mvn install fails in environment that block log4j:2.15.0 & its dependencies from downloading due to security vulnerabilities #1375
Description
mvn install fails in environment that block log4j:2.15.0 dependencies from downloading due to security vulnerabilities.
Q: What were you trying to accomplish?
A: I am trying to setup my local environment for contribution.
Expected Behavior
mvn install -DskipTests should succeed
Current Behavior
Build Failure
Powertools for AWS Lambda (Java) library Examples - Core FAILURE
Possible Solution
Upgrade
<groupId>com.github.edwgiz</groupId>
<artifactId>maven-shade-plugin.log4j2-cachefile-transformer</artifactId>
<version>2.15</version>
with
<groupId>io.github.edwgiz</groupId>
<artifactId>log4j-maven-shade-plugin-extensions</artifactId>
<version>2.17.2</version>
in
examples/powertools-examples-batch/pom.xml
examples/powertools-examples-cloudformation/pom.xml
examples/powertools-examples-core/cdk/app/pom.xml
examples/powertools-examples-core/sam/pom.xml
examples/powertools-examples-idempotency/pom.xml
examples/powertools-examples-sqs/pom.xml
Steps to Reproduce (for bugs)
- Setup a firewall that blocks
maven-shade-plugin.log4j2-cachefile-transformer version 2.15and its dependencies - mvn install -DskipTests
Environment
- Powertools for AWS Lambda (Java) version used: 1.17.0-SNAPSHOT
- Packaging format (Layers, Maven/Gradle): Maven
- AWS Lambda function runtime:
- Debugging logs
# paste logs here