fix: updating log4j dependencies to 2.17.0 - Githubissues

alexa / alexa-skills-kit-sdk-for-java

The Alexa Skills Kit SDK for Java helps you get a skill up and running quickly, letting you focus on skill logic instead of boilerplate code.

http://developer.amazon.com/ask

Apache License 2.0

817 stars 747 forks source link

fix: updating log4j dependencies to 2.17.0 #303

Closed doiron closed 2 years ago

doiron commented 2 years ago

Description

updating Log4J dependencies to the latest more secure version 2.17.0

Motivation and Context

the newer version resolves a security vulnerability.

Testing

Screenshots (if appropriate)

Types of changes

[x] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)

Checklist

[x] My code follows the code style of this project
[ ] My change requires a change to the documentation
[ ] I have updated the documentation accordingly
[x] I have read the README document
[ ] I have added tests to cover my changes
[x] All new and existing tests passed

License

[x] By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

doiron commented 2 years ago

closing this, this was the wrong dependency aws-lambda-java-log4j2 is the one that was launched as 1.5.0