Home > Software engineering >  How to remove or exclude transitive Log4j during maven build?
How to remove or exclude transitive Log4j during maven build?

Time:06-02

during my build (using the maven command mvn clean install) my maven compiler automatically downloads the log4j dependency 1.2.12 (repository/log4j/log4j/) but since this has vulnerability issues I need to exclude this transitive dependency download.

This is my POM (however not really needed since an empty pom would download it as well using the default mvn compiler I guess?)

<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.dsm</groupId>
    <artifactId>testing</artifactId>
    <version>1.0-SNAPSHOT</version>

    <properties>
        <maven.compiler.source>1.8</maven.compiler.source>
        <maven.compiler.target>1.8</maven.compiler.target>

        <cucumber.version>7.3.3</cucumber.version>
        <selenium.version>4.1.4</selenium.version>
        <awaitility.version>4.2.0</awaitility.version>
        <assertj.version>3.22.0</assertj.version>
        <commonsmodel.version>5.3.3</commonsmodel.version>
        <maven.surefire.version>3.0.0-M5</maven.surefire.version>
        <commons-lang3.version>3.12.0</commons-lang3.version>
        <junit-jupiter-engine.version>5.8.2</junit-jupiter-engine.version>
        <maven-cucumber-reporting.version>5.7.0</maven-cucumber-reporting.version>
    </properties>

    <dependencies>

        <dependency>
            <groupId>io.cucumber</groupId>
            <artifactId>cucumber-java</artifactId>
            <version>${cucumber.version}</version>
        </dependency>

        <dependency>
            <groupId>io.cucumber</groupId>
            <artifactId>cucumber-junit-platform-engine</artifactId>
            <version>${cucumber.version}</version>
        </dependency>

        <dependency>
            <groupId>org.junit.platform</groupId>
            <artifactId>junit-platform-suite</artifactId>
            <version>1.8.2</version>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>org.junit.jupiter</groupId>
            <artifactId>junit-jupiter-engine</artifactId>
            <version>${junit-jupiter-engine.version}</version>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>net.jodah</groupId>
            <artifactId>failsafe</artifactId>
            <version>2.4.4</version>
        </dependency>

        <dependency>
            <groupId>org.seleniumhq.selenium</groupId>
            <artifactId>selenium-java</artifactId>
            <version>${selenium.version}</version>
        </dependency>

        <dependency>
            <groupId>org.awaitility</groupId>
            <artifactId>awaitility</artifactId>
            <version>${awaitility.version}</version>
        </dependency>

        <dependency>
            <groupId>org.assertj</groupId>
            <artifactId>assertj-core</artifactId>
            <version>${assertj.version}</version>
        </dependency>

        <dependency>
            <groupId>io.cucumber</groupId>
            <artifactId>cucumber-picocontainer</artifactId>
            <version>${cucumber.version}</version>
        </dependency>

        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
            <version>${commons-lang3.version}</version>
        </dependency>

        <dependency>
            <groupId>net.masterthought</groupId>
            <artifactId>maven-cucumber-reporting</artifactId>
            <version>${maven-cucumber-reporting.version}</version>
        </dependency>

    </dependencies>

    <profiles>
        <profile>
            <id>TestExecutor</id>
            <build>
                <plugins>
                    <plugin>
                        <groupId>org.apache.maven.plugins</groupId>
                        <artifactId>maven-surefire-plugin</artifactId>
                        <version>${maven.surefire.version}</version>
                        <dependencies>
                            <dependency>
                                <groupId>org.junit.jupiter</groupId>
                                <artifactId>junit-jupiter-engine</artifactId>
                                <version>${junit-jupiter-engine.version}</version>
                            </dependency>
                        </dependencies>
                        <configuration>
                            <includes>
                                <includes>**/ExecutorTest.java</includes>
                            </includes>
                        </configuration>
                    </plugin>
                    <!--cucumber report plugin-->
                    <plugin>
                        <groupId>net.masterthought</groupId>
                        <artifactId>maven-cucumber-reporting</artifactId>
                        <version>${maven-cucumber-reporting.version}</version>
                        <executions>
                            <execution>
                                <id>generate-cucumber-reports</id>
                                <phase>test</phase>
                                <goals>
                                    <goal>generate</goal>
                                </goals>
                                <configuration>
                                    <projectName>Automation report</projectName>
                                    <outputDirectory>${project.build.directory}/cucumber-reports</outputDirectory>
                                    <inputDirectory>${project.build.directory}/cucumber</inputDirectory>
                                    <jsonFiles>
                                        <param>**/*.json</param>
                                    </jsonFiles>
                                    <checkBuildResult>false</checkBuildResult>
                                </configuration>
                            </execution>
                        </executions>
                    </plugin>
                </plugins>
            </build>
        </profile>
    </profiles>


</project>



CodePudding user response:

You already gave half of the answer yourself: you need to change the version of the maven-compiler-plugin. Instructions can be found at https://maven.apache.org/plugins/maven-compiler-plugin/usage.html It is always a best practice to lock versions of plugins in your pom, just to ensure you can rebuild your project in X years too.

  • Related