Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sbt 1.7.3 warns about no-op slf4j implementation on startup #7062

Closed
bpholt opened this issue Nov 2, 2022 · 10 comments · Fixed by #7115
Closed

sbt 1.7.3 warns about no-op slf4j implementation on startup #7062

bpholt opened this issue Nov 2, 2022 · 10 comments · Fixed by #7115
Labels
Bug
Milestone
1.8.1

Comments

@bpholt
Copy link
Contributor

bpholt commented Nov 2, 2022
edited
Loading

steps

Launch sbt 1.7.3 with a plugin enabled that uses slf4j 1.x.

problem

sbt prints this on startup:

SLF4J: No SLF4J providers were found.
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See https://www.slf4j.org/codes.html#noProviders for further details.
SLF4J: Class path contains SLF4J bindings targeting slf4j-api versions 1.7.x or earlier.

expectation

I expected the log4j implementation included with sbt to be used, instead of the no-op implementation.

notes

I think this is because of the coursier update, which (according to its release notes) pulls in slf4j 2.0.3—but log4j 2.17.1, which sbt depends on directly, depends on slf4j 1.7.25.
@bpholt bpholt added the Bug label Nov 2, 2022
@bjaglin bjaglin mentioned this issue Nov 2, 2022
Closed
@SethTisue
Copy link
Member

SethTisue commented Nov 3, 2022
edited
Loading

Clarification: "Launch sbt 1.7.3" isn't sufficient to reproduce the problem.

scalacenter/scalafix#1700 seems to imply that it's necessary certain plugins to be involved (sbt-scalafix is one such plugin, perhaps there are others?).

@bjaglin
Copy link
Contributor

bjaglin commented Nov 3, 2022
edited
Loading

scalacenter/scalafix#1700 seems to imply that it's necessary certain plugins to be involved (sbt-scalafix is one such plugin, perhaps there are others?).

I assume (but haven't verified) that sbt itself does not use SLF4J, but any sbt plugin that does triggers the warning (and won't have Java logs).

@bpholt
Copy link
Contributor Author

bpholt commented Nov 3, 2022
edited
Loading

Clarification: "Launch sbt 1.7.3" isn't sufficient to reproduce the problem.

Yep, you're right—we have a default set of plugins enabled, and it seems that addSbtPlugin("com.github.sbt" % "sbt-git" % "2.0.0") triggers the warnings as well.

@wsargent
Copy link
Contributor

I've run into this as well.

@pk044
Copy link

pk044 commented Nov 25, 2022

Same here - I get this warning on >= 1.7.3. No warning on 1.7.2.

@eed3si9n
Copy link
Member

I think this is because of the coursier update, which (according to its release notes) pulls in slf4j 2.0.3—but log4j 2.17.1, which sbt depends on directly, depends on slf4j 1.7.25.

So sbt's forced into bumping up slf4j-api and log4j binding?

@kevin-lee
Copy link
Contributor

Is there any workaround? I think because of this, sbt-dependency-check doesn't show CVE info even with Dlog4j2.level=debug.

@ennru
Copy link

ennru commented Dec 22, 2022

This shows in the same way with sbt 1.8.0 when plugins pull in slf4j.
(To make it even more fun: slf4j 2.x is not compatible with slf4j 1.7, but that's just another chamber in dependency hell.)

This was referenced Jan 2, 2023
Merged
Merged
@eed3si9n
Copy link
Member

eed3si9n commented Jan 2, 2023

I have a PR for this - coursier/sbt-coursier#441

@eed3si9n eed3si9n added this to the 1.8.1 milestone Jan 3, 2023
eed3si9n added a commit to eed3si9n/sbt that referenced this issue Jan 3, 2023
@eed3si9n
lm-coursier-shaded 2.0.15
59be976 
Fixes sbt#7062
@eed3si9n eed3si9n mentioned this issue Jan 3, 2023
Merged
eed3si9n added a commit to eed3si9n/sbt that referenced this issue Jan 3, 2023
@eed3si9n
lm-coursier-shaded 2.0.15
5d3a708 
Fixes sbt#7062
@eed3si9n eed3si9n mentioned this issue Jan 3, 2023
Merged
@bpholt
Copy link
Contributor Author

bpholt commented Jan 3, 2023

Thanks @eed3si9n!

@Johnnei Johnnei mentioned this issue Sep 11, 2023
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 6, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
1.8.1
Development

Successfully merging a pull request may close this issue.

lm-coursier-shaded 2.0.15 eed3si9n/sbt
8 participants
@wsargent @SethTisue @eed3si9n @bjaglin @ennru @bpholt @kevin-lee @pk044