[BEAM-12422] Removing unnecessary log4j-api dependency

suztomo · suztomo · commit 5690af786de2 · 2021-06-29T17:48:58.000-04:00
Vendored gRPC 1.36.0 was using a log4j version with security issues.
gRPC does not declare log4j dependency. It uses java.util.logging
for logging. Therefore removing the dependency.
diff --git a/buildSrc/src/main/groovy/org/apache/beam/gradle/GrpcVendoring_1_36_0.groovy b/buildSrc/src/main/groovy/org/apache/beam/gradle/GrpcVendoring_1_36_0.groovy
@@ -70,7 +70,6 @@ class GrpcVendoring_1_36_0 {
     return [
       'com.google.errorprone:error_prone_annotations:2.4.0',
       'commons-logging:commons-logging:1.2',
-      'org.apache.logging.log4j:log4j-api:2.6.2',
       'org.slf4j:slf4j-api:1.7.30',
       // TODO(BEAM-9288): Enable relocation for conscrypt
       "org.conscrypt:conscrypt-openjdk-uber:$conscrypt_version"
@@ -161,8 +160,6 @@ class GrpcVendoring_1_36_0 {
       "module-info.class",
       "org/apache/commons/logging/**",
       "org/apache/log/**",
-      "org/apache/log4j/**",
-      "org/apache/logging/log4j/**",
       "org/checkerframework/**",
       "org/codehaus/mojo/animal_sniffer/**",
       "org/conscrypt/**",
