Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0.35.6: Log4j and JUnit are in the compile scope #291

Closed
markkolich opened this issue Dec 24, 2018 · 3 comments
Closed

0.35.6: Log4j and JUnit are in the compile scope #291

markkolich opened this issue Dec 24, 2018 · 3 comments
Labels
🎉 fixed

Comments

@markkolich
Copy link
Contributor

Hi @vsch ... I upgraded my project from version 0.35.0 to 0.35.6 and am now seeing junit:junit and log4j:log4j in the compile scope:

[INFO] +- com.vladsch.flexmark:flexmark:jar:0.35.6:compile
[INFO]   +- com.vladsch.flexmark:flexmark-test-util:jar:0.35.6:compile
[INFO]   |  \- junit:junit:jar:4.12:compile << -- !!
[INFO]   |     \- org.hamcrest:hamcrest-core:jar:1.3:compile
[INFO]   +- com.vladsch.flexmark:flexmark-util:jar:0.35.6:compile
[INFO]   \- log4j:log4j:jar:1.2.17:compile << -- !!

I believe these dependencies were meant to stay in the test scope?

CC // @larrysteinke
@vsch
Copy link
Owner

vsch commented Dec 24, 2018

@markkolich, thanks for catching it. I missed a few dependencies and had debug code left in the document parser.

Next release, coming in an hour or so will have these fixed.

@markkolich
Copy link
Contributor Author

Thanks @vsch!

Fwiw, I only noticed this because I'm using the maven-enforcer-plugin in my project to keep "banned dependencies" out of my classpath:

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-enforcer-plugin</artifactId>
    <version>3.0.0-M2</version>
    <executions>
    <execution>
        <id>enforce-banned-dependencies</id>
        <phase>prepare-package</phase>
        <goals>
            <goal>enforce</goal>
        </goals>
        <configuration>
            <rules>
              <requireUpperBoundDeps/>
              <bannedDependencies>
                  <!-- List of artifacts to ban -->
                  <excludes>
                      <exclude>log4j:log4j:compile</exclude>
                      <exclude>junit:junit:compile</exclude>

                      <exclude>org.apache.logging.log4j:log4j-api</exclude>
                      <exclude>org.apache.logging.log4j:log4j-core</exclude>
                      <exclude>commons-logging:commons-logging</exclude>
                  </excludes>
              </bannedDependencies>
            </rules>
            <!-- Fail on the first rule that doesn't pass. -->
            <failFast>true</failFast>
            </configuration>
        </execution>
    </executions>
</plugin>

@vsch
Copy link
Owner

vsch commented Dec 24, 2018

@markkolich, repo updated. Be careful if forking. Old, Java 9 incompatible version is in branch v0.35, and version 0.35.8 was updated on maven.

Version 0.40.0 and up are made Java 9+ module compatible and will break existing code without migration.

@vsch vsch closed this as completed Dec 25, 2018
@markkolich markkolich mentioned this issue Dec 25, 2018
Closed
@markkolich markkolich mentioned this issue Feb 11, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🎉 fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@markkolich @vsch