Question

我将根据我的实际情况解释这个问题。

我使用logback 1.0.1进行日志记录，它包含SLF4J 1.6.4作为依赖项。我还使用SLF4J API桥来处理遗留日志API（java.util.logging，log4j和commons-logging），它们不是显式依赖项。这些也必须（最好）是版本1.6.4。

尽量使我的pom.xml尽可能整洁无误，我想强制要求这些API桥与SLF4J版本相同。我知道的唯一方法是使用版本1.6.4在我的pom.xml中手动将它们定义为依赖项。如果我更新了logback并且引发了所需的SLF4J版本，我需要记住将桥接API更改为正确的版本。

我可以以某种方式将遗留API的版本挂钩到传递依赖SLF4J的版本吗？

当前的pom.xml：

    <properties>
    <org.slf4j.version>1.6.4</org.slf4j.version>
</properties>

<dependencies>
    <dependency>
        <groupId>ch.qos.logback</groupId>
        <artifactId>logback-classic</artifactId>
        <version>1.0.1</version>
        <!-- requires SLF4J 1.6.4 -->
    </dependency>
    <!-- ... -->
    <dependency>
        <groupId>org.slf4j</groupId>
        <artifactId>log4j-over-slf4j</artifactId>
        <version>${org.slf4j.version}</version>
        <!-- here, how to bind this version value to SLF4J's version? -->
        <scope>runtime</scope>
    </dependency>
    <!-- the other two bridge API's go here -->
</dependencies>

Answer 1

不是很漂亮：/

有maven enforcer插件：http://maven.apache.org/enforcer/enforcer-rules/

因此您可以禁止传递依赖项并包含所需的版本：http://maven.apache.org/enforcer/enforcer-rules/bannedDependencies.html

如果您使用的是良好版本的属性，则不需要在enforcer插件版本中乱七八糟。

Answer 2

Dependency Convergence可能会对您有所帮助。谢谢@wemu！

我有same? problem。

您可以克隆https://gist.github.com/f35db1ac6dc8b6f45393.git

<dependencies>
  <dependency>
    <groupId>ch.qos.logback</groupId>
    <artifactId>logback-classic</artifactId>
    <version>1.1.3</version>
    <scope>runtime</scope> <!-- depends on slf4j-api:1.7.7 -->
  </dependency>
  <dependency>
    <groupId>org.slf4j</groupId>
    <artifactId>log4j-over-slf4j</artifactId>
    <version>${unified.slf4j-api.version}</version>
    <scope>runtime</scope>
  </dependency>
  <dependency>
    <groupId>org.slf4j</groupId>
    <artifactId>slf4j-api</artifactId>
    <version>${unified.slf4j-api.version}</version>
  </dependency>
</dependencies>
<properties>
  <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
  <unified.slf4j-api.version>1.7.7</unified.slf4j-api.version>
</properties>
<build>
  <plugins>
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
       <artifactId>maven-enforcer-plugin</artifactId>
       <version>1.4.1</version>
       <executions>
         <execution>
           <id>enforce</id>
           <configuration>
             <rules>
               <dependencyConvergence/>
             </rules>
           </configuration>
           <goals>
             <goal>enforce</goal>
           </goals>
         </execution>
       </executions>
     </plugin>
  </plugins>
</build>

此时，事情才有效。

$ mvn -Dverbose=true dependency:tree verify
...
[INFO] test:enforcer-dependency-convergence-test:jar:0.1-SNAPSHOT
[INFO] +- ch.qos.logback:logback-classic:jar:1.1.3:runtime
[INFO] |  +- ch.qos.logback:logback-core:jar:1.1.3:runtime
[INFO] |  \- (org.slf4j:slf4j-api:jar:1.7.7:runtime - omitted for duplicate)
[INFO] +- org.slf4j:log4j-over-slf4j:jar:1.7.7:runtime
[INFO] |  \- (org.slf4j:slf4j-api:jar:1.7.7:runtime - omitted for duplicate)
[INFO] \- org.slf4j:slf4j-api:jar:1.7.7:compile
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (default) @ enforcer-dependency-convergence-test ---
[INFO]
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
...

$

现在让我们改变slf4j-api的版本。

$ mvn -Dunified.slf4j-api.version=1.7.13 -Dverbose=true dependency:tree verify
...
[INFO] test:enforcer-dependency-convergence-test:jar:0.1-SNAPSHOT
[INFO] test:enforcer-dependency-convergence-test:jar:0.1-SNAPSHOT
[INFO] +- ch.qos.logback:logback-classic:jar:1.1.3:runtime
[INFO] |  +- ch.qos.logback:logback-core:jar:1.1.3:runtime
[INFO] |  \- (org.slf4j:slf4j-api:jar:1.7.7:runtime - omitted for conflict with 1.7.13)
[INFO] +- org.slf4j:log4j-over-slf4j:jar:1.7.13:runtime
[INFO] |  \- (org.slf4j:slf4j-api:jar:1.7.13:runtime - omitted for conflict with 1.7.7)
[INFO] \- org.slf4j:slf4j-api:jar:1.7.13:compile
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (default) @ enforcer-dependency-convergence-test ---
[WARNING]
Dependency convergence error for org.slf4j:slf4j-api:1.7.7 paths to dependency are:
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
  +-ch.qos.logback:logback-classic:1.1.3
    +-org.slf4j:slf4j-api:1.7.7
and
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
  +-org.slf4j:log4j-over-slf4j:1.7.13
    +-org.slf4j:slf4j-api:1.7.13
and
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
  +-org.slf4j:slf4j-api:1.7.13

[WARNING] Rule 0: org.apache.maven.plugins.enforcer.DependencyConvergence failed with message:
Failed while enforcing releasability the error(s) are [
Dependency convergence error for org.slf4j:slf4j-api:1.7.7 paths to dependency are:
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
  +-ch.qos.logback:logback-classic:1.1.3
    +-org.slf4j:slf4j-api:1.7.7
and
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
  +-org.slf4j:log4j-over-slf4j:1.7.13
    +-org.slf4j:slf4j-api:1.7.13
and
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
  +-org.slf4j:slf4j-api:1.7.13
]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
...

$

Answer 3

只是不要直接依赖顶级pom中的slf4j。

Maven 2 - 从传递依赖版本定义依赖版本

3 个答案: