Problem:
As #5805 attempted to upgrade our CI dependencies managed by nix, some CodeBuild jobs failed to compile because nix used corretto21 that depends on an old package gradle-7.6.6.
Based on NixOS/nixpkgs#459071, it seems like nix maintainers don't have plans to fix the issue for corretto21. As a workaround, #5805 added gradle-7.6.6 as an insecure package. Ideally, we should minimize the number of insecure packages if possible.
Need By Date:
after 2026/05
Solution:
Once corretto25 is added into nixpkgs, presumably in nix 26.05 release, we can bump the nix version and upgrade to corretto25.
Requirements / Acceptance Criteria:
CI continues to pass
Problem:
As #5805 attempted to upgrade our CI dependencies managed by nix, some CodeBuild jobs failed to compile because nix used corretto21 that depends on an old package
gradle-7.6.6.Based on NixOS/nixpkgs#459071, it seems like nix maintainers don't have plans to fix the issue for corretto21. As a workaround, #5805 added
gradle-7.6.6as an insecure package. Ideally, we should minimize the number of insecure packages if possible.Need By Date:
after 2026/05
Solution:
Once corretto25 is added into nixpkgs, presumably in nix 26.05 release, we can bump the nix version and upgrade to corretto25.
Requirements / Acceptance Criteria:
CI continues to pass