Closed dbyron0 closed 6 years ago
rnorth
commented
6 years ago Hmm, I went to exclude this and saw that there's already an exclusion... 🤔
compile ('org.rnorth:tcp-unix-socket-proxy:1.0.2') {
exclude(group: "log4j", module: "log4j")
}(in core/build.gradle)
Will investigate...
kiview
commented
6 years ago When I'm running ./gradlew :testcontainers:dependencies everything looks fine btw.:
+--- org.rnorth:tcp-unix-socket-proxy:1.0.2
| +--- com.kohlschutter.junixsocket:junixsocket-native-common:2.0.4
| | +--- com.kohlschutter.junixsocket:junixsocket-common:2.0.4
| | \--- org.scijava:native-lib-loader:2.0.2
| +--- com.kohlschutter.junixsocket:junixsocket-common:2.0.4
| \--- org.slf4j:slf4j-api:1.7.21 -> 1.7.25
dbyron0
commented
6 years ago I think the struggle is that the published pom (e.g. http://central.maven.org/maven2/org/testcontainers/testcontainers/1.8.0/testcontainers-1.8.0.pom) doesn't exclude it. I see the same thing in ~/.m2/repositories when I run: $ ./gradlew testcontainers:publishToMavenLocal (though the version there shows up as unspecified...different issue).
I think the struggle is in the custom way the pom gets built....here. This doesn't take into account the exclusions. Changing to a configuration-wide exclusion:
configurations {
compile.exclude group: 'log4j', module: 'log4j'
}didn't help.
I took a crack at the more vanilla way of building a pom (by specifying from components.java as the docs say, and commenting out the code that adds dependencies to the xml directly), and the exclusions show up in the pom, but it's messy.
bsideup
commented
6 years ago Yes, we will need to handle the exclusion of public deps, thanks for reporting! I On Fri, 22 Jun 2018 at 18:49, David Byron notifications@github.com wrote:
I think the struggle is that the published pom (e.g. http://central.maven.org/maven2/org/testcontainers/testcontainers/1.8.0/testcontainers-1.8.0.pom) doesn't exclude it. I see the same thing in ~/.m2/repositories when I run: $ ./gradlew testcontainers:publishToMavenLocal (though the version there shows up as unspecified...different issue).
I think the struggle is in the custom way the pom gets built....here https://github.com/testcontainers/testcontainers-java/blob/master/gradle/publishing.gradle#L64. This doesn't take into account the exclusions. Changing to a configuration-wide exclusion:
configurations { compile.exclude group: 'log4j', module: 'log4j' }
didn't help.
I took a crack at the more vanilla way of building a pom (by specifying from components.java as the docs https://docs.gradle.org/current/userguide/publishing_maven.html#sec:publishing_component_to_maven say, and commenting out the code that adds dependencies to the xml directly), and the exclusions show up in the pom, but it's messy.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/testcontainers/testcontainers-java/issues/753#issuecomment-399508331, or mute the thread https://github.com/notifications/unsubscribe-auth/ABAIiiX6N1CULM3ClLt-dCyfBhofkDmMks5t_SAngaJpZM4Uou1N .
dbyron0
commented
6 years ago There's been a lot of activity on the gradle side around publishing...It's likely worth upgrading to 4.8.1 at least for https://docs.gradle.org/4.8/release-notes.html#customizing-the-generated-pom, though I don't see a silver bullet for this issue.
Not a problem with version 1.7.2, but 1.7.3 and 1.8.0 bring in org.rnorth:tcp-unix-socket-proxy:1.0.2 which indirectly drags in log4j. Here's how (via
$ gradle dependencies)junixsocket has already fixed the problem here, but I'm pretty sure no version 2.0.5 has been released. I asked awhile ago, but no dice.
This creates a classpath conflict for me because slf4j (really log4j-over-slf4j) and log4j both contain e.g. org/apache/log4j/Appender.class.
I can exclude log4j myself but here maybe might be better because we use slf4j here.