Instead, the library should only to continue depending on the logging API, but leave the used provider to the application depending on the library. Otherwise, using this library causes
SLF4J(W): Class path contains multiple SLF4J providers.
SLF4J(W): Found provider [org.slf4j.simple.SimpleServiceProvider@5e600dd5]
SLF4J(W): Found provider [ch.qos.logback.classic.spi.LogbackServiceProvider@576d5deb]
SLF4J(W): See https://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J(I): Actual provider is of type [org.slf4j.simple.SimpleServiceProvider@5e600dd5]
Exception in thread "main" java.lang.ClassCastException: class org.slf4j.simple.SimpleLogger cannot be cast to class ch.qos.logback.classic.Logger (org.slf4j.simple.SimpleLogger and ch.qos.logback.classic.Logger are in unnamed module of loader 'app')
at org.ossreviewtoolkit.cli.OrtMain.run(OrtMain.kt:140)
at com.github.ajalt.clikt.parsers.Parser.finalizeAndRun(Parser.kt:348)
at com.github.ajalt.clikt.parsers.Parser.parse(Parser.kt:218)
at com.github.ajalt.clikt.parsers.Parser.parse(Parser.kt:42)
at com.github.ajalt.clikt.core.CliktCommand.parse(CliktCommand.kt:457)
at com.github.ajalt.clikt.core.CliktCommand.parse$default(CliktCommand.kt:454)
at com.github.ajalt.clikt.core.CliktCommand.main(CliktCommand.kt:474)
at com.github.ajalt.clikt.core.CliktCommand.main(CliktCommand.kt:481)
at org.ossreviewtoolkit.cli.OrtMainKt.main(OrtMain.kt:85)
when used in applications like ORT. Thanks to @klaxa for helping to identify the issue.
As an alternative to removing the dependency completely, moving it to provided scope could also work.
A library should never depend on a concrete logging provider like done here:
https://github.com/scanoss/scanoss.java/blob/8598c47987bb92490755972e845bd9fe2a6955d8/pom.xml#L103-L107
Instead, the library should only to continue depending on the logging API, but leave the used provider to the application depending on the library. Otherwise, using this library causes
when used in applications like ORT. Thanks to @klaxa for helping to identify the issue.
As an alternative to removing the dependency completely, moving it to
provided
scope could also work.