Gradle transitive dependency resolution to alpha release?

时间:2017-04-10 02:26:56

标签: java maven gradle build dependencies

in one of my project i am using Spring Boot 1.5.2.RELEASE among other things. Since today the build process shows some warning messages, and after a bit of drill down i found out that Gradle was retrieving the package org.slf4j:slf4j-api in version 1.8.0-alpha0.

Running the dependencies task to get an insight on the dependencies resolved, i find lots of lines of the like:

|    |    +--- org.springframework.boot:spring-boot-starter-logging:1.5.2.RELEASE
|    |    |    +--- ch.qos.logback:logback-classic:1.1.11
|    |    |    |    +--- ch.qos.logback:logback-core:1.1.11
|    |    |    |    \--- org.slf4j:slf4j-api:1.7.22 -> 1.8.0-alpha0
|    |    |    +--- org.slf4j:jcl-over-slf4j:1.7.24
|    |    |    |    \--- org.slf4j:slf4j-api:1.7.24 -> 1.8.0-alpha0
|    |    |    +--- org.slf4j:jul-to-slf4j:1.7.24
|    |    |    |    \--- org.slf4j:slf4j-api:1.7.24 -> 1.8.0-alpha0
|    |    |    \--- org.slf4j:log4j-over-slf4j:1.7.24
|    |    |         \--- org.slf4j:slf4j-api:1.7.24 -> 1.8.0-alpha0

Checking on Maven Central it seems the version 1.8.0-alpha0 is among the other "normal" stable releases, and has been added on the 7th of April.

Am i right to believe that the culprit here is the package definition of this specific version of org.slf4j:slf4j-api on Maven Central ?

I managed to force the dependency to 1.7.25 using Gradle's resolution strategy in the meantime.

2 个答案:

答案 0 :(得分:3)

sm4 所述,问题来自项目依赖项之一,它本身依赖于表单的slf4j

<dependency>
  <groupId>org.slf4j</groupId>
  <artifactId>slf4j-api</artifactId>
  <version>[1.7.12,)</version>
</dependency>

开放样式依赖项[1.7.12,)已解析为Maven Central中的最新版本,即1.8.0-alpha0

我们可以想知道在Maven Central上发布alpha版本是否正常,但似乎slf4j在以前的版本上做了这一点,而其他提供商如Spring使用其他存储库来获取快照 Milestone 版本。

在我的情况下,我可以修复从[1.7.12,)1.7.12的依赖关系,因为它是我们内部Maven仓库中的内部包,但是如果喜欢 isabsent 您依赖具有这些开放依赖关系的外部包(如easystream),您需要在 build.gradle 文件中强制使用该版本:

configurations.all {
    resolutionStrategy {
        force 'org.slf4j:slf4j-api:1.7.25'
    }
}

答案 1 :(得分:0)

我的build.gradle

中的第三方库easystream存在同样的问题 
compile 'net.sf.jsignature.io-tools:easystream:1.2.15'

我已经使用

检查了依赖项树 
gradlew app:dependencies
终端选项卡中的

。结果是:

...
+--- net.sf.jsignature.io-tools:easystream:1.2.15
|    +--- org.slf4j:slf4j-api:[1.6.1,) -> 1.8.0-alpha0
|    \--- commons-io:commons-io:2.4
...

1.8.0-alpha0 Java 9 Modularized EXPERIMENTAL version,它似乎与我的仅受Java 8限制的项目不兼容。 如果有其他人会面对它 - 解决方案是添加:

def versionOverrides = [//You can add other libs with open transitive dependencies here.
        "org.slf4j:slf4j-api": "1.7.25"
]

subprojects {//Delete this line for NOT A TOP LEVEL build.gradle file
    configurations.all {
        resolutionStrategy.eachDependency {
            DependencyResolveDetails details ->
            def overrideVersion = versionOverrides[details.requested.group + ":" + details.requested.name]
            if (overrideVersion != null && details.requested.version != overrideVersion) {
                logger.info "Overriding dependency ${details.requested.group}:${details.requested.name} version ${details.requested.version} --> $overrideVersion"
                details.useVersion overrideVersion
            }
        }
    }
}//Delete this line for NOT A TOP LEVEL build.gradle file

TOP LEVEL build.gradle,就像在post中提到的那样。

相关问题
最新问题