SLF4J crashes jenkins
Hi,
I have a project that has several spring boot starter dependencies (v3.4.5) (they in turn have slf4j v1.7.36 as a dependency.)
Now i tried to make a jenkins pipeline (with a sonarqube server stage). But the fails because an method does not exist (which afaik was added in 2.0 of slf4j)
I'm aware of being able to exclude the slf4j v1.7.36 from the spring starter dependencies and explicitly naming the e.g. v2.0.17, but I'd like to know if that is safe (couldnt find any direct answer online)
And I'm not sure how extensive testing would need to be to ensure it's safe.
TL:DR: is it safe to exclude the slf4j v1.7.36 from spring boot starter dependencies and explicitly add v2.X.X to prevent from crashing the jenkins pipeline?
thanks in advance 🙂
48 Replies
⌛ This post has been reserved for your question.
Hey @SterniXPutzig! Please useTIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here./closeor theClose Postbutton above when your problem is solved. Please remember to follow the help guidelines. This post will be automatically marked as dormant after 300 minutes of inactivity.
you can alos use <dependencyManagement>
but I think it isn't about dependencies at all but mybe about plugin dependencies
Can you show the exact error message/sack trace?
1sec gotta check if any problematic info is in it
All replaced info is in [<info>] tags (help info removed due to 2000 char limit of discord) was about PluginContainerException
Can you show the pom.xml?
anything specific im looking for?
dependencies of your project and the declaration of the plugin
and also parents
ideally run
mvn help:effective-pom and check that
especially the <plugin> element of sonar is interestingversions:
plugin:
Is that from the effective pom?
yes
Can you add the following block inside the <plugin> for sonar scanner?
wouldnt that collide with the 1.7.36 version for the spring starters?
this plugin here would be used for the sonar scanner and not for Spring
And are you really using a Spring version with SLF4J 1.7? I thought it was the other direction
The latest Spring Boot version (3.4.5) using SLF4J 2.0.17
dependency analysis in the the intellij maven window shows 1.7.36 for spring boot 3.4.5
https://repo1.maven.org/maven2/org/springframework/boot/spring-boot-dependencies/3.4.5/spring-boot-dependencies-3.4.5.pom
maybe you have something else overwriting the slf4j version?
seems like it, will check (might take a while, parent pom is pretty big)
thanks so far already
If you are finished with your post, please close it.
If you are not, please ignore this message.
Note that you will not be able to send further messages here after this post have been closed but you will be able to create new posts.
You can also check the effective pom
the <dependency> there is the source of truth
or you can use
mvn dependency:list to get a list of all used dependencies and mvn dependency:tree to get a tree showing what is dependent on whatyou are right something hardcodes everything containing slf4j to 1.7.36 but it's not us
you can in principle overwrite it
Do you have an
slf4j.version in your <properties>?sorry, which properties?
the <properties> block in the pom
or
mvn help:effective-pomnope, the version is directly in the dependencies themselves
Can you check the effective pom?
That should have a <properties> with an slf4j.version
they all look like this
no property tag
It isn't in the <dependencies> section
If you are using Spring Boot with the <parent>, the effective POM has a <properties> section
i checked every property tag by hand and also searched for "slf4j.version" but nothing
Do you have a <parent> in your main pom.xml?
no
And you are saying you are using Spring Boot?
Do you have any
spring-boot-dependencies dependency?spring boot itself + ~70 more
Is there anything named
spring-boot-dependencies?
with the -dependencies
Can you show the output of mvn dependency:tree?
Do you have an explicit SLF4J dependency in your pom.xml?i have no explicit slf4j yet, but I wanted to add that. I just wanted to make sure it's safe
depends on what you mean with safe
there is the possibility that it doesn't se the dependency you declared
and ofc some conflicts are possible but if it goes wrong, you should notice
i think i got it. i overriden one of the spring boot version in the parent with another value prepared also in the parent, it was using some old helper spring boots in the background
?
So you are using a parent?
Can you just send the pom.xml?
i have my project , that has a central parent pom, that offers 2 diffrent spring boot version one is 2.X.X and one 3.X.X and as far as i can see the 2.X.X was used for any non explicit dependency in the background because that let to the 1.7.36 version of slf4j
And any dependency analysis / tree/ whatever now shows correctly a v2.X.X slf4j
ok so does your central parent POM have a parent?
Does the central parent POM use spring-boot-dependencies?
so overriding the spring boot 2 property with the V3 seems to have fixed it
no the central pom is the head
that seems like it could be a bit dangerous depending on how you are doing that
How did you overwrite it?
any project in connection with mine is V3 itself and it is generally intended to use V3 in the first place
yes but switching between Spring Boot 2 and 3 with a property sounds like it could result in conflicts from having stuff from both
<spring-boot-2.version> overriden with <spring-boot-3.version> names are diffrent but yeah
Is that a custom property from your central pom?
yes custom
Well ig the person setting it up knew what they did
yes, everyone uses it and i was just too dump 😄
Thank you very much for your time and effort ❤️
If you are finished with your post, please close it.
If you are not, please ignore this message.
Note that you will not be able to send further messages here after this post have been closed but you will be able to create new posts.
Post Closed
This post has been closed by <@378591387341291520>.