From 54a6a458a7695c5bae0561fd9e1507836049ecdb Mon Sep 17 00:00:00 2001 From: Daniel Widdis Date: Mon, 5 Feb 2024 15:51:57 -0800 Subject: [PATCH] Fix build, update CVE-affected versions (#1102) (#1103) * Fix build, update CVE-affected versions * Spotless depends on CVE-impacted eclipse dependency, now needs JDK17+ --------- Signed-off-by: Daniel Widdis --- build.gradle | 4 ++++ dataGeneration/requirements.txt | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 2cbd38325..7634262e9 100644 --- a/build.gradle +++ b/build.gradle @@ -156,6 +156,10 @@ configurations.all { force "net.bytebuddy:byte-buddy-agent:1.14.9" force "com.google.code.gson:gson:2.8.9" force "junit:junit:4.13.2" + + force "com.google.guava:guava:32.1.3-jre" // CVE for 31.1 + force "com.fasterxml.jackson.core:jackson-core:2.16.0" // CVE for 2.14.1 + force "org.eclipse.platform:org.eclipse.core.runtime:3.29.0" // CVE for < 3.29.0 } } diff --git a/dataGeneration/requirements.txt b/dataGeneration/requirements.txt index 79cb0e9e8..0661a296d 100644 --- a/dataGeneration/requirements.txt +++ b/dataGeneration/requirements.txt @@ -2,4 +2,4 @@ numpy==1.23.0 opensearch_py==2.0.0 retry==0.9.2 scipy==1.10.0 -urllib3==1.26.17 +urllib3==1.26.18