during my build (using the maven command mvn clean install) my maven compiler automatically downloads the log4j dependency 1.2.12 (repository/log4j/log4j/) but since this has vulnerability issues I need to exclude this transitive dependency download.
This is my POM (however not really needed since an empty pom would download it as well using the default mvn compiler I guess?)
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.dsm</groupId>
<artifactId>testing</artifactId>
<version>1.0-SNAPSHOT</version>
<properties>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<cucumber.version>7.3.3</cucumber.version>
<selenium.version>4.1.4</selenium.version>
<awaitility.version>4.2.0</awaitility.version>
<assertj.version>3.22.0</assertj.version>
<commonsmodel.version>5.3.3</commonsmodel.version>
<maven.surefire.version>3.0.0-M5</maven.surefire.version>
<commons-lang3.version>3.12.0</commons-lang3.version>
<junit-jupiter-engine.version>5.8.2</junit-jupiter-engine.version>
<maven-cucumber-reporting.version>5.7.0</maven-cucumber-reporting.version>
</properties>
<dependencies>
<dependency>
<groupId>io.cucumber</groupId>
<artifactId>cucumber-java</artifactId>
<version>${cucumber.version}</version>
</dependency>
<dependency>
<groupId>io.cucumber</groupId>
<artifactId>cucumber-junit-platform-engine</artifactId>
<version>${cucumber.version}</version>
</dependency>
<dependency>
<groupId>org.junit.platform</groupId>
<artifactId>junit-platform-suite</artifactId>
<version>1.8.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-engine</artifactId>
<version>${junit-jupiter-engine.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>net.jodah</groupId>
<artifactId>failsafe</artifactId>
<version>2.4.4</version>
</dependency>
<dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-java</artifactId>
<version>${selenium.version}</version>
</dependency>
<dependency>
<groupId>org.awaitility</groupId>
<artifactId>awaitility</artifactId>
<version>${awaitility.version}</version>
</dependency>
<dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-core</artifactId>
<version>${assertj.version}</version>
</dependency>
<dependency>
<groupId>io.cucumber</groupId>
<artifactId>cucumber-picocontainer</artifactId>
<version>${cucumber.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>${commons-lang3.version}</version>
</dependency>
<dependency>
<groupId>net.masterthought</groupId>
<artifactId>maven-cucumber-reporting</artifactId>
<version>${maven-cucumber-reporting.version}</version>
</dependency>
</dependencies>
<profiles>
<profile>
<id>TestExecutor</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>${maven.surefire.version}</version>
<dependencies>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-engine</artifactId>
<version>${junit-jupiter-engine.version}</version>
</dependency>
</dependencies>
<configuration>
<includes>
<includes>**/ExecutorTest.java</includes>
</includes>
</configuration>
</plugin>
<!--cucumber report plugin-->
<plugin>
<groupId>net.masterthought</groupId>
<artifactId>maven-cucumber-reporting</artifactId>
<version>${maven-cucumber-reporting.version}</version>
<executions>
<execution>
<id>generate-cucumber-reports</id>
<phase>test</phase>
<goals>
<goal>generate</goal>
</goals>
<configuration>
<projectName>Automation report</projectName>
<outputDirectory>${project.build.directory}/cucumber-reports</outputDirectory>
<inputDirectory>${project.build.directory}/cucumber</inputDirectory>
<jsonFiles>
<param>**/*.json</param>
</jsonFiles>
<checkBuildResult>false</checkBuildResult>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
You already gave half of the answer yourself: you need to change the version of the maven-compiler-plugin. Instructions can be found at https://maven.apache.org/plugins/maven-compiler-plugin/usage.html It is always a best practice to lock versions of plugins in your pom, just to ensure you can rebuild your project in X years too.