Fix build, update CVE-affected versions (#1102) (#1103)

dbwiddis · web-flow · commit 54a6a458a769 · 2024-02-05T15:51:57.000-08:00
* Fix build, update CVE-affected versions

* Spotless depends on CVE-impacted eclipse dependency, now needs JDK17+



---------

Signed-off-by: Daniel Widdis &lt;widdis@gmail.com&gt;
diff --git a/build.gradle b/build.gradle
@@ -156,6 +156,10 @@ configurations.all {
         force "net.bytebuddy:byte-buddy-agent:1.14.9"
         force "com.google.code.gson:gson:2.8.9"
         force "junit:junit:4.13.2"
+
+        force "com.google.guava:guava:32.1.3-jre" // CVE for 31.1
+        force "com.fasterxml.jackson.core:jackson-core:2.16.0" // CVE for 2.14.1
+        force "org.eclipse.platform:org.eclipse.core.runtime:3.29.0" // CVE for < 3.29.0        
     }
 }
 
diff --git a/dataGeneration/requirements.txt b/dataGeneration/requirements.txt
@@ -2,4 +2,4 @@ numpy==1.23.0
 opensearch_py==2.0.0
 retry==0.9.2
 scipy==1.10.0
-urllib3==1.26.17
+urllib3==1.26.18

Original file line number	Diff line number	Diff line change
`@@ -156,6 +156,10 @@ configurations.all {`
`156`	`156`	`force "net.bytebuddy:byte-buddy-agent:1.14.9"`
`157`	`157`	`force "com.google.code.gson:gson:2.8.9"`
`158`	`158`	`force "junit:junit:4.13.2"`
	`159`	`+`
	`160`	`+ force "com.google.guava:guava:32.1.3-jre" // CVE for 31.1`
	`161`	`+ force "com.fasterxml.jackson.core:jackson-core:2.16.0" // CVE for 2.14.1`
	`162`	`+ force "org.eclipse.platform:org.eclipse.core.runtime:3.29.0" // CVE for < 3.29.0`
`159`	`163`	`}`
`160`	`164`	`}`
`161`	`165`