Upgrade org.slf4j/slf4j-api and ch.qos.logback/logback-classic

[kroncatti]

We are currently relying on the following versions that are becoming outdated and have some vulnerabilities:

- ch.qos.logback/logback-classic "1.3.0-alpha4"
- org.slf4j/log4j-over-slf4j "1.8.0-beta2"

Couldn't we upgrade those versions ? Not sure how difficult it is to do it in this context

[kroncatti]

Opened this PR, could you check if this is compliant and if we can generate a new version ? @igorakkerman

[igorakkerman]

Thanks so much, @kroncatti, for taking the time to comment and submit the PR. I left a comment there.

I currently do not have any resources to test it myself but I will trust your judgement.

[kroncatti]

Hey @igorakkerman, thanks.

I would like to know if there is a way of releasing a beta/unofficial version of the lib ? If that is the case, I could basically guarantee that it will properly work. For now, I basically bumped the versions on gradle and ran the unit testing that you already have on code to see if it was properly working.

[igorakkerman]

@kroncatti Where would you like to release the beta version to to be able to test it? What is your plan on how to test it once it is released? Do you have a project with an AWS Lambda to try it out?

[kroncatti]

I am not sure where to release the beta. Yes, we have an AWS lambda that could be used as a test for this beta.

[igorakkerman]

I am still trying to understand where you'd like to release the beta to in order to test it. Maybe it would help to know how you're building the AWS Lambda and where you're pulling the dependencies from. If it's done locally, you could publish the library to the local Maven repo. If you're building in a remote CI system, you could add it to its "local" repo.

I agree that we should have local integration tests, e.g. using LocalStack or CDK. I will open an issue for that.

Do you believe the information above helps you to test the integration manually?