[Backport 2.x] Force newer version of Eclipse core transitive dependency (resolves CVE-2023-4218) #3739

opensearch-trigger-bot · 2023-11-17T21:16:59Z

Backport b72a9cf from #3737.

…VE-2023-4218) (#3737) ### Description The Spotless Gradle Plugin brings in a transitive dependency on Eclipse Core Runtime 3.26.100. That version is impacted by a CVE. This forces the newest version, currently 3.29.0. Note that newer versions than 3.26 require JDK17+ to run spotless. Signed-off-by: Daniel Widdis <[email protected]> (cherry picked from commit b72a9cf) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

codecov · 2023-11-17T21:19:51Z

Codecov Report

Merging #3739 (0d2524f) into 2.x (b7df32d) will increase coverage by 0.02%.
The diff coverage is n/a.

Additional details and impacted files

@@             Coverage Diff              @@
##                2.x    #3739      +/-   ##
============================================
+ Coverage     64.87%   64.90%   +0.02%     
- Complexity     3631     3633       +2     
============================================
  Files           285      285              
  Lines         20525    20525              
  Branches       3384     3384              
============================================
+ Hits          13315    13321       +6     
+ Misses         5532     5527       -5     
+ Partials       1678     1677       -1

see 3 files with indirect coverage changes

github-actions · 2023-11-17T23:56:51Z

This pull request was automatically merged as opensearch-trigger-bot[bot] is authorized to merge changes to build.gradle,.github/workflows/*.yml files after all CI checks have passed.

opensearch-trigger-bot bot requested review from cliu123, cwperks, DarshitChanpura, davidlago, peternied, RyanL1997, stephen-crawford, reta and willyborankin as code owners November 17, 2023 21:17

cwperks approved these changes Nov 17, 2023

View reviewed changes

github-actions bot merged commit 84ae193 into 2.x Nov 17, 2023
87 checks passed

github-actions bot deleted the backport/backport-3737-to-2.x branch November 17, 2023 23:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Backport 2.x] Force newer version of Eclipse core transitive dependency (resolves CVE-2023-4218) #3739

[Backport 2.x] Force newer version of Eclipse core transitive dependency (resolves CVE-2023-4218) #3739

opensearch-trigger-bot bot commented Nov 17, 2023

codecov bot commented Nov 17, 2023 •

edited

Loading

github-actions bot commented Nov 17, 2023

[Backport 2.x] Force newer version of Eclipse core transitive dependency (resolves CVE-2023-4218) #3739

[Backport 2.x] Force newer version of Eclipse core transitive dependency (resolves CVE-2023-4218) #3739

Conversation

opensearch-trigger-bot bot commented Nov 17, 2023

codecov bot commented Nov 17, 2023 • edited Loading

Codecov Report

github-actions bot commented Nov 17, 2023

codecov bot commented Nov 17, 2023 •

edited

Loading