From 8b7c283e710bcb56c775b4535ae37a32fce58646 Mon Sep 17 00:00:00 2001
From: Daniel Widdis <widdis@gmail.com>
Date: Wed, 22 Nov 2023 13:59:53 -0800
Subject: [PATCH] Fix build, update CVE-affected versions (#1102)

* Fix build, update CVE-affected versions

* Spotless depends on CVE-impacted eclipse dependency, now needs JDK17+

Signed-off-by: Daniel Widdis <widdis@gmail.com>

---------

Signed-off-by: Daniel Widdis <widdis@gmail.com>
---
 build.gradle                    | 4 ++++
 dataGeneration/requirements.txt | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index 951d4af60..c5bf65cd4 100644
--- a/build.gradle
+++ b/build.gradle
@@ -152,6 +152,10 @@ configurations.all {
         force "net.bytebuddy:byte-buddy-agent:1.9.15"
         force "com.google.code.gson:gson:2.8.9"
         force "junit:junit:4.13.2"
+
+        force "com.google.guava:guava:32.1.3-jre" // CVE for 31.1
+        force "com.fasterxml.jackson.core:jackson-core:2.16.0" // CVE for 2.14.1
+        force "org.eclipse.platform:org.eclipse.core.runtime:3.29.0" // CVE for < 3.29.0        
     }
 }
 
diff --git a/dataGeneration/requirements.txt b/dataGeneration/requirements.txt
index 79cb0e9e8..0661a296d 100644
--- a/dataGeneration/requirements.txt
+++ b/dataGeneration/requirements.txt
@@ -2,4 +2,4 @@ numpy==1.23.0
 opensearch_py==2.0.0
 retry==0.9.2
 scipy==1.10.0
-urllib3==1.26.17
+urllib3==1.26.18