From ce3228089f24f4bf49dcde5fb5d599e96b83f702 Mon Sep 17 00:00:00 2001
From: Sean Kao <seankao@amazon.com>
Date: Mon, 4 Mar 2024 09:31:47 -0800
Subject: [PATCH] Bump json and wiremock version to fix CVEs (#2533)

* bump wiremock and jetty-server version

Signed-off-by: Sean Kao <seankao@amazon.com>

* bump json version

Signed-off-by: Sean Kao <seankao@amazon.com>

---------

Signed-off-by: Sean Kao <seankao@amazon.com>
---
 legacy/build.gradle     | 2 +-
 opensearch/build.gradle | 2 +-
 ppl/build.gradle        | 2 +-
 sql-jdbc/build.gradle   | 4 ++--
 sql/build.gradle        | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/legacy/build.gradle b/legacy/build.gradle
index b6bd33d7ec..23f220f79b 100644
--- a/legacy/build.gradle
+++ b/legacy/build.gradle
@@ -89,7 +89,7 @@ dependencies {
         }
     }
     implementation group: 'com.google.guava', name: 'guava', version: '32.0.1-jre'
-    compile group: 'org.json', name: 'json', version:'20230227'
+    compile group: 'org.json', name: 'json', version:'20231013'
     compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.10'
     compile group: 'org.opensearch', name: 'opensearch', version: "${opensearch_version}"
     compile project(':sql')
diff --git a/opensearch/build.gradle b/opensearch/build.gradle
index 412f9e5472..4338684758 100644
--- a/opensearch/build.gradle
+++ b/opensearch/build.gradle
@@ -35,7 +35,7 @@ dependencies {
     compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: "${versions.jackson}"
     compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: "${versions.jackson_databind}"
     compile group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-cbor', version: "${versions.jackson}"
-    compile group: 'org.json', name: 'json', version:'20230227'
+    compile group: 'org.json', name: 'json', version:'20231013'
     compileOnly group: 'org.opensearch.client', name: 'opensearch-rest-high-level-client', version: "${opensearch_version}"
     compile group: 'org.opensearch', name:'opensearch-ml-client', version: '1.3.4.0-SNAPSHOT'
 
diff --git a/ppl/build.gradle b/ppl/build.gradle
index 6c709bebb4..d9d60d8a55 100644
--- a/ppl/build.gradle
+++ b/ppl/build.gradle
@@ -47,7 +47,7 @@ dependencies {
     compile "org.antlr:antlr4-runtime:4.7.1"
     compile group: 'com.google.guava', name: 'guava', version: '32.0.1-jre'
     compile group: 'org.opensearch', name: 'opensearch-x-content', version: "${opensearch_version}"
-    compile group: 'org.json', name: 'json', version: '20230227'
+    compile group: 'org.json', name: 'json', version: '20231013'
     compile group: 'org.springframework', name: 'spring-context', version: "${spring_version}"
     compile group: 'org.springframework', name: 'spring-beans', version: "${spring_version}"
     compile group: 'org.apache.logging.log4j', name: 'log4j-core', version:'2.17.1'
diff --git a/sql-jdbc/build.gradle b/sql-jdbc/build.gradle
index 1ecea9e993..3f8872f539 100644
--- a/sql-jdbc/build.gradle
+++ b/sql-jdbc/build.gradle
@@ -51,11 +51,11 @@ dependencies {
 
     testImplementation('org.junit.jupiter:junit-jupiter-api:5.3.1')
     testImplementation('org.junit.jupiter:junit-jupiter-params:5.3.1')
-    testImplementation('com.github.tomakehurst:wiremock:3.0.0-beta-7')
+    testImplementation('org.wiremock:wiremock:3.4.0')
     testImplementation('org.mockito:mockito-core:2.23.0')
     testImplementation('org.junit.jupiter:junit-jupiter-engine:5.3.1')
     testImplementation('org.junit-pioneer:junit-pioneer:0.3.0')
-    testImplementation('org.eclipse.jetty:jetty-server:11.0.14')
+    testImplementation('org.eclipse.jetty:jetty-server:11.0.20')
 
     // Enforce wiremock to use latest guava
     testImplementation('com.google.guava:guava:32.0.1-jre')
diff --git a/sql/build.gradle b/sql/build.gradle
index 7d29727261..f7b2a16b0b 100644
--- a/sql/build.gradle
+++ b/sql/build.gradle
@@ -46,7 +46,7 @@ dependencies {
 
     compile "org.antlr:antlr4-runtime:4.7.1"
     implementation group: 'com.google.guava', name: 'guava', version: '32.0.1-jre'
-    compile group: 'org.json', name: 'json', version:'20230227'
+    compile group: 'org.json', name: 'json', version:'20231013'
     compile group: 'org.springframework', name: 'spring-context', version: "${spring_version}"
     compile group: 'org.springframework', name: 'spring-beans', version: "${spring_version}"
     compile project(':common')