Unassigned |
| Resolution: | Won't Do | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Documentation Changes Summary: | 1. What would you like to communicate to the user about this feature? |
||||||||
| Description |
|
SLF4J 2.0 was released in August 2022, and Logback 3.0+ now depends on it. By depending on slf4j-api 1.7.x, the driver creates a transitive dependency that conflicts and possibly overrides the dependency in newer Logback releases. While this is easy to work around by excluding the driver's dependency, it does create friction as more and more applications upgrade their logging provider. We should consider upgrading our dependency to slf4j-api 2.0.x. This should be safe as all SLF4J releases are binary compatible with each other. |
| Comments |
| Comment by Tom Selander [ 20/Nov/23 ] | ||||||
|
Triage: jeff.yemin@mongodb.com to file a mongocrypt ticket to make SLF4J optional | ||||||
| Comment by Jeffrey Yemin [ 13/Nov/23 ] | ||||||
|
Looks like the issue is that sfl4j-api is not optional in mongodb-crypt. If we make it optional, then applications will naturally pull in whatever slf4j-api dependency it's configured logger needs, even when using mongodb-crypt. The driver should probably not depend on the new 2.0 API given that Log4J is not compatible with it yet. | ||||||
| Comment by Jeffrey Yemin [ 12/Nov/23 ] | ||||||
|
But note that the latest log4j-slf4j-impl (2.21.1 at this time) depends on slf4j-api 1.7.25. Trying to use log4j-slf4j-impl 2.21 with slf4j-api 2.0.7 results in:
Applications have to use the log4j-slf4j2-impl instead. |