fix CVE-2023-42503 due to djl models (opensearch-project#2011)

Zhangxunmt · Zhangxunmt · commit 0a1444b7df0b · 2024-02-05T14:40:54.000-08:00
Signed-off-by: Xun Zhang &lt;xunzh@amazon.com&gt;
diff --git a/build.gradle b/build.gradle
@@ -68,6 +68,7 @@ subprojects {
     configurations.all {
         // Force spotless depending on newer version of guava due to CVE-2023-2976. Remove after spotless upgrades.
         resolutionStrategy.force "com.google.guava:guava:32.1.2-jre"
+        resolutionStrategy.force 'org.apache.commons:commons-compress:1.25.0'
     }
 }
 
diff --git a/memory/build.gradle b/memory/build.gradle
@@ -26,7 +26,7 @@ plugins {
 dependencies {
     implementation project(path: ":${rootProject.name}-common", configuration: 'shadow')
     implementation group: 'org.opensearch', name: 'opensearch', version: "${opensearch_version}"
-    implementation group: 'org.apache.httpcomponents.core5', name: 'httpcore5', version: '5.2.1'
+    implementation group: 'org.apache.httpcomponents.core5', name: 'httpcore5', version: '5.2.2'
     implementation "org.opensearch:common-utils:${common_utils_version}"
     implementation group: 'com.google.guava', name: 'guava', version: '32.1.2-jre'
     testImplementation (group: 'junit', name: 'junit', version: '4.13.2') {

Original file line number	Diff line number	Diff line change
`@@ -68,6 +68,7 @@ subprojects {`
`68`	`68`	`configurations.all {`
`69`	`69`	`// Force spotless depending on newer version of guava due to CVE-2023-2976. Remove after spotless upgrades.`
`70`	`70`	`resolutionStrategy.force "com.google.guava:guava:32.1.2-jre"`
	`71`	`+ resolutionStrategy.force 'org.apache.commons:commons-compress:1.25.0'`
`71`	`72`	`}`
`72`	`73`	`}`
`73`	`74`