[
https://issues.apache.org/jira/browse/OMID-251?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17776870#comment-17776870
]
ASF GitHub Bot commented on OMID-251:
-------------------------------------
NihalJain commented on PR #142:
URL: https://github.com/apache/phoenix-omid/pull/142#issuecomment-1769194056
Tested by first introducing as license error by deleting header from one of
existing java file and then running `mvn license:check` both with/without
change. Build failed in both cases as expected.
> Bump license-maven-plugin to latest version
> -------------------------------------------
>
> Key: OMID-251
> URL: https://issues.apache.org/jira/browse/OMID-251
> Project: Phoenix Omid
> Issue Type: Task
> Reporter: Nihal Jain
> Priority: Major
> Attachments: out_v2.11.txt, out_v4.3.txt
>
>
> In phoenix-omid pom.xml, {{maven-license-plugin.version}} is set to {{2.11}},
> which was last updated 5 years ago. The plugin
> {{com.mycila:license-maven-plugin}} pulls log4j-1.2.x jar.
> See sample from run of {{mvn license:check}} with {{2.11}} is as follows:
> {code:java}
> Downloading from central:
> [https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar]
> {code}
> In my org, when trying to build phoenix-omid, build fails as
> {{log4j:logj:1.2.x}} is strictly banned in interanl artifactory.
> The goal of this JIRA is to bump the afore-mentioned mentioned plugin to
> latest version, i.e.
> [4.3|https://mvnrepository.com/artifact/com.mycila/license-maven-plugin],
> which does not pull the log4j:log4j jar.
> Full run log of {{mvn license:check}} command after clearning
> \{{~/.m2/reposiitory} with
> * {{2.11}}: [^out_v2.11.txt], which pulls {{log4j-1.2.x}} jar.
> * {{4.3}}: [^out_v4.3.txt], which does not pull {{log4j-1.2.x}} jar.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
