SEC-1488: all modules depend directly on commons logging #1727

Closed
spring-issuemaster opened this Issue May 25, 2010 · 3 comments

1 participant

@spring-issuemaster

Tomas Vojtech (Migrated from SEC-1488) said:

Please remove commons logging dependency from all modules except of core. All modules will still be commons logging dependent and exclusion of commons logging in projects using slf4j will be simpler.

Spring framework uses same system.

@spring-issuemaster

Luke Taylor said:

I assume you're talking about the maven poms. The commons-logging dependency is marked as "optional" in the parent pom, so it shouldn't be included as a transitive dependency in other projects. Could you clarify exactly what the problem is please?

@spring-issuemaster

Tomas Vojtech said:

yes I am talking about maven poms

if I try mvn dependency:tree without exclusion in my projects pom I get
[INFO] +- org.springframework.security:org.springframework.security.config:jar:3.0.2.RELEASE:compile
[INFO] | - org.apache.commons:com.springsource.org.apache.commons.logging:jar:1.1.1:compile

mvn package packs the logging artifact in final war file

problem is that each module has defined dependency in its own pom with scope compile

@spring-issuemaster

Luke Taylor said:

It looks like Maven is ignoring the "optional" element in the parent pom, which is annoying. I've removed the references to commons-logging entirely, since the dependency is pulled in transitively via the spring-core dependency anyway, and we always require that. We will probably ditch the use of maven for the 3.1 release onwards, so the maven pom issue will be revisited again when that happens.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment