fix CVE-2023-2976 and upgrade guava to be consistent

Zhangxunmt · Zhangxunmt · commit 11f4cf2866fd · 2024-02-05T12:05:34.000-08:00
Signed-off-by: Xun Zhang &lt;xunzh@amazon.com&gt;
diff --git a/build.gradle b/build.gradle
@@ -67,6 +67,10 @@ subprojects {
     configurations {
         testImplementation.extendsFrom compileOnly
     }
+
+    configurations.all {
+        resolutionStrategy.force "com.google.guava:guava:32.1.2-jre"
+    }
 }
 
 ext {
diff --git a/memory/build.gradle b/memory/build.gradle
@@ -28,7 +28,7 @@ dependencies {
     implementation group: 'org.opensearch', name: 'opensearch', version: "${opensearch_version}"
     implementation group: 'org.apache.httpcomponents.core5', name: 'httpcore5', version: '5.2.2'
     implementation "org.opensearch:common-utils:${common_utils_version}"
-    implementation group: 'com.google.guava', name: 'guava', version: '32.0.1-jre'
+    implementation group: 'com.google.guava', name: 'guava', version: '32.1.2-jre'
     testImplementation (group: 'junit', name: 'junit', version: '4.13.2') {
         exclude module : 'hamcrest'
         exclude module : 'hamcrest-core'
diff --git a/ml-algorithms/build.gradle b/ml-algorithms/build.gradle
@@ -42,7 +42,7 @@ dependencies {
     implementation group: 'io.protostuff', name: 'protostuff-collectionschema', version: '1.8.0'
     testImplementation group: 'junit', name: 'junit', version: '4.13.2'
     testImplementation group: 'org.mockito', name: 'mockito-core', version: '5.7.0'
-    implementation group: 'com.google.guava', name: 'guava', version: '32.0.1-jre'
+    implementation group: 'com.google.guava', name: 'guava', version: '32.1.2-jre'
     implementation group: 'com.google.code.gson', name: 'gson', version: '2.10.1'
     implementation platform("ai.djl:bom:0.21.0")
     implementation group: 'ai.djl.pytorch', name: 'pytorch-model-zoo', version: '0.21.0'
diff --git a/plugin/build.gradle b/plugin/build.gradle
@@ -57,7 +57,7 @@ dependencies {
     implementation "org.opensearch:common-utils:${common_utils_version}"
     implementation("com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}")
     implementation("com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}")
-    implementation group: 'com.google.guava', name: 'guava', version: '32.0.1-jre'
+    implementation group: 'com.google.guava', name: 'guava', version: '32.1.2-jre'
     implementation group: 'com.google.code.gson', name: 'gson', version: '2.10.1'
     implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.10'
     implementation group: 'org.apache.commons', name: 'commons-math3', version: '3.6.1'
diff --git a/search-processors/build.gradle b/search-processors/build.gradle
@@ -36,7 +36,7 @@ dependencies {
     implementation group: 'org.opensearch', name: 'common-utils', version: "${common_utils_version}"
     // https://mvnrepository.com/artifact/org.apache.httpcomponents.core5/httpcore5
     implementation group: 'org.apache.httpcomponents.core5', name: 'httpcore5', version: '5.2.2'
-    implementation("com.google.guava:guava:32.0.1-jre")
+    implementation group: 'com.google.guava', name: 'guava', version: '32.1.2-jre'
     implementation group: 'org.json', name: 'json', version: '20231013'
     implementation group: 'org.apache.commons', name: 'commons-text', version: '1.10.0'
     testImplementation "org.opensearch.test:framework:${opensearch_version}"

Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,10 @@ subprojects {`
`67`	`67`	`configurations {`
`68`	`68`	`testImplementation.extendsFrom compileOnly`
`69`	`69`	`}`
	`70`	`+`
	`71`	`+ configurations.all {`
	`72`	`+ resolutionStrategy.force "com.google.guava:guava:32.1.2-jre"`
	`73`	`+ }`
`70`	`74`	`}`
`71`	`75`
`72`	`76`	`ext {`