Fix AWS JSON protocol errors by harmonising relevant AWS libs

Additional changes: * `ion-java` had a dependency override added with #42 in March 2024. `ion-java` was a dependency of AWS SDK v1 (`com.amazonaws:aws-java-sdk-core:1.12.151`). However, release 3.0.0 of the Amazon Kinesis Client Library for Java (https://github.com/awslabs/amazon-kinesis-client/releases/tag/v3.0.0) removed the last transitory dependency of the KCL on AWS SDK v1, and `content-api-firehose-client` no longer depends upon it. * "software.amazon.awssdk" % "netty-nio-client" had a dependency override, first with #26 and then to version 2.26.25 with #49 in October 2024. However, here we're updating all relevant `software.amazon.awssdk` libraries to 2.29.23, meaning that the manual upgrade to 2.26.25 is no longer necessary.
guardian · Dec 5, 2024 · 197ffc2 · 197ffc2
1 parent 2400522
commit 197ffc2
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/build.sbt b/build.sbt
@@ -37,23 +37,21 @@ resolvers ++= Resolver.sonatypeOssRepos("releases")
 libraryDependencies ++= Seq(
   "com.gu" %% "content-api-models-scala" % "25.0.0",
   "com.gu" %% "thrift-serializer" % "5.0.5",
-  "software.amazon.kinesis" % "amazon-kinesis-client" % "2.6.0",
+  "software.amazon.kinesis" % "amazon-kinesis-client" % "3.0.1",
   "com.typesafe.scala-logging" %% "scala-logging" % "3.9.5",
   "com.twitter" %% "scrooge-core" % "21.12.0",
   "org.scalatest" %% "scalatest" % "3.2.19" % Test
-)
+) ++ Seq("aws-json-protocol", "dynamodb", "kinesis").map(artifact => "software.amazon.awssdk" % artifact % "2.29.23")
 
 val jacksonVersion = "2.17.2"
 dependencyOverrides ++= Seq(
   "com.charleskorn.kaml" % "kaml" % "0.53.0",
   "com.fasterxml.jackson.core" % "jackson-databind" % jacksonVersion,
   "com.fasterxml.jackson.core" % "jackson-annotations" % jacksonVersion,
   "com.fasterxml.jackson.core" % "jackson-core" % jacksonVersion,
-  "software.amazon.awssdk" % "netty-nio-client" % "2.26.25",
   "org.json" % "json" % "20231013",
   "org.xerial.snappy" % "snappy-java" % "1.1.10.4",
   "org.apache.commons" % "commons-compress" % "1.26.0",
-  "com.amazon.ion" % "ion-java" % "1.10.5",//overriding until a version of amazon-kinesis-client is available that removes the ion-java vulnerability
   "software.amazon.glue" % "schema-registry-serde" % "1.1.19", //overriding until a version of amazon-kinesis-client is available that removes the ion-java vulnerability
   "org.apache.avro" % "avro" % "1.11.4", //overriding until a version of amazon-kinesis-client / glue-schema-registry-common is available that removes the avro vuln
   "com.google.protobuf" % "protobuf-java" % "3.25.5"  //overriding until a version of amazon-kinesis-client is available that removes the protobuf vuln

diff --git a/project/plugins.sbt b/project/plugins.sbt
@@ -9,3 +9,5 @@ addSbtPlugin("org.scalariform" % "sbt-scalariform" % "1.8.3")
 
 
 
+addDependencyTreePlugin
+
Original file line number	Diff line number	Diff line change
Expand Up		@@ -9,3 +9,5 @@ addSbtPlugin("org.scalariform" % "sbt-scalariform" % "1.8.3")



		addDependencyTreePlugin