[JAVA-5240] Update slf4j-api dependency to 2.0.x Created: 12/Nov/23  Updated: 20/Nov/23  Resolved: 20/Nov/23

Status: Closed
Project: Java Driver
Component/s: Build
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Unknown
Reporter: Jeffrey Yemin Assignee: Unassigned
Resolution: Won't Do Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to MONGOCRYPT-602 Make slf4j-api dependency in mongodb-... Closed
Documentation Changes Summary:

1. What would you like to communicate to the user about this feature?
2. Would you like the user to see examples of the syntax and/or executable code and its output?
3. Which versions of the driver/connector does this apply to?


 Description   

SLF4J 2.0 was released in August 2022, and Logback 3.0+ now depends on it. By depending on slf4j-api 1.7.x, the driver creates a transitive dependency that conflicts and possibly overrides the dependency in newer Logback releases. While this is easy to work around by excluding the driver's dependency, it does create friction as more and more applications upgrade their logging provider.

We should consider upgrading our dependency to slf4j-api 2.0.x. This should be safe as all SLF4J releases are binary compatible with each other.



 Comments   
Comment by Tom Selander [ 20/Nov/23 ]

Triage: jeff.yemin@mongodb.com to file a mongocrypt ticket to make SLF4J optional

Comment by Jeffrey Yemin [ 13/Nov/23 ]

Looks like the issue is that sfl4j-api is not optional in mongodb-crypt. If we make it optional, then applications will naturally pull in whatever slf4j-api dependency it's configured logger needs, even when using mongodb-crypt.

The driver should probably not depend on the new 2.0 API given that Log4J is not compatible with it yet.

Comment by Jeffrey Yemin [ 12/Nov/23 ]

But note that the latest log4j-slf4j-impl (2.21.1 at this time) depends on slf4j-api 1.7.25. Trying to use log4j-slf4j-impl 2.21 with slf4j-api 2.0.7 results in:

SLF4J: No SLF4J providers were found.
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See https://www.slf4j.org/codes.html#noProviders for further details.
SLF4J: Class path contains SLF4J bindings targeting slf4j-api versions 1.7.x or earlier.
SLF4J: Ignoring binding found at [jar:file:/Users/jeff/.m2/repository/org/apache/logging/log4j/log4j-slf4j-impl/2.21.1/log4j-slf4j-impl-2.21.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See https://www.slf4j.org/codes.html#ignoredBindings for an explanation.

Applications have to use the log4j-slf4j2-impl instead.

Generated at Thu Feb 08 09:04:05 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.