From 5690af786de2ceec360f0955189ea33ea8e131c5 Mon Sep 17 00:00:00 2001
From: Tomo Suzuki <suztomo@google.com>
Date: Tue, 29 Jun 2021 17:48:58 -0400
Subject: [PATCH] [BEAM-12422] Removing unnecessary log4j-api dependency

Vendored gRPC 1.36.0 was using a log4j version with security issues.
gRPC does not declare log4j dependency. It uses java.util.logging
for logging. Therefore removing the dependency.
---
 .../groovy/org/apache/beam/gradle/GrpcVendoring_1_36_0.groovy  | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/buildSrc/src/main/groovy/org/apache/beam/gradle/GrpcVendoring_1_36_0.groovy b/buildSrc/src/main/groovy/org/apache/beam/gradle/GrpcVendoring_1_36_0.groovy
index 250646d26f8e..a226f05790a9 100644
--- a/buildSrc/src/main/groovy/org/apache/beam/gradle/GrpcVendoring_1_36_0.groovy
+++ b/buildSrc/src/main/groovy/org/apache/beam/gradle/GrpcVendoring_1_36_0.groovy
@@ -70,7 +70,6 @@ class GrpcVendoring_1_36_0 {
     return [
       'com.google.errorprone:error_prone_annotations:2.4.0',
       'commons-logging:commons-logging:1.2',
-      'org.apache.logging.log4j:log4j-api:2.6.2',
       'org.slf4j:slf4j-api:1.7.30',
       // TODO(BEAM-9288): Enable relocation for conscrypt
       "org.conscrypt:conscrypt-openjdk-uber:$conscrypt_version"
@@ -161,8 +160,6 @@ class GrpcVendoring_1_36_0 {
       "module-info.class",
       "org/apache/commons/logging/**",
       "org/apache/log/**",
-      "org/apache/log4j/**",
-      "org/apache/logging/log4j/**",
       "org/checkerframework/**",
       "org/codehaus/mojo/animal_sniffer/**",
       "org/conscrypt/**",