From b63c94f8f7c6a46d47f61eb4f71f488f9d6b3b9c Mon Sep 17 00:00:00 2001
From: Stefan Ranoszek <stefan48500@gmail.com>
Date: Thu, 7 May 2026 11:49:26 +0100
Subject: [PATCH] fix: exclude transitive netty from AWS batch and bedrock
 dependencies

Excludes io.netty:* from software.amazon.awssdk:batch and
bedrockagentruntime to resolve SNYK-JAVA-IONETTY-16438929
(netty-codec-http2@4.1.132.Final vulnerability).

The AWS SDK uses netty internally for its async HTTP client but
active-support uses the apache-client, so netty is not needed.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 pom.xml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/pom.xml b/pom.xml
index 65c2535..9d6c18a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -320,6 +320,12 @@
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>batch</artifactId>
             <version>${aws-sdk-batch.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!-- AWS Bedrock Agent Runtime (v2 SDK) -->
@@ -327,6 +333,12 @@
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>bedrockagentruntime</artifactId>
             <version>${aws-sdk-batch.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!-- ====================================== -->