The maven build of our project fails with this error:
[ERROR] Failed to execute goal on project our_project:
Could not resolve dependencies for project our_package:our_project:war:our_version-SNAPSHOT:
Failed to collect dependencies at com.yubico:webauthn-server-attestation:jar:1.9.1 ->
com.yubico:webauthn-server-core-minimal:jar:1.9.1 -> com.yubico:yubico-util:jar:1.9.1 ->
com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.12.1.redhat-00001:
Failed to read artifact descriptor for
com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.12.1.redhat-00001:
Could not find artifact com.fasterxml.jackson:jackson-base:pom:2.12.1.redhat-00001
in bypassnexus (https://repo1.maven.org/maven2) -> [Help 1]
Digging into the matter I found that this pom https://maven.repository.redhat.com/ga/com/fasterxml/jackson/module/jackson-modules-java8/2.12.1.redhat-00001/jackson-modules-java8-2.12.1.redhat-00001.pom refers to the parent jackson-base
<parent>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-base</artifactId>
<version>2.12.1.redhat-00001</version>
</parent>
which is not in the repository, where I would expect it in https://maven.repository.redhat.com/ga/com/fasterxml/jackson/jackson-base/
The build seems to be broken since the release of version 2.12.1.redhat-00001 on Wed May 26 18:00:46 EDT 2021. Is the redhat repository broken? Can I tweek the yubico-util-package not to use the redhat version?
Best regards, Peppo
Those Yubico guys uses version ranges:
That's not really considered best-practice...
You can avoid loading any random dependency that happens to be on the internet, you can explicitly add fixed versions as extra dependencies in your project.
I see that 2.12.3 versions for jackson are available in the central repo, so maybe use those.