Skip to content

spring-boot-dependencies contains unwanted dependency management #42522

@wilkinsona

Description

@wilkinsona

It's being inherited from log4j-bom. In 3.2.x (Log4j 2.21), it's contributing management for the following dependencies:

  • biz.aQute.bnd:biz.aQute.bnd.annotation:6.4.1
  • com.github.spotbugs:spotbugs-annotations:4.7.3
  • org.osgi:osgi.annotation:8.1.0
  • org.osgi:org.osgi.annotation.bundle:2.0.0
  • org.apache.maven.plugin-tools:maven-plugin-annotations:3.9.0

In 3.3.x (Log4j 2.23), it's the following:

  • biz.aQute.bnd:biz.aQute.bnd.annotation:7.0.0
  • com.github.spotbugs:spotbugs-annotations:4.8.3
  • org.jspecify:jspecify:0.3.0
  • org.osgi:osgi.annotation:8.1.0
  • org.osgi:org.osgi.annotation.bundle:2.0.0
  • org.osgi:org.osgi.annotation.versioning:1.1.2
  • org.apache.maven.plugin-tools:maven-plugin-annotations:3.10.2

In 3.4.x (Log4j 2.24), it's the following:

  • biz.aQute.bnd:biz.aQute.bnd.annotation:7.0.0
  • com.github.spotbugs:spotbugs-annotations:4.8.6
  • org.jspecify:jspecify:1.0.0
  • org.osgi:osgi.annotation:8.1.0
  • org.osgi:org.osgi.annotation.bundle:2.0.0
  • org.osgi:org.osgi.annotation.versioning:1.1.2
  • org.apache.maven.plugin-tools:maven-plugin-annotations:3.13.1

I've opened apache/logging-log4j2#3066 to see if the bom can be improved to remove this unwanted dependency management. In the meantime, we may want to move away from using it.

Metadata

Metadata

Assignees

Labels

status: blockedAn issue that's blocked on an external project changetype: bugA general bug

Type

No type

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions