[slf4j-dev] [JIRA] Updates for SLF4J-437: Create a BOM POM
slf4j developers list
slf4j-dev at qos.ch
Thu Jun 15 23:43:00 CEST 2023
SLF4J / SLF4J-437 [Open]
Create a BOM POM
==============================
Here's what changed in this issue in the last few minutes.
There is 1 comment.
View or comment on issue using this link
https://jira.qos.ch/browse/SLF4J-437
==============================
1 comment
------------------------------
Garret Wilson on 15/Jun/23 23:32
Yes please add a BOM for SLF4J. Here are just a few libraries that offer BOMs:
* Log4J
* JUnit
* Spring Boot
Here is one more reason why the lack of a BOM is concerning. Let's say that I create a parent POM and I explicitly use {{<dependencyManagement>}} for a couple of SLF4J artifacts. Everything is fine, except that in my actual POM (the child of the other POM), I include another project, which has a transitive dependency on some other SLF4J artifact which I didn't include. Sure, all the SLF4J artifacts I put under {{<dependencyManagement>}} will override those in the transitive dependencies. But not for the other SLF4J artifacts I didn't think about. Now I have mismatched SLF4J versions in the various artifacts!
Read [JAVA-307|https://globalmentor.atlassian.net/browse/JAVA-307] to see how I ran into this exact problem with JUnit. I found out JUnit now offers a BOM, though, so now I'll be set and other JUnit artifacts won't be hijacked by transitive dependencies.
I've just written an in-depth article, [_Improving the Maven Bill of Materials (BOM) Pattern_|https://www.garretwilson.com/blog/2023/06/14/improve-maven-bom-pattern], which explains in detail why a BOM is needed and how to create one.
==============================
This message was sent by Atlassian Jira (v9.6.0#960000-sha1:a3ee8af)
More information about the slf4j-dev
mailing list