[slf4j-dev] [JIRA] Updates for SLF4J-437: Create a BOM POM

slf4j developers list slf4j-dev at qos.ch
Thu Jun 15 23:43:00 CEST 2023


SLF4J / SLF4J-437 [Open]
Create a BOM POM

==============================

Here's what changed in this issue in the last few minutes.


There is 1 comment.


View or comment on issue using this link
https://jira.qos.ch/browse/SLF4J-437

==============================
 1 comment
------------------------------

Garret Wilson on 15/Jun/23 23:32

Yes please add a BOM for SLF4J. Here are just a few libraries that offer BOMs:

* Log4J
* JUnit
* Spring Boot

Here is one more reason why the lack of a BOM is concerning. Let's say that I create a parent POM and I explicitly use {{<dependencyManagement>}} for a couple of SLF4J artifacts. Everything is fine, except that in my actual POM (the child of the other POM), I include another project, which has a transitive dependency on some other SLF4J artifact which I didn't include. Sure, all the SLF4J artifacts I put under {{<dependencyManagement>}} will override those in the transitive dependencies. But not for the other SLF4J artifacts I didn't think about. Now I have mismatched SLF4J versions in the various artifacts!

Read [JAVA-307|https://globalmentor.atlassian.net/browse/JAVA-307] to see how I ran into this exact problem with JUnit. I found out JUnit now offers a BOM, though, so now I'll be set and other JUnit artifacts won't be hijacked by transitive dependencies.

I've just written an in-depth article, [_Improving the Maven Bill of Materials (BOM) Pattern_|https://www.garretwilson.com/blog/2023/06/14/improve-maven-bom-pattern], which explains in detail why a BOM is needed and how to create one.


==============================
 This message was sent by Atlassian Jira (v9.6.0#960000-sha1:a3ee8af)



More information about the slf4j-dev mailing list