From 453e49882a843e57f11c7e5d56ff272cfc2c8f9a Mon Sep 17 00:00:00 2001
From: Brendan Doyle <brendand@qualtrics.com>
Date: Fri, 24 Feb 2023 09:47:23 -0800
Subject: [PATCH] add base dependency version to cve remediations for
 downstream runtime builds

---
 core/monitoring/user-events/build.gradle | 2 +-
 core/standalone/build.gradle             | 2 +-
 tests/build.gradle                       | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/core/monitoring/user-events/build.gradle b/core/monitoring/user-events/build.gradle
index f9e81492e93..c6f4a9fc42e 100644
--- a/core/monitoring/user-events/build.gradle
+++ b/core/monitoring/user-events/build.gradle
@@ -45,7 +45,7 @@ dependencies {
 
     testImplementation "junit:junit:4.11"
     testImplementation "org.scalatest:scalatest_${gradle.scala.depVersion}:3.0.8"
-    testImplementation "io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}"
+    testImplementation "io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}:2.4.0"
     constraints {
         testImplementation("io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}:2.4.0")
         testImplementation('org.apache.avro:avro:1.11.1') {
diff --git a/core/standalone/build.gradle b/core/standalone/build.gradle
index 422c25a71eb..031e529d85a 100644
--- a/core/standalone/build.gradle
+++ b/core/standalone/build.gradle
@@ -169,7 +169,7 @@ dependencies {
     implementation project(':tools:admin')
     implementation "org.rogach:scallop_${gradle.scala.depVersion}:3.3.2"
 
-    implementation "io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}"
+    implementation "io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}:2.4.0"
     constraints {
         implementation("io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}:2.4.0")
         implementation('org.apache.avro:avro:1.11.1') {
diff --git a/tests/build.gradle b/tests/build.gradle
index 45ab3ec2799..fe0ef9eeb52 100644
--- a/tests/build.gradle
+++ b/tests/build.gradle
@@ -232,14 +232,14 @@ dependencies {
     implementation ("org.apache.curator:curator-test:${gradle.curator.version}") {
         exclude group: 'log4j'
     }
-    implementation "com.atlassian.oai:swagger-request-validator-core"
+    implementation "com.atlassian.oai:swagger-request-validator-core:1.4.5"
     constraints {
         implementation("com.atlassian.oai:swagger-request-validator-core:1.4.5")
         implementation("org.slf4j:slf4j-ext:1.7.36") {
             because 'swagger-request-validator-core cannot be upgraded to 2.x where vuln is remediated'
         }
     }
-    implementation "io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}"
+    implementation "io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}:2.4.0"
     constraints {
         implementation("io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}:2.4.0")
         implementation('org.apache.avro:avro:1.11.1') {