From 5133d755e01b0aff7b16699e1ed6463f5e9d1c98 Mon Sep 17 00:00:00 2001
From: jowg-amazon <jowg@amazon.com>
Date: Tue, 6 Feb 2024 00:15:54 +0000
Subject: [PATCH] fix CVE-2023-2976 and upgrade guava

Signed-off-by: jowg-amazon <jowg@amazon.com>
---
 build.gradle      | 6 +++++-
 core/build.gradle | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/build.gradle b/build.gradle
index 54c316d5c..7f0318267 100644
--- a/build.gradle
+++ b/build.gradle
@@ -54,6 +54,10 @@ configurations {
           force "ch.qos.logback:logback-core:1.3.14"
       }
    }
+
+   configurations.all {
+      resolutionStrategy.force "com.google.guava:guava:32.1.2-jre"
+   }
 }
 
 dependencies {
@@ -118,4 +122,4 @@ task updateVersion {
         }
         ant.replaceregexp(file:'build.gradle', match: '"opensearch.version", "\\d.*"', replace: '"opensearch.version", "' + newVersion.tokenize('-')[0] + '-SNAPSHOT"', flags:'g', byline:true)
     }
-}
\ No newline at end of file
+}
diff --git a/core/build.gradle b/core/build.gradle
index b1ecf7eac..d999cbc69 100644
--- a/core/build.gradle
+++ b/core/build.gradle
@@ -18,7 +18,7 @@ dependencies {
     implementation('com.google.googlejavaformat:google-java-format:1.10.0')  {
         exclude group: 'com.google.guava'
     }
-    implementation 'com.google.guava:guava:32.0.1-jre'
+    implementation 'com.google.guava:guava:32.1.2-jre'
     api "org.opensearch:common-utils:${common_utils_version}@jar"
     implementation 'commons-validator:commons-validator:1.7'