SO-6223: Replace log4j with reload4j #1314
Conversation
|
While this adds reload4j as an additional jar, if there is no use for log4j 1.x jars anywhere then it would be great to completely remove it from the target platform during a Tycho build. |
|
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## 9.x #1314 +/- ##
=========================================
Coverage 48.46% 48.46%
- Complexity 14034 14035 +1
=========================================
Files 1949 1949
Lines 95377 95377
Branches 11024 11024
=========================================
Hits 46226 46226
- Misses 46109 46110 +1
+ Partials 3042 3041 -1 ☔ View full report in Codecov by Sentry. |
But that is an Import-Package, not a Require-Bundle right? So in theory the reload4j bundle could server the necessary packages to it. Am I missing something? |
|
The only thing you might be missing is that reload4j is referenced in the "dependencies" feature by OSGi bundle ID, which is still Manifest-Version: 1.0
Implementation-Title: reload4j
Bundle-Description: Reload4j revives EOLed log4j 1.x
Automatic-Module-Name: ch.qos.reload4j
Bundle-License: http://www.apache.org/licenses/LICENSE-2.0.txt
Bundle-SymbolicName: org.apache.log4j
... |
|
Ahhh, I see, that was unclear to me, I thought the name of the file is identical with the Bundle-SymbolicName, but this is way better. Now everyone who'd like to depend on log4j can do it, and security scans can also be happy. Yay! Thanks! |
|
It is highly likely that Xtext pulled in the very same library with matching content, but for P2 (or other, unknown) reasons the file keeps using |
|
Yeah, that's what we need to change, either by renaming it or doing some other magic. |
No description provided.