Skip to content

Commit

Permalink
Enforce up-to-date Guava in buildSrc (opensearch-project#9335)
Browse files Browse the repository at this point in the history 
Guava is a transitive dependency of spotless via google-java-format, the version that was being pulled in has CVE-2023-2976.
While this would not affect end users it causes excess alerts.

Signed-off-by: Thomas Farr <tsfarr@amazon.com>
(cherry picked from commit 1342578)
  • Loading branch information
@Xtansia @kotwanikunal
Xtansia authored and kotwanikunal committed Sep 13, 2023
1 parent d547ed3 commit 7635734
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions buildSrc/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,12 @@ dependencies {
}
}

configurations.all {
resolutionStrategy {
force "com.google.guava:guava:${props.getProperty('guava')}"
}
}

/*****************************************************************************
* Bootstrap repositories *
*****************************************************************************/
Expand Down

0 comments on commit 7635734

Please sign in to comment.