[RTI-10319] Upgrade Java libraries to handle log4j vulnerability (#39)

* [RTI-10319] Upgrade Java libraries to handle log4j vulnerability * [RTI-10319] Only include runtime dependencies, not test ones
AdRoll · Dec 15, 2021 · 862b593 · 862b593
1 parent 4da5331
commit 862b593
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/priv/download.sh b/priv/download.sh
@@ -12,11 +12,11 @@ cd "$(dirname $0)"
 R="$(pwd)"
 
 DYNAMO_PKG="dynamodb-streams-kinesis-adapter"
-DYNAMO_VERSION="1.4.0"
+DYNAMO_VERSION="1.5.3"
 DYNAMO_DESTDIR="$R/ddb_jars"
 
 KCL_PKG="amazon-kinesis-client"
-KCL_VERSION="1.9.1"
+KCL_VERSION="1.14.5"
 KCL_DESTDIR="$R/kcl_jars"
 
 BASE="http://search.maven.org/remotecontent?filepath="
@@ -42,7 +42,7 @@ download () {
         fi
     done
     POM="$DESTDIR/$PKG-$VERSION.pom"
-    mvn -B -f "$POM" dependency:copy-dependencies -DoutputDirectory="$DESTDIR"
+    mvn -B -f "$POM" dependency:copy-dependencies -DoutputDirectory="$DESTDIR" -DincludeScope=runtime
 }
 
 download "$DYNAMO_DESTDIR" "$DYNAMO_PKG" "$DYNAMO_VERSION"