Add AWS-Core POM file with dependencies and build configuration

[JaninduRSD]

Purpose

Describe the problems, issues, or needs driving this feature/fix and include links to related issues in the following format: Resolves issue1, issue2, etc.

Goals

Describe the solutions that this feature/fix will introduce to resolve the problems described above

Approach

Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email documentation@wso2.com to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here.

User stories

Summary of user stories addressed by this change>

Release note

Brief description of the new feature or bug fix as it will appear in the release notes

Documentation

Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact

Training

Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable

Certification

Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to certification@wso2.com and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why.

Marketing

Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable

Automation tests

• Unit tests

  Code coverage information

• Integration tests

  Details about the test cases and coverage

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no
• Ran FindSecurityBugs plugin and verified report? yes/no
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no

Samples

Provide high-level details about the samples related to this feature

Related PRs

List any other related PRs

Migrations (if applicable)

Describe migration steps and platforms on which migration has been tested

Test environment

List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested

Learning

Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem.

Summary by CodeRabbit

• Chores
  • Added a new module build configuration to integrate AWS SDK components and produce an OSGi-ready bundle.
  • Declared dependency versions, packaging and embedding rules, and distribution settings to support consistent builds and artifact publication.

[coderabbitai]

Walkthrough

Introduces a new Maven POM for aws-core (version 2.30.22.wso2v3) that builds an OSGi bundle: declares AWS SDK dependency versions, extensive dependency embeddings/exports, Maven Bundle Plugin configuration, and distributionManagement entries pointing to WSO2 repositories.

Changes

Cohort / File(s)

Summary

AWS Core POM Configuration aws-core/2.30.22.wso2v3/pom.xml

Added new Maven POM that packages AWS SDK components as an OSGi bundle. Defines project coordinates, properties (software.amazon.awssdk.version, software.amazon.awssdk.crt.version, software.amazon.eventstream.version, awscore.orbit.version), distributionManagement (WSO2 release/snapshot repos), and Maven Bundle Plugin instructions (Bundle-SymbolicName/Name, Export-Package with version alignment, Import-Package, Private/Dynamic imports, Embed-Dependency with inline settings). Exports many AWS SDK packages and embeds a comprehensive set of dependencies for compile/runtime.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I stitched a POM beneath the moonlight glow,
Bundles and packages in a tidy row,
Versions aligned and dependencies spun,
OSGi hops joyfully—work is done! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description contains only the template structure with no actual content filled in across any of the required sections (Purpose, Goals, Approach, etc.).	Fill in all required template sections with specific details about why this POM was added, what dependencies are included, testing performed, and any security checks completed.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding an AWS-Core POM file with dependencies and build configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

aws-core/2.30.22.wso2v3/pom.xml (1)

213-216: Redundant Export-Package entry: auth.credentials.* is already matched by auth.*.

software.amazon.awssdk.auth.* uses a recursive wildcard that covers all sub-packages, so software.amazon.awssdk.auth.credentials.* on the following line is superfluous.

♻️ Proposed fix

                             software.amazon.awssdk.auth.*; version="${awscore.orbit.version}",
                             software.amazon.awssdk.awscore.*; version="${awscore.orbit.version}",
-                            software.amazon.awssdk.auth.credentials.*; version="${awscore.orbit.version}",
                             software.amazon.awssdk.http.*; version="${awscore.orbit.version}",

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@aws-core/2.30.22.wso2v3/pom.xml` around lines 213 - 216, The Export-Package
list contains a redundant entry: software.amazon.awssdk.auth.credentials.* is
already covered by the recursive software.amazon.awssdk.auth.* entry; remove the
explicit software.amazon.awssdk.auth.credentials.* line from the pom.xml
Export-Package configuration so only the broader software.amazon.awssdk.auth.*
remains to avoid duplication.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@aws-core/2.30.22.wso2v3/pom.xml`:
- Around line 238-248: The Embed-Dependency list in the POM contains a
duplicated entry "metrics-spi" which triggers BND warnings; open the
Embed-Dependency block and remove the redundant
"metrics-spi;scope=compile|runtime;inline=false" entry so it only appears once
(leave the other dependency lines unchanged), ensuring the manifest no longer
contains duplicate metrics-spi entries.
- Around line 224-226: The Embed-Dependency line is malformed and causes
software.amazon.awssdk:utils to be treated as an attribute rather than a
separate clause; update the Embed-Dependency entries so each artifact is its own
comma-separated clause with its attributes, e.g. split the current single clause
that reads like "aws-core;utils,scope=..." into two explicit clauses such as
"aws-core;scope=compile|runtime;inline=false" and
"software.amazon.awssdk:utils;scope=compile|runtime;inline=false" so that the
utils artifact is correctly matched and embedded by the maven-bundle-plugin.
- Line 29: The pom property awscore.orbit.version is incorrectly set to
2.30.22.wso2v2 while the module directory and intended release are wso2v3;
update the property value from 2.30.22.wso2v2 to 2.30.22.wso2v3 so the
artifact/version metadata (including Export-Package headers) matches the module
directory and prevents collision with the previous wso2v2 release, and then
verify other poms or CI variable references for awscore.orbit.version to ensure
consistency across the module.

---

Nitpick comments:
In `@aws-core/2.30.22.wso2v3/pom.xml`:
- Around line 213-216: The Export-Package list contains a redundant entry:
software.amazon.awssdk.auth.credentials.* is already covered by the recursive
software.amazon.awssdk.auth.* entry; remove the explicit
software.amazon.awssdk.auth.credentials.* line from the pom.xml Export-Package
configuration so only the broader software.amazon.awssdk.auth.* remains to avoid
duplication.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Malformed Embed-Dependency clause leaves utils un-embedded.

Line 225 reads aws-core;utils,scope=compile|runtime;inline=false. In the maven-bundle-plugin DSL, each entry in Embed-Dependency is a comma-delimited clause of the form MATCH;attribute=value. The semicolon after aws-core begins the attribute list, so utils is parsed as a bare (valueless) attribute name on the aws-core clause, not as a second artifact to embed. The comma then starts a new clause whose MATCH text would be scope=compile|runtime (no real artifact ID), and inline=false becomes its only attribute. The software.amazon.awssdk:utils jar is therefore never embedded.

🐛 Proposed fix — split into two explicit entries

-                            aws-core;utils,scope=compile|runtime;inline=false,
+                            aws-core;scope=compile|runtime;inline=false,
+                            utils;scope=compile|runtime;inline=false,

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@aws-core/2.30.22.wso2v3/pom.xml` around lines 224 - 226, The Embed-Dependency
line is malformed and causes software.amazon.awssdk:utils to be treated as an
attribute rather than a separate clause; update the Embed-Dependency entries so
each artifact is its own comma-separated clause with its attributes, e.g. split
the current single clause that reads like "aws-core;utils,scope=..." into two
explicit clauses such as "aws-core;scope=compile|runtime;inline=false" and
"software.amazon.awssdk:utils;scope=compile|runtime;inline=false" so that the
utils artifact is correctly matched and embedded by the maven-bundle-plugin.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

metrics-spi is listed twice in Embed-Dependency (lines 238 and 247).

The duplicate is a no-op at runtime but will trigger a BND warning during the build and makes the manifest harder to audit.

🐛 Proposed fix

                             metrics-spi;scope=compile|runtime;inline=false,
                             protocol-core;scope=compile|runtime;inline=false,
                             json-utils;scope=compile|runtime;inline=false,
                             third-party-jackson-core;scope=compile|runtime;inline=false,
                             checksums;scope=compile|runtime;inline=false,
                             checksums-spi;scope=compile|runtime;inline=false,
                             http-auth;scope=compile|runtime;inline=false,
                             lambda;scope=compile|runtime;inline=false,
                             http-client-spi;scope=compile|runtime;inline=false,
-                            metrics-spi;scope=compile|runtime;inline=false,
                             retries;scope=compile|runtime;inline=false,

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	metrics-spi;scope=compile|runtime;inline=false,
	protocol-core;scope=compile|runtime;inline=false,
	json-utils;scope=compile|runtime;inline=false,
	third-party-jackson-core;scope=compile|runtime;inline=false,
	checksums;scope=compile|runtime;inline=false,
	checksums-spi;scope=compile|runtime;inline=false,
	http-auth;scope=compile|runtime;inline=false,
	lambda;scope=compile|runtime;inline=false,
	http-client-spi;scope=compile|runtime;inline=false,
	metrics-spi;scope=compile|runtime;inline=false,
	retries;scope=compile|runtime;inline=false,
	metrics-spi;scope=compile|runtime;inline=false,
	protocol-core;scope=compile|runtime;inline=false,
	json-utils;scope=compile|runtime;inline=false,
	third-party-jackson-core;scope=compile|runtime;inline=false,
	checksums;scope=compile|runtime;inline=false,
	checksums-spi;scope=compile|runtime;inline=false,
	http-auth;scope=compile|runtime;inline=false,
	lambda;scope=compile|runtime;inline=false,
	http-client-spi;scope=compile|runtime;inline=false,
	retries;scope=compile|runtime;inline=false,

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@aws-core/2.30.22.wso2v3/pom.xml` around lines 238 - 248, The Embed-Dependency
list in the POM contains a duplicated entry "metrics-spi" which triggers BND
warnings; open the Embed-Dependency block and remove the redundant
"metrics-spi;scope=compile|runtime;inline=false" entry so it only appears once
(leave the other dependency lines unchanged), ensuring the manifest no longer
contains duplicate metrics-spi entries.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (2)

aws-core/2.30.22.wso2v3/pom.xml (2)

238-247: ⚠️ Potential issue | 🟡 Minor

Remove duplicate metrics-spi from Embed-Dependency.

metrics-spi appears on Line 238 and Line 247. Keep a single entry to avoid noisy/ambiguous bundle instructions.

🧹 Proposed fix

                             http-client-spi;scope=compile|runtime;inline=false,
-                            metrics-spi;scope=compile|runtime;inline=false,
                             retries;scope=compile|runtime;inline=false,

#!/bin/bash
set -euo pipefail

file="aws-core/2.30.22.wso2v3/pom.xml"
count="$(rg -n 'metrics-spi;scope=compile\|runtime;inline=false' "$file" | wc -l | tr -d ' ')"
echo "metrics-spi Embed-Dependency entries: $count"
test "$count" -eq 1

Expected: count is 1.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@aws-core/2.30.22.wso2v3/pom.xml` around lines 238 - 247, Remove the duplicate
metrics-spi entry from the Embed-Dependency list so only one
"metrics-spi;scope=compile|runtime;inline=false" remains; locate the repeated
entry in the Embed-Dependency block and delete the second occurrence (keep a
single metrics-spi line), ensuring the comma-separated list formatting and
trailing commas remain valid after removal.

---

224-226: ⚠️ Potential issue | 🟠 Major

Fix malformed Embed-Dependency clause so utils is embedded correctly.

On Line 225, aws-core;utils,scope=... is parsed as a malformed single clause; utils should be a separate embed clause.

🐛 Proposed fix

-                            aws-core;utils,scope=compile|runtime;inline=false,
+                            aws-core;scope=compile|runtime;inline=false,
+                            utils;scope=compile|runtime;inline=false,

#!/bin/bash
set -euo pipefail

file="aws-core/2.30.22.wso2v3/pom.xml"

echo "Malformed combined clause (should be absent after fix):"
rg -n 'aws-core;utils,scope=compile\|runtime;inline=false' "$file" || true

echo "Explicit utils clause (should exist exactly once after fix):"
rg -n '^\s*utils;scope=compile\|runtime;inline=false,?$' "$file"

Expected: first search returns no matches after fix; second returns one match.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@aws-core/2.30.22.wso2v3/pom.xml` around lines 224 - 226, The Embed-Dependency
entry is malformed because "aws-core;utils,scope=..." combined two artifacts
into one clause; edit the Embed-Dependency block (the Embed-Dependency XML
element) to split that combined clause into two separate clauses: one for
"aws-core;scope=compile|runtime;inline=false" and a separate one for
"utils;scope=compile|runtime;inline=false" (preserve the surrounding commas/line
breaks so each clause is a distinct comma-separated entry and remove the
erroneous "aws-core;utils,..." token).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@aws-core/2.30.22.wso2v3/pom.xml`:
- Around line 33-184: Add a dependencyManagement override pinning
io.netty:netty-codec-http2 to 4.1.124.Final (or later) in the POM: create or
update the <dependencyManagement><dependencies> section and add a <dependency>
with <groupId>io.netty</groupId>, <artifactId>netty-codec-http2</artifactId> and
<version>4.1.124.Final</version> so that the transitive netty-codec-http2 pulled
in by AWS SDK (from dependencies like aws-core / aws-sdk-java) is replaced;
ensure the new dependency is added at the same POM level as the existing
<dependencies> block so Maven attribute resolution applies project-wide.

---

Duplicate comments:
In `@aws-core/2.30.22.wso2v3/pom.xml`:
- Around line 238-247: Remove the duplicate metrics-spi entry from the
Embed-Dependency list so only one
"metrics-spi;scope=compile|runtime;inline=false" remains; locate the repeated
entry in the Embed-Dependency block and delete the second occurrence (keep a
single metrics-spi line), ensuring the comma-separated list formatting and
trailing commas remain valid after removal.
- Around line 224-226: The Embed-Dependency entry is malformed because
"aws-core;utils,scope=..." combined two artifacts into one clause; edit the
Embed-Dependency block (the Embed-Dependency XML element) to split that combined
clause into two separate clauses: one for
"aws-core;scope=compile|runtime;inline=false" and a separate one for
"utils;scope=compile|runtime;inline=false" (preserve the surrounding commas/line
breaks so each clause is a distinct comma-separated entry and remove the
erroneous "aws-core;utils,..." token).

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c1ddce2 and f73c1d5.

📒 Files selected for processing (1)

• aws-core/2.30.22.wso2v3/pom.xml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

file="aws-core/2.30.22.wso2v3/pom.xml"

echo "=== Check whether netty-codec-http2 is currently pinned in this POM ==="
rg -n '<groupId>io\.netty</groupId>|<artifactId>netty-codec-http2</artifactId>|<netty\.codec\.http2\.version>' "$file" || echo "No direct netty-codec-http2 pins found"

echo ""
echo "=== Check if file exists and show first 50 lines ==="
if [ -f "$file" ]; then
    head -50 "$file"
else
    echo "File not found: $file"
fi

echo ""
echo "=== Fetch advisory metadata from OSV ==="
python3 <<'PY'
import json
import urllib.request
import urllib.error

try:
    url = "https://api.osv.dev/v1/vulns/GHSA-prj3-ccx8-p6x4"
    req = urllib.request.Request(url, headers={'User-Agent': 'Mozilla/5.0'})
    with urllib.request.urlopen(req, timeout=10) as response:
        data = json.loads(response.read().decode('utf-8'))
    
    print("Advisory ID:", data.get("id"))
    print("Summary:", data.get("summary", "N/A")[:200])
    print("\nAffected packages:")
    for affected in data.get("affected", []):
        pkg = affected.get("package", {})
        ecosystem = pkg.get("ecosystem", "")
        name = pkg.get("name", "")
        if ecosystem == "Maven":
            print(f"  Package: {name} (Ecosystem: {ecosystem})")
            for range_item in affected.get("ranges", []):
                if range_item.get("type") == "ECOSYSTEM":
                    print(f"  Range type: ECOSYSTEM")
                    print(f"  Events: {range_item.get('events', [])}")
except Exception as e:
    print(f"Error fetching OSV data: {e}")
PY

Repository: wso2/orbit

Length of output: 2489

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

file="aws-core/2.30.22.wso2v3/pom.xml"

echo "=== Search for properties/version definitions ==="
rg -A 5 '<properties>' "$file" | head -50

echo ""
echo "=== Search for software.amazon.awssdk.version ==="
rg '<software\.amazon\.awssdk\.version>' "$file"

echo ""
echo "=== Full file line count and structure ==="
wc -l "$file"

echo ""
echo "=== Check for any netty-related content in entire file ==="
rg -i 'netty' "$file" || echo "No netty mentions found"

Repository: wso2/orbit

Length of output: 763

---

🌐 Web query:

GHSA-prj3-ccx8-p6x4 netty-codec-http2 vulnerability

💡 Result:

GHSA-prj3-ccx8-p6x4 is a DDoS / resource-exhaustion vulnerability in Netty’s HTTP/2 codec (io.netty:netty-codec-http2), assigned CVE-2025-55163. An attacker can send malformed HTTP/2 control frames that cause the server to emit RST_STREAM and incorrectly “free” the stream from the max-concurrent-streams counter, allowing unbounded concurrent backend work and resulting in CPU/memory exhaustion (DoS/DDoS). [1]

• Affected (upstream Netty): netty-codec-http2 <= 4.1.123.Final and <= 4.2.3.Final (i.e., the 4.2 line before 4.2.4). [1]
• Fixed in: 4.1.124.Final and 4.2.4.Final. [1][2]
• Mitigations (if you can’t upgrade immediately): rate/limit server-sent RST_STREAM and/or rate/limit client control frames (e.g., WINDOW_UPDATE, PRIORITY), and treat certain flow/protocol errors as connection errors. [1][3]

Note: Some downstream artifacts (e.g., grpc-netty-shaded) may also be impacted depending on the bundled Netty version. [4]

Sources: [1] GitHub Netty advisory, [2] Snyk entry (CVE-2025-55163), [3] CERT/CC MadeYouReset note, [4] Resolved Security catalog entry.

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Check entire POM for dependencyManagement or parent references ==="
cat aws-core/2.30.22.wso2v3/pom.xml | head -100

echo ""
echo "=== Look for parent POM definition ==="
rg -A 5 '<parent>' aws-core/2.30.22.wso2v3/pom.xml || echo "No parent POM"

echo ""
echo "=== Check Maven Central for AWS SDK 2.30.22 dependencies ==="
python3 <<'PYTHON'
import json
import urllib.request
import urllib.error

try:
    # Check Maven Central for aws-core 2.30.22 POM
    url = "https://repo1.maven.org/maven2/software/amazon/awssdk/aws-core/2.30.22/aws-core-2.30.22.pom"
    req = urllib.request.Request(url, headers={'User-Agent': 'Mozilla/5.0'})
    with urllib.request.urlopen(req, timeout=10) as response:
        pom_content = response.read().decode('utf-8')
        # Look for netty dependencies
        if 'netty' in pom_content.lower():
            lines = pom_content.split('\n')
            for i, line in enumerate(lines):
                if 'netty' in line.lower():
                    print(f"Line {i}: {line.strip()}")
                    # Print context
                    for j in range(max(0, i-2), min(len(lines), i+3)):
                        if j != i:
                            print(f"  {lines[j].strip()}")
        else:
            print("No netty references found in aws-core 2.30.22 POM")
except Exception as e:
    print(f"Error fetching POM: {e}")
PYTHON

Repository: wso2/orbit

Length of output: 4571

---

🌐 Web query:

AWS SDK for Java 2.30.22 netty-codec-http2 version dependencies

💡 Result:

For AWS SDK for Java v2.30.22 (artifact software.amazon.awssdk:netty-nio-client:2.30.22), the Netty HTTP/2 codec dependency resolves to:

• io.netty:netty-codec-http2:4.1.118.Final [1]

(Other Netty modules pulled by the same artifact—e.g., netty-codec-http, netty-handler, etc.—are also 4.1.118.Final.) [1]

Sources:
[1] https://mvnrepository.com/artifact/software.amazon.awssdk/netty-nio-client/2.30.22/dependencies

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Search for AWS SDK release notes or version info ==="
# Try to find any local reference to SDK dependencies or changelog
find . -name "*2.30.22*" -o -name "*CHANGELOG*" -o -name "*RELEASES*" 2>/dev/null | head -20

echo ""
echo "=== Check if there's any dependency documentation ==="
find . -name "*.md" -o -name "*.txt" 2>/dev/null | xargs grep -l "2.30.22" 2>/dev/null | head -10

echo ""
echo "=== List all files in aws-core directory ==="
ls -la aws-core/2.30.22.wso2v3/ | head -30

Repository: wso2/orbit

Length of output: 245

---

Add explicit netty-codec-http2 version override to address GHSA-prj3-ccx8-p6x4 (CVE-2025-55163).

AWS SDK 2.30.22 transitively brings in io.netty:netty-codec-http2:4.1.118.Final, which is vulnerable to a DDoS attack exploiting malformed HTTP/2 control frames that cause unbounded concurrent stream handling and resource exhaustion. Add a dependencyManagement override to pin netty-codec-http2 to 4.1.124.Final or later.

🛡️ Suggested mitigation pattern

+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>io.netty</groupId>
+                <artifactId>netty-codec-http2</artifactId>
+                <version>4.1.124.Final</version>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
...
     <properties>
         <software.amazon.awssdk.version>2.30.22</software.amazon.awssdk.version>
+        <netty.codec.http2.version>4.1.124.Final</netty.codec.http2.version>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@aws-core/2.30.22.wso2v3/pom.xml` around lines 33 - 184, Add a
dependencyManagement override pinning io.netty:netty-codec-http2 to
4.1.124.Final (or later) in the POM: create or update the
<dependencyManagement><dependencies> section and add a <dependency> with
<groupId>io.netty</groupId>, <artifactId>netty-codec-http2</artifactId> and
<version>4.1.124.Final</version> so that the transitive netty-codec-http2 pulled
in by AWS SDK (from dependencies like aws-core / aws-sdk-java) is replaced;
ensure the new dependency is added at the same POM level as the existing
<dependencies> block so Maven attribute resolution applies project-wide.